CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #336 from Security-Onion-Solutions/hotfix/wazuh

Browse Source 
Hotfix/wazuh
This commit is contained in:
weslambert
2020-02-11 22:45:43 -05:00
committed by GitHub
parent f7ab43e428 e76dc73ea6
commit 15533b7fac
4 changed files with 26 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/common/tools/sbin/so-allow
View File

@@ -86,7 +86,7 @@ echo "Adding $IP to the $FULLROLE role. This can take a few seconds"
if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
# If analyst, add to Wazuh AR whitelist # If analyst, add to Wazuh AR whitelist
if [ "$FULLROLE" == "analyst" ]; then if [ "$FULLROLE" == "analyst" ]; then
WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf" WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
if ! grep -q "<white_list>$IP</white_list>" $WAZUH_MGR_CFG ; then if ! grep -q "<white_list>$IP</white_list>" $WAZUH_MGR_CFG ; then
DATE=`date` DATE=`date`
sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG

30
salt/top.sls
View File

@@ -56,6 +56,9 @@ base:
{%- if OSQUERY != 0 %} {%- if OSQUERY != 0 %}
- mysql - mysql
{%- endif %} {%- endif %}
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
- elasticsearch - elasticsearch
- logstash - logstash
- kibana - kibana
@@ -69,9 +72,6 @@ base:
- redis - redis
- launcher - launcher
{%- endif %} {%- endif %}
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
- utility - utility
- schedule - schedule
- soctopus - soctopus
@@ -103,13 +103,13 @@ base:
{%- if OSQUERY != 0 %} {%- if OSQUERY != 0 %}
- mysql - mysql
{%- endif %} {%- endif %}
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
- elasticsearch - elasticsearch
- logstash - logstash
- kibana - kibana
- elastalert - elastalert
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
- filebeat - filebeat
- utility - utility
- schedule - schedule
@@ -171,12 +171,12 @@ base:
- ssl - ssl
- common - common
- firewall - firewall
- logstash
- elasticsearch
- curator
{%- if WAZUH != 0 %} {%- if WAZUH != 0 %}
- wazuh - wazuh
{%- endif %} {%- endif %}
- logstash
- elasticsearch
- curator
- filebeat - filebeat
{%- if OSQUERY != 0 %} {%- if OSQUERY != 0 %}
- launcher - launcher
@@ -209,14 +209,14 @@ base:
{%- if OSQUERY != 0 %} {%- if OSQUERY != 0 %}
- mysql - mysql
{%- endif %} {%- endif %}
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
- logstash - logstash
- elasticsearch - elasticsearch
- curator - curator
- kibana - kibana
- elastalert - elastalert
{%- if WAZUH != 0 %}
- wazuh
{%- endif %}
- filebeat - filebeat
- utility - utility
- schedule - schedule
@@ -244,12 +244,12 @@ base:
- common - common
- firewall - firewall
- redis - redis
- logstash
- elasticsearch
- curator
{%- if WAZUH != 0 %} {%- if WAZUH != 0 %}
- wazuh - wazuh
{%- endif %} {%- endif %}
- logstash
- elasticsearch
- curator
- filebeat - filebeat
{%- if OSQUERY != 0 %} {%- if OSQUERY != 0 %}
- launcher - launcher

2
salt/wazuh/files/wazuh-manager-whitelist
View File

@@ -18,7 +18,7 @@
# Check if Wazuh enabled # Check if Wazuh enabled
if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf" WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
if ! grep -q "<white_list>{{ MASTERIP }}</white_list>" $WAZUH_MGR_CFG ; then if ! grep -q "<white_list>{{ MASTERIP }}</white_list>" $WAZUH_MGR_CFG ; then
DATE=`date` DATE=`date`
sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG

16
setup/so-setup
View File

@@ -382,15 +382,15 @@ if (whiptail_you_sure) ; then
echo -e "XXX\n41\nInstalling MySQL... \nXXX" echo -e "XXX\n41\nInstalling MySQL... \nXXX"
salt-call state.apply mysql >> $SETUPLOG 2>&1 salt-call state.apply mysql >> $SETUPLOG 2>&1
fi fi
if [[ $WAZUH == '1' ]]; then
echo -e "XXX\n68\nInstalling Wazuh... \nXXX"
salt-call state.apply wazuh >> $SETUPLOG 2>&1
fi
echo -e "XXX\n45\nInstalling Elastic Components... \nXXX" echo -e "XXX\n45\nInstalling Elastic Components... \nXXX"
salt-call state.apply elasticsearch >> $SETUPLOG 2>&1 salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
salt-call state.apply logstash >> $SETUPLOG 2>&1 salt-call state.apply logstash >> $SETUPLOG 2>&1
salt-call state.apply kibana >> $SETUPLOG 2>&1 salt-call state.apply kibana >> $SETUPLOG 2>&1
salt-call state.apply elastalert >> $SETUPLOG 2>&1 salt-call state.apply elastalert >> $SETUPLOG 2>&1
if [[ $WAZUH == '1' ]]; then
echo -e "XXX\n68\nInstalling Wazuh... \nXXX"
salt-call state.apply wazuh >> $SETUPLOG 2>&1
fi
echo -e "XXX\n75\nInstalling Filebeat... \nXXX" echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
salt-call state.apply filebeat >> $SETUPLOG 2>&1 salt-call state.apply filebeat >> $SETUPLOG 2>&1
salt-call state.apply utility >> $SETUPLOG 2>&1 salt-call state.apply utility >> $SETUPLOG 2>&1
@@ -649,6 +649,10 @@ if (whiptail_you_sure) ; then
if [[ $OSQUERY == '1' ]]; then if [[ $OSQUERY == '1' ]]; then
salt-call state.apply mysql >> $SETUPLOG 2>&1 salt-call state.apply mysql >> $SETUPLOG 2>&1
fi fi
if [[ $WAZUH == '1' ]]; then
echo -e "XXX\n65\nInstalling Wazuh components... \nXXX"
salt-call state.apply wazuh >> $SETUPLOG 2>&1
fi
echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX" echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX"
salt-call state.apply elasticsearch >> $SETUPLOG 2>&1 salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
echo -e "XXX\n40\nInstalling Logstash... \nXXX" echo -e "XXX\n40\nInstalling Logstash... \nXXX"
@@ -674,10 +678,6 @@ if (whiptail_you_sure) ; then
salt-call state.apply fleet >> $SETUPLOG 2>&1 salt-call state.apply fleet >> $SETUPLOG 2>&1
salt-call state.apply redis >> $SETUPLOG 2>&1 salt-call state.apply redis >> $SETUPLOG 2>&1
fi fi
if [[ $WAZUH == '1' ]]; then
echo -e "XXX\n65\nInstalling Wazuh components... \nXXX"
salt-call state.apply wazuh >> $SETUPLOG 2>&1
fi
echo -e "XXX\n85\nInstalling filebeat... \nXXX" echo -e "XXX\n85\nInstalling filebeat... \nXXX"
salt-call state.apply filebeat >> $SETUPLOG 2>&1 salt-call state.apply filebeat >> $SETUPLOG 2>&1
salt-call state.apply utility >> $SETUPLOG 2>&1 salt-call state.apply utility >> $SETUPLOG 2>&1