CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

More fixes

Browse Source
This commit is contained in:
Josh Brower
2023-01-31 14:57:39 -05:00
parent 17af095e14
commit 18a54b86f4
12 changed files with 47 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pillar/logstash/fleet.sls
View File

@@ -3,4 +3,4 @@ logstash:
fleet: fleet:
config: config:
- so/0012_input_elastic_agent.conf - so/0012_input_elastic_agent.conf
- so/9805_output_elastic_agent.conf.jinja - so/9806_output_lumberjack_fleet.conf.jinja

1
pillar/logstash/init.sls
View File

@@ -4,6 +4,7 @@ logstash:
- 0.0.0.0:3765:3765 - 0.0.0.0:3765:3765
- 0.0.0.0:5044:5044 - 0.0.0.0:5044:5044
- 0.0.0.0:5055:5055 - 0.0.0.0:5055:5055
- 0.0.0.0:5056:5056
- 0.0.0.0:5644:5644 - 0.0.0.0:5644:5644
- 0.0.0.0:6050:6050 - 0.0.0.0:6050:6050
- 0.0.0.0:6051:6051 - 0.0.0.0:6051:6051

2
pillar/logstash/manager.sls
View File

@@ -4,5 +4,5 @@ logstash:
config: config:
- so/0011_input_endgame.conf - so/0011_input_endgame.conf
- so/0012_input_elastic_agent.conf - so/0012_input_elastic_agent.conf
- so/0013_input_lumberjack_fleet.conf
- so/9999_output_redis.conf.jinja - so/9999_output_redis.conf.jinja

4
pillar/top.sls
View File

@@ -204,6 +204,10 @@ base:
- adv_global - adv_global
- backup.soc_backup - backup.soc_backup
- backup.adv_backup - backup.adv_backup
- logstash
- logstash.fleet
- logstash.soc_logstash
- logstash.adv_logstash
- minions.{{ grains.id }} - minions.{{ grains.id }}
- minions.adv_{{ grains.id }} - minions.adv_{{ grains.id }}

5
salt/common/tools/sbin/so-minion
View File

@@ -131,8 +131,9 @@ function add_fleet_to_minion() {
# Write out settings to minion file # Write out settings to minion file
printf '%s\n'\ printf '%s\n'\
"fleet-server:"\ "elasticfleet:"\
" ES-Token: '$ESTOKEN'"\ " server:"\
" es_token: '$ESTOKEN'"\
" " >> $PILLARFILE " " >> $PILLARFILE
} }

1
salt/docker/defaults.yaml
View File

@@ -48,6 +48,7 @@ docker:
- 0.0.0.0:3765:3765 - 0.0.0.0:3765:3765
- 0.0.0.0:5044:5044 - 0.0.0.0:5044:5044
- 0.0.0.0:5055:5055 - 0.0.0.0:5055:5055
- 0.0.0.0:5056:5056
- 0.0.0.0:5644:5644 - 0.0.0.0:5644:5644
- 0.0.0.0:6050:6050 - 0.0.0.0:6050:6050
- 0.0.0.0:6051:6051 - 0.0.0.0:6051:6051

3
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -249,6 +249,7 @@ role:
- {{ portgroups.yum }} - {{ portgroups.yum }}
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
- {{ portgroups.beats_5056 }}
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
@@ -258,6 +259,7 @@ role:
fleet: fleet:
portgroups: portgroups:
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.beats_5056 }}
sensors: sensors:
portgroups: portgroups:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
@@ -266,6 +268,7 @@ role:
- {{ portgroups.yum }} - {{ portgroups.yum }}
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
- {{ portgroups.beats_5056 }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
searchnodes: searchnodes:

3
salt/firewall/ports/ports.yaml
View File

@@ -17,6 +17,9 @@ firewall:
beats_5066: beats_5066:
tcp: tcp:
- 5066 - 5066
beats_5056:
tcp:
- 5056
docker_registry: docker_registry:
tcp: tcp:
- 5000 - 5000

4
salt/logstash/init.sls
View File

@@ -164,6 +164,10 @@ so-logstash:
- /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro
- /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro - /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro
{% endif %} {% endif %}
{% if GLOBALS.role in ['so-fleet'] %}
- /etc/pki/elasticfleet.crt:/usr/share/logstash/filebeat.crt:ro
- /etc/pki/elasticfleet02.p8:/usr/share/logstash/filebeat.key:ro
{% endif %}
{% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %} {% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
- /etc/pki/ca.crt:/usr/share/filebeat/ca.crt:ro - /etc/pki/ca.crt:/usr/share/filebeat/ca.crt:ro
{% else %} {% else %}

2
salt/logstash/map.jinja
View File

@@ -1,6 +1,6 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% set REDIS_NODES = [] %} {% set REDIS_NODES = [] %}
{% if GLOBALS.role in ['so-searchnode', 'so-standalone', 'so-managersearch'] %} {% if GLOBALS.role in ['so-searchnode', 'so-standalone', 'so-managersearch','so-fleet'] %}
{% set node_data = salt['pillar.get']('logstash:nodes') %} {% set node_data = salt['pillar.get']('logstash:nodes') %}
{% for node_type, node_details in node_data.items() | sort %} {% for node_type, node_details in node_data.items() | sort %}
{% if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %} {% if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %}

13
salt/logstash/pipelines/config/so/0013_input_lumberjack_fleet.conf Normal file
View File

@@ -0,0 +1,13 @@
input {
http {
additional_codecs => { "application/json" => "json_lines" }
port => 5056
tags => [ "elastic-agent" ]
ssl => true
ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
ssl_certificate => "/usr/share/logstash/filebeat.crt"
ssl_key => "/usr/share/logstash/filebeat.key"
ssl_verify_mode => "peer"
ecs_compatibility => v8
}
}

10
salt/logstash/pipelines/config/so/9806_output_lumberjack_fleet.conf.jinja Normal file
View File

@@ -0,0 +1,10 @@
output {
http {
url => 'https://{{ GLOBALS.manager }}:5056'
http_method => post
retry_non_idempotent => true
format => json_batch
http_compression => true
ecs_compatibility => v8
}
}