From fcc44cbf741bfbd2d30121095c33bd976472d734 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 7 May 2019 15:28:11 -0400 Subject: [PATCH 1/4] Breaking the Hive --- salt/common/init.sls | 1 + salt/hive/thehive/scripts/hive_init.sh | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/salt/common/init.sls b/salt/common/init.sls index 15ba20e83..b582deda2 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -37,6 +37,7 @@ sensorpkgs: - skip_suggestions: False - pkgs: - docker-ce + - wget {% if grains['os'] != 'CentOS' %} - python-docker - python-m2crypto diff --git a/salt/hive/thehive/scripts/hive_init.sh b/salt/hive/thehive/scripts/hive_init.sh index cb901e36b..4e121e078 100755 --- a/salt/hive/thehive/scripts/hive_init.sh +++ b/salt/hive/thehive/scripts/hive_init.sh @@ -33,5 +33,14 @@ hive_init(){ if [ -f /opt/so/state/thehive.txt ]; then exit 0 else + rm -f garbage_file + while ! wget -O garbage_file {{MASTERIP}}:9500 2>/dev/null + do + echo "Waiting for Elasticsearch..." + rm -f garbage_file + sleep 1 + done + rm -f garbage_file + sleep 5 hive_init fi From 98427af0bbf566822efaf67c5250401f0d18cb41 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 7 May 2019 15:44:58 -0400 Subject: [PATCH 2/4] Hive Docker - Fix entrypoint --- salt/hive/init.sls | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/salt/hive/init.sls b/salt/hive/init.sls index 0fff5f488..33e398887 100644 --- a/salt/hive/init.sls +++ b/salt/hive/init.sls @@ -80,13 +80,15 @@ so-thehive-es: so-thehiveimage: cmd.run: - - name: docker pull --disable-content-trust=false soshybridhunter/so-thehive:HH1.0.7 + - name: docker pull --disable-content-trust=false soshybridhunter/so-thehive:HH1.0.8 so-thehive: docker_container.running: - require: - so-thehiveimage - - image: soshybridhunter/so-thehive:HH1.0.7 + - image: soshybridhunter/so-thehive:HH1.0.8 + - environment: + - ELASTICSEARCH_HOST={{ MASTERIP }} - hostname: so-thehive - name: so-thehive - user: 939 From d414ef21e84c62cb6b200e1061a79779334c6b17 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 7 May 2019 16:07:35 -0400 Subject: [PATCH 3/4] Hive Docker - Fix entrypoint --- salt/hive/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/hive/init.sls b/salt/hive/init.sls index 33e398887..9bdb2c35d 100644 --- a/salt/hive/init.sls +++ b/salt/hive/init.sls @@ -1,3 +1,4 @@ +{% set MASTERIP = salt['pillar.get']('master:mainip', '') %} hiveconfdir: file.directory: - name: /opt/so/conf/hive/etc From 35606b046b84dc6019c6e78cd6198c778ad04a70 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 8 May 2019 10:18:56 -0400 Subject: [PATCH 4/4] 1.0.8 Readme Fix --- README.md | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/README.md b/README.md index 2135066ad..4da7ca79e 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -## Hybrid Hunter 1.0.8 +## Hybrid Hunter 1.0.8 ### Changes: @@ -11,19 +11,6 @@ - The setup script will now tell you if it was successful - Added Grafana plugin Pie Chart - The Hive Docker moved to Centos 7 based container -======= -- Suricata 4.1.3 -- Updated Influxdb to 1.7.5 -- Updated Telegraf to 1.10.1 -- Grafana is now 6.0.2 -- Added support for TheHive! To enable, please see https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/The-Hive -- You are now forced to select interfaces during setup. If you skipped this test the install was not happy [#26](https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/26) -- Reduced the RAM usage for ES in Eval mode [#25](https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/26) -- Eval Mode setup is now choose your own adventure style -- Fresh dockers for all the things to bring everything to 1.0.7 -- New utility docker called SOctopus -- New html landing page now in dark mode - ### Notes: - Attempting to send a Bro event to The Hive that does not contain a source and destination IP (ex. Bro files, or X509) will result in an exception - a fix for this will be implemented in the next release.