mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #336 from Security-Onion-Solutions/hotfix/wazuh
Hotfix/wazuh
This commit is contained in:
weslambert
GitHub
@@ -86,14 +86,14 @@ echo "Adding $IP to the $FULLROLE role. This can take a few seconds"
|
||||
if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
|
||||
# If analyst, add to Wazuh AR whitelist
|
||||
if [ "$FULLROLE" == "analyst" ]; then
|
||||
WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf"
|
||||
WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
|
||||
if ! grep -q "<white_list>$IP</white_list>" $WAZUH_MGR_CFG ; then
|
||||
DATE=`date`
|
||||
sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG
|
||||
sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG
|
||||
echo -e "<!--Address $IP added by /usr/sbin/so-allow on "$DATE"-->\n <global>\n <white_list>$IP</white_list>\n </global>\n</ossec_config>" >> $WAZUH_MGR_CFG
|
||||
echo "Added whitelist entry for $IP in $WAZUH_MGR_CFG."
|
||||
echo
|
||||
echo
|
||||
echo "Restarting OSSEC Server..."
|
||||
/usr/sbin/so-wazuh-restart
|
||||
fi
|
||||
|
||||
30
salt/top.sls
30
salt/top.sls
@@ -56,6 +56,9 @@ base:
|
||||
{%- if OSQUERY != 0 %}
|
||||
- mysql
|
||||
{%- endif %}
|
||||
{%- if WAZUH != 0 %}
|
||||
- wazuh
|
||||
{%- endif %}
|
||||
- elasticsearch
|
||||
- logstash
|
||||
- kibana
|
||||
@@ -69,9 +72,6 @@ base:
|
||||
- redis
|
||||
- launcher
|
||||
{%- endif %}
|
||||
{%- if WAZUH != 0 %}
|
||||
- wazuh
|
||||
{%- endif %}
|
||||
- utility
|
||||
- schedule
|
||||
- soctopus
|
||||
@@ -103,13 +103,13 @@ base:
|
||||
{%- if OSQUERY != 0 %}
|
||||
- mysql
|
||||
{%- endif %}
|
||||
{%- if WAZUH != 0 %}
|
||||
- wazuh
|
||||
{%- endif %}
|
||||
- elasticsearch
|
||||
- logstash
|
||||
- kibana
|
||||
- elastalert
|
||||
{%- if WAZUH != 0 %}
|
||||
- wazuh
|
||||
{%- endif %}
|
||||
- filebeat
|
||||
- utility
|
||||
- schedule
|
||||
@@ -171,12 +171,12 @@ base:
|
||||
- ssl
|
||||
- common
|
||||
- firewall
|
||||
- logstash
|
||||
- elasticsearch
|
||||
- curator
|
||||
{%- if WAZUH != 0 %}
|
||||
- wazuh
|
||||
{%- endif %}
|
||||
- logstash
|
||||
- elasticsearch
|
||||
- curator
|
||||
- filebeat
|
||||
{%- if OSQUERY != 0 %}
|
||||
- launcher
|
||||
@@ -209,14 +209,14 @@ base:
|
||||
{%- if OSQUERY != 0 %}
|
||||
- mysql
|
||||
{%- endif %}
|
||||
{%- if WAZUH != 0 %}
|
||||
- wazuh
|
||||
{%- endif %}
|
||||
- logstash
|
||||
- elasticsearch
|
||||
- curator
|
||||
- kibana
|
||||
- elastalert
|
||||
{%- if WAZUH != 0 %}
|
||||
- wazuh
|
||||
{%- endif %}
|
||||
- filebeat
|
||||
- utility
|
||||
- schedule
|
||||
@@ -244,12 +244,12 @@ base:
|
||||
- common
|
||||
- firewall
|
||||
- redis
|
||||
- logstash
|
||||
- elasticsearch
|
||||
- curator
|
||||
{%- if WAZUH != 0 %}
|
||||
- wazuh
|
||||
{%- endif %}
|
||||
- logstash
|
||||
- elasticsearch
|
||||
- curator
|
||||
- filebeat
|
||||
{%- if OSQUERY != 0 %}
|
||||
- launcher
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
|
||||
# Check if Wazuh enabled
|
||||
if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
|
||||
WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf"
|
||||
WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
|
||||
if ! grep -q "<white_list>{{ MASTERIP }}</white_list>" $WAZUH_MGR_CFG ; then
|
||||
DATE=`date`
|
||||
sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG
|
||||
|
||||
@@ -382,15 +382,15 @@ if (whiptail_you_sure) ; then
|
||||
echo -e "XXX\n41\nInstalling MySQL... \nXXX"
|
||||
salt-call state.apply mysql >> $SETUPLOG 2>&1
|
||||
fi
|
||||
if [[ $WAZUH == '1' ]]; then
|
||||
echo -e "XXX\n68\nInstalling Wazuh... \nXXX"
|
||||
salt-call state.apply wazuh >> $SETUPLOG 2>&1
|
||||
fi
|
||||
echo -e "XXX\n45\nInstalling Elastic Components... \nXXX"
|
||||
salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
|
||||
salt-call state.apply logstash >> $SETUPLOG 2>&1
|
||||
salt-call state.apply kibana >> $SETUPLOG 2>&1
|
||||
salt-call state.apply elastalert >> $SETUPLOG 2>&1
|
||||
if [[ $WAZUH == '1' ]]; then
|
||||
echo -e "XXX\n68\nInstalling Wazuh... \nXXX"
|
||||
salt-call state.apply wazuh >> $SETUPLOG 2>&1
|
||||
fi
|
||||
echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
|
||||
salt-call state.apply filebeat >> $SETUPLOG 2>&1
|
||||
salt-call state.apply utility >> $SETUPLOG 2>&1
|
||||
@@ -649,6 +649,10 @@ if (whiptail_you_sure) ; then
|
||||
if [[ $OSQUERY == '1' ]]; then
|
||||
salt-call state.apply mysql >> $SETUPLOG 2>&1
|
||||
fi
|
||||
if [[ $WAZUH == '1' ]]; then
|
||||
echo -e "XXX\n65\nInstalling Wazuh components... \nXXX"
|
||||
salt-call state.apply wazuh >> $SETUPLOG 2>&1
|
||||
fi
|
||||
echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX"
|
||||
salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
|
||||
echo -e "XXX\n40\nInstalling Logstash... \nXXX"
|
||||
@@ -674,10 +678,6 @@ if (whiptail_you_sure) ; then
|
||||
salt-call state.apply fleet >> $SETUPLOG 2>&1
|
||||
salt-call state.apply redis >> $SETUPLOG 2>&1
|
||||
fi
|
||||
if [[ $WAZUH == '1' ]]; then
|
||||
echo -e "XXX\n65\nInstalling Wazuh components... \nXXX"
|
||||
salt-call state.apply wazuh >> $SETUPLOG 2>&1
|
||||
fi
|
||||
echo -e "XXX\n85\nInstalling filebeat... \nXXX"
|
||||
salt-call state.apply filebeat >> $SETUPLOG 2>&1
|
||||
salt-call state.apply utility >> $SETUPLOG 2>&1
|
||||
|
||||
Reference in New Issue
Block a user