Merge pull request #462 from Security-Onion-Solutions/bugfix/fleet

Bugfix/fleet

salt/common/init.sls

@@ -2,6 +2,7 @@
 {% set MASTER = salt['grains.get']('master') %}
 {% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
 {% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
+{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
 # Add socore Group
 socoregroup:
   group.present:
@@ -143,7 +144,7 @@ so-core:
     - port_bindings:
       - 80:80
       - 443:443
-    {%- if FLEETMASTER %}
+    {%- if FLEETMASTER or FLEETNODE %}
       - 8090:8090
     {%- endif %}
     - watch:

salt/common/nginx/nginx.conf.so-fleet

@@ -65,7 +65,7 @@ http {
     server {
         listen       443 ssl http2 default_server;
         server_name  _;
-        root         /opt/socore/html;
+        root         /opt/socore/html/packages;
         index        index.html;
 
         ssl_certificate "/etc/pki/nginx/server.crt";

salt/fleet/event_enable-fleet.sls

@@ -1,9 +1,11 @@
 {% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret') %}
+{%- set MAINIP = salt['pillar.get']('node:mainip') -%}
 
 so/fleet:
   event.send:
     - data:
         action: 'enablefleet'
         hostname: {{ grains.host }}
+        mainip: {{ MAINIP }}
         role: {{ grains.role }}
         enroll-secret: {{ ENROLLSECRET }}

salt/fleet/files/dedicated-index.html

@@ -0,0 +1,127 @@
+{%- set PACKAGESTS = salt['pillar.get']('static:fleet_packages-timestamp:', 'N/A') -%}
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>Security Onion - Hybrid Hunter</title>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
+<link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
+<style>
+* {
+	box-sizing: border-box;
+	font-family: Arial, Helvetica, sans-serif;
+	padding-left: 30px;
+	padding-right: 30px;
+}
+
+body {
+	font-family: Arial, Helvetica, sans-serif;
+	background-color: #2a2a2a;
+
+}
+a {
+	color: #f2f2f2;
+	text-align: left;
+	padding: 0px;
+}
+
+.center-content {
+	margin: 0 auto;
+}
+
+/* Style the top navigation bar */
+.topnav {
+	overflow: hidden;
+	background-color: #333;
+	width: 1080px;
+	display: flex;
+	align-content: center;
+}
+
+/* Style the topnav links */
+.topnav a {
+	margin: auto;
+	color: #f2f2f2;
+	text-align: center;
+	padding: 14px 16px;
+	text-decoration: none;
+}
+
+/* Change color on hover */
+.topnav a:hover {
+	background-color: #ddd;
+	color: black;
+}
+
+/* Style the content */
+.content {
+	background-color: #2a2a2a;
+	padding: 10px;
+	padding-top: 20px;
+	padding-left: 60px;
+	color: #E3DBCC;
+	width: 1080px;
+}
+
+/* Style the footer */
+.footer {
+	background-color: #2a2a2a;
+	padding: 60px;
+	color: #E3DBCC;
+	width: 1080px;
+}
+</style>
+</head>
+<body>
+	<div class="center-content">
+		<div class="topnav center-content">
+			<a href="/fleet/" target="_blank">Fleet</a>
+			<a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Configuring-Osquery-with-Security-Onion" target="_blank">Osquery/Fleet Docs</a>
+			<a href="https://www.securityonionsolutions.com" target="_blank">Security Onion Solutions</a>
+		</div>
+		  
+		<div class="content center-content">
+			<p>
+                <div style="text-align: center;">
+                    <h1>Security Onion - Dedicated Fleet Node</h1>
+					<h2>Osquery Packages</h2>
+				</div>
+				<br/>
+				<h2>Notes</h2>
+				<ul>
+					<li>These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from <a href="https://osquery.io/downloads">osquery.io</a></li>
+					<li>Packages are not signed.</li>
+				</ul>
+				<br/>
+				<h2>Downloads</h2>
+				<div>
+					Generated: {{ PACKAGESTS }}
+					<br/>
+					<br/>
+					Packages:
+					<ul>
+						<li><a href="/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
+						<li><a href="/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
+                        <li><a href="/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
+                        <li><a href="/launcher.pkg" download="pkg-launcher.pkg">PKG (MacOS)</a></li>
+					</ul>
+					<br/>
+					<br/>
+					Config Files:
+					<ul>
+						<li><a href="/launcher.flags" download="launcher.flags.txt">RPM & DEB Flag File</a></li>
+						<li><a href="/launcher-msi.flags" download="launcher-msi.flags.txt">MSI Flag File</a></li>
+					</ul>
+				</div>
+				<br/>
+				<h2>Known Issues</h2>
+				<ul>
+					<li>None</li>
+				</ul>
+			  </p>
+		  </div>
+	</div>
+</body>
+</html>

salt/fleet/files/osquery-packages-sa.html

@@ -1,107 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<title>Security Onion - Hybrid Hunter</title>
-<meta charset="utf-8">
-<meta name="viewport" content="width=device-width, initial-scale=1">
-<link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
-<link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
-<style>
-* {
-  box-sizing: border-box;
-  font-family: Arial, Helvetica, sans-serif;
-	padding-left: 30px;
-	padding right: 30px;
-}
-
-body {
-  font-family: Arial, Helvetica, sans-serif;
-	background-color: #2a2a2a;
-
-}
-a {
-	color: #f2f2f2;
-	text-align: left;
-	padding: 0px;
-}
-/* Style the top navigation bar */
-.topnav {
-  overflow: hidden;
-  background-color: #333;
-	width: 1080px;
-}
-
-/* Style the topnav links */
-.topnav a {
-  float: left;
-  display: block;
-  color: #f2f2f2;
-  text-align: center;
-  padding: 14px 16px;
-  text-decoration: none;
-}
-
-/* Change color on hover */
-.topnav a:hover {
-  background-color: #ddd;
-  color: black;
-}
-
-/* Style the content */
-.content {
-  background-color: #2a2a2a;
-  padding: 10px;
-	padding-top: 20px;
-	padding-left: 60px;
-	color: #E3DBCC;
-	width: 1080px;
-}
-
-/* Style the footer */
-.footer {
-  background-color: #2a2a2a;
-  padding: 60px;
-	color: #E3DBCC;
-	width: 1080px;
-}
-</style>
-</head>
-<body>
-
-<div class="topnav">
-	<a href="/packages/" target="_blank">Fleet</a>
-	<a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/FAQ" target="_blank">Fleet & Osquery Docs</a>
-</div>
-
-<div class="content">
-
-	<p><center><h1>Osquery Packages</h1></center><br>
-
-              <h2>Notes</h2>
-                <ul>
-                        <li>These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from <a href="https://osquery.io/downloads">osquery.io</a></li>
-                        <li>Packages are not signed.</li>
-	       	</ul>
-		<BR> <h2>Downloads</h2>
-                <ul>
-
-Generated: N/A
-                       <BR><BR>Packages:
-			<li><a href="/packages/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
-                        <li><a href="/packages/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
-                        <li><a href="/packages/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
-			<BR><BR>Config Files:
-	                <li><a href="/packages/launcher.flags" download="launcher.flags.txt">RPM & DEB Flag File</a></li>
-			 <li><a href="/packages/launcher-msi.flags" download="launcher-msi.flags.txt">MSI Flag File</a></li>
-		</ul>
-
-		<BR><h2>Known Issues</h2>
-		<ul>
-			<li>None</li>
-		</ul>
-	</p>
-</div>
-
-
-</body>
-</html>

salt/fleet/files/osquery-packages.html

@@ -1,3 +1,4 @@
+{%- set PACKAGESTS = salt['pillar.get']('static:fleet_packages-timestamp:', 'N/A') -%}
 <!DOCTYPE html>
 <html lang="en">
 <head>
@@ -102,7 +103,7 @@ a {
 				<br/>
 				<h2>Downloads</h2>
 				<div>
-					Generated: N/A
+					Generated: {{ PACKAGESTS }}
 					<br/>
 					<br/>
 					Packages:
@@ -110,6 +111,7 @@ a {
 						<li><a href="/packages/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
 						<li><a href="/packages/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
 						<li><a href="/packages/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
+						<li><a href="/packages/launcher.pkg" download="pkg-launcher.pkg">PKG (MacOS)</a></li>
 					</ul>
 					<br/>
 					<br/>

salt/fleet/files/scripts/so-fleet-setup

@@ -25,11 +25,12 @@ docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/pac
 # Enable Fleet
 echo "Enabling Fleet..."
 salt-call state.apply fleet.event_enable-fleet queue=True >> /root/fleet-setup.log
+salt-call state.apply common queue=True >> /root/fleet-setup.log
 
 # Generate osquery install packages
-echo "Generating osquery install packages - will take some time..."
+echo "Generating osquery install packages - this will take some time..."
 salt-call state.apply fleet.event_gen-packages queue=True >> /root/fleet-setup.log
-sleep 180
+sleep 120
 
 echo "Installing launcher via salt..."
 salt-call state.apply fleet.install_package queue=True >> /root/fleet-setup.log

salt/fleet/init.sls

@@ -50,6 +50,13 @@ fleetpacksync:
     - user: 939
     - group: 939
 
+  fleetpackagessync:
+  file.recurse:
+    - name: /opt/so/conf/fleet/packages
+    - source: salt://fleet/packages/
+    - user: 939
+    - group: 939
+
 fleetlogdir:
   file.directory:
     - name: /opt/so/log/fleet
@@ -69,7 +76,12 @@ fleetsetupscripts:
 osquerypackageswebpage:
   file.managed:
     - name: /opt/so/conf/fleet/packages/index.html
+{% if FLEETARCH == "so-fleet" %}
+    - source: salt://fleet/files/dedicated-index.html
+{% else %}
     - source: salt://fleet/files/osquery-packages.html
+{% endif %}
+    - template: jinja
 
 fleetdb:
   mysql_database.present:

salt/fleet/install_package.sls

@@ -1,7 +1,15 @@
 {%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
 {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
+{%- set FLEETHOSTNAME = salt['pillar.get']('static:fleet_hostname', False) -%}
+{%- set FLEETIP = salt['pillar.get']('static:fleet_ip', False) -%}
 
 {%- if FLEETMASTER or FLEETNODE %}
+
+{{ FLEETHOSTNAME }}:
+  host.present:
+    - ip: {{ FLEETIP }}
+    - clean: True
+
 launcherpkg:
   pkg.installed:
     - sources:

salt/reactor/fleet.sls

@@ -12,6 +12,8 @@ def run():
   HOSTNAME = data['data']['hostname']
   ROLE = data['data']['role']
   ESECRET = data['data']['enroll-secret']
+  MAINIP = data['data']['mainip']
+
   STATICFILE = '/opt/so/saltstack/pillar/static.sls'
   AUTHFILE = '/opt/so/saltstack/pillar/auth.sls'
 
@@ -27,10 +29,20 @@ def run():
           line = re.sub(r'fleet_master: \S*', f"fleet_master: True", line.rstrip())
         print(line) 
 
-      # Update the enroll secret
+      # Update the enroll secret in the auth pillar
       for line in fileinput.input(AUTHFILE, inplace=True):
         line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
-        print(line)       
+        print(line)      
+
+        # Update the Fleet host in the static pillar
+      for line in fileinput.input(STATICFILE, inplace=True):
+        line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: {HOSTNAME}", line.rstrip())
+        print(line)  
+
+        # Update the Fleet IP in the static pillar
+      for line in fileinput.input(STATICFILE, inplace=True):
+        line = re.sub(r'fleet_ip: \S*', f"fleet_ip: {MAINIP}", line.rstrip())
+        print(line)   
 
     if ACTION == 'genpackages':
       logging.info('so/fleet genpackages reactor')

setup/so-functions

@@ -781,6 +781,8 @@ master_static() {
   echo "  fleet_master: False" >> /opt/so/saltstack/pillar/static.sls
   echo "  fleet_node: False" >> /opt/so/saltstack/pillar/static.sls
   echo "  fleet_packages-timestamp: N/A" >> /opt/so/saltstack/pillar/static.sls
+  echo "  fleet_hostname: N/A" >> /opt/so/saltstack/pillar/static.sls
+  echo "  fleet_ip: N/A" >> /opt/so/saltstack/pillar/static.sls
   echo "  sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls
   if [[ $MASTERUPDATES == 'MASTER' ]]; then
     echo "  masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls