CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow additional docker parameters

Browse Source
This commit is contained in:
Mike Reeves
2023-05-18 15:19:09 -04:00
parent 56a7fdcfcd
commit 0fd9fb9294
25 changed files with 396 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
salt/curator/enabled.sls
View File

@@ -28,6 +28,23 @@ so-curator:
- /opt/so/conf/curator/curator.yml:/etc/curator/config/curator.yml:ro - /opt/so/conf/curator/curator.yml:/etc/curator/config/curator.yml:ro
- /opt/so/conf/curator/action/:/etc/curator/action:ro - /opt/so/conf/curator/action/:/etc/curator/action:ro
- /opt/so/log/curator:/var/log/curator:rw - /opt/so/log/curator:/var/log/curator:rw
{% if DOCKER.containers['so-curator'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-curator'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-curator'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-curator'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-curator'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-curator'].extra_env %}
- {{ XTRAENV }}
{% endfor %}
{% endif %}
- require: - require:
- file: actionconfs - file: actionconfs
- file: curconf - file: curconf

24
salt/docker/defaults.yaml
View File

@@ -10,12 +10,14 @@ docker:
- 0.0.0.0:5000:5000 - 0.0.0.0:5000:5000
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-elastic-fleet': 'so-elastic-fleet':
final_octet: 21 final_octet: 21
port_bindings: port_bindings:
- 0.0.0.0:8220:8220/tcp - 0.0.0.0:8220:8220/tcp
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-elasticsearch': 'so-elasticsearch':
final_octet: 22 final_octet: 22
port_bindings: port_bindings:
@@ -23,22 +25,26 @@ docker:
- 0.0.0.0:9300:9300/tcp - 0.0.0.0:9300:9300/tcp
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-idstools': 'so-idstools':
final_octet: 25 final_octet: 25
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-influxdb': 'so-influxdb':
final_octet: 26 final_octet: 26
port_bindings: port_bindings:
- 0.0.0.0:8086:8086 - 0.0.0.0:8086:8086
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-kibana': 'so-kibana':
final_octet: 27 final_octet: 27
port_bindings: port_bindings:
- 0.0.0.0:5601:5601 - 0.0.0.0:5601:5601
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-kratos': 'so-kratos':
final_octet: 28 final_octet: 28
port_bindings: port_bindings:
@@ -46,6 +52,7 @@ docker:
- 0.0.0.0:4434:4434 - 0.0.0.0:4434:4434
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-logstash': 'so-logstash':
final_octet: 29 final_octet: 29
port_bindings: port_bindings:
@@ -61,12 +68,14 @@ docker:
- 0.0.0.0:9600:9600 - 0.0.0.0:9600:9600
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-mysql': 'so-mysql':
final_octet: 30 final_octet: 30
port_bindings: port_bindings:
- 0.0.0.0:3306:3306 - 0.0.0.0:3306:3306
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-nginx': 'so-nginx':
final_octet: 31 final_octet: 31
port_bindings: port_bindings:
@@ -76,12 +85,14 @@ docker:
- 7788:7788 - 7788:7788
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-playbook': 'so-playbook':
final_octet: 32 final_octet: 32
port_bindings: port_bindings:
- 0.0.0.0:3000:3000 - 0.0.0.0:3000:3000
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-redis': 'so-redis':
final_octet: 33 final_octet: 33
port_bindings: port_bindings:
@@ -89,63 +100,76 @@ docker:
- 0.0.0.0:9696:9696 - 0.0.0.0:9696:9696
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-soc': 'so-soc':
final_octet: 34 final_octet: 34
port_bindings: port_bindings:
- 0.0.0.0:9822:9822 - 0.0.0.0:9822:9822
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-soctopus': 'so-soctopus':
final_octet: 35 final_octet: 35
port_bindings: port_bindings:
- 0.0.0.0:7000:7000 - 0.0.0.0:7000:7000
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-strelka-backend': 'so-strelka-backend':
final_octet: 36 final_octet: 36
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-strelka-filestream': 'so-strelka-filestream':
final_octet: 37 final_octet: 37
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-strelka-frontend': 'so-strelka-frontend':
final_octet: 38 final_octet: 38
port_bindings: port_bindings:
- 0.0.0.0:57314:57314 - 0.0.0.0:57314:57314
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-strelka-manager': 'so-strelka-manager':
final_octet: 39 final_octet: 39
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-strelka-gatekeeper': 'so-strelka-gatekeeper':
final_octet: 40 final_octet: 40
port_bindings: port_bindings:
- 0.0.0.0:6381:6379 - 0.0.0.0:6381:6379
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-strelka-coordinator': 'so-strelka-coordinator':
final_octet: 41 final_octet: 41
port_bindings: port_bindings:
- 0.0.0.0:6380:6379 - 0.0.0.0:6380:6379
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-elastalert': 'so-elastalert':
final_octet: 42 final_octet: 42
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-curator': 'so-curator':
final_octet: 43 final_octet: 43
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-elastic-fleet-package-registry': 'so-elastic-fleet-package-registry':
final_octet: 44 final_octet: 44
port_bindings: port_bindings:
- 0.0.0.0:8080:8080/tcp - 0.0.0.0:8080:8080/tcp
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []
'so-idh': 'so-idh':
final_octet: 45 final_octet: 45
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: []

6
salt/docker/soc_docker.yaml
View File

@@ -40,6 +40,12 @@ docker:
helpLink: docker.html helpLink: docker.html
multiline: True multiline: True
forcedType: "[]string" forcedType: "[]string"
extra_env:
description: List of additional ENV entries for the container.
advanced: True
helpLink: docker.html
multiline: True
forcedType: "[]string"
so-dockerregistry: *dockerOptions so-dockerregistry: *dockerOptions
so-elastalert: *dockerOptions so-elastalert: *dockerOptions
so-elastic-fleet-package-registry: *dockerOptions so-elastic-fleet-package-registry: *dockerOptions

16
salt/elastalert/enabled.sls
View File

@@ -31,8 +31,24 @@ so-elastalert:
- /opt/so/log/elastalert:/var/log/elastalert:rw - /opt/so/log/elastalert:/var/log/elastalert:rw
- /opt/so/conf/elastalert/modules/:/opt/elastalert/modules/:ro - /opt/so/conf/elastalert/modules/:/opt/elastalert/modules/:ro
- /opt/so/conf/elastalert/elastalert_config.yaml:/opt/elastalert/config.yaml:ro - /opt/so/conf/elastalert/elastalert_config.yaml:/opt/elastalert/config.yaml:ro
{% if DOCKER.containers['so-elastalert'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-elastalert'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- extra_hosts: - extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
{% if DOCKER.containers['so-elastalert'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-elastalert'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-elastalert'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-elastalert'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% enfif %}
- require: - require:
- cmd: wait_for_elasticsearch - cmd: wait_for_elasticsearch
- file: elastarules - file: elastarules

18
salt/elastic-fleet-package-registry/enabled.sls
View File

@@ -24,11 +24,27 @@ so-elastic-fleet-package-registry:
- ipv4_address: {{ DOCKER.containers['so-elastic-fleet-package-registry'].ip }} - ipv4_address: {{ DOCKER.containers['so-elastic-fleet-package-registry'].ip }}
- extra_hosts: - extra_hosts:
- {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }} - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
{% if DOCKER.containers['so-elastic-fleet-package-registry'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-elastic-fleet-package-registry'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-elastic-fleet-package-registry'].port_bindings %} {% for BINDING in DOCKER.containers['so-elastic-fleet-package-registry'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}
{% endfor %} {% endfor %}
{% if DOCKER.containers['so-elastic-fleet-package-registry'].custom_bind_mounts %}
- binds:
{% for BIND in DOCKER.containers['so-elastic-fleet-package-registry'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-elastic-fleet-package-registry'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-elastic-fleet-package-registry'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% enfif %}
delete_so-elastic-fleet-package-registry_so-status.disabled: delete_so-elastic-fleet-package-registry_so-status.disabled:
file.uncomment: file.uncomment:
- name: /opt/so/conf/so-status/so-status.conf - name: /opt/so/conf/so-status/so-status.conf

15
salt/elasticfleet/enabled.sls
View File

@@ -28,6 +28,11 @@ so-elastic-fleet:
- extra_hosts: - extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
- {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }} - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
{% if DOCKER.containers['so-elastic-fleet'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-elastic-fleet'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-elastic-fleet'].port_bindings %} {% for BINDING in DOCKER.containers['so-elastic-fleet'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}
@@ -35,6 +40,11 @@ so-elastic-fleet:
- binds: - binds:
- /etc/pki:/etc/pki:ro - /etc/pki:/etc/pki:ro
#- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw #- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw
{% if DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- environment: - environment:
- FLEET_SERVER_ENABLE=true - FLEET_SERVER_ENABLE=true
- FLEET_URL=https://{{ GLOBALS.node_ip }}:8220 - FLEET_URL=https://{{ GLOBALS.node_ip }}:8220
@@ -45,6 +55,11 @@ so-elastic-fleet:
- FLEET_SERVER_CERT=/etc/pki/elasticfleet.crt - FLEET_SERVER_CERT=/etc/pki/elasticfleet.crt
- FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet.key - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet.key
- FLEET_CA=/etc/pki/tls/certs/intca.crt - FLEET_CA=/etc/pki/tls/certs/intca.crt
{% if DOCKER.containers['so-elastic-fleet'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% enfif %}
{% endif %} {% endif %}
delete_so-elastic-fleet_so-status.disabled: delete_so-elastic-fleet_so-status.disabled:

15
salt/elasticsearch/enabled.sls
View File

@@ -26,6 +26,11 @@ so-elasticsearch:
- sobridge: - sobridge:
- ipv4_address: {{ DOCKER.containers['so-elasticsearch'].ip }} - ipv4_address: {{ DOCKER.containers['so-elasticsearch'].ip }}
- extra_hosts: {{ LOGSTASH_NODES }} - extra_hosts: {{ LOGSTASH_NODES }}
{% if DOCKER.containers['so-elasticsearch'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-elasticsearch'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- environment: - environment:
{% if LOGSTASH_NODES | length == 1 %} {% if LOGSTASH_NODES | length == 1 %}
- discovery.type=single-node - discovery.type=single-node
@@ -35,6 +40,11 @@ so-elasticsearch:
- memlock=-1:-1 - memlock=-1:-1
- nofile=65536:65536 - nofile=65536:65536
- nproc=4096 - nproc=4096
{% if DOCKER.containers['so-elastalert'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-elastalert'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% enfif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-elasticsearch'].port_bindings %} {% for BINDING in DOCKER.containers['so-elasticsearch'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}
@@ -60,6 +70,11 @@ so-elasticsearch:
- {{ repo }}:{{ repo }}:rw - {{ repo }}:{{ repo }}:rw
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if DOCKER.containers['so-elasticsearch'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-elasticsearch'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- watch: - watch:
- file: cacertz - file: cacertz
- file: esyml - file: esyml

17
salt/idh/enabled.sls
View File

@@ -20,6 +20,23 @@ so-idh:
- binds: - binds:
- /nsm/idh:/var/tmp:rw - /nsm/idh:/var/tmp:rw
- /opt/so/conf/idh/opencanary.conf:/etc/opencanaryd/opencanary.conf:ro - /opt/so/conf/idh/opencanary.conf:/etc/opencanaryd/opencanary.conf:ro
{% if DOCKER.containers['so-idh'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-idh'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-idh'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-idh'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-idh'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-idh'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% enfif %}
- watch: - watch:
- file: opencanary_config - file: opencanary_config
- require: - require:

22
salt/idstools/enabled.sls
View File

@@ -26,10 +26,32 @@ so-idstools:
- http_proxy={{ proxy }} - http_proxy={{ proxy }}
- https_proxy={{ proxy }} - https_proxy={{ proxy }}
- no_proxy={{ salt['pillar.get']('manager:no_proxy') }} - no_proxy={{ salt['pillar.get']('manager:no_proxy') }}
{% if DOCKER.containers['so-elastalert'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-elastalert'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
{% elif DOCKER.containers['so-elastalert'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-elastalert'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %} {% endif %}
- binds: - binds:
- /opt/so/conf/idstools/etc:/opt/so/idstools/etc:ro - /opt/so/conf/idstools/etc:/opt/so/idstools/etc:ro
- /opt/so/rules/nids:/opt/so/rules/nids:rw - /opt/so/rules/nids:/opt/so/rules/nids:rw
- /nsm/rules/suricata:/nsm/rules/suricata:rw
{% if DOCKER.containers['so-idstools'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-idstools'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-idstools'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-idstools'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- watch: - watch:
- file: idstoolsetcsync - file: idstoolsetcsync

4
salt/idstools/tools/sbin/so-rule-update
View File

@@ -2,6 +2,10 @@
. /usr/sbin/so-common . /usr/sbin/so-common
# Pull down the latest rules if not airgap
docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --force
argstr="" argstr=""
for arg in "$@"; do for arg in "$@"; do
argstr="${argstr} \"${arg}\"" argstr="${argstr} \"${arg}\""

16
salt/influxdb/enabled.sls
View File

@@ -30,16 +30,32 @@ so-influxdb:
- DOCKER_INFLUXDB_INIT_ORG=Security Onion - DOCKER_INFLUXDB_INIT_ORG=Security Onion
- DOCKER_INFLUXDB_INIT_BUCKET=telegraf/so_short_term - DOCKER_INFLUXDB_INIT_BUCKET=telegraf/so_short_term
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ TOKEN }} - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ TOKEN }}
{% if DOCKER.containers['so-influxdb'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-influxdb'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- binds: - binds:
- /opt/so/log/influxdb/:/log:rw - /opt/so/log/influxdb/:/log:rw
- /opt/so/conf/influxdb/config.yaml:/conf/config.yaml:ro - /opt/so/conf/influxdb/config.yaml:/conf/config.yaml:ro
- /nsm/influxdb:/var/lib/influxdb2:rw - /nsm/influxdb:/var/lib/influxdb2:rw
- /etc/pki/influxdb.crt:/conf/influxdb.crt:ro - /etc/pki/influxdb.crt:/conf/influxdb.crt:ro
- /etc/pki/influxdb.key:/conf/influxdb.key:ro - /etc/pki/influxdb.key:/conf/influxdb.key:ro
{% if DOCKER.containers['so-influxdb'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-influxdb'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-influxdb'].port_bindings %} {% for BINDING in DOCKER.containers['so-influxdb'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}
{% endfor %} {% endfor %}
{% if DOCKER.containers['so-influxdb'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-influxdb'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- watch: - watch:
- file: influxdbconf - file: influxdbconf
- require: - require:

15
salt/kibana/enabled.sls
View File

@@ -25,13 +25,28 @@ so-kibana:
- ELASTICSEARCH_HOST={{ GLOBALS.manager }} - ELASTICSEARCH_HOST={{ GLOBALS.manager }}
- ELASTICSEARCH_PORT=9200 - ELASTICSEARCH_PORT=9200
- MANAGER={{ GLOBALS.manager }} - MANAGER={{ GLOBALS.manager }}
{% if DOCKER.containers['so-kibana'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-kibana'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- extra_hosts: - extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
{% if DOCKER.containers['so-kibana'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-kibana'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- binds: - binds:
- /opt/so/conf/kibana/etc:/usr/share/kibana/config:rw - /opt/so/conf/kibana/etc:/usr/share/kibana/config:rw
- /opt/so/log/kibana:/var/log/kibana:rw - /opt/so/log/kibana:/var/log/kibana:rw
- /opt/so/conf/kibana/customdashboards:/usr/share/kibana/custdashboards:ro - /opt/so/conf/kibana/customdashboards:/usr/share/kibana/custdashboards:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro
{% if DOCKER.containers['so-kibana'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-kibana'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-kibana'].port_bindings %} {% for BINDING in DOCKER.containers['so-kibana'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}

17
salt/kratos/enabled.sls
View File

@@ -25,10 +25,27 @@ so-kratos:
- /opt/so/conf/kratos/kratos.yaml:/kratos-conf/kratos.yaml:ro - /opt/so/conf/kratos/kratos.yaml:/kratos-conf/kratos.yaml:ro
- /opt/so/log/kratos/:/kratos-log:rw - /opt/so/log/kratos/:/kratos-log:rw
- /nsm/kratos/db:/kratos-data:rw - /nsm/kratos/db:/kratos-data:rw
{% if DOCKER.containers['so-kratos'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-kratos'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-kratos'].port_bindings %} {% for BINDING in DOCKER.containers['so-kratos'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}
{% endfor %} {% endfor %}
{% if DOCKER.containers['so-kratos'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-kratos'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-kratos'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-kratos'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- restart_policy: unless-stopped - restart_policy: unless-stopped
- watch: - watch:
- file: kratosschema - file: kratosschema

15
salt/logstash/enabled.sls
View File

@@ -26,8 +26,18 @@ so-logstash:
- ipv4_address: {{ DOCKER.containers['so-logstash'].ip }} - ipv4_address: {{ DOCKER.containers['so-logstash'].ip }}
- user: logstash - user: logstash
- extra_hosts: {{ REDIS_NODES }} - extra_hosts: {{ REDIS_NODES }}
{% if DOCKER.containers['so-logstash'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-logstash'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- environment: - environment:
- LS_JAVA_OPTS=-Xms{{ lsheap }} -Xmx{{ lsheap }} - LS_JAVA_OPTS=-Xms{{ lsheap }} -Xmx{{ lsheap }}
{% if DOCKER.containers['so-logstash'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-logstash'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-logstash'].port_bindings %} {% for BINDING in DOCKER.containers['so-logstash'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}
@@ -65,6 +75,11 @@ so-logstash:
- /opt/so/log/fleet/:/osquery/logs:ro - /opt/so/log/fleet/:/osquery/logs:ro
- /opt/so/log/strelka:/strelka:ro - /opt/so/log/strelka:/strelka:ro
{% endif %} {% endif %}
{% if DOCKER.containers['so-logstash'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-logstash'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- watch: - watch:
- file: lsetcsync - file: lsetcsync
{% for assigned_pipeline in LOGSTASH_MERGED.assigned_pipelines.roles[GLOBALS.role.split('-')[1]] %} {% for assigned_pipeline in LOGSTASH_MERGED.assigned_pipelines.roles[GLOBALS.role.split('-')[1]] %}

15
salt/mysql/enabled.sls
View File

@@ -33,6 +33,11 @@ so-mysql:
- ipv4_address: {{ DOCKER.containers['so-mysql'].ip }} - ipv4_address: {{ DOCKER.containers['so-mysql'].ip }}
- extra_hosts: - extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
{% if DOCKER.containers['so-mysql'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-mysql'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-mysql'].port_bindings %} {% for BINDING in DOCKER.containers['so-mysql'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}
@@ -40,11 +45,21 @@ so-mysql:
- environment: - environment:
- MYSQL_ROOT_HOST={{ GLOBALS.so_docker_bip }} - MYSQL_ROOT_HOST={{ GLOBALS.so_docker_bip }}
- MYSQL_ROOT_PASSWORD=/etc/mypass - MYSQL_ROOT_PASSWORD=/etc/mypass
{% if DOCKER.containers['so-mysql'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-mysql'].extra_env %}
- {{ XTRAENV }}
{% endfor %}
{% endif %}
- binds: - binds:
- /opt/so/conf/mysql/etc/my.cnf:/etc/my.cnf:ro - /opt/so/conf/mysql/etc/my.cnf:/etc/my.cnf:ro
- /opt/so/conf/mysql/etc/mypass:/etc/mypass - /opt/so/conf/mysql/etc/mypass:/etc/mypass
- /nsm/mysql:/var/lib/mysql:rw - /nsm/mysql:/var/lib/mysql:rw
- /opt/so/log/mysql:/var/log/mysql:rw - /opt/so/log/mysql:/var/log/mysql:rw
{% if DOCKER.containers['so-mysql'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-mysql'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- watch: - watch:
- /opt/so/conf/mysql/etc - /opt/so/conf/mysql/etc
- require: - require:

16
salt/nginx/enabled.sls
View File

@@ -21,6 +21,11 @@ so-nginx:
- ipv4_address: {{ DOCKER.containers['so-nginx'].ip }} - ipv4_address: {{ DOCKER.containers['so-nginx'].ip }}
- extra_hosts: - extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
{% if DOCKER.containers['so-nginx'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-nginx'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- binds: - binds:
- /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /opt/so/log/nginx/:/var/log/nginx:rw - /opt/so/log/nginx/:/var/log/nginx:rw
@@ -38,6 +43,17 @@ so-nginx:
- /opt/so/conf/navigator/pre-attack.json:/opt/socore/html/navigator/assets/pre-attack.json:ro - /opt/so/conf/navigator/pre-attack.json:/opt/socore/html/navigator/assets/pre-attack.json:ro
- /nsm/repo:/opt/socore/html/repo:ro - /nsm/repo:/opt/socore/html/repo:ro
{% endif %} {% endif %}
{% if DOCKER.containers['so-nginx'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-nginx'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-nginx'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-nginx'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- cap_add: NET_BIND_SERVICE - cap_add: NET_BIND_SERVICE
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-nginx'].port_bindings %} {% for BINDING in DOCKER.containers['so-nginx'].port_bindings %}

17
salt/pcap/enabled.sls
View File

@@ -24,6 +24,23 @@ so-steno:
- /nsm/pcapindex:/nsm/pcapindex:rw - /nsm/pcapindex:/nsm/pcapindex:rw
- /nsm/pcaptmp:/tmp:rw - /nsm/pcaptmp:/tmp:rw
- /opt/so/log/stenographer:/var/log/stenographer:rw - /opt/so/log/stenographer:/var/log/stenographer:rw
{% if DOCKER.containers['so-steno'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-steno'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-steno'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-steno'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-steno'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-steno'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- watch: - watch:
- file: stenoconf - file: stenoconf
- require: - require:

15
salt/playbook/enabled.sls
View File

@@ -34,13 +34,28 @@ so-playbook:
- ipv4_address: {{ DOCKER.containers['so-playbook'].ip }} - ipv4_address: {{ DOCKER.containers['so-playbook'].ip }}
- binds: - binds:
- /opt/so/log/playbook:/playbook/log:rw - /opt/so/log/playbook:/playbook/log:rw
{% if DOCKER.containers['so-playbook'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-playbook'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- extra_hosts: - extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
{% if DOCKER.containers['so-playbook'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-kratos'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- environment: - environment:
- REDMINE_DB_MYSQL={{ GLOBALS.manager }} - REDMINE_DB_MYSQL={{ GLOBALS.manager }}
- REDMINE_DB_DATABASE=playbook - REDMINE_DB_DATABASE=playbook
- REDMINE_DB_USERNAME=playbookdbuser - REDMINE_DB_USERNAME=playbookdbuser
- REDMINE_DB_PASSWORD={{ PLAYBOOKPASS }} - REDMINE_DB_PASSWORD={{ PLAYBOOKPASS }}
{% if DOCKER.containers['so-kratos'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-kratos'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-playbook'].port_bindings %} {% for BINDING in DOCKER.containers['so-playbook'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}

17
salt/redis/enabled.sls
View File

@@ -35,6 +35,23 @@ so-redis:
{% else %} {% else %}
- /etc/ssl/certs/intca.crt:/certs/ca.crt:ro - /etc/ssl/certs/intca.crt:/certs/ca.crt:ro
{% endif %} {% endif %}
{% if DOCKER.containers['so-redis'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-redis'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-redis'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-redis'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-redis'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-redis'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- entrypoint: "redis-server /usr/local/etc/redis/redis.conf" - entrypoint: "redis-server /usr/local/etc/redis/redis.conf"
- watch: - watch:
- file: /opt/so/conf/redis/etc - file: /opt/so/conf/redis/etc

16
salt/registry/enabled.sls
View File

@@ -30,9 +30,25 @@ so-dockerregistry:
- /nsm/docker-registry/docker:/var/lib/registry/docker:rw - /nsm/docker-registry/docker:/var/lib/registry/docker:rw
- /etc/pki/registry.crt:/etc/pki/registry.crt:ro - /etc/pki/registry.crt:/etc/pki/registry.crt:ro
- /etc/pki/registry.key:/etc/pki/registry.key:ro - /etc/pki/registry.key:/etc/pki/registry.key:ro
{% if DOCKER.containers['so-dockerregistry'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-dockerregistry'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-dockerregistry'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-dockerregistry'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- client_timeout: 180 - client_timeout: 180
- environment: - environment:
- HOME=/root - HOME=/root
{% if DOCKER.containers['so-kratos'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-kratos'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- retry: - retry:
attempts: 5 attempts: 5
interval: 30 interval: 30

17
salt/sensoroni/enabled.sls
View File

@@ -21,6 +21,23 @@ so-sensoroni:
- /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro - /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro
- /opt/so/conf/sensoroni/analyzers:/opt/sensoroni/analyzers:rw - /opt/so/conf/sensoroni/analyzers:/opt/sensoroni/analyzers:rw
- /opt/so/log/sensoroni:/opt/sensoroni/logs:rw - /opt/so/log/sensoroni:/opt/sensoroni/logs:rw
{% if DOCKER.containers['so-sensoroni'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-sensoroni'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-sensoroni'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-sensoroni'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-sensoroni'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-sensoroni'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- watch: - watch:
- file: /opt/so/conf/sensoroni/sensoroni.json - file: /opt/so/conf/sensoroni/sensoroni.json
- require: - require:

16
salt/soc/enabled.sls
View File

@@ -32,11 +32,27 @@ so-soc:
- /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw - /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw
- /opt/so/conf/soc/salt:/opt/sensoroni/salt:rw - /opt/so/conf/soc/salt:/opt/sensoroni/salt:rw
- /opt/so/saltstack:/opt/so/saltstack:rw - /opt/so/saltstack:/opt/so/saltstack:rw
{% if DOCKER.containers['so-soc'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-soc'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- extra_hosts: {{ DOCKER_EXTRA_HOSTS }} - extra_hosts: {{ DOCKER_EXTRA_HOSTS }}
{% if DOCKER.containers['so-soc'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-soc'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-soc'].port_bindings %} {% for BINDING in DOCKER.containers['so-soc'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}
{% endfor %} {% endfor %}
{% if DOCKER.containers['so-soc'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-soc'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- watch: - watch:
- file: /opt/so/conf/soc/* - file: /opt/so/conf/soc/*
- require: - require:

16
salt/soctopus/enabled.sls
View File

@@ -29,6 +29,11 @@ so-soctopus:
{% if GLOBALS.airgap %} {% if GLOBALS.airgap %}
- /nsm/repo/rules/sigma:/soctopus/sigma - /nsm/repo/rules/sigma:/soctopus/sigma
{% endif %} {% endif %}
{% if DOCKER.containers['so-soctopus'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-soctopus'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- port_bindings: - port_bindings:
{% for BINDING in DOCKER.containers['so-soctopus'].port_bindings %} {% for BINDING in DOCKER.containers['so-soctopus'].port_bindings %}
- {{ BINDING }} - {{ BINDING }}
@@ -36,6 +41,17 @@ so-soctopus:
- extra_hosts: - extra_hosts:
- {{GLOBALS.url_base}}:{{GLOBALS.manager_ip}} - {{GLOBALS.url_base}}:{{GLOBALS.manager_ip}}
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
{% if DOCKER.containers['so-soctopus'].extra_hosts %}
{% for XTRAHOST in DOCKER.containers['so-soctopus'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-soctopus'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-soctopus'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- require: - require:
- file: soctopusconf - file: soctopusconf
- file: navigatordefaultlayer - file: navigatordefaultlayer

16
salt/telegraf/enabled.sls
View File

@@ -22,6 +22,11 @@ so-telegraf:
- HOST_SYS=/host/sys - HOST_SYS=/host/sys
- HOST_MOUNT_PREFIX=/host - HOST_MOUNT_PREFIX=/host
- GODEBUG=x509ignoreCN=0 - GODEBUG=x509ignoreCN=0
{% if DOCKER.containers['so-telegraf'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-telegraf'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- network_mode: host - network_mode: host
- init: True - init: True
- binds: - binds:
@@ -47,6 +52,17 @@ so-telegraf:
- /opt/so/log/suricata:/var/log/suricata:ro - /opt/so/log/suricata:/var/log/suricata:ro
- /opt/so/log/raid:/var/log/raid:ro - /opt/so/log/raid:/var/log/raid:ro
- /opt/so/log/sostatus:/var/log/sostatus:ro - /opt/so/log/sostatus:/var/log/sostatus:ro
{% if DOCKER.containers['so-telegraf'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-telegraf'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-telegraf'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-telegraf'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
- watch: - watch:
- file: tgrafconf - file: tgrafconf
- file: tgrafsyncscripts - file: tgrafsyncscripts

17
salt/zeek/enabled.sls
View File

@@ -32,7 +32,24 @@ so-zeek:
- /opt/so/conf/zeek/policy/cve-2020-0601:/opt/zeek/share/zeek/policy/cve-2020-0601:ro - /opt/so/conf/zeek/policy/cve-2020-0601:/opt/zeek/share/zeek/policy/cve-2020-0601:ro
- /opt/so/conf/zeek/policy/intel:/opt/zeek/share/zeek/policy/intel:rw - /opt/so/conf/zeek/policy/intel:/opt/zeek/share/zeek/policy/intel:rw
- /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro - /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro
{% if DOCKER.containers['so-zeek'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-zeek'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- network_mode: host - network_mode: host
{% if DOCKER.containers['so-zeek'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-zeek'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-zeek'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-zeek'].extra_env %}
- {{ XTRAENV }}
{% enfor %}
{% endif %}
- watch: - watch:
- file: /opt/so/conf/zeek/local.zeek - file: /opt/so/conf/zeek/local.zeek
- file: /opt/so/conf/zeek/node.cfg - file: /opt/so/conf/zeek/node.cfg