CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

enable/disable idh via ui

Browse Source
This commit is contained in:
m0duspwnens
2023-05-15 10:53:39 -04:00
parent 997e6c141a
commit 1a1bcb3526
9 changed files with 183 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
salt/idh/config.sls Normal file
View File

@@ -0,0 +1,85 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'idh/opencanary_config.map.jinja' import RESTRICTIDHSERVICES %}
{% from 'idh/opencanary_config.map.jinja' import OPENCANARYCONFIG %}
include:
- idh.openssh.config
- firewall
# If True, block IDH Services from accepting connections on Managment IP
{% if RESTRICTIDHSERVICES %}
{% from 'idh/opencanary_config.map.jinja' import IDH_SERVICES %}
{% for service in IDH_SERVICES %}
{% if service in ["smnp","ntp", "tftp"] %}
{% set proto = 'udp' %}
{% else %}
{% set proto = 'tcp' %}
{% endif %}
block_mgt_ip_idh_services_{{ proto }}_{{ OPENCANARYCONFIG[service~'_x_port'] }} :
iptables.insert:
- table: filter
- chain: INPUT
- jump: DROP
- position: 1
- proto: {{ proto }}
- dport: {{ OPENCANARYCONFIG[service~'_x_port'] }}
- destination: {{ GLOBALS.node_ip }}
{% endfor %}
{% endif %}
# Create a config directory
idhconfdir:
file.directory:
- name: /opt/so/conf/idh
- user: 939
- group: 939
- makedirs: True
# Create a log directory
idhlogdir:
file.directory:
- name: /nsm/idh
- user: 939
- group: 939
- makedirs: True
opencanary_config:
file.managed:
- name: /opt/so/conf/idh/opencanary.conf
- source: salt://idh/idh.conf.jinja
- template: jinja
- defaults:
OPENCANARYCONFIG: {{ OPENCANARYCONFIG }}
idh_sbin:
file.recurse:
- name: /usr/sbin
- source: salt://idh/tools/sbin
- user: 934
- group: 939
- file_mode: 755
#idh_sbin_jinja:
# file.recurse:
# - name: /usr/sbin
# - source: salt://idh/tools/sbin_jinja
# - user: 939
# - group: 939
# - file_mode: 755
# - template: jinja
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

3
salt/idh/defaults.yaml
View File

@@ -1,5 +1,6 @@
idh: idh:
restrict_management_ip: false enabled: False
restrict_management_ip: False
openssh: openssh:
enable: true enable: true
config: config:

27
salt/idh/disabled.sls Normal file
View File

@@ -0,0 +1,27 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
include:
- idh.sostatus
so-idh:
docker_container.absent:
- force: True
so-idh_so-status.disabled:
file.comment:
- name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-idh$
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

39
salt/idh/enabled.sls Normal file
View File

@@ -0,0 +1,39 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %}
include:
- idh.config
- idh.sostatus
so-idh:
docker_container.running:
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-idh:{{ GLOBALS.so_version }}
- name: so-idh
- detach: True
- network_mode: host
- binds:
- /nsm/idh:/var/tmp:rw
- /opt/so/conf/idh/opencanary.conf:/etc/opencanaryd/opencanary.conf:ro
- watch:
- file: opencanary_config
- require:
- file: opencanary_config
delete_so-idh_so-status.disabled:
file.uncomment:
- name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-idh$
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

100
salt/idh/init.sls
View File

@@ -3,103 +3,11 @@
# https://securityonion.net/license; you may not use this file except in compliance with the # https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0. # Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %} {% from 'idh/opencanary_config.map.jinja' import IDHMERGED %}
{% if sls in allowed_states %}
{% import_yaml 'docker/defaults.yaml' as DOCKERDEFAULTS %}
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'idh/opencanary_config.map.jinja' import RESTRICTIDHSERVICES %}
{% from 'idh/opencanary_config.map.jinja' import OPENCANARYCONFIG %}
include: include:
- idh.openssh.config {% if IDHMERGED.enabled %}
- firewall - idh.enabled
# If True, block IDH Services from accepting connections on Managment IP
{% if RESTRICTIDHSERVICES %}
{% from 'idh/opencanary_config.map.jinja' import IDH_SERVICES %}
{% for service in IDH_SERVICES %}
{% if service in ["smnp","ntp", "tftp"] %}
{% set proto = 'udp' %}
{% else %} {% else %}
{% set proto = 'tcp' %} - idh.disabled
{% endif %}
block_mgt_ip_idh_services_{{ proto }}_{{ OPENCANARYCONFIG[service~'_x_port'] }} :
iptables.insert:
- table: filter
- chain: INPUT
- jump: DROP
- position: 1
- proto: {{ proto }}
- dport: {{ OPENCANARYCONFIG[service~'_x_port'] }}
- destination: {{ GLOBALS.node_ip }}
{% endfor %}
{% endif %}
# Create a config directory
temp:
file.directory:
- name: /opt/so/conf/idh
- user: 939
- group: 939
- makedirs: True
# Create a log directory
configdir:
file.directory:
- name: /nsm/idh
- user: 939
- group: 939
- makedirs: True
opencanary_config:
file.managed:
- name: /opt/so/conf/idh/opencanary.conf
- source: salt://idh/idh.conf.jinja
- template: jinja
- defaults:
OPENCANARYCONFIG: {{ OPENCANARYCONFIG }}
idh_sbin:
file.recurse:
- name: /usr/sbin
- source: salt://idh/tools/sbin
- user: 934
- group: 939
- file_mode: 755
#idh_sbin_jinja:
# file.recurse:
# - name: /usr/sbin
# - source: salt://idh/tools/sbin_jinja
# - user: 939
# - group: 939
# - file_mode: 755
# - template: jinja
so-idh:
docker_container.running:
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-idh:{{ GLOBALS.so_version }}
- name: so-idh
- detach: True
- network_mode: host
- binds:
- /nsm/idh:/var/tmp:rw
- /opt/so/conf/idh/opencanary.conf:/etc/opencanaryd/opencanary.conf:ro
- watch:
- file: opencanary_config
- require:
- file: opencanary_config
append_so-idh_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-idh
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %} {% endif %}

1
salt/idh/opencanary_config.map.jinja
View File

@@ -20,6 +20,7 @@
{% set IDH_PORTGROUPS = {} %} {% set IDH_PORTGROUPS = {} %}
{% import_yaml "idh/defaults.yaml" as IDHCONFIG with context %} {% import_yaml "idh/defaults.yaml" as IDHCONFIG with context %}
{% set IDHMERGED = salt['pillar.get']('idh', IDHCONFIG.idh, merge=True) %}
{% set RESTRICTIDHSERVICES = salt['pillar.get']('idh:restrict_management_ip', default=IDHCONFIG.idh.restrict_management_ip) %} {% set RESTRICTIDHSERVICES = salt['pillar.get']('idh:restrict_management_ip', default=IDHCONFIG.idh.restrict_management_ip) %}
{% set OPENCANARYCONFIG = salt['pillar.get']('idh:opencanary:config', default=IDHCONFIG.idh.opencanary.config, merge=True) %} {% set OPENCANARYCONFIG = salt['pillar.get']('idh:opencanary:config', default=IDHCONFIG.idh.opencanary.config, merge=True) %}
{# update skinlist to skin.list to avoid issues with SOC UI config #} {# update skinlist to skin.list to avoid issues with SOC UI config #}

3
salt/idh/soc_idh.yaml
View File

@@ -1,4 +1,7 @@
idh: idh:
enabled:
description: You can enable or disable IDH.
helpLink: idh.html
opencanary: opencanary:
config: config:
logger: logger:

21
salt/idh/sostatus.sls Normal file
View File

@@ -0,0 +1,21 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
append_so-idh_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-idh
- unless: grep -q so-idh /opt/so/conf/so-status/so-status.conf
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

1
salt/manager/tools/sbin/so-minion
View File

@@ -153,6 +153,7 @@ function add_fleet_to_minion() {
function add_idh_to_minion() { function add_idh_to_minion() {
printf '%s\n'\ printf '%s\n'\
"idh:"\ "idh:"\
" enabled: True"\
" restrict_management_ip: $IDH_MGTRESTRICT"\ " restrict_management_ip: $IDH_MGTRESTRICT"\
" services:" >> "$PILLARFILE" " services:" >> "$PILLARFILE"
IFS=',' read -ra IDH_SERVICES_ARRAY <<< "$IDH_SERVICES" IFS=',' read -ra IDH_SERVICES_ARRAY <<< "$IDH_SERVICES"