mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge branch 'master' of https://github.com/TOoSmOotH/securityonion-saltstack
This commit is contained in:
Dustin Lee
13
README.md
13
README.md
@@ -11,19 +11,6 @@
|
|||||||
- The setup script will now tell you if it was successful
|
- The setup script will now tell you if it was successful
|
||||||
- Added Grafana plugin Pie Chart
|
- Added Grafana plugin Pie Chart
|
||||||
- The Hive Docker moved to Centos 7 based container
|
- The Hive Docker moved to Centos 7 based container
|
||||||
=======
|
|
||||||
- Suricata 4.1.3
|
|
||||||
- Updated Influxdb to 1.7.5
|
|
||||||
- Updated Telegraf to 1.10.1
|
|
||||||
- Grafana is now 6.0.2
|
|
||||||
- Added support for TheHive! To enable, please see https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/The-Hive
|
|
||||||
- You are now forced to select interfaces during setup. If you skipped this test the install was not happy [#26](https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/26)
|
|
||||||
- Reduced the RAM usage for ES in Eval mode [#25](https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/26)
|
|
||||||
- Eval Mode setup is now choose your own adventure style
|
|
||||||
- Fresh dockers for all the things to bring everything to 1.0.7
|
|
||||||
- New utility docker called SOctopus
|
|
||||||
- New html landing page now in dark mode
|
|
||||||
|
|
||||||
|
|
||||||
### Notes:
|
### Notes:
|
||||||
- Attempting to send a Bro event to The Hive that does not contain a source and destination IP (ex. Bro files, or X509) will result in an exception - a fix for this will be implemented in the next release.
|
- Attempting to send a Bro event to The Hive that does not contain a source and destination IP (ex. Bro files, or X509) will result in an exception - a fix for this will be implemented in the next release.
|
||||||
|
|||||||
@@ -37,6 +37,7 @@ sensorpkgs:
|
|||||||
- skip_suggestions: False
|
- skip_suggestions: False
|
||||||
- pkgs:
|
- pkgs:
|
||||||
- docker-ce
|
- docker-ce
|
||||||
|
- wget
|
||||||
{% if grains['os'] != 'CentOS' %}
|
{% if grains['os'] != 'CentOS' %}
|
||||||
- python-docker
|
- python-docker
|
||||||
- python-m2crypto
|
- python-m2crypto
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
|
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
|
||||||
hiveconfdir:
|
hiveconfdir:
|
||||||
file.directory:
|
file.directory:
|
||||||
- name: /opt/so/conf/hive/etc
|
- name: /opt/so/conf/hive/etc
|
||||||
@@ -80,13 +81,15 @@ so-thehive-es:
|
|||||||
|
|
||||||
so-thehiveimage:
|
so-thehiveimage:
|
||||||
cmd.run:
|
cmd.run:
|
||||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-thehive:HH1.0.7
|
- name: docker pull --disable-content-trust=false soshybridhunter/so-thehive:HH1.0.8
|
||||||
|
|
||||||
so-thehive:
|
so-thehive:
|
||||||
docker_container.running:
|
docker_container.running:
|
||||||
- require:
|
- require:
|
||||||
- so-thehiveimage
|
- so-thehiveimage
|
||||||
- image: soshybridhunter/so-thehive:HH1.0.7
|
- image: soshybridhunter/so-thehive:HH1.0.8
|
||||||
|
- environment:
|
||||||
|
- ELASTICSEARCH_HOST={{ MASTERIP }}
|
||||||
- hostname: so-thehive
|
- hostname: so-thehive
|
||||||
- name: so-thehive
|
- name: so-thehive
|
||||||
- user: 939
|
- user: 939
|
||||||
|
|||||||
@@ -33,5 +33,14 @@ hive_init(){
|
|||||||
if [ -f /opt/so/state/thehive.txt ]; then
|
if [ -f /opt/so/state/thehive.txt ]; then
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
|
rm -f garbage_file
|
||||||
|
while ! wget -O garbage_file {{MASTERIP}}:9500 2>/dev/null
|
||||||
|
do
|
||||||
|
echo "Waiting for Elasticsearch..."
|
||||||
|
rm -f garbage_file
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
rm -f garbage_file
|
||||||
|
sleep 5
|
||||||
hive_init
|
hive_init
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user