diff --git a/salt/common/tools/sbin/so-elastic-fleet-setup b/salt/common/tools/sbin/so-elastic-fleet-setup index c9c9ecf5c..46a0b8e9d 100755 --- a/salt/common/tools/sbin/so-elastic-fleet-setup +++ b/salt/common/tools/sbin/so-elastic-fleet-setup @@ -41,10 +41,10 @@ JSON_STRING=$( jq -n \ --arg LOGSTASHCRT "$LOGSTASHCRT" \ --arg LOGSTASHKEY "$LOGSTASHKEY" \ --arg LOGSTASHCA "$LOGSTASHCA" \ - '{"name":"so-manager_logstash","is_default":true,"is_default_monitoring":true,"id":"so-manager_logstash","type":"logstash","hosts":["{{ GLOBALS.manager_ip }}:5055"],"config_yaml":"","ssl":{"certificate": $LOGSTASHCRT,"key": $LOGSTASHKEY,"certificate_authorities":[ $LOGSTASHCA ]},"proxy_id":null}' + '{"name":"grid-logstash","is_default":true,"is_default_monitoring":true,"id":"so-manager_logstash","type":"logstash","hosts":["{{ GLOBALS.manager_ip }}:5055"],"config_yaml":"","ssl":{"certificate": $LOGSTASHCRT,"key": $LOGSTASHKEY,"certificate_authorities":[ $LOGSTASHCA ]},"proxy_id":null}' ) -# Add SO-Manager Logstash Ouput +# Add Logstash Ouput curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/outputs" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING" printf "\n\n" {%- endif %} diff --git a/salt/common/tools/sbin/so-minion b/salt/common/tools/sbin/so-minion index 0fa642c83..7b698a119 100755 --- a/salt/common/tools/sbin/so-minion +++ b/salt/common/tools/sbin/so-minion @@ -139,9 +139,6 @@ function add_fleet_to_minion() { # TODO: Add error handling ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq -r .value) - # Create Logstash Certs - - # Write out settings to minion file printf '%s\n'\ "elasticfleet:"\ @@ -221,6 +218,28 @@ function add_sensor_to_minion() { echo " enabled: True" >> $PILLARFILE } +function create_fleet_policy() { + + MINIONID="sa-29-261-jb_standalone" + JSON_STRING=$( jq -n \ + --arg NAME "FleetServer_$MINIONID" \ + --arg DESC "Fleet Server - $MINIONID" \ + '{"name": $NAME,"id":$NAME,"description":$DESC,"namespace":"default","monitoring_enabled":["logs"],"inactivity_timeout":1209600,"has_fleet_server":true}' + ) + + # Create Fleet Sever Policy + curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/agent_policies" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING" + + JSON_STRING_UPDATE=$( jq -n \ + --arg NAME "FleetServer_$MINIONID" \ + --arg DESC "Fleet Server - $MINIONID" \ + '{"name":$NAME,"description":$DESC,"namespace":"default","monitoring_enabled":["logs"],"inactivity_timeout":1209600,"data_output_id":"so-manager_elasticsearch"}' + ) + + # Update Fleet Policy - ES Output + curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/agent_policies/FleetServer_$MINIONID" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING_UPDATE" +} + function updateMine() { salt "$MINION_ID" mine.send network.ip_addrs interface="$MNIC" } @@ -236,6 +255,7 @@ function createEVAL() { function createFLEET() { add_fleet_to_minion add_logstash_to_minion + create_fleet_policy } function createIDH() { diff --git a/salt/elasticfleet/init.sls b/salt/elasticfleet/init.sls index 5ebcd5d37..b457ccf5b 100644 --- a/salt/elasticfleet/init.sls +++ b/salt/elasticfleet/init.sls @@ -53,6 +53,7 @@ eastatedir: - replace: True - source: salt://elasticfleet/files/certs/elasticfleet.crt - mode: 640 + - user: 931 - group: 939 @@ -82,7 +83,7 @@ so-elastic-fleet: - FLEET_URL=https://{{ GLOBALS.node_ip }}:8220 - FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager }}:9200 - FLEET_SERVER_SERVICE_TOKEN={{ SERVICETOKEN }} - - FLEET_SERVER_POLICY_ID={{ FLEETSERVERPOLICY }} + - FLEET_SERVER_POLICY_ID=Fleet-Server_{{ GLOBALS.hostname }} - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/intca.crt - FLEET_SERVER_CERT=/etc/pki/elasticfleet.crt - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet.key diff --git a/salt/kibana/defaults.yaml b/salt/kibana/defaults.yaml index 64a5646e5..45dacd1da 100644 --- a/salt/kibana/defaults.yaml +++ b/salt/kibana/defaults.yaml @@ -30,63 +30,4 @@ kibana: secureCookies: true reporting: kibanaServer: - hostname: localhost - fleet: - packages: - - name: fleet_server - version: latest - - name: log - version: latest - - name: osquery_manager - version: latest - - name: system - version: latest - - name: windows - version: latest - agentPolicies: - - name: SO-Manager - id: so-manager - description: "SO Manager Fleet Server Policy" - namespace: default - is_default_fleet_server: true - monitoring_enabled: ['logs'] - package_policies: - - name: fleet-server_manager - package: - name: fleet_server - - name: SO-Grid-Nodes - id: so-grid-nodes - description: "SO Grid Node Policy" - namespace: default - monitoring_enabled: ['logs'] - package_policies: - - name: osquery-grid-nodes - package: - name: osquery_manager - - name: system-grid-nodes - package: - name: system - inputs: - - type: system/metrics - enabled: false - - name: Endpoints-Initial - id: endpoints-default - description: "Initial Endpoint Policy" - namespace: default - monitoring_enabled: ['logs'] - package_policies: - - name: system-endpoints - package: - name: system - inputs: - - type: system/metrics - enabled: false - - name: osquery-endpoints - package: - name: osquery_manager - - name: windows-endpoints - package: - name: windows - inputs: - - type: windows/metrics - enabled: false + hostname: localhost \ No newline at end of file diff --git a/setup/so-setup b/setup/so-setup index 56c2e38b8..9bd716880 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -637,8 +637,8 @@ if ! [[ -f $install_opt_file ]]; then add_web_user info "Restarting SOC to pick up initial user" logCmd "so-soc-restart" - title "Setting up Elastic Fleet" - logCmd "so-elastic-fleet-setup" + #title "Setting up Elastic Fleet" + # logCmd "so-elastic-fleet-setup" if [[ ! $is_import ]]; then title "Setting up Playbook" logCmd "so-playbook-reset"