CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-20 16:03:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #844 from Security-Onion-Solutions/quickfix/addfwrules

Browse Source 
Quickfix/addfwrules
This commit is contained in:
Josh Patterson
2020-06-12 15:04:04 -04:00
committed by GitHub
parent befc793a96 3c0caa4112
commit 1f305352a0
4 changed files with 112 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
files/firewall/hostgroups.local.yaml
View File

@@ -40,7 +40,19 @@ firewall:
ips: ips:
delete: delete:
insert: insert:
wazuh_endpoint: syslog:
ips:
delete:
insert:
wazuh_agent:
ips:
delete:
insert:
wazuh_api:
ips:
delete:
insert:
wazuh_authd:
ips: ips:
delete: delete:
insert: insert:

29
salt/common/tools/sbin/so-allow
View File

@@ -45,9 +45,22 @@ do
SKIP=1 SKIP=1
;; ;;
w) w)
FULLROLE="wazuh_endpoint" FULLROLE="wazuh_agent"
SKIP=1 SKIP=1
;; ;;
s)
FULLROLE="syslog"
SKIP=1
;;
p)
FULLROLE="wazuh_api"
SKIP=1
;;
r)
FULLROLE="wazuh_authd"
SKIP=1
;;
esac esac
done done
@@ -60,8 +73,10 @@ if [ "$SKIP" -eq 0 ]; then
echo "[a] - Analyst - ports 80/tcp and 443/tcp" echo "[a] - Analyst - ports 80/tcp and 443/tcp"
echo "[b] - Logstash Beat - port 5044/tcp" echo "[b] - Logstash Beat - port 5044/tcp"
echo "[o] - Osquery endpoint - port 8090/tcp" echo "[o] - Osquery endpoint - port 8090/tcp"
echo "[w] - Wazuh endpoint - port 1514" echo "[s] - Syslog device - 514/tcp/udp"
echo "" echo "[w] - Wazuh agent - port 1514/tcp/udp"
echo "[p] - Wazuh API - port 55000/tcp"
echo "[r] - Wazuh registration service - 1515/tcp"
echo "Please enter your selection (a - analyst, b - beats, o - osquery, w - wazuh):" echo "Please enter your selection (a - analyst, b - beats, o - osquery, w - wazuh):"
read ROLE read ROLE
echo "Enter a single ip address or range to allow (example: 10.10.10.10 or 10.10.0.0/16):" echo "Enter a single ip address or range to allow (example: 10.10.10.10 or 10.10.0.0/16):"
@@ -74,7 +89,13 @@ if [ "$SKIP" -eq 0 ]; then
elif [ "$ROLE" == "o" ]; then elif [ "$ROLE" == "o" ]; then
FULLROLE=osquery_endpoint FULLROLE=osquery_endpoint
elif [ "$ROLE" == "w" ]; then elif [ "$ROLE" == "w" ]; then
FULLROLE=wazuh_endpoint FULLROLE=wazuh_agent
elif [ "$ROLE" == "s" ]; then
FULLROLE=syslog
elif [ "$ROLE" == "p" ]; then
FULLROLE=wazuh_api
elif [ "$ROLE" == "r" ]; then
FULLROLE=wazuh_authd
else else
echo "I don't recognize that role" echo "I don't recognize that role"
exit 1 exit 1

85
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -8,7 +8,9 @@ role:
hostgroups: hostgroups:
master: master:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }} - {{ portgroups.playbook }}
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.navigator }} - {{ portgroups.navigator }}
@@ -27,7 +29,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }} - {{ portgroups.wazuh_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -46,9 +48,18 @@ role:
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
wazuh_endpoint: syslog:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}
@@ -72,7 +83,7 @@ role:
hostgroups: hostgroups:
master: master:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
- {{ portgroups.playbook }} - {{ portgroups.playbook }}
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.navigator }} - {{ portgroups.navigator }}
@@ -91,7 +102,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }} - {{ portgroups.wazuh_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -110,9 +121,9 @@ role:
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
wazuh_endpoint: wazuh_agent:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}
@@ -136,7 +147,9 @@ role:
hostgroups: hostgroups:
master: master:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }} - {{ portgroups.playbook }}
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.navigator }} - {{ portgroups.navigator }}
@@ -155,7 +168,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }} - {{ portgroups.wazuh_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -168,15 +181,24 @@ role:
self: self:
portgroups: portgroups:
- {{ portgroups.syslog}} - {{ portgroups.syslog}}
syslog:
portgroups:
- {{ portgroups.syslog }}
beats_endpoint: beats_endpoint:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
wazuh_endpoint: wazuh_agent:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}
@@ -200,7 +222,9 @@ role:
hostgroups: hostgroups:
master: master:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }} - {{ portgroups.playbook }}
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.navigator }} - {{ portgroups.navigator }}
@@ -219,7 +243,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }} - {{ portgroups.wazuh_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -238,9 +262,18 @@ role:
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
wazuh_endpoint: syslog:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}
@@ -264,7 +297,9 @@ role:
hostgroups: hostgroups:
master: master:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }} - {{ portgroups.playbook }}
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.navigator }} - {{ portgroups.navigator }}
@@ -283,7 +318,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }} - {{ portgroups.wazuh_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -302,9 +337,18 @@ role:
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
wazuh_endpoint: syslog:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}
@@ -322,7 +366,6 @@ role:
minion: minion:
portgroups: portgroups:
- {{ portgroups.salt_master }} - {{ portgroups.salt_master }}
searchnode: searchnode:
chain: chain:
DOCKER-USER: DOCKER-USER:

13
salt/firewall/portgroups.yaml
View File

@@ -77,11 +77,16 @@ firewall:
syslog: syslog:
tcp: tcp:
- 514 - 514
wazuh_minion: udp:
tcp: - 514
- 55000 wazuh_agent:
wazuh_endpoint:
tcp: tcp:
- 1514 - 1514
udp: udp:
- 1514 - 1514
wazuh_api:
tcp:
- 55000
wazuh_authd:
tcp:
- 1515