CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1614 from Security-Onion-Solutions/issue/1573

Browse Source 
Issue/1573 and Issue/1601
This commit is contained in:
Josh Patterson
2020-10-22 15:57:40 -04:00
committed by GitHub
parent 51ca661219 50a767ca6c
commit 1185e43064
6 changed files with 46 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/common/maps/manager.map.jinja
View File

@@ -5,7 +5,6 @@
'so-telegraf', 'so-telegraf',
'so-soc', 'so-soc',
'so-kratos', 'so-kratos',
'so-aptcacherng',
'so-idstools', 'so-idstools',
'so-redis', 'so-redis',
'so-elasticsearch', 'so-elasticsearch',
@@ -16,3 +15,7 @@
'so-soctopus' 'so-soctopus'
] ]
} %} } %}
{% if salt['pillar.get']('global:managerupdate') == 1 %}
{% do docker.containers.append('so-aptcacherng') %}
{% endif %}

5
salt/common/maps/managersearch.map.jinja
View File

@@ -4,7 +4,6 @@
'so-telegraf', 'so-telegraf',
'so-soc', 'so-soc',
'so-kratos', 'so-kratos',
'so-aptcacherng',
'so-idstools', 'so-idstools',
'so-redis', 'so-redis',
'so-logstash', 'so-logstash',
@@ -16,3 +15,7 @@
'so-soctopus' 'so-soctopus'
] ]
} %} } %}
{% if salt['pillar.get']('global:managerupdate') == 1 %}
{% do docker.containers.append('so-aptcacherng') %}
{% endif %}

5
salt/common/maps/standalone.map.jinja
View File

@@ -4,7 +4,6 @@
'so-telegraf', 'so-telegraf',
'so-soc', 'so-soc',
'so-kratos', 'so-kratos',
'so-aptcacherng',
'so-idstools', 'so-idstools',
'so-redis', 'so-redis',
'so-logstash', 'so-logstash',
@@ -20,3 +19,7 @@
'so-sensoroni' 'so-sensoroni'
] ]
} %} } %}
{% if salt['pillar.get']('global:managerupdate') == 1 %}
{% do docker.containers.append('so-aptcacherng') %}
{% endif %}

18
salt/common/tools/sbin/so-status
View File

@@ -27,10 +27,15 @@ ERROR_STRING="ERROR"
SUCCESS_STRING="OK" SUCCESS_STRING="OK"
PENDING_STRING="PENDING" PENDING_STRING="PENDING"
MISSING_STRING='MISSING' MISSING_STRING='MISSING'
DISABLED_STRING='DISABLED'
CALLER=$(ps -o comm= $PPID) CALLER=$(ps -o comm= $PPID)
declare -a BAD_STATUSES=("removing" "paused" "exited" "dead") declare -a BAD_STATUSES=("removing" "paused" "exited" "dead")
declare -a PENDING_STATUSES=("paused" "created" "restarting") declare -a PENDING_STATUSES=("paused" "created" "restarting")
declare -a GOOD_STATUSES=("running") declare -a GOOD_STATUSES=("running")
declare -a DISABLED_CONTAINERS=()
{%- if salt['pillar.get']('steno:enabled', 'True') is sameas false %}
DISABLED_CONTAINERS+=("so-steno")
{%- endif %}
declare -a temp_container_name_list=() declare -a temp_container_name_list=()
declare -a temp_container_state_list=() declare -a temp_container_state_list=()
@@ -104,6 +109,7 @@ populate_container_lists() {
parse_status() { parse_status() {
local container_state=${1} local container_state=${1}
local service_name=${2}
[[ $container_state = "missing" ]] && printf $MISSING_STRING && return 1 [[ $container_state = "missing" ]] && printf $MISSING_STRING && return 1
@@ -117,7 +123,13 @@ parse_status() {
# This is technically not needed since the default is error state # This is technically not needed since the default is error state
for state in "${BAD_STATUSES[@]}"; do for state in "${BAD_STATUSES[@]}"; do
[[ $container_state = "$state" ]] && printf $ERROR_STRING && return 1 if [[ " ${DISABLED_CONTAINERS[@]} " =~ " ${service_name} " ]]; then
printf $DISABLED_STRING
return 0
elif [[ $container_state = "$state" ]]; then
printf $ERROR_STRING
return 1
fi
done done
printf $ERROR_STRING && return 1 printf $ERROR_STRING && return 1
@@ -127,7 +139,7 @@ parse_status() {
print_line() { print_line() {
local service_name=${1} local service_name=${1}
local service_state="$( parse_status ${2} )" local service_state="$( parse_status ${2} ${1} )"
local columns=$(tput cols) local columns=$(tput cols)
local state_color="\e[0m" local state_color="\e[0m"
@@ -137,7 +149,7 @@ print_line() {
state_color="\e[1;31m" state_color="\e[1;31m"
elif [[ $service_state = "$SUCCESS_STRING" ]]; then elif [[ $service_state = "$SUCCESS_STRING" ]]; then
state_color="\e[1;32m" state_color="\e[1;32m"
elif [[ $service_state = "$PENDING_STRING" ]]; then elif [[ $service_state = "$PENDING_STRING" ]] || [[ $service_state = "$DISABLED_STRING" ]]; then
state_color="\e[1;33m" state_color="\e[1;33m"
fi fi

6
salt/pcap/init.sls
View File

@@ -23,7 +23,7 @@
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %} {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %} {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
{% set BPF_COMPILED = "" %} {% set BPF_COMPILED = "" %}
{% from "pcap/map.jinja" import START with context %} {% from "pcap/map.jinja" import STENOOPTIONS with context %}
# PCAP Section # PCAP Section
@@ -135,9 +135,9 @@ sensoronilog:
- makedirs: True - makedirs: True
so-steno: so-steno:
docker_container.running: docker_container.{{ STENOOPTIONS.status }}:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }}
- start: {{ START }} - start: {{ STENOOPTIONS.start }}
- network_mode: host - network_mode: host
- privileged: True - privileged: True
- port_bindings: - port_bindings:

17
salt/pcap/map.jinja
View File

@@ -1,6 +1,15 @@
# don't start the docker container if it is an import node {% set STENOOPTIONS = {} %}
{% if grains.id.split('_')|last == 'import' %} {% set ENABLED = salt['pillar.get']('steno:enabled', 'True') %}
{% set START = False %}
# don't start the docker container if it is an import node or disabled via pillar
{% if grains.id.split('_')|last == 'import' or ENABLED is sameas false %}
{% do STENOOPTIONS.update({'start': False}) %}
{% else %} {% else %}
{% set START = True %} {% do STENOOPTIONS.update({'start': True}) %}
{% endif %}
{% if ENABLED is sameas false %}
{% do STENOOPTIONS.update({'status': 'stopped'}) %}
{% else %}
{% do STENOOPTIONS.update({'status': 'running'}) %}
{% endif %} {% endif %}