diff --git a/VERSION b/VERSION
index 6085e9465..23aa83906 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.2.1
+1.2.2
diff --git a/pillar/docker/config.sls b/pillar/docker/config.sls
index a9eebaf2b..3c90b710a 100644
--- a/pillar/docker/config.sls
+++ b/pillar/docker/config.sls
@@ -10,7 +10,7 @@
eval:
containers:
- - so-core
+ - so-nginx
- so-telegraf
{% if GRAFANA == '1' %}
- so-influxdb
@@ -54,7 +54,7 @@ eval:
{% endif %}
heavy_node:
containers:
- - so-core
+ - so-nginx
- so-telegraf
- so-redis
- so-logstash
@@ -69,7 +69,7 @@ heavy_node:
{% endif %}
helix:
containers:
- - so-core
+ - so-nginx
- so-telegraf
- so-idstools
- so-steno
@@ -79,14 +79,14 @@ helix:
- so-filebeat
hot_node:
containers:
- - so-core
+ - so-nginx
- so-telegraf
- so-logstash
- so-elasticsearch
- so-curator
master_search:
containers:
- - so-core
+ - so-nginx
- so-telegraf
- so-soc
- so-kratos
@@ -127,7 +127,7 @@ master_search:
master:
containers:
- so-dockerregistry
- - so-core
+ - so-nginx
- so-telegraf
{% if GRAFANA == '1' %}
- so-influxdb
@@ -169,12 +169,12 @@ master:
{% endif %}
parser_node:
containers:
- - so-core
+ - so-nginx
- so-telegraf
- so-logstash
search_node:
containers:
- - so-core
+ - so-nginx
- so-telegraf
- so-logstash
- so-elasticsearch
@@ -185,7 +185,7 @@ search_node:
{% endif %}
sensor:
containers:
- - so-core
+ - so-nginx
- so-telegraf
- so-steno
- so-suricata
@@ -196,7 +196,7 @@ sensor:
- so-filebeat
warm_node:
containers:
- - so-core
+ - so-nginx
- so-telegraf
- so-elasticsearch
fleet:
@@ -206,6 +206,6 @@ fleet:
- so-fleet
- so-redis
- so-filebeat
- - so-core
+ - so-nginx
- so-telegraf
{% endif %}
\ No newline at end of file
diff --git a/salt/common/init.sls b/salt/common/init.sls
index df3e1bcc3..e9f5c2dd8 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -1,8 +1,3 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
-{% set MASTER = salt['grains.get']('master') %}
-{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
-{% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
-{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
# Add socore Group
socoregroup:
group.present:
@@ -18,34 +13,15 @@ socore:
- createhome: True
- shell: /bin/bash
-# Create a state directory
-
-statedir:
- file.directory:
- - name: /opt/so/state
- - user: 939
- - group: 939
- - makedirs: True
-
-salttmp:
- file.directory:
- - name: /opt/so/tmp
- - user: 939
- - group: 939
- - makedirs: True
# Install packages needed for the sensor
-
sensorpkgs:
pkg.installed:
- skip_suggestions: False
- pkgs:
- - docker-ce
- wget
- jq
{% if grains['os'] != 'CentOS' %}
- - python-docker
- - python-m2crypto
- apache2-utils
{% else %}
- net-tools
@@ -64,7 +40,6 @@ alwaysupdated:
- skip_suggestions: True
# Set time to UTC
-
Etc/UTC:
timezone.system
@@ -76,340 +51,4 @@ utilsyncscripts:
- group: 0
- file_mode: 755
- template: jinja
- - source: salt://common/tools/sbin
-
-# Make sure Docker is running!
-docker:
- service.running:
- - enable: True
-
-# Drop the correct nginx config based on role
-
-nginxconfdir:
- file.directory:
- - name: /opt/so/conf/nginx
- - user: 939
- - group: 939
- - makedirs: True
-
-nginxconf:
- file.managed:
- - name: /opt/so/conf/nginx/nginx.conf
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/nginx/nginx.conf.{{ grains.role }}
-
-nginxlogdir:
- file.directory:
- - name: /opt/so/log/nginx/
- - user: 939
- - group: 939
- - makedirs: True
-
-nginxtmp:
- file.directory:
- - name: /opt/so/tmp/nginx/tmp
- - user: 939
- - group: 939
- - makedirs: True
-
-so-core:
- docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-core:{{ VERSION }}
- - hostname: so-core
- - user: socore
- - binds:
- - /opt/so:/opt/so:rw
- - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- - /opt/so/log/nginx/:/var/log/nginx:rw
- - /opt/so/tmp/nginx/:/var/lib/nginx:rw
- - /opt/so/tmp/nginx/:/run:rw
- - /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
- - /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
- - /opt/so/conf/fleet/packages:/opt/socore/html/packages
- - cap_add: NET_BIND_SERVICE
- - port_bindings:
- - 80:80
- - 443:443
- {%- if FLEETMASTER or FLEETNODE %}
- - 8090:8090
- {%- endif %}
- - watch:
- - file: /opt/so/conf/nginx/nginx.conf
-
-# Add Telegraf to monitor all the things.
-tgraflogdir:
- file.directory:
- - name: /opt/so/log/telegraf
- - makedirs: True
-
-tgrafetcdir:
- file.directory:
- - name: /opt/so/conf/telegraf/etc
- - makedirs: True
-
-tgrafetsdir:
- file.directory:
- - name: /opt/so/conf/telegraf/scripts
- - makedirs: True
-
-tgrafsyncscripts:
- file.recurse:
- - name: /opt/so/conf/telegraf/scripts
- - user: 939
- - group: 939
- - file_mode: 755
- - template: jinja
- - source: salt://common/telegraf/scripts
-
-tgrafconf:
- file.managed:
- - name: /opt/so/conf/telegraf/etc/telegraf.conf
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/telegraf/etc/telegraf.conf
-
-so-telegraf:
- docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }}
- - environment:
- - HOST_PROC=/host/proc
- - HOST_ETC=/host/etc
- - HOST_SYS=/host/sys
- - HOST_MOUNT_PREFIX=/host
- - network_mode: host
- - port_bindings:
- - 127.0.0.1:8094:8094
- - binds:
- - /opt/so/log/telegraf:/var/log/telegraf:rw
- - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro
- - /var/run/utmp:/var/run/utmp:ro
- - /var/run/docker.sock:/var/run/docker.sock:ro
- - /:/host/root:ro
- - /sys:/host/sys:ro
- - /proc:/host/proc:ro
- - /nsm:/host/nsm:ro
- - /etc:/host/etc:ro
- {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-mastersearch' %}
- - /etc/pki/ca.crt:/etc/telegraf/ca.crt:ro
- {% else %}
- - /etc/ssl/certs/intca.crt:/etc/telegraf/ca.crt:ro
- {% endif %}
- - /etc/pki/influxdb.crt:/etc/telegraf/telegraf.crt:ro
- - /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
- - /opt/so/conf/telegraf/scripts:/scripts:ro
- - /opt/so/log/stenographer:/var/log/stenographer:ro
- - /opt/so/log/suricata:/var/log/suricata:ro
- - watch:
- - /opt/so/conf/telegraf/etc/telegraf.conf
- - /opt/so/conf/telegraf/scripts
-
-# If its a master or eval lets install the back end for now
-{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
-
-# Influx DB
-influxconfdir:
- file.directory:
- - name: /opt/so/conf/influxdb/etc
- - makedirs: True
-
-influxdbdir:
- file.directory:
- - name: /nsm/influxdb
- - makedirs: True
-
-influxdbconf:
- file.managed:
- - name: /opt/so/conf/influxdb/etc/influxdb.conf
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/influxdb/etc/influxdb.conf
-
-so-influxdb:
- docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
- - hostname: influxdb
- - environment:
- - INFLUXDB_HTTP_LOG_ENABLED=false
- - binds:
- - /opt/so/conf/influxdb/etc/influxdb.conf:/etc/influxdb/influxdb.conf:ro
- - /nsm/influxdb:/var/lib/influxdb:rw
- - /etc/pki/influxdb.crt:/etc/ssl/influxdb.crt:ro
- - /etc/pki/influxdb.key:/etc/ssl/influxdb.key:ro
- - port_bindings:
- - 0.0.0.0:8086:8086
- - watch:
- - file: /opt/so/conf/influxdb/etc/influxdb.conf
-
-# Grafana all the things
-grafanadir:
- file.directory:
- - name: /nsm/grafana
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanaconfdir:
- file.directory:
- - name: /opt/so/conf/grafana/etc
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanadashdir:
- file.directory:
- - name: /opt/so/conf/grafana/grafana_dashboards
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanadashmdir:
- file.directory:
- - name: /opt/so/conf/grafana/grafana_dashboards/master
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanadashevaldir:
- file.directory:
- - name: /opt/so/conf/grafana/grafana_dashboards/eval
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanadashfndir:
- file.directory:
- - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanadashsndir:
- file.directory:
- - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanaconf:
- file.recurse:
- - name: /opt/so/conf/grafana/etc
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/grafana/etc
-
-{% if salt['pillar.get']('mastertab', False) %}
-{% for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
-{% set NODETYPE = SN.split('_')|last %}
-{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
-dashboard-master:
- file.managed:
- - name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/grafana/grafana_dashboards/master/master.json
- - defaults:
- SERVERNAME: {{ SN }}
- MANINT: {{ SNDATA.manint }}
- MONINT: {{ SNDATA.manint }}
- CPUS: {{ SNDATA.totalcpus }}
- UID: {{ SNDATA.guid }}
- ROOTFS: {{ SNDATA.rootfs }}
- NSMFS: {{ SNDATA.nsmfs }}
-
-{% endfor %}
-{% endif %}
-
-{% if salt['pillar.get']('sensorstab', False) %}
-{% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
-{% set NODETYPE = SN.split('_')|last %}
-{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
-dashboard-{{ SN }}:
- file.managed:
- - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/grafana/grafana_dashboards/sensor_nodes/sensor.json
- - defaults:
- SERVERNAME: {{ SN }}
- MONINT: {{ SNDATA.monint }}
- MANINT: {{ SNDATA.manint }}
- CPUS: {{ SNDATA.totalcpus }}
- UID: {{ SNDATA.guid }}
- ROOTFS: {{ SNDATA.rootfs }}
- NSMFS: {{ SNDATA.nsmfs }}
-
-{% endfor %}
-{% endif %}
-
-{% if salt['pillar.get']('nodestab', False) %}
-{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
-{% set NODETYPE = SN.split('_')|last %}
-{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
-dashboardsearch-{{ SN }}:
- file.managed:
- - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/grafana/grafana_dashboards/search_nodes/searchnode.json
- - defaults:
- SERVERNAME: {{ SN }}
- MANINT: {{ SNDATA.manint }}
- MONINT: {{ SNDATA.manint }}
- CPUS: {{ SNDATA.totalcpus }}
- UID: {{ SNDATA.guid }}
- ROOTFS: {{ SNDATA.rootfs }}
- NSMFS: {{ SNDATA.nsmfs }}
-
-{% endfor %}
-{% endif %}
-
-{% if salt['pillar.get']('evaltab', False) %}
-{% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
-{% set NODETYPE = SN.split('_')|last %}
-{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
-dashboard-{{ SN }}:
- file.managed:
- - name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/grafana/grafana_dashboards/eval/eval.json
- - defaults:
- SERVERNAME: {{ SN }}
- MANINT: {{ SNDATA.manint }}
- MONINT: {{ SNDATA.monint }}
- CPUS: {{ SNDATA.totalcpus }}
- UID: {{ SNDATA.guid }}
- ROOTFS: {{ SNDATA.rootfs }}
- NSMFS: {{ SNDATA.nsmfs }}
-
-{% endfor %}
-{% endif %}
-
-so-grafana:
- docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
- - hostname: grafana
- - user: socore
- - binds:
- - /nsm/grafana:/var/lib/grafana:rw
- - /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro
- - /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw
- - /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw
- - /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw
- - environment:
- - GF_SECURITY_ADMIN_PASSWORD=augusta
- - port_bindings:
- - 0.0.0.0:3000:3000
- - watch:
- - file: /opt/so/conf/grafana/*
-
-{% endif %}
+ - source: salt://common/tools/sbin
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-elastic-download b/salt/common/tools/sbin/so-elastic-download
index 9e2c56719..216f51410 100755
--- a/salt/common/tools/sbin/so-elastic-download
+++ b/salt/common/tools/sbin/so-elastic-download
@@ -2,7 +2,7 @@
MASTER=MASTER
VERSION="HH1.1.4"
TRUSTED_CONTAINERS=( \
-"so-core:$VERSION" \
+"so-nginx:$VERSION" \
"so-thehive-cortex:$VERSION" \
"so-curator:$VERSION" \
"so-domainstats:$VERSION" \
diff --git a/salt/curator/init.sls b/salt/curator/init.sls
index 7912dfffa..b97f7090d 100644
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %}
# Curator
diff --git a/salt/docker/init.sls b/salt/docker/init.sls
new file mode 100644
index 000000000..3021552ab
--- /dev/null
+++ b/salt/docker/init.sls
@@ -0,0 +1,8 @@
+installdocker:
+ pkg.installed:
+ - name: docker-ce
+
+# Make sure Docker is running!
+docker:
+ service.running:
+ - enable: True
\ No newline at end of file
diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 9d6e0f001..0952689e2 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% if grains['role'] == 'so-master' %}
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index f0127a651..35676ed6d 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
{% if FEATURES %}
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 3dd90338f..409594b2d 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -11,7 +11,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set MASTERIP = salt['pillar.get']('static:masterip', '') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
diff --git a/salt/fleet/files/scripts/so-fleet-setup b/salt/fleet/files/scripts/so-fleet-setup
index 3489ea86f..6b49dee03 100644
--- a/salt/fleet/files/scripts/so-fleet-setup
+++ b/salt/fleet/files/scripts/so-fleet-setup
@@ -41,7 +41,7 @@ sleep 120
echo "Installing launcher via salt..."
salt-call state.apply fleet.install_package queue=True >> /root/fleet-setup.log
salt-call state.apply filebeat queue=True >> /root/fleet-setup.log
-docker stop so-core
+docker stop so-nginx
salt-call state.apply common queue=True >> /root/fleet-setup.log
echo "Fleet Setup Complete - Login here: https://{{ MAIN_HOSTNAME }}"
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index 5dcc7e202..66720b85a 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -1,7 +1,7 @@
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
{%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
{%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set MAINIP = salt['pillar.get']('node:mainip') %}
{% set FLEETARCH = salt['grains.get']('role') %}
diff --git a/salt/common/grafana/grafana_dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json
similarity index 100%
rename from salt/common/grafana/grafana_dashboards/eval/eval.json
rename to salt/grafana/dashboards/eval/eval.json
diff --git a/salt/common/grafana/grafana_dashboards/master/master.json b/salt/grafana/dashboards/master/master.json
similarity index 100%
rename from salt/common/grafana/grafana_dashboards/master/master.json
rename to salt/grafana/dashboards/master/master.json
diff --git a/salt/common/grafana/grafana_dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json
similarity index 100%
rename from salt/common/grafana/grafana_dashboards/search_nodes/searchnode.json
rename to salt/grafana/dashboards/search_nodes/searchnode.json
diff --git a/salt/common/grafana/grafana_dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json
similarity index 100%
rename from salt/common/grafana/grafana_dashboards/sensor_nodes/sensor.json
rename to salt/grafana/dashboards/sensor_nodes/sensor.json
diff --git a/salt/common/grafana/etc/dashboards/dashboard.yml b/salt/grafana/etc/dashboards/dashboard.yml
similarity index 100%
rename from salt/common/grafana/etc/dashboards/dashboard.yml
rename to salt/grafana/etc/dashboards/dashboard.yml
diff --git a/salt/common/grafana/etc/datasources/influxdb.yaml b/salt/grafana/etc/datasources/influxdb.yaml
similarity index 100%
rename from salt/common/grafana/etc/datasources/influxdb.yaml
rename to salt/grafana/etc/datasources/influxdb.yaml
diff --git a/salt/common/grafana/etc/grafana.ini b/salt/grafana/etc/grafana.ini
similarity index 100%
rename from salt/common/grafana/etc/grafana.ini
rename to salt/grafana/etc/grafana.ini
diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls
new file mode 100644
index 000000000..deaabf4e5
--- /dev/null
+++ b/salt/grafana/init.sls
@@ -0,0 +1,175 @@
+{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
+{% set MASTER = salt['grains.get']('master') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+
+{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
+
+# Grafana all the things
+grafanadir:
+ file.directory:
+ - name: /nsm/grafana
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanaconfdir:
+ file.directory:
+ - name: /opt/so/conf/grafana/etc
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanadashdir:
+ file.directory:
+ - name: /opt/so/conf/grafana/grafana_dashboards
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanadashmdir:
+ file.directory:
+ - name: /opt/so/conf/grafana/grafana_dashboards/master
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanadashevaldir:
+ file.directory:
+ - name: /opt/so/conf/grafana/grafana_dashboards/eval
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanadashfndir:
+ file.directory:
+ - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanadashsndir:
+ file.directory:
+ - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanaconf:
+ file.recurse:
+ - name: /opt/so/conf/grafana/etc
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://grafana/etc
+
+{% if salt['pillar.get']('mastertab', False) %}
+{% for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
+{% set NODETYPE = SN.split('_')|last %}
+{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
+dashboard-master:
+ file.managed:
+ - name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://grafana/dashboards/master/master.json
+ - defaults:
+ SERVERNAME: {{ SN }}
+ MANINT: {{ SNDATA.manint }}
+ MONINT: {{ SNDATA.manint }}
+ CPUS: {{ SNDATA.totalcpus }}
+ UID: {{ SNDATA.guid }}
+ ROOTFS: {{ SNDATA.rootfs }}
+ NSMFS: {{ SNDATA.nsmfs }}
+
+{% endfor %}
+{% endif %}
+
+{% if salt['pillar.get']('sensorstab', False) %}
+{% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
+{% set NODETYPE = SN.split('_')|last %}
+{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
+dashboard-{{ SN }}:
+ file.managed:
+ - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://grafana/dashboards/sensor_nodes/sensor.json
+ - defaults:
+ SERVERNAME: {{ SN }}
+ MONINT: {{ SNDATA.monint }}
+ MANINT: {{ SNDATA.manint }}
+ CPUS: {{ SNDATA.totalcpus }}
+ UID: {{ SNDATA.guid }}
+ ROOTFS: {{ SNDATA.rootfs }}
+ NSMFS: {{ SNDATA.nsmfs }}
+
+{% endfor %}
+{% endif %}
+
+{% if salt['pillar.get']('nodestab', False) %}
+{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
+{% set NODETYPE = SN.split('_')|last %}
+{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
+dashboardsearch-{{ SN }}:
+ file.managed:
+ - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://grafana/dashboards/search_nodes/searchnode.json
+ - defaults:
+ SERVERNAME: {{ SN }}
+ MANINT: {{ SNDATA.manint }}
+ MONINT: {{ SNDATA.manint }}
+ CPUS: {{ SNDATA.totalcpus }}
+ UID: {{ SNDATA.guid }}
+ ROOTFS: {{ SNDATA.rootfs }}
+ NSMFS: {{ SNDATA.nsmfs }}
+
+{% endfor %}
+{% endif %}
+
+{% if salt['pillar.get']('evaltab', False) %}
+{% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
+{% set NODETYPE = SN.split('_')|last %}
+{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
+dashboard-{{ SN }}:
+ file.managed:
+ - name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://grafana/dashboards/eval/eval.json
+ - defaults:
+ SERVERNAME: {{ SN }}
+ MANINT: {{ SNDATA.manint }}
+ MONINT: {{ SNDATA.monint }}
+ CPUS: {{ SNDATA.totalcpus }}
+ UID: {{ SNDATA.guid }}
+ ROOTFS: {{ SNDATA.rootfs }}
+ NSMFS: {{ SNDATA.nsmfs }}
+
+{% endfor %}
+{% endif %}
+
+so-grafana:
+ docker_container.running:
+ - image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
+ - hostname: grafana
+ - user: socore
+ - binds:
+ - /nsm/grafana:/var/lib/grafana:rw
+ - /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro
+ - /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw
+ - /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw
+ - /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw
+ - environment:
+ - GF_SECURITY_ADMIN_PASSWORD=augusta
+ - port_bindings:
+ - 0.0.0.0:3000:3000
+ - watch:
+ - file: /opt/so/conf/grafana/*
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/hive/init.sls b/salt/hive/init.sls
index 179ac5e1a..2be2f7480 100644
--- a/salt/hive/init.sls
+++ b/salt/hive/init.sls
@@ -1,5 +1,5 @@
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
hiveconfdir:
file.directory:
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index f7ffacd6b..eba5cfd26 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
# IDSTools Setup
idstoolsdir:
diff --git a/salt/common/influxdb/etc/influxdb.conf b/salt/influxdb/etc/influxdb.conf
similarity index 100%
rename from salt/common/influxdb/etc/influxdb.conf
rename to salt/influxdb/etc/influxdb.conf
diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls
new file mode 100644
index 000000000..49470cfc9
--- /dev/null
+++ b/salt/influxdb/init.sls
@@ -0,0 +1,43 @@
+{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
+{% set MASTER = salt['grains.get']('master') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+
+
+{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
+
+# Influx DB
+influxconfdir:
+ file.directory:
+ - name: /opt/so/conf/influxdb/etc
+ - makedirs: True
+
+influxdbdir:
+ file.directory:
+ - name: /nsm/influxdb
+ - makedirs: True
+
+influxdbconf:
+ file.managed:
+ - name: /opt/so/conf/influxdb/etc/influxdb.conf
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://influxdb/etc/influxdb.conf
+
+so-influxdb:
+ docker_container.running:
+ - image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
+ - hostname: influxdb
+ - environment:
+ - INFLUXDB_HTTP_LOG_ENABLED=false
+ - binds:
+ - /opt/so/conf/influxdb/etc/influxdb.conf:/etc/influxdb/influxdb.conf:ro
+ - /nsm/influxdb:/var/lib/influxdb:rw
+ - /etc/pki/influxdb.crt:/etc/ssl/influxdb.crt:ro
+ - /etc/pki/influxdb.key:/etc/ssl/influxdb.key:ro
+ - port_bindings:
+ - 0.0.0.0:8086:8086
+ - watch:
+ - file: influxdbconf
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index 0f0fa987e..975ec800e 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
{% if FEATURES %}
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index 6488828e0..7b7ffe60b 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
{% if FEATURES %}
diff --git a/salt/master/files/registry/scripts/so-docker-download b/salt/master/files/registry/scripts/so-docker-download
index f6ca8f4e1..2670acf26 100644
--- a/salt/master/files/registry/scripts/so-docker-download
+++ b/salt/master/files/registry/scripts/so-docker-download
@@ -1,9 +1,9 @@
#!/bin/bash
MASTER={{ MASTER }}
-VERSION="HH1.2.1"
+VERSION="HH1.2.2"
TRUSTED_CONTAINERS=( \
-"so-core:$VERSION" \
+"so-nginx:$VERSION" \
"so-cyberchef:$VERSION" \
"so-acng:$VERSION" \
"so-soc:$VERSION" \
diff --git a/salt/master/init.sls b/salt/master/init.sls
index 7752311f8..4dab12a68 100644
--- a/salt/master/init.sls
+++ b/salt/master/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set masterproxy = salt['pillar.get']('static:masterupdate', '0') %}
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index a8e47ca5b..894bebaea 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -1,6 +1,6 @@
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set MAINIP = salt['pillar.get']('node:mainip') %}
{% set FLEETARCH = salt['grains.get']('role') %}
diff --git a/salt/common/nginx/nginx.conf.so-eval b/salt/nginx/etc/nginx.conf.so-eval
similarity index 98%
rename from salt/common/nginx/nginx.conf.so-eval
rename to salt/nginx/etc/nginx.conf.so-eval
index e2615808f..61d91ba20 100644
--- a/salt/common/nginx/nginx.conf.so-eval
+++ b/salt/nginx/etc/nginx.conf.so-eval
@@ -299,12 +299,12 @@ http {
return 302 /auth/self-service/browser/flows/login;
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /usr/share/nginx/html/40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-fleet b/salt/nginx/etc/nginx.conf.so-fleet
similarity index 95%
rename from salt/common/nginx/nginx.conf.so-fleet
rename to salt/nginx/etc/nginx.conf.so-fleet
index a97b85e78..28372f448 100644
--- a/salt/common/nginx/nginx.conf.so-fleet
+++ b/salt/nginx/etc/nginx.conf.so-fleet
@@ -86,12 +86,12 @@ http {
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-heavynode b/salt/nginx/etc/nginx.conf.so-heavynode
similarity index 94%
rename from salt/common/nginx/nginx.conf.so-heavynode
rename to salt/nginx/etc/nginx.conf.so-heavynode
index 39688f3df..f3fc913de 100644
--- a/salt/common/nginx/nginx.conf.so-heavynode
+++ b/salt/nginx/etc/nginx.conf.so-heavynode
@@ -77,12 +77,12 @@ http {
# location / {
# }
#
-# error_page 404 /404.html;
-# location = /40x.html {
-# }
+# #error_page 404 /404.html;
+# # location = /40x.html {
+# #}
#
# error_page 500 502 503 504 /50x.html;
-# location = /50x.html {
+# location = /usr/share/nginx/html/50x.html {
# }
# }
diff --git a/salt/common/nginx/nginx.conf.so-helix b/salt/nginx/etc/nginx.conf.so-helix
similarity index 94%
rename from salt/common/nginx/nginx.conf.so-helix
rename to salt/nginx/etc/nginx.conf.so-helix
index 39688f3df..e5a68c09d 100644
--- a/salt/common/nginx/nginx.conf.so-helix
+++ b/salt/nginx/etc/nginx.conf.so-helix
@@ -47,12 +47,12 @@ http {
location / {
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-master b/salt/nginx/etc/nginx.conf.so-master
similarity index 98%
rename from salt/common/nginx/nginx.conf.so-master
rename to salt/nginx/etc/nginx.conf.so-master
index e2615808f..46e910a17 100644
--- a/salt/common/nginx/nginx.conf.so-master
+++ b/salt/nginx/etc/nginx.conf.so-master
@@ -299,12 +299,12 @@ http {
return 302 /auth/self-service/browser/flows/login;
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-mastersearch b/salt/nginx/etc/nginx.conf.so-mastersearch
similarity index 98%
rename from salt/common/nginx/nginx.conf.so-mastersearch
rename to salt/nginx/etc/nginx.conf.so-mastersearch
index e2615808f..46e910a17 100644
--- a/salt/common/nginx/nginx.conf.so-mastersearch
+++ b/salt/nginx/etc/nginx.conf.so-mastersearch
@@ -299,12 +299,12 @@ http {
return 302 /auth/self-service/browser/flows/login;
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-node b/salt/nginx/etc/nginx.conf.so-node
similarity index 94%
rename from salt/common/nginx/nginx.conf.so-node
rename to salt/nginx/etc/nginx.conf.so-node
index 39688f3df..e5a68c09d 100644
--- a/salt/common/nginx/nginx.conf.so-node
+++ b/salt/nginx/etc/nginx.conf.so-node
@@ -47,12 +47,12 @@ http {
location / {
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-sensor b/salt/nginx/etc/nginx.conf.so-sensor
similarity index 94%
rename from salt/common/nginx/nginx.conf.so-sensor
rename to salt/nginx/etc/nginx.conf.so-sensor
index 39688f3df..e5a68c09d 100644
--- a/salt/common/nginx/nginx.conf.so-sensor
+++ b/salt/nginx/etc/nginx.conf.so-sensor
@@ -47,12 +47,12 @@ http {
location / {
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/nginx/html/favicon-16x16.png b/salt/nginx/html/favicon-16x16.png
new file mode 100644
index 000000000..a0a818d20
Binary files /dev/null and b/salt/nginx/html/favicon-16x16.png differ
diff --git a/salt/nginx/html/favicon-32x32.png b/salt/nginx/html/favicon-32x32.png
new file mode 100644
index 000000000..b1b38d711
Binary files /dev/null and b/salt/nginx/html/favicon-32x32.png differ
diff --git a/salt/nginx/html/favicon.ico b/salt/nginx/html/favicon.ico
new file mode 100644
index 000000000..41e85a108
Binary files /dev/null and b/salt/nginx/html/favicon.ico differ
diff --git a/salt/nginx/html/index.html b/salt/nginx/html/index.html
new file mode 100644
index 000000000..70d1ddfb0
--- /dev/null
+++ b/salt/nginx/html/index.html
@@ -0,0 +1,13 @@
+
+
+
+Security Onion - Hybrid Hunter
+
+
+
+
+
+
+Security Onion
+
+
diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls
new file mode 100644
index 000000000..296774a02
--- /dev/null
+++ b/salt/nginx/init.sls
@@ -0,0 +1,64 @@
+{% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
+{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
+{% set MASTER = salt['grains.get']('master') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+
+# Drop the correct nginx config based on role
+nginxconfdir:
+ file.directory:
+ - name: /opt/so/conf/nginx/html
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+nginxhtml:
+ file.recurse:
+ - name: /opt/so/conf/nginx/html
+ - source: salt://nginx/html/
+ - user: 939
+ - group: 939
+
+nginxconf:
+ file.managed:
+ - name: /opt/so/conf/nginx/nginx.conf
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://nginx/etc/nginx.conf.{{ grains.role }}
+
+nginxlogdir:
+ file.directory:
+ - name: /opt/so/log/nginx/
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+nginxtmp:
+ file.directory:
+ - name: /opt/so/tmp/nginx/tmp
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+so-nginx:
+ docker_container.running:
+ - image: {{ MASTER }}:5000/soshybridhunter/so-nginx:{{ VERSION }}
+ - hostname: so-nginx
+ - binds:
+ - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+ - /opt/so/log/nginx/:/var/log/nginx:rw
+ - /opt/so/tmp/nginx/:/var/lib/nginx:rw
+ - /opt/so/tmp/nginx/:/run:rw
+ - /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
+ - /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
+ - /opt/so/conf/fleet/packages:/opt/socore/html/packages
+ - cap_add: NET_BIND_SERVICE
+ - port_bindings:
+ - 80:80
+ - 443:443
+ {%- if FLEETMASTER or FLEETNODE %}
+ - 8090:8090
+ {%- endif %}
+ - watch:
+ - file: nginxconf
+ - file: nginxconfdir
diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls
index af58ab866..cb1068d30 100644
--- a/salt/nodered/init.sls
+++ b/salt/nodered/init.sls
@@ -61,7 +61,7 @@ noderedlog:
so-nodered:
docker_container.running:
- - image: soshybridhunter/so-nodered:HH1.2.1
+ - image: soshybridhunter/so-nodered:HH1.2.2
- interactive: True
- binds:
- /opt/so/conf/nodered/:/data:rw
diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index 8f4f7d59a..93203ca5b 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index cb9c56d32..aed297eca 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,5 +1,5 @@
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
playbookdb:
diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls
index fb2a71dec..215d69942 100644
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -55,7 +55,7 @@ def run():
# Run Docker container that will build the packages
gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=/opt/so/saltstack/salt/fleet/packages,target=/output", \
- "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.1", \
+ "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.2", \
f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')
# Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
diff --git a/salt/redis/init.sls b/salt/redis/init.sls
index c22838d7a..3b2f662f3 100644
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
{% set lsaccessip = salt['pillar.get']('master:lsaccessip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
# Redis Setup
diff --git a/salt/salt/init.sls b/salt/salt/init.sls
index 32aaaa47e..22ecddfb3 100644
--- a/salt/salt/init.sls
+++ b/salt/salt/init.sls
@@ -1,3 +1,28 @@
+# Create a state directory
+
+statedir:
+ file.directory:
+ - name: /opt/so/state
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+salttmp:
+ file.directory:
+ - name: /opt/so/tmp
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+{% if grains['os'] != 'CentOS' %}
+saltpymodules:
+ pkg.installed:
+ - pkgs:
+ - python-docker
+ - python-m2crypto
+ {% endif %}
+
+
salt_minion_service:
service.running:
- name: salt-minion
diff --git a/salt/sensoroni/init.sls b/salt/sensoroni/init.sls
index 174687926..441394df6 100644
--- a/salt/sensoroni/init.sls
+++ b/salt/sensoroni/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
sensoronidir:
diff --git a/salt/soc/init.sls b/salt/soc/init.sls
index bf133c36f..cc2c9dfd6 100644
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
socdir:
diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls
index 8ed4a514f..a4eb27f78 100644
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
soctopusdir:
diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls
index b9efef638..662144ca7 100644
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -14,7 +14,7 @@
# along with this program. If not, see .
{%- set MASTER = grains['master'] %}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
# Strelka config
strelkaconfdir:
@@ -72,7 +72,7 @@ strelka_gatekeeper:
strelka_frontend:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:HH1.2.1
+ - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:HH1.2.2
- binds:
- /opt/so/conf/strelka/frontend/:/etc/strelka/:ro
- /nsm/strelka/log/:/var/log/strelka/:rw
@@ -84,7 +84,7 @@ strelka_frontend:
strelka_backend:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:HH1.2.1
+ - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:HH1.2.2
- binds:
- /opt/so/conf/strelka/backend/:/etc/strelka/:ro
- /opt/so/conf/strelka/backend/yara:/etc/yara/:ro
@@ -94,7 +94,7 @@ strelka_backend:
strelka_manager:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:HH1.2.1
+ - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:HH1.2.2
- binds:
- /opt/so/conf/strelka/manager/:/etc/strelka/:ro
- name: so-strelka-manager
@@ -102,7 +102,7 @@ strelka_manager:
strelka_filestream:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:HH1.2.1
+ - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:HH1.2.2
- binds:
- /opt/so/conf/strelka/filestream/:/etc/strelka/:ro
- /nsm/strelka:/nsm/strelka
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index f0b0f37c4..39f419ad0 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -15,7 +15,7 @@
{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set BROVER = salt['pillar.get']('static:broversion', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
{% set BPF_STATUS = 0 %}
diff --git a/salt/tcpreplay/init.sls b/salt/tcpreplay/init.sls
index d2e76aa8d..5a054bf5d 100644
--- a/salt/tcpreplay/init.sls
+++ b/salt/tcpreplay/init.sls
@@ -1,5 +1,5 @@
{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
so-tcpreplay:
diff --git a/salt/common/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf
similarity index 100%
rename from salt/common/telegraf/etc/telegraf.conf
rename to salt/telegraf/etc/telegraf.conf
diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
new file mode 100644
index 000000000..834f77bf1
--- /dev/null
+++ b/salt/telegraf/init.sls
@@ -0,0 +1,70 @@
+{% set MASTER = salt['grains.get']('master') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+
+# Add Telegraf to monitor all the things.
+tgraflogdir:
+ file.directory:
+ - name: /opt/so/log/telegraf
+ - makedirs: True
+
+tgrafetcdir:
+ file.directory:
+ - name: /opt/so/conf/telegraf/etc
+ - makedirs: True
+
+tgrafetsdir:
+ file.directory:
+ - name: /opt/so/conf/telegraf/scripts
+ - makedirs: True
+
+tgrafsyncscripts:
+ file.recurse:
+ - name: /opt/so/conf/telegraf/scripts
+ - user: 939
+ - group: 939
+ - file_mode: 755
+ - template: jinja
+ - source: salt://telegraf/scripts
+
+tgrafconf:
+ file.managed:
+ - name: /opt/so/conf/telegraf/etc/telegraf.conf
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://telegraf/etc/telegraf.conf
+
+so-telegraf:
+ docker_container.running:
+ - image: {{ MASTER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }}
+ - environment:
+ - HOST_PROC=/host/proc
+ - HOST_ETC=/host/etc
+ - HOST_SYS=/host/sys
+ - HOST_MOUNT_PREFIX=/host
+ - network_mode: host
+ - port_bindings:
+ - 127.0.0.1:8094:8094
+ - binds:
+ - /opt/so/log/telegraf:/var/log/telegraf:rw
+ - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro
+ - /var/run/utmp:/var/run/utmp:ro
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - /:/host/root:ro
+ - /sys:/host/sys:ro
+ - /proc:/host/proc:ro
+ - /nsm:/host/nsm:ro
+ - /etc:/host/etc:ro
+ {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-mastersearch' %}
+ - /etc/pki/ca.crt:/etc/telegraf/ca.crt:ro
+ {% else %}
+ - /etc/ssl/certs/intca.crt:/etc/telegraf/ca.crt:ro
+ {% endif %}
+ - /etc/pki/influxdb.crt:/etc/telegraf/telegraf.crt:ro
+ - /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
+ - /opt/so/conf/telegraf/scripts:/scripts:ro
+ - /opt/so/log/stenographer:/var/log/stenographer:ro
+ - /opt/so/log/suricata:/var/log/suricata:ro
+ - watch:
+ - file: tgrafconf
+ - file: tgrafsyncscripts
\ No newline at end of file
diff --git a/salt/common/telegraf/scripts/broloss.sh b/salt/telegraf/scripts/broloss.sh
similarity index 100%
rename from salt/common/telegraf/scripts/broloss.sh
rename to salt/telegraf/scripts/broloss.sh
diff --git a/salt/common/telegraf/scripts/checkfiles.sh b/salt/telegraf/scripts/checkfiles.sh
similarity index 100%
rename from salt/common/telegraf/scripts/checkfiles.sh
rename to salt/telegraf/scripts/checkfiles.sh
diff --git a/salt/common/telegraf/scripts/helixeps.sh b/salt/telegraf/scripts/helixeps.sh
similarity index 100%
rename from salt/common/telegraf/scripts/helixeps.sh
rename to salt/telegraf/scripts/helixeps.sh
diff --git a/salt/common/telegraf/scripts/influxdbsize.sh b/salt/telegraf/scripts/influxdbsize.sh
similarity index 100%
rename from salt/common/telegraf/scripts/influxdbsize.sh
rename to salt/telegraf/scripts/influxdbsize.sh
diff --git a/salt/common/telegraf/scripts/oldpcap.sh b/salt/telegraf/scripts/oldpcap.sh
similarity index 100%
rename from salt/common/telegraf/scripts/oldpcap.sh
rename to salt/telegraf/scripts/oldpcap.sh
diff --git a/salt/common/telegraf/scripts/redis.sh b/salt/telegraf/scripts/redis.sh
similarity index 100%
rename from salt/common/telegraf/scripts/redis.sh
rename to salt/telegraf/scripts/redis.sh
diff --git a/salt/common/telegraf/scripts/stenoloss.sh b/salt/telegraf/scripts/stenoloss.sh
similarity index 100%
rename from salt/common/telegraf/scripts/stenoloss.sh
rename to salt/telegraf/scripts/stenoloss.sh
diff --git a/salt/common/telegraf/scripts/suriloss.sh b/salt/telegraf/scripts/suriloss.sh
similarity index 100%
rename from salt/common/telegraf/scripts/suriloss.sh
rename to salt/telegraf/scripts/suriloss.sh
diff --git a/salt/top.sls b/salt/top.sls
index a03c2e1e2..3d0c70c53 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -11,15 +11,18 @@
base:
'*':
+ - salt
+ - docker
- patch.os.schedule
- motd
- - salt
'*_helix':
- ca
- ssl
- registry
- common
+ - nginx
+ - telegraf
- firewall
- idstools
- pcap
@@ -34,6 +37,8 @@ base:
- ca
- ssl
- common
+ - nginx
+ - telegraf
- firewall
- pcap
- suricata
@@ -57,6 +62,10 @@ base:
- registry
- master
- common
+ - nginx
+ - telegraf
+ - influxdb
+ - grafana
- soc
- firewall
- idstools
@@ -105,6 +114,10 @@ base:
- ssl
- registry
- common
+ - nginx
+ - telegraf
+ - influxdb
+ - grafana
- soc
- firewall
- master
@@ -179,6 +192,8 @@ base:
- ca
- ssl
- common
+ - nginx
+ - telegraf
- firewall
{%- if WAZUH != 0 %}
- wazuh
@@ -194,6 +209,10 @@ base:
'*_mastersensor':
- common
+ - nginx
+ - telegraf
+ - influxdb
+ - grafana
- firewall
- sensor
- master
@@ -207,6 +226,10 @@ base:
- ssl
- registry
- common
+ - nginx
+ - telegraf
+ - influxdb
+ - grafana
- soc
- firewall
- master
@@ -248,6 +271,8 @@ base:
- ca
- ssl
- common
+ - nginx
+ - telegraf
- firewall
- redis
{%- if WAZUH != 0 %}
@@ -272,6 +297,8 @@ base:
- ca
- ssl
- common
+ - nginx
+ - telegraf
- firewall
- mysql
- redis
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index 83c7cbc9a..52c37c791 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,5 +1,5 @@
{%- set HOSTNAME = salt['grains.get']('host', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
# Add ossec group
ossecgroup:
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 16085fc3c..ea238a162 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
{% set BPF_STATUS = 0 %}
diff --git a/setup/so-functions b/setup/so-functions
index 78aef6a2a..b50821fd8 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -579,7 +579,7 @@ docker_seed_registry() {
if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then
TRUSTED_CONTAINERS=( \
"so-acng:$VERSION" \
- "so-core:$VERSION" \
+ "so-nginx:$VERSION" \
"so-thehive-cortex:$VERSION" \
"so-curator:$VERSION" \
"so-domainstats:$VERSION" \
@@ -614,7 +614,7 @@ docker_seed_registry() {
"so-zeek:$VERSION" )
else
TRUSTED_CONTAINERS=( \
- "so-core:$VERSION" \
+ "so-nginx:$VERSION" \
"so-filebeat:$VERSION" \
"so-idstools:$VERSION" \
"so-logstash:$VERSION" \
diff --git a/upgrade/so-update-functions b/upgrade/so-update-functions
index 4f0e48f66..c5ba05a47 100644
--- a/upgrade/so-update-functions
+++ b/upgrade/so-update-functions
@@ -17,7 +17,7 @@
# Set the new SO Version
-UPDATEVERSION=1.2.1
+UPDATEVERSION=1.2.2
BUILD=HH
#Determine the current install version
@@ -35,7 +35,6 @@ HOSTNAME=$(hostname)
if [ $MASTERCHECK != 'so-helix' ]; then
TRUSTED_CONTAINERS=( \
"so-acng:$BUILD$UPDATEVERSION" \
- "so-core:$BUILD$UPDATEVERSION" \
"so-thehive-cortex:$BUILD$UPDATEVERSION" \
"so-curator:$BUILD$UPDATEVERSION" \
"so-domainstats:$BUILD$UPDATEVERSION" \
@@ -53,6 +52,7 @@ if [ $MASTERCHECK != 'so-helix' ]; then
"so-logstash:$BUILD$UPDATEVERSION" \
"so-mysql:$BUILD$UPDATEVERSION" \
"so-navigator:$BUILD$UPDATEVERSION" \
+ "so-nginx:$BUILD$UPDATEVERSION" \
"so-playbook:$BUILD$UPDATEVERSION" \
"so-redis:$BUILD$UPDATEVERSION" \
"so-soc:$BUILD$UPDATEVERSION" \
@@ -67,10 +67,10 @@ if [ $MASTERCHECK != 'so-helix' ]; then
"so-zeek:$BUILD$UPDATEVERSION" )
else
TRUSTED_CONTAINERS=( \
- "so-core:$BUILD$UPDATEVERSION" \
"so-filebeat:$BUILD$UPDATEVERSION" \
"so-idstools:$BUILD$UPDATEVERSION" \
"so-logstash:$BUILD$UPDATEVERSION" \
+ "so-nginx:$BUILD$UPDATEVERSION" \
"so-redis:$BUILD$UPDATEVERSION" \
"so-steno:$BUILD$UPDATEVERSION" \
"so-suricata:$BUILD$UPDATEVERSION" \