CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1424 from Security-Onion-Solutions/issue/1070

Browse Source 
Issue/1070
This commit is contained in:
Josh Patterson
2020-09-30 10:11:37 -04:00
committed by GitHub
parent 00785c6ba5 85969dc16d
commit 10f4e09b70
2 changed files with 64 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/reactor/fleet.sls
View File

@@ -37,12 +37,12 @@ def run():
# Update the Fleet host in the static pillar # Update the Fleet host in the static pillar
for line in fileinput.input(STATICFILE, inplace=True): for line in fileinput.input(STATICFILE, inplace=True):
line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: {HOSTNAME}", line.rstrip()) line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: '{HOSTNAME}'", line.rstrip())
print(line) print(line)
# Update the Fleet IP in the static pillar # Update the Fleet IP in the static pillar
for line in fileinput.input(STATICFILE, inplace=True): for line in fileinput.input(STATICFILE, inplace=True):
line = re.sub(r'fleet_ip: \S*', f"fleet_ip: {MAINIP}", line.rstrip()) line = re.sub(r'fleet_ip: \S*', f"fleet_ip: '{MAINIP}'", line.rstrip())
print(line) print(line)
if ACTION == 'genpackages': if ACTION == 'genpackages':
@@ -65,7 +65,7 @@ def run():
# Update the 'packages-built' timestamp on the webpage (stored in the static pillar) # Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
for line in fileinput.input(STATICFILE, inplace=True): for line in fileinput.input(STATICFILE, inplace=True):
line = re.sub(r'fleet_packages-timestamp: \S*', f"fleet_packages-timestamp: {strftime('%Y-%m-%d-%H:%M', gmtime())}", line.rstrip()) line = re.sub(r'fleet_packages-timestamp: \S*', f"fleet_packages-timestamp: '{strftime('%Y-%m-%d-%H:%M', gmtime())}'", line.rstrip())
print(line) print(line)
# Update the Fleet Osquery package version in the static pillar # Update the Fleet Osquery package version in the static pillar

122
setup/so-functions
View File

@@ -399,17 +399,17 @@ configure_minion() {
local minion_config=/etc/salt/minion local minion_config=/etc/salt/minion
echo "id: $MINION_ID" > "$minion_config" echo "id: '$MINION_ID'" > "$minion_config"
case "$minion_type" in case "$minion_type" in
'helix') 'helix')
echo "master: $HOSTNAME" >> "$minion_config" echo "master: '$HOSTNAME'" >> "$minion_config"
;; ;;
'manager' | 'eval' | 'managersearch' | 'standalone' | 'import') 'manager' | 'eval' | 'managersearch' | 'standalone' | 'import')
printf '%s\n'\ printf '%s\n'\
"master: $HOSTNAME"\ "master: '$HOSTNAME'"\
"mysql.host: '$MAINIP'"\ "mysql.host: '$MAINIP'"\
"mysql.port: 3306"\ "mysql.port: '3306'"\
"mysql.user: 'root'" >> "$minion_config" "mysql.user: 'root'" >> "$minion_config"
if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then
echo "mysql.pass: '$MYSQLPASS'" >> "$minion_config" echo "mysql.pass: '$MYSQLPASS'" >> "$minion_config"
@@ -419,7 +419,7 @@ configure_minion() {
fi fi
;; ;;
*) *)
echo "master: $MSRV" >> "$minion_config" echo "master: '$MSRV'" >> "$minion_config"
;; ;;
esac esac
@@ -942,7 +942,7 @@ fireeye_pillar() {
printf '%s\n'\ printf '%s\n'\
"fireeye:"\ "fireeye:"\
" helix:"\ " helix:"\
" api_key: $HELIXAPIKEY" " api_key: '$HELIXAPIKEY'"
"" > "$fireeye_pillar_path"/init.sls "" > "$fireeye_pillar_path"/init.sls
} }
@@ -968,8 +968,8 @@ fleet_pillar() {
# Create the fleet pillar # Create the fleet pillar
printf '%s\n'\ printf '%s\n'\
"fleet:"\ "fleet:"\
" mainip: $MAINIP"\ " mainip: '$MAINIP'"\
" manager: $MSRV"\ " manager: '$MSRV'"\
"" > "$pillar_file" "" > "$pillar_file"
} }
@@ -1032,7 +1032,7 @@ host_pillar() {
# Create the host pillar # Create the host pillar
printf '%s\n'\ printf '%s\n'\
"host:"\ "host:"\
" mainint: $MNIC"\ " mainint: '$MNIC'"\
"" > "$pillar_file" "" > "$pillar_file"
} }
@@ -1068,9 +1068,9 @@ manager_pillar() {
# Create the manager pillar # Create the manager pillar
printf '%s\n'\ printf '%s\n'\
"manager:"\ "manager:"\
" mainip: $MAINIP"\ " mainip: '$MAINIP'"\
" mainint: $MNIC"\ " mainint: '$MNIC'"\
" esheap: $ES_HEAP_SIZE"\ " esheap: '$ES_HEAP_SIZE'"\
" esclustername: {{ grains.host }}"\ " esclustername: {{ grains.host }}"\
" freq: 0"\ " freq: 0"\
" domainstats: 0" >> "$pillar_file" " domainstats: 0" >> "$pillar_file"
@@ -1092,14 +1092,14 @@ manager_pillar() {
" playbook: $PLAYBOOK"\ " playbook: $PLAYBOOK"\
""\ ""\
"elasticsearch:"\ "elasticsearch:"\
" mainip: $MAINIP"\ " mainip: '$MAINIP'"\
" mainint: $MNIC"\ " mainint: '$MNIC'"\
" esheap: $NODE_ES_HEAP_SIZE"\ " esheap: '$NODE_ES_HEAP_SIZE'"\
" esclustername: {{ grains.host }}"\ " esclustername: {{ grains.host }}"\
" node_type: $NODETYPE"\ " node_type: '$NODETYPE'"\
" es_port: $node_es_port"\ " es_port: $node_es_port"\
" log_size_limit: $log_size_limit"\ " log_size_limit: $log_size_limit"\
" node_route_type: hot"\ " node_route_type: 'hot'"\
""\ ""\
"logstash_settings:"\ "logstash_settings:"\
" ls_pipeline_batch_size: 125"\ " ls_pipeline_batch_size: 125"\
@@ -1110,8 +1110,8 @@ manager_pillar() {
""\ ""\
"idstools:"\ "idstools:"\
" config:"\ " config:"\
" ruleset: $RULESETUP"\ " ruleset: '$RULESETUP'"\
" oinkcode: $OINKCODE"\ " oinkcode: '$OINKCODE'"\
" urls:"\ " urls:"\
" sids:"\ " sids:"\
" enabled:"\ " enabled:"\
@@ -1122,7 +1122,7 @@ manager_pillar() {
printf '%s\n'\ printf '%s\n'\
" kratoskey: $KRATOSKEY"\ " kratoskey: '$KRATOSKEY'"\
"" >> "$pillar_file" "" >> "$pillar_file"
} }
@@ -1140,14 +1140,14 @@ manager_global() {
# Create a global file for global values # Create a global file for global values
printf '%s\n'\ printf '%s\n'\
"global:"\ "global:"\
" soversion: $SOVERSION"\ " soversion: '$SOVERSION'"\
" hnmanager: $HNMANAGER"\ " hnmanager: '$HNMANAGER'"\
" ntpserver: $NTPSERVER"\ " ntpserver: '$NTPSERVER'"\
" proxy: $PROXY"\ " proxy: '$PROXY'"\
" mdengine: $ZEEKVERSION"\ " mdengine: '$ZEEKVERSION'"\
" ids: $NIDS"\ " ids: '$NIDS'"\
" url_base: $REDIRECTIT"\ " url_base: '$REDIRECTIT'"\
" managerip: $MAINIP" > "$global_pillar" " managerip: '$MAINIP'" > "$global_pillar"
if [[ $is_airgap ]]; then if [[ $is_airgap ]]; then
printf '%s\n'\ printf '%s\n'\
@@ -1160,17 +1160,17 @@ manager_global() {
# Check if TheHive is enabled. If so, add creds and other details # Check if TheHive is enabled. If so, add creds and other details
if [[ "$THEHIVE" == "1" ]]; then if [[ "$THEHIVE" == "1" ]]; then
printf '%s\n'\ printf '%s\n'\
" hiveuser: $WEBUSER"\ " hiveuser: '$WEBUSER'"\
" hivepassword: '$WEBPASSWD1'"\ " hivepassword: '$WEBPASSWD1'"\
" hivekey: $HIVEKEY"\ " hivekey: '$HIVEKEY'"\
" hiveplaysecret: $HIVEPLAYSECRET"\ " hiveplaysecret: '$HIVEPLAYSECRET'"\
" cortexuser: $WEBUSER"\ " cortexuser: '$WEBUSER'"\
" cortexpassword: '$WEBPASSWD1'"\ " cortexpassword: '$WEBPASSWD1'"\
" cortexkey: $CORTEXKEY"\ " cortexkey: '$CORTEXKEY'"\
" cortexorgname: SecurityOnion"\ " cortexorgname: 'SecurityOnion'"\
" cortexorguser: soadmin"\ " cortexorguser: 'soadmin'"\
" cortexorguserkey: $CORTEXORGUSERKEY"\ " cortexorguserkey: '$CORTEXORGUSERKEY'"\
" cortexplaysecret: $CORTEXPLAYSECRET" >> "$global_pillar" " cortexplaysecret: '$CORTEXPLAYSECRET'" >> "$global_pillar"
fi fi
# Continue adding other details # Continue adding other details
@@ -1178,15 +1178,15 @@ manager_global() {
" fleet_custom_hostname: "\ " fleet_custom_hostname: "\
" fleet_manager: False"\ " fleet_manager: False"\
" fleet_node: False"\ " fleet_node: False"\
" fleet_packages-timestamp: N/A"\ " fleet_packages-timestamp: 'N/A'"\
" fleet_packages-version: 1"\ " fleet_packages-version: 1"\
" fleet_hostname: N/A"\ " fleet_hostname: 'N/A'"\
" fleet_ip: N/A"\ " fleet_ip: 'N/A'"\
" sensoronikey: $SENSORONIKEY"\ " sensoronikey: '$SENSORONIKEY'"\
" wazuh: $WAZUH"\ " wazuh: $WAZUH"\
" managerupdate: $MANAGERUPDATES"\ " managerupdate: $MANAGERUPDATES"\
" imagerepo: $IMAGEREPO"\ " imagerepo: '$IMAGEREPO'"\
" pipeline: redis"\ " pipeline: 'redis'"\
"pcap:"\ "pcap:"\
" sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\
"strelka:"\ "strelka:"\
@@ -1199,13 +1199,13 @@ manager_global() {
"elasticsearch:"\ "elasticsearch:"\
" replicas: 0"\ " replicas: 0"\
" true_cluster: False"\ " true_cluster: False"\
" true_cluster_name: so"\ " true_cluster_name: 'so'"\
" discovery_nodes: 1"\ " discovery_nodes: 1"\
" hot_warm_enabled: False"\ " hot_warm_enabled: False"\
" cluster_routing_allocation_disk.threshold_enabled: true"\ " cluster_routing_allocation_disk.threshold_enabled: true"\
" cluster_routing_allocation_disk_watermark_low: 95%"\ " cluster_routing_allocation_disk_watermark_low: '95%'"\
" cluster_routing_allocation_disk_watermark_high: 98%"\ " cluster_routing_allocation_disk_watermark_high: '98%'"\
" cluster_routing_allocation_disk_watermark_flood_stage: 98%"\ " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\
" index_settings:"\ " index_settings:"\
" so-beats:"\ " so-beats:"\
" shards: 1"\ " shards: 1"\
@@ -1264,11 +1264,11 @@ manager_global() {
" size_file: 2048"\ " size_file: 2048"\
" time_file: 1"\ " time_file: 1"\
" upload_queue_size: 4"\ " upload_queue_size: 4"\
" encoding: gzip"\ " encoding: 'gzip'"\
" interval: 5"\ " interval: 5"\
"backup:"\ "backup:"\
" locations:"\ " locations:"\
" - /opt/so/saltstack/local" >> "$global_pillar" " - /opt/so/saltstack/local" >> "$global_pillar"
printf '%s\n' '----' >> "$setup_log" 2>&1 printf '%s\n' '----' >> "$setup_log" 2>&1
} }
@@ -1312,14 +1312,14 @@ elasticsearch_pillar() {
# Create the node pillar # Create the node pillar
printf '%s\n'\ printf '%s\n'\
"elasticsearch:"\ "elasticsearch:"\
" mainip: $MAINIP"\ " mainip: '$MAINIP'"\
" mainint: $MNIC"\ " mainint: '$MNIC'"\
" esheap: $NODE_ES_HEAP_SIZE"\ " esheap: '$NODE_ES_HEAP_SIZE'"\
" esclustername: {{ grains.host }}"\ " esclustername: {{ grains.host }}"\
" node_type: $NODETYPE"\ " node_type: '$NODETYPE'"\
" es_port: $node_es_port"\ " es_port: $node_es_port"\
" log_size_limit: $log_size_limit"\ " log_size_limit: $log_size_limit"\
" node_route_type: hot"\ " node_route_type: 'hot'"\
"" >> "$pillar_file" "" >> "$pillar_file"
printf '%s\n'\ printf '%s\n'\
@@ -1344,7 +1344,7 @@ patch_pillar() {
printf '%s\n'\ printf '%s\n'\
"patch:"\ "patch:"\
" os:"\ " os:"\
" schedule_name: $PATCHSCHEDULENAME"\ " schedule_name: '$PATCHSCHEDULENAME'"\
" enabled: True"\ " enabled: True"\
" splay: 300"\ " splay: 300"\
"" >> "$pillar_file" "" >> "$pillar_file"
@@ -1713,9 +1713,9 @@ sensor_pillar() {
# Create the sensor pillar # Create the sensor pillar
printf '%s\n'\ printf '%s\n'\
"sensor:"\ "sensor:"\
" interface: $INTERFACE"\ " interface: '$INTERFACE'"\
" mainip: $MAINIP"\ " mainip: '$MAINIP'"\
" mainint: $MNIC" >> "$pillar_file" " mainint: '$MNIC'" >> "$pillar_file"
if [ "$NSMSETUP" = 'ADVANCED' ]; then if [ "$NSMSETUP" = 'ADVANCED' ]; then
echo " zeek_pins:" >> "$pillar_file" echo " zeek_pins:" >> "$pillar_file"
@@ -1736,7 +1736,7 @@ sensor_pillar() {
echo " suriprocs: $BASICSURI" >> "$pillar_file" echo " suriprocs: $BASICSURI" >> "$pillar_file"
fi fi
printf '%s\n'\ printf '%s\n'\
" manager: $MSRV"\ " manager: '$MSRV'"\
" mtu: $MTU"\ " mtu: $MTU"\
" uniqueid: $(date '+%s')" >> "$pillar_file" " uniqueid: $(date '+%s')" >> "$pillar_file"
if [ "$HNSENSOR" != 'inherit' ]; then if [ "$HNSENSOR" != 'inherit' ]; then