CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-20 16:03:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #844 from Security-Onion-Solutions/quickfix/addfwrules

Browse Source 
Quickfix/addfwrules
This commit is contained in:
Josh Patterson
2020-06-12 15:04:04 -04:00
committed by GitHub
parent befc793a96 3c0caa4112
commit 1f305352a0
4 changed files with 112 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
files/firewall/hostgroups.local.yaml
View File

@@ -40,7 +40,19 @@ firewall:
ips:
delete:
insert:
wazuh_endpoint:
syslog:
ips:
delete:
insert:
wazuh_agent:
ips:
delete:
insert:
wazuh_api:
ips:
delete:
insert:
wazuh_authd:
ips:
delete:
insert:

29
salt/common/tools/sbin/so-allow
View File

@@ -45,9 +45,22 @@ do
SKIP=1
;;
w)
FULLROLE="wazuh_endpoint"
FULLROLE="wazuh_agent"
SKIP=1
;;
s)
FULLROLE="syslog"
SKIP=1
;;
p)
FULLROLE="wazuh_api"
SKIP=1
;;
r)
FULLROLE="wazuh_authd"
SKIP=1
;;
esac
done
@@ -60,8 +73,10 @@ if [ "$SKIP" -eq 0 ]; then
echo "[a] - Analyst - ports 80/tcp and 443/tcp"
echo "[b] - Logstash Beat - port 5044/tcp"
echo "[o] - Osquery endpoint - port 8090/tcp"
echo "[w] - Wazuh endpoint - port 1514"
echo ""
echo "[s] - Syslog device - 514/tcp/udp"
echo "[w] - Wazuh agent - port 1514/tcp/udp"
echo "[p] - Wazuh API - port 55000/tcp"
echo "[r] - Wazuh registration service - 1515/tcp"
echo "Please enter your selection (a - analyst, b - beats, o - osquery, w - wazuh):"
read ROLE
echo "Enter a single ip address or range to allow (example: 10.10.10.10 or 10.10.0.0/16):"
@@ -74,7 +89,13 @@ if [ "$SKIP" -eq 0 ]; then
elif [ "$ROLE" == "o" ]; then
FULLROLE=osquery_endpoint
elif [ "$ROLE" == "w" ]; then
FULLROLE=wazuh_endpoint
FULLROLE=wazuh_agent
elif [ "$ROLE" == "s" ]; then
FULLROLE=syslog
elif [ "$ROLE" == "p" ]; then
FULLROLE=wazuh_api
elif [ "$ROLE" == "r" ]; then
FULLROLE=wazuh_authd
else
echo "I don't recognize that role"
exit 1

85
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -8,7 +8,9 @@ role:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
@@ -27,7 +29,7 @@ role:
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
@@ -46,9 +48,18 @@ role:
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
syslog:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
@@ -72,7 +83,7 @@ role:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
@@ -91,7 +102,7 @@ role:
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
@@ -110,9 +121,9 @@ role:
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
analyst:
portgroups:
- {{ portgroups.nginx }}
@@ -136,7 +147,9 @@ role:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
@@ -155,7 +168,7 @@ role:
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
@@ -168,15 +181,24 @@ role:
self:
portgroups:
- {{ portgroups.syslog}}
syslog:
portgroups:
- {{ portgroups.syslog }}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
@@ -200,7 +222,9 @@ role:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
@@ -219,7 +243,7 @@ role:
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
@@ -238,9 +262,18 @@ role:
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
syslog:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
@@ -264,7 +297,9 @@ role:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
@@ -283,7 +318,7 @@ role:
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
@@ -302,9 +337,18 @@ role:
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
syslog:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
@@ -322,7 +366,6 @@ role:
minion:
portgroups:
- {{ portgroups.salt_master }}
searchnode:
chain:
DOCKER-USER:

15
salt/firewall/portgroups.yaml
View File

@@ -77,11 +77,16 @@ firewall:
syslog:
tcp:
- 514
wazuh_minion:
tcp:
- 55000
wazuh_endpoint:
udp:
- 514
wazuh_agent:
tcp:
- 1514
udp:
- 1514
- 1514
wazuh_api:
tcp:
- 55000
wazuh_authd:
tcp:
- 1515