From 00efc2f88f5bfdb28bf4dfb18df8855709486bfb Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Aug 2023 07:31:31 -0400 Subject: [PATCH 1/7] rename workstation to desktop for firewall --- salt/firewall/defaults.yaml | 16 ++++++++-------- salt/firewall/soc_firewall.yaml | 18 +++++++++--------- salt/manager/tools/sbin/so-firewall-minion | 4 ++-- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index 9b8325a34..347ddd4b0 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -26,7 +26,7 @@ firewall: standalone: [] strelka_frontend: [] syslog: [] - workstation: [] + desktop: [] customhostgroup0: [] customhostgroup1: [] customhostgroup2: [] @@ -462,7 +462,7 @@ firewall: endgame: portgroups: - endgame - workstation: + desktop: portgroups: - yum customhostgroup0: @@ -514,7 +514,7 @@ firewall: receiver: portgroups: - salt_manager - workstation: + desktop: portgroups: - salt_manager self: @@ -650,7 +650,7 @@ firewall: endgame: portgroups: - endgame - workstation: + desktop: portgroups: - yum customhostgroup0: @@ -702,7 +702,7 @@ firewall: receiver: portgroups: - salt_manager - workstation: + desktop: portgroups: - salt_manager self: @@ -846,7 +846,7 @@ firewall: strelka_frontend: portgroups: - strelka_frontend - workstation: + desktop: portgroups: - yum customhostgroup0: @@ -901,7 +901,7 @@ firewall: receiver: portgroups: - salt_manager - workstation: + desktop: portgroups: - salt_manager self: @@ -1200,7 +1200,7 @@ firewall: analyst: portgroups: - nginx - workstation: + desktop: portgroups: - yum customhostgroup0: diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml index 8f8dbb69d..6ba5bea76 100644 --- a/salt/firewall/soc_firewall.yaml +++ b/salt/firewall/soc_firewall.yaml @@ -45,7 +45,7 @@ firewall: standalone: *hostgroupsettings strelka_frontend: *hostgroupsettings syslog: *hostgroupsettings - workstation: *hostgroupsettings + desktop: *hostgroupsettings customhostgroup0: &customhostgroupsettings description: List of IP or CIDR blocks to allow to this hostgroup. forcedType: "[]string" @@ -216,7 +216,7 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker - workstation: + desktop: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker @@ -366,7 +366,7 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker - workstation: + desktop: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker @@ -404,7 +404,7 @@ firewall: portgroups: *portgroupshost heavynode: portgroups: *portgroupshost - workstation: + desktop: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost @@ -457,7 +457,7 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker - workstation: + desktop: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker @@ -495,7 +495,7 @@ firewall: portgroups: *portgroupshost heavynode: portgroups: *portgroupshost - workstation: + desktop: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost @@ -554,7 +554,7 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker - workstation: + desktop: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker @@ -596,7 +596,7 @@ firewall: portgroups: *portgroupshost heavynode: portgroups: *portgroupshost - workstation: + desktop: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost @@ -822,7 +822,7 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker - workstation: + desktop: portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker diff --git a/salt/manager/tools/sbin/so-firewall-minion b/salt/manager/tools/sbin/so-firewall-minion index d3bbb3eeb..66a0afcea 100755 --- a/salt/manager/tools/sbin/so-firewall-minion +++ b/salt/manager/tools/sbin/so-firewall-minion @@ -79,7 +79,7 @@ fi 'RECEIVER') so-firewall includehost receiver "$IP" --apply ;; - 'WORKSTATION') - so-firewall includehost workstation "$IP" --apply + 'DESKTOP') + so-firewall includehost desktop "$IP" --apply ;; esac From 1440c7255994f7b262643a01f3ae540a53aa46c0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Aug 2023 08:06:51 -0400 Subject: [PATCH 2/7] changes for desktop referencing Rocky/CentOS to OEL --- salt/common/tools/sbin_jinja/so-desktop-install | 10 +++++----- salt/desktop/trusted-ca.sls | 2 +- salt/top.sls | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/salt/common/tools/sbin_jinja/so-desktop-install b/salt/common/tools/sbin_jinja/so-desktop-install index 448421f8e..2eb5c209f 100755 --- a/salt/common/tools/sbin_jinja/so-desktop-install +++ b/salt/common/tools/sbin_jinja/so-desktop-install @@ -6,8 +6,8 @@ # Elastic License 2.0. -{# we only want the script to install the desktop if it is Rocky -#} -{% if grains.os == 'Rocky' -%} +{# we only want the script to install the desktop if it is OEL -#} +{% if grains.os == 'OEL' -%} {# if this is a manager -#} {% if grains.master == grains.id.split('_')|first -%} @@ -80,12 +80,12 @@ echo "Since this is not a manager, the pillar values to enable Security Onion De {#- endif if this is a manager #} {% endif -%} -{#- if not Rocky #} +{#- if not OEL #} {%- else %} -echo "The Security Onion Desktop can only be installed on Rocky Linux. Please view the documentation at $doc_desktop_url." +echo "The Security Onion Desktop can only be installed on Oracle Linux. Please view the documentation at $doc_desktop_url." -{#- endif grains.os == Rocky #} +{#- endif grains.os == OEL #} {% endif -%} exit 0 diff --git a/salt/desktop/trusted-ca.sls b/salt/desktop/trusted-ca.sls index b9bde5ae5..87fc70ef9 100644 --- a/salt/desktop/trusted-ca.sls +++ b/salt/desktop/trusted-ca.sls @@ -31,6 +31,6 @@ update_ca_certs: desktop_trusted-ca_os_fail: test.fail_without_changes: - - comment: 'SO Desktop can only be installed on CentOS' + - comment: 'SO Desktop can only be installed on Oracle Linux' {% endif %} diff --git a/salt/top.sls b/salt/top.sls index bc51c2db1..2323731a1 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -277,10 +277,10 @@ base: - schedule - docker_clean - 'J@desktop:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )': + 'J@desktop:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:OEL )': - match: compound - desktop - 'J@desktop:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )': + 'J@desktop:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:OEL )': - match: compound - desktop.remove_gui From 2d25e352d4fe201d442b82cf233d412a5ad6258d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Aug 2023 08:18:13 -0400 Subject: [PATCH 3/7] write to adv_ pillar file since that is where it would be stored from using the soc ui --- salt/common/tools/sbin_jinja/so-desktop-install | 2 +- salt/desktop/packages.sls | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/common/tools/sbin_jinja/so-desktop-install b/salt/common/tools/sbin_jinja/so-desktop-install index 2eb5c209f..06385e810 100755 --- a/salt/common/tools/sbin_jinja/so-desktop-install +++ b/salt/common/tools/sbin_jinja/so-desktop-install @@ -13,7 +13,7 @@ source /usr/sbin/so-common doc_desktop_url="$DOC_BASE_URL/desktop.html" -pillar_file="/opt/so/saltstack/local/pillar/minions/{{grains.id}}.sls" +pillar_file="/opt/so/saltstack/local/pillar/minions/adv_{{grains.id}}.sls" if [ -f "$pillar_file" ]; then if ! grep -q "^desktop:$" "$pillar_file"; then diff --git a/salt/desktop/packages.sls b/salt/desktop/packages.sls index 5c0121e7b..524c2c266 100644 --- a/salt/desktop/packages.sls +++ b/salt/desktop/packages.sls @@ -3,7 +3,6 @@ {# we only want this state to run it is CentOS #} {% if GLOBALS.os == 'OEL' %} - desktop_packages: pkg.installed: - pkgs: From fe7a940082004c178995c18e1aad749ffd8e8331 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Aug 2023 08:31:54 -0400 Subject: [PATCH 4/7] add details for enabling in soc gui --- salt/common/tools/sbin_jinja/so-desktop-install | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin_jinja/so-desktop-install b/salt/common/tools/sbin_jinja/so-desktop-install index 06385e810..bd3d9b373 100755 --- a/salt/common/tools/sbin_jinja/so-desktop-install +++ b/salt/common/tools/sbin_jinja/so-desktop-install @@ -65,7 +65,7 @@ if [ -f "$pillar_file" ]; then fi else # desktop is already added echo "The desktop pillar already exists in $pillar_file." - echo "To enable/disable the gui, set 'desktop:gui:enabled' to true or false in $pillar_file." + echo "To enable/disable the gui, set 'desktop:gui:enabled' to true or false in $pillar_file. Alternatively, this can be set in the SOC UI under advanced." echo "Additional documentation can be found at $doc_desktop_url." fi else # if the pillar file doesn't exist @@ -75,7 +75,12 @@ fi {#- if this is not a manager #} {% else -%} -echo "Since this is not a manager, the pillar values to enable Security Onion Desktop must be set manually. Please view the documentation at $doc_desktop_url." +echo "Since this is not a manager, the pillar values to enable Security Onion Desktop must be set manually. This can be enabled in the SOC UI under advanced by adding the following:" +echo "desktop:" +echo " gui:" +echo " enabled: true" +echo "" +echo "Please view the documentation at $doc_desktop_url." {#- endif if this is a manager #} {% endif -%} From 6413050f2e27fd004dfcfd7b2925b5133fa044e9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Aug 2023 08:39:46 -0400 Subject: [PATCH 5/7] set doc_desktop_url before jinja --- salt/common/tools/sbin_jinja/so-desktop-install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin_jinja/so-desktop-install b/salt/common/tools/sbin_jinja/so-desktop-install index bd3d9b373..6275bb3b6 100755 --- a/salt/common/tools/sbin_jinja/so-desktop-install +++ b/salt/common/tools/sbin_jinja/so-desktop-install @@ -5,14 +5,14 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. +source /usr/sbin/so-common +doc_desktop_url="$DOC_BASE_URL/desktop.html" {# we only want the script to install the desktop if it is OEL -#} {% if grains.os == 'OEL' -%} {# if this is a manager -#} {% if grains.master == grains.id.split('_')|first -%} -source /usr/sbin/so-common -doc_desktop_url="$DOC_BASE_URL/desktop.html" pillar_file="/opt/so/saltstack/local/pillar/minions/adv_{{grains.id}}.sls" if [ -f "$pillar_file" ]; then From a443c654e58f507bade98d12812ca5969985ffc6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Aug 2023 08:48:00 -0400 Subject: [PATCH 6/7] fix desktop pillar in setup --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 0f73a11a6..d138d97df 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -117,7 +117,7 @@ desktop_pillar() { " mainint: '$MNIC'"\ "desktop:"\ " gui:"\ - " enabled: true" >> "$pillar_file"\ + " enabled: true"\ "sensoroni:"\ " config:"\ " node_description: '${NODE_DESCRIPTION//\'/''}'" > $pillar_file From 28dfdbf06dc6de143716e94fd9c3432799e1421f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Aug 2023 08:51:39 -0400 Subject: [PATCH 7/7] securityonion_desktop is just desktop --- salt/firewall/defaults.yaml | 1 - salt/firewall/soc_firewall.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index 347ddd4b0..ff127c419 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -20,7 +20,6 @@ firewall: managersearch: [] receiver: [] searchnode: [] - securityonion_desktop: [] self: [] sensor: [] standalone: [] diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml index 6ba5bea76..209484b6e 100644 --- a/salt/firewall/soc_firewall.yaml +++ b/salt/firewall/soc_firewall.yaml @@ -39,7 +39,6 @@ firewall: managersearch: *hostgroupsettings receiver: *hostgroupsettings searchnode: *hostgroupsettings - securityonion_desktop: *hostgroupsettings self: *ROhostgroupsettingsadv sensor: *hostgroupsettings standalone: *hostgroupsettings