mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-22 08:53:06 +01:00
Merge branch 'dev' into feature/docker-prune-rework
This commit is contained in:
William Wernert
@@ -86,10 +86,82 @@ add_interface_bond0() {
|
||||
fi
|
||||
}
|
||||
|
||||
check_container() {
|
||||
docker ps | grep "$1:" > /dev/null 2>&1
|
||||
return $?
|
||||
}
|
||||
|
||||
check_password() {
|
||||
local password=$1
|
||||
echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1
|
||||
return $?
|
||||
}
|
||||
|
||||
fail() {
|
||||
msg=$1
|
||||
echo "ERROR: $msg"
|
||||
echo "Exiting."
|
||||
exit 1
|
||||
}
|
||||
|
||||
get_random_value() {
|
||||
length=${1:-20}
|
||||
head -c 5000 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1
|
||||
}
|
||||
|
||||
header() {
|
||||
printf '%s\n' "" "$banner" " $*" "$banner"
|
||||
}
|
||||
|
||||
init_monitor() {
|
||||
MONITORNIC=$1
|
||||
|
||||
if [[ $MONITORNIC == "bond0" ]]; then
|
||||
BIFACES=$(lookup_bond_interfaces)
|
||||
else
|
||||
BIFACES=$MONITORNIC
|
||||
fi
|
||||
|
||||
for DEVICE_IFACE in $BIFACES; do
|
||||
for i in rx tx sg tso ufo gso gro lro; do
|
||||
ethtool -K "$DEVICE_IFACE" "$i" off;
|
||||
done
|
||||
ip link set dev "$DEVICE_IFACE" arp off multicast off allmulticast off promisc on
|
||||
done
|
||||
}
|
||||
|
||||
is_manager_node() {
|
||||
# Check to see if this is a manager node
|
||||
role=$(lookup_role)
|
||||
is_single_node_grid && return 0
|
||||
[ $role == 'manager' ] && return 0
|
||||
[ $role == 'managersearch' ] && return 0
|
||||
[ $role == 'helix' ] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
is_sensor_node() {
|
||||
# Check to see if this is a sensor (forward) node
|
||||
role=$(lookup_role)
|
||||
is_single_node_grid && return 0
|
||||
[ $role == 'sensor' ] && return 0
|
||||
[ $role == 'heavynode' ] && return 0
|
||||
[ $role == 'helix' ] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
is_single_node_grid() {
|
||||
role=$(lookup_role)
|
||||
[ $role == 'eval' ] && return 0
|
||||
[ $role == 'standalone' ] && return 0
|
||||
[ $role == 'import' ] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
lookup_bond_interfaces() {
|
||||
cat /proc/net/bonding/bond0 | grep "Slave Interface:" | sed -e "s/Slave Interface: //g"
|
||||
}
|
||||
|
||||
lookup_salt_value() {
|
||||
key=$1
|
||||
group=$2
|
||||
@@ -129,15 +201,41 @@ lookup_role() {
|
||||
echo ${pieces[1]}
|
||||
}
|
||||
|
||||
check_container() {
|
||||
docker ps | grep "$1:" > /dev/null 2>&1
|
||||
return $?
|
||||
require_manager() {
|
||||
if is_manager_node; then
|
||||
echo "This is a manager, We can proceed."
|
||||
else
|
||||
echo "Please run this command on the manager; the manager controls the grid."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
check_password() {
|
||||
local password=$1
|
||||
echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1
|
||||
return $?
|
||||
retry() {
|
||||
maxAttempts=$1
|
||||
sleepDelay=$2
|
||||
cmd=$3
|
||||
expectedOutput=$4
|
||||
attempt=0
|
||||
while [[ $attempt -lt $maxAttempts ]]; do
|
||||
attempt=$((attempt+1))
|
||||
echo "Executing command with retry support: $cmd"
|
||||
output=$(eval "$cmd")
|
||||
exitcode=$?
|
||||
echo "Results: $output ($exitcode)"
|
||||
if [ -n "$expectedOutput" ]; then
|
||||
if [[ "$output" =~ "$expectedOutput" ]]; then
|
||||
return $exitCode
|
||||
else
|
||||
echo "Expected '$expectedOutput' but got '$output'"
|
||||
fi
|
||||
elif [[ $exitcode -eq 0 ]]; then
|
||||
return $exitCode
|
||||
fi
|
||||
echo "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
|
||||
sleep $sleepDelay
|
||||
done
|
||||
echo "Command continues to fail; giving up."
|
||||
return 1
|
||||
}
|
||||
|
||||
set_os() {
|
||||
@@ -171,83 +269,6 @@ set_version() {
|
||||
fi
|
||||
}
|
||||
|
||||
require_manager() {
|
||||
if is_manager_node; then
|
||||
echo "This is a manager, We can proceed."
|
||||
else
|
||||
echo "Please run this command on the manager; the manager controls the grid."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
is_manager_node() {
|
||||
# Check to see if this is a manager node
|
||||
role=$(lookup_role)
|
||||
is_single_node_grid && return 0
|
||||
[ $role == 'manager' ] && return 0
|
||||
[ $role == 'managersearch' ] && return 0
|
||||
[ $role == 'helix' ] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
is_sensor_node() {
|
||||
# Check to see if this is a sensor (forward) node
|
||||
role=$(lookup_role)
|
||||
is_single_node_grid && return 0
|
||||
[ $role == 'sensor' ] && return 0
|
||||
[ $role == 'heavynode' ] && return 0
|
||||
[ $role == 'helix' ] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
is_single_node_grid() {
|
||||
role=$(lookup_role)
|
||||
[ $role == 'eval' ] && return 0
|
||||
[ $role == 'standalone' ] && return 0
|
||||
[ $role == 'import' ] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
fail() {
|
||||
msg=$1
|
||||
echo "ERROR: $msg"
|
||||
echo "Exiting."
|
||||
exit 1
|
||||
}
|
||||
|
||||
get_random_value() {
|
||||
length=${1:-20}
|
||||
head -c 5000 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1
|
||||
}
|
||||
|
||||
retry() {
|
||||
maxAttempts=$1
|
||||
sleepDelay=$2
|
||||
cmd=$3
|
||||
expectedOutput=$4
|
||||
attempt=0
|
||||
while [[ $attempt -lt $maxAttempts ]]; do
|
||||
attempt=$((attempt+1))
|
||||
echo "Executing command with retry support: $cmd"
|
||||
output=$(eval "$cmd")
|
||||
exitcode=$?
|
||||
echo "Results: $output ($exitcode)"
|
||||
if [ -n "$expectedOutput" ]; then
|
||||
if [[ "$output" =~ "$expectedOutput" ]]; then
|
||||
return $exitCode
|
||||
else
|
||||
echo "Expected '$expectedOutput' but got '$output'"
|
||||
fi
|
||||
elif [[ $exitcode -eq 0 ]]; then
|
||||
return $exitCode
|
||||
fi
|
||||
echo "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
|
||||
sleep $sleepDelay
|
||||
done
|
||||
echo "Command continues to fail; giving up."
|
||||
return 1
|
||||
}
|
||||
|
||||
valid_cidr() {
|
||||
# Verify there is a backslash in the string
|
||||
echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1
|
||||
@@ -312,7 +333,7 @@ valid_ip4() {
|
||||
valid_int() {
|
||||
local num=$1
|
||||
local min=${2:-1}
|
||||
local max=${3:-1000}
|
||||
local max=${3:-1000000000}
|
||||
|
||||
[[ $num =~ ^[0-9]*$ ]] && [[ $num -ge $min ]] && [[ $num -le $max ]] && return 0 || return 1
|
||||
}
|
||||
|
||||
@@ -17,4 +17,11 @@
|
||||
|
||||
. /usr/sbin/so-common
|
||||
|
||||
docker exec so-soctopus python3 playbook_play-update.py
|
||||
# Regenerate ElastAlert & update Plays
|
||||
docker exec so-soctopus python3 playbook_play-update.py
|
||||
|
||||
# Delete current Elastalert Rules
|
||||
rm /opt/so/rules/elastalert/playbook/*.yaml
|
||||
|
||||
# Regenerate Elastalert Rules
|
||||
so-playbook-sync
|
||||
@@ -24,11 +24,11 @@ show_stats() {
|
||||
echo
|
||||
echo "Average throughput:"
|
||||
echo
|
||||
docker exec -it so-zeek /opt/zeek/bin/zeekctl capstats
|
||||
docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin runuser -l zeek -c '/opt/zeek/bin/zeekctl capstats'
|
||||
echo
|
||||
echo "Average packet loss:"
|
||||
echo
|
||||
docker exec -it so-zeek /opt/zeek/bin/zeekctl netstats
|
||||
docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin runuser -l zeek -c '/opt/zeek/bin/zeekctl netstats'
|
||||
echo
|
||||
}
|
||||
|
||||
|
||||
@@ -121,17 +121,13 @@ check_sudoers() {
|
||||
}
|
||||
|
||||
check_log_size_limit() {
|
||||
local wait_for_enter=false
|
||||
|
||||
local num_minion_pillars
|
||||
num_minion_pillars=$(find /opt/so/saltstack/local/pillar/minions/ -type f | wc -l)
|
||||
|
||||
if [[ $num_minion_pillars -gt 1 ]]; then
|
||||
if find /opt/so/saltstack/local/pillar/minions/ -type f | grep -q "_heavynode"; then
|
||||
wait_for_enter=true
|
||||
echo "[INFO] The value of log_size_limit in any heavy node minion pillars may be incorrect."
|
||||
echo " -> We recommend checking and adjusting the values as necessary."
|
||||
echo " -> Minion pillar directory: /opt/so/saltstack/local/pillar/minions/"
|
||||
lsl_msg='distributed'
|
||||
fi
|
||||
else
|
||||
local minion_id
|
||||
@@ -172,16 +168,8 @@ check_log_size_limit() {
|
||||
new_limit=$( echo "$disk_size_gb" "$percent" | awk '{printf("%.0f", $1 * ($2/100))}')
|
||||
|
||||
if [[ $current_limit != "$new_limit" ]]; then
|
||||
wait_for_enter=true
|
||||
echo "[WARNING] The value of log_size_limit (${current_limit}) does not match the recommended value of ${new_limit}."
|
||||
echo " -> We recommend checking and adjusting the value as necessary."
|
||||
echo " -> File: /opt/so/saltstack/local/pillar/minions/${minion_id}.sls"
|
||||
fi
|
||||
|
||||
if [[ $wait_for_enter == true ]]; then
|
||||
echo ""
|
||||
read -n 1 -s -r -p "Press any key to continue..."
|
||||
echo "" # Since read doesn't print a newline, print one for it
|
||||
lsl_msg='single-node'
|
||||
lsl_details=( "$current_limit" "$new_limit" "$minion_id" )
|
||||
fi
|
||||
fi
|
||||
}
|
||||
@@ -742,7 +730,21 @@ fi
|
||||
|
||||
check_sudoers
|
||||
|
||||
|
||||
if [[ -n $lsl_msg ]]; then
|
||||
case $lsl_msg in
|
||||
'distributed')
|
||||
echo "[INFO] The value of log_size_limit in any heavy node minion pillars may be incorrect."
|
||||
echo " -> We recommend checking and adjusting the values as necessary."
|
||||
echo " -> Minion pillar directory: /opt/so/saltstack/local/pillar/minions/"
|
||||
;;
|
||||
'single-node')
|
||||
# We can assume the lsl_details array has been set if lsl_msg has this value
|
||||
echo "[WARNING] The value of log_size_limit (${lsl_details[0]}) does not match the recommended value of ${lsl_details[1]}."
|
||||
echo " -> We recommend checking and adjusting the value as necessary."
|
||||
echo " -> File: /opt/so/saltstack/local/pillar/minions/${lsl_details[2]}.sls"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user