From 547c3ff52cdbb4afb6785012fa923e68702fdcf3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 29 Sep 2020 13:59:16 -0400 Subject: [PATCH 1/3] single quote inputs to yaml files --- setup/so-functions | 122 ++++++++++++++++++++++----------------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 3d51a9bd9..21bc6077a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -396,17 +396,17 @@ configure_minion() { local minion_config=/etc/salt/minion - echo "id: $MINION_ID" > "$minion_config" + echo "id: '$MINION_ID'" > "$minion_config" case "$minion_type" in 'helix') - echo "master: $HOSTNAME" >> "$minion_config" + echo "master: '$HOSTNAME'" >> "$minion_config" ;; 'manager' | 'eval' | 'managersearch' | 'standalone' | 'import') printf '%s\n'\ - "master: $HOSTNAME"\ + "master: '$HOSTNAME'"\ "mysql.host: '$MAINIP'"\ - "mysql.port: 3306"\ + "mysql.port: '3306'"\ "mysql.user: 'root'" >> "$minion_config" if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then echo "mysql.pass: '$MYSQLPASS'" >> "$minion_config" @@ -416,7 +416,7 @@ configure_minion() { fi ;; *) - echo "master: $MSRV" >> "$minion_config" + echo "master: '$MSRV'" >> "$minion_config" ;; esac @@ -939,7 +939,7 @@ fireeye_pillar() { printf '%s\n'\ "fireeye:"\ " helix:"\ - " api_key: $HELIXAPIKEY" + " api_key: '$HELIXAPIKEY'" "" > "$fireeye_pillar_path"/init.sls } @@ -965,8 +965,8 @@ fleet_pillar() { # Create the fleet pillar printf '%s\n'\ "fleet:"\ - " mainip: $MAINIP"\ - " manager: $MSRV"\ + " mainip: '$MAINIP'"\ + " manager: '$MSRV'"\ "" > "$pillar_file" } @@ -1062,10 +1062,10 @@ manager_pillar() { # Create the manager pillar printf '%s\n'\ "manager:"\ - " mainip: $MAINIP"\ - " mainint: $MNIC"\ - " esheap: $ES_HEAP_SIZE"\ - " esclustername: {{ grains.host }}"\ + " mainip: '$MAINIP'"\ + " mainint: '$MNIC'"\ + " esheap: '$ES_HEAP_SIZE'"\ + " esclustername: '{{ grains.host }}'"\ " freq: 0"\ " domainstats: 0" >> "$pillar_file" @@ -1086,14 +1086,14 @@ manager_pillar() { " playbook: $PLAYBOOK"\ ""\ "elasticsearch:"\ - " mainip: $MAINIP"\ - " mainint: $MNIC"\ + " mainip: '$MAINIP'"\ + " mainint: '$MNIC'"\ " esheap: $NODE_ES_HEAP_SIZE"\ - " esclustername: {{ grains.host }}"\ - " node_type: $NODETYPE"\ + " esclustername: '{{ grains.host }}'"\ + " node_type: '$NODETYPE'"\ " es_port: $node_es_port"\ " log_size_limit: $log_size_limit"\ - " node_route_type: hot"\ + " node_route_type: 'hot'"\ ""\ "logstash_settings:"\ " ls_pipeline_batch_size: 125"\ @@ -1104,8 +1104,8 @@ manager_pillar() { ""\ "idstools:"\ " config:"\ - " ruleset: $RULESETUP"\ - " oinkcode: $OINKCODE"\ + " ruleset: '$RULESETUP'"\ + " oinkcode: '$OINKCODE'"\ " urls:"\ " sids:"\ " enabled:"\ @@ -1116,7 +1116,7 @@ manager_pillar() { printf '%s\n'\ - " kratoskey: $KRATOSKEY"\ + " kratoskey: '$KRATOSKEY'"\ "" >> "$pillar_file" } @@ -1134,14 +1134,14 @@ manager_global() { # Create a global file for global values printf '%s\n'\ "global:"\ - " soversion: $SOVERSION"\ - " hnmanager: $HNMANAGER"\ - " ntpserver: $NTPSERVER"\ - " proxy: $PROXY"\ - " mdengine: $ZEEKVERSION"\ - " ids: $NIDS"\ - " url_base: $REDIRECTIT"\ - " managerip: $MAINIP" > "$global_pillar" + " soversion: '$SOVERSION'"\ + " hnmanager: '$HNMANAGER'"\ + " ntpserver: '$NTPSERVER'"\ + " proxy: '$PROXY'"\ + " mdengine: '$ZEEKVERSION'"\ + " ids: '$NIDS'"\ + " url_base: '$REDIRECTIT'"\ + " managerip: '$MAINIP'" > "$global_pillar" if [[ $is_airgap ]]; then printf '%s\n'\ @@ -1154,17 +1154,17 @@ manager_global() { # Check if TheHive is enabled. If so, add creds and other details if [[ "$THEHIVE" == "1" ]]; then printf '%s\n'\ - " hiveuser: $WEBUSER"\ + " hiveuser: '$WEBUSER'"\ " hivepassword: '$WEBPASSWD1'"\ - " hivekey: $HIVEKEY"\ - " hiveplaysecret: $HIVEPLAYSECRET"\ - " cortexuser: $WEBUSER"\ + " hivekey: '$HIVEKEY'"\ + " hiveplaysecret: '$HIVEPLAYSECRET'"\ + " cortexuser: '$WEBUSER'"\ " cortexpassword: '$WEBPASSWD1'"\ - " cortexkey: $CORTEXKEY"\ - " cortexorgname: SecurityOnion"\ - " cortexorguser: soadmin"\ - " cortexorguserkey: $CORTEXORGUSERKEY"\ - " cortexplaysecret: $CORTEXPLAYSECRET" >> "$global_pillar" + " cortexkey: '$CORTEXKEY'"\ + " cortexorgname: 'SecurityOnion'"\ + " cortexorguser: 'soadmin'"\ + " cortexorguserkey: '$CORTEXORGUSERKEY'"\ + " cortexplaysecret: '$CORTEXPLAYSECRET'" >> "$global_pillar" fi # Continue adding other details @@ -1172,15 +1172,15 @@ manager_global() { " fleet_custom_hostname: "\ " fleet_manager: False"\ " fleet_node: False"\ - " fleet_packages-timestamp: N/A"\ + " fleet_packages-timestamp: 'N/A'"\ " fleet_packages-version: 1"\ - " fleet_hostname: N/A"\ - " fleet_ip: N/A"\ - " sensoronikey: $SENSORONIKEY"\ + " fleet_hostname: 'N/A'"\ + " fleet_ip: 'N/A'"\ + " sensoronikey: '$SENSORONIKEY'"\ " wazuh: $WAZUH"\ " managerupdate: $MANAGERUPDATES"\ - " imagerepo: $IMAGEREPO"\ - " pipeline: redis"\ + " imagerepo: '$IMAGEREPO'"\ + " pipeline: 'redis'"\ "pcap:"\ " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ "strelka:"\ @@ -1193,13 +1193,13 @@ manager_global() { "elasticsearch:"\ " replicas: 0"\ " true_cluster: False"\ - " true_cluster_name: so"\ + " true_cluster_name: 'so'"\ " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ - " cluster_routing_allocation_disk_watermark_low: 95%"\ - " cluster_routing_allocation_disk_watermark_high: 98%"\ - " cluster_routing_allocation_disk_watermark_flood_stage: 98%"\ + " cluster_routing_allocation_disk_watermark_low: '95%'"\ + " cluster_routing_allocation_disk_watermark_high: '98%'"\ + " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\ " index_settings:"\ " so-beats:"\ " shards: 1"\ @@ -1258,11 +1258,11 @@ manager_global() { " size_file: 2048"\ " time_file: 1"\ " upload_queue_size: 4"\ - " encoding: gzip"\ + " encoding: 'gzip'"\ " interval: 5"\ - "backup:"\ - " locations:"\ - " - /opt/so/saltstack/local" >> "$global_pillar" + "backup:"\ + " locations:"\ + " - /opt/so/saltstack/local" >> "$global_pillar" printf '%s\n' '----' >> "$setup_log" 2>&1 } @@ -1306,14 +1306,14 @@ elasticsearch_pillar() { # Create the node pillar printf '%s\n'\ "elasticsearch:"\ - " mainip: $MAINIP"\ - " mainint: $MNIC"\ + " mainip: '$MAINIP'"\ + " mainint: '$MNIC'"\ " esheap: $NODE_ES_HEAP_SIZE"\ - " esclustername: {{ grains.host }}"\ - " node_type: $NODETYPE"\ + " esclustername: '{{ grains.host }}'"\ + " node_type: '$NODETYPE'"\ " es_port: $node_es_port"\ " log_size_limit: $log_size_limit"\ - " node_route_type: hot"\ + " node_route_type: 'hot'"\ "" >> "$pillar_file" printf '%s\n'\ @@ -1338,7 +1338,7 @@ patch_pillar() { printf '%s\n'\ "patch:"\ " os:"\ - " schedule_name: $PATCHSCHEDULENAME"\ + " schedule_name: '$PATCHSCHEDULENAME'"\ " enabled: True"\ " splay: 300"\ "" >> "$pillar_file" @@ -1707,9 +1707,9 @@ sensor_pillar() { # Create the sensor pillar printf '%s\n'\ "sensor:"\ - " interface: $INTERFACE"\ - " mainip: $MAINIP"\ - " mainint: $MNIC" >> "$pillar_file" + " interface: '$INTERFACE'"\ + " mainip: '$MAINIP'"\ + " mainint: '$MNIC'" >> "$pillar_file" if [ "$NSMSETUP" = 'ADVANCED' ]; then echo " zeek_pins:" >> "$pillar_file" @@ -1730,7 +1730,7 @@ sensor_pillar() { echo " suriprocs: $BASICSURI" >> "$pillar_file" fi printf '%s\n'\ - " manager: $MSRV"\ + " manager: '$MSRV'"\ " mtu: $MTU"\ " uniqueid: $(date '+%s')" >> "$pillar_file" if [ "$HNSENSOR" != 'inherit' ]; then From bf99bab6c05ae5777af82e55df3c35f8e72024ba Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 29 Sep 2020 16:26:45 -0400 Subject: [PATCH 2/3] add quotes and remove quotes --- salt/reactor/fleet.sls | 4 ++-- setup/so-functions | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls index 4e4e13791..16451fec0 100644 --- a/salt/reactor/fleet.sls +++ b/salt/reactor/fleet.sls @@ -37,12 +37,12 @@ def run(): # Update the Fleet host in the static pillar for line in fileinput.input(STATICFILE, inplace=True): - line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: {HOSTNAME}", line.rstrip()) + line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: '{HOSTNAME}'", line.rstrip()) print(line) # Update the Fleet IP in the static pillar for line in fileinput.input(STATICFILE, inplace=True): - line = re.sub(r'fleet_ip: \S*', f"fleet_ip: {MAINIP}", line.rstrip()) + line = re.sub(r'fleet_ip: \S*', f"fleet_ip: '{MAINIP}'", line.rstrip()) print(line) if ACTION == 'genpackages': diff --git a/setup/so-functions b/setup/so-functions index 21bc6077a..acd0f80cd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1026,7 +1026,7 @@ host_pillar() { # Create the host pillar printf '%s\n'\ "host:"\ - " mainint: $MNIC"\ + " mainint: '$MNIC'"\ "" > "$pillar_file" } @@ -1065,7 +1065,7 @@ manager_pillar() { " mainip: '$MAINIP'"\ " mainint: '$MNIC'"\ " esheap: '$ES_HEAP_SIZE'"\ - " esclustername: '{{ grains.host }}'"\ + " esclustername: {{ grains.host }}"\ " freq: 0"\ " domainstats: 0" >> "$pillar_file" @@ -1088,8 +1088,8 @@ manager_pillar() { "elasticsearch:"\ " mainip: '$MAINIP'"\ " mainint: '$MNIC'"\ - " esheap: $NODE_ES_HEAP_SIZE"\ - " esclustername: '{{ grains.host }}'"\ + " esheap: '$NODE_ES_HEAP_SIZE'"\ + " esclustername: {{ grains.host }}"\ " node_type: '$NODETYPE'"\ " es_port: $node_es_port"\ " log_size_limit: $log_size_limit"\ @@ -1308,8 +1308,8 @@ elasticsearch_pillar() { "elasticsearch:"\ " mainip: '$MAINIP'"\ " mainint: '$MNIC'"\ - " esheap: $NODE_ES_HEAP_SIZE"\ - " esclustername: '{{ grains.host }}'"\ + " esheap: '$NODE_ES_HEAP_SIZE'"\ + " esclustername: {{ grains.host }}"\ " node_type: '$NODETYPE'"\ " es_port: $node_es_port"\ " log_size_limit: $log_size_limit"\ From 85969dc16d7991795f4e51594bdb93cf639de397 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 29 Sep 2020 16:29:05 -0400 Subject: [PATCH 3/3] add quotes and remove quotes --- salt/reactor/fleet.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls index 16451fec0..a32fb5cfd 100644 --- a/salt/reactor/fleet.sls +++ b/salt/reactor/fleet.sls @@ -65,7 +65,7 @@ def run(): # Update the 'packages-built' timestamp on the webpage (stored in the static pillar) for line in fileinput.input(STATICFILE, inplace=True): - line = re.sub(r'fleet_packages-timestamp: \S*', f"fleet_packages-timestamp: {strftime('%Y-%m-%d-%H:%M', gmtime())}", line.rstrip()) + line = re.sub(r'fleet_packages-timestamp: \S*', f"fleet_packages-timestamp: '{strftime('%Y-%m-%d-%H:%M', gmtime())}'", line.rstrip()) print(line) # Update the Fleet Osquery package version in the static pillar