CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

redo how containers get added to so-status https://github.com/Security-Onion-Solutions/securityonion/issues/1681

Browse Source
This commit is contained in:
m0duspwnens
2020-11-10 15:31:47 -05:00
parent 95b24b1684
commit 1fca5e65df
53 changed files with 228 additions and 280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
salt/common/init.sls
View File

@@ -32,6 +32,23 @@ soconfperms:
- gid: 939
- dir_mode: 770
sostatusconf:
file.directory:
- name: /opt/so/conf/so-status
- uid: 939
- gid: 939
- dir_mode: 770
so-status.running.conf:
file.touch:
- name: /opt/so/conf/so-status/so-status.conf
- unless: ls /opt/so/conf/so-status/so-status.conf
so-status.stopped.conf:
file.touch:
- name: /opt/so/conf/so-status/so-status.disabled.conf
- unless: ls /opt/so/conf/so-status/so-status.disabled.conf
sosaltstackperms:
file.directory:
- name: /opt/so/saltstack

5
salt/common/maps/domainstats.map.jinja
View File

@@ -1,5 +0,0 @@
{% set docker = {
'containers': [
'so-domainstats'
]
} %}

20
salt/common/maps/eval.map.jinja
View File

@@ -1,20 +0,0 @@
{% set docker = {
'containers': [
'so-filebeat',
'so-nginx',
'so-telegraf',
'so-dockerregistry',
'so-soc',
'so-kratos',
'so-idstools',
'so-elasticsearch',
'so-kibana',
'so-steno',
'so-suricata',
'so-zeek',
'so-curator',
'so-elastalert',
'so-soctopus',
'so-sensoroni'
]
} %}

10
salt/common/maps/fleet.map.jinja
View File

@@ -1,10 +0,0 @@
{% set docker = {
'containers': [
'so-mysql',
'so-fleet',
'so-redis',
'so-filebeat',
'so-nginx',
'so-telegraf'
]
} %}

7
salt/common/maps/fleet_manager.map.jinja
View File

@@ -1,7 +0,0 @@
{% set docker = {
'containers': [
'so-mysql',
'so-fleet',
'so-redis'
]
} %}

5
salt/common/maps/freq.map.jinja
View File

@@ -1,5 +0,0 @@
{% set docker = {
'containers': [
'so-freqserver'
]
} %}

6
salt/common/maps/grafana.map.jinja
View File

@@ -1,6 +0,0 @@
{% set docker = {
'containers': [
'so-influxdb',
'so-grafana'
]
} %}

15
salt/common/maps/heavynode.map.jinja
View File

@@ -1,15 +0,0 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-redis',
'so-logstash',
'so-elasticsearch',
'so-curator',
'so-steno',
'so-suricata',
'so-wazuh',
'so-filebeat',
'so-sensoroni'
]
} %}

12
salt/common/maps/helixsensor.map.jinja
View File

@@ -1,12 +0,0 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-idstools',
'so-steno',
'so-zeek',
'so-redis',
'so-logstash',
'so-filebeat
]
} %}

9
salt/common/maps/hotnode.map.jinja
View File

@@ -1,9 +0,0 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-logstash',
'so-elasticsearch',
'so-curator',
]
} %}

10
salt/common/maps/import.map.jinja
View File

@@ -1,10 +0,0 @@
{% set docker = {
'containers': [
'so-filebeat',
'so-nginx',
'so-soc',
'so-kratos',
'so-elasticsearch',
'so-kibana'
]
} %}

21
salt/common/maps/manager.map.jinja
View File

@@ -1,21 +0,0 @@
{% set docker = {
'containers': [
'so-dockerregistry',
'so-nginx',
'so-telegraf',
'so-soc',
'so-kratos',
'so-idstools',
'so-redis',
'so-elasticsearch',
'so-logstash',
'so-kibana',
'so-elastalert',
'so-filebeat',
'so-soctopus'
]
} %}
{% if salt['pillar.get']('global:managerupdate') == 1 %}
{% do docker.containers.append('so-aptcacherng') %}
{% endif %}

21
salt/common/maps/managersearch.map.jinja
View File

@@ -1,21 +0,0 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-soc',
'so-kratos',
'so-idstools',
'so-redis',
'so-logstash',
'so-elasticsearch',
'so-curator',
'so-kibana',
'so-elastalert',
'so-filebeat',
'so-soctopus'
]
} %}
{% if salt['pillar.get']('global:managerupdate') == 1 %}
{% do docker.containers.append('so-aptcacherng') %}
{% endif %}

5
salt/common/maps/mdengine.map.jinja
View File

@@ -1,5 +0,0 @@
{% set docker = {
'containers': [
'so-zeek'
]
} %}

5
salt/common/maps/playbook.map.jinja
View File

@@ -1,5 +0,0 @@
{% set docker = {
'containers': [
'so-playbook'
]
} %}

10
salt/common/maps/searchnode.map.jinja
View File

@@ -1,10 +0,0 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-logstash',
'so-elasticsearch',
'so-curator',
'so-filebeat'
]
} %}

9
salt/common/maps/sensor.map.jinja
View File

@@ -1,9 +0,0 @@
{% set docker = {
'containers': [
'so-telegraf',
'so-steno',
'so-suricata',
'so-filebeat',
'so-sensoroni'
]
} %}

48
salt/common/maps/so-status.map.jinja
View File

@@ -1,48 +0,0 @@
{% set role = grains.id.split('_') | last %}
{% from 'common/maps/'~ role ~'.map.jinja' import docker with context %}
# Check if the service is enabled and append it's required containers
# to the list predefined by the role / minion id affix
{% macro append_containers(pillar_name, k, compare )%}
{% if salt['pillar.get'](pillar_name~':'~k, {}) != compare %}
{% if k == 'enabled' %}
{% set k = pillar_name %}
{% endif %}
{% from 'common/maps/'~k~'.map.jinja' import docker as d with context %}
{% for li in d['containers'] %}
{{ docker['containers'].append(li) }}
{% endfor %}
{% endif %}
{% endmacro %}
{% set docker = salt['grains.filter_by']({
'*_'~role: {
'containers': docker['containers']
}
},grain='id', merge=salt['pillar.get']('docker')) %}
{% if role in ['eval', 'managersearch', 'manager', 'standalone'] %}
{{ append_containers('manager', 'grafana', 0) }}
{{ append_containers('global', 'fleet_manager', 0) }}
{{ append_containers('global', 'wazuh', 0) }}
{{ append_containers('manager', 'thehive', 0) }}
{{ append_containers('manager', 'playbook', 0) }}
{{ append_containers('manager', 'freq', 0) }}
{{ append_containers('manager', 'domainstats', 0) }}
{% endif %}
{% if role in ['eval', 'heavynode', 'sensor', 'standalone'] %}
{{ append_containers('strelka', 'enabled', 0) }}
{% endif %}
{% if role in ['heavynode', 'standalone'] %}
{{ append_containers('global', 'mdengine', 'SURICATA') }}
{% endif %}
{% if role == 'searchnode' %}
{{ append_containers('manager', 'wazuh', 0) }}
{% endif %}
{% if role == 'sensor' %}
{{ append_containers('global', 'mdengine', 'SURICATA') }}
{% endif %}

25
salt/common/maps/standalone.map.jinja
View File

@@ -1,25 +0,0 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-soc',
'so-kratos',
'so-idstools',
'so-redis',
'so-logstash',
'so-elasticsearch',
'so-curator',
'so-kibana',
'so-elastalert',
'so-filebeat',
'so-suricata',
'so-steno',
'so-dockerregistry',
'so-soctopus',
'so-sensoroni'
]
} %}
{% if salt['pillar.get']('global:managerupdate') == 1 %}
{% do docker.containers.append('so-aptcacherng') %}
{% endif %}

9
salt/common/maps/strelka.map.jinja
View File

@@ -1,9 +0,0 @@
{% set docker = {
'containers': [
'so-strelka-coordinator',
'so-strelka-gatekeeper',
'so-strelka-manager',
'so-strelka-frontend',
'so-strelka-filestream'
]
} %}

7
salt/common/maps/thehive.map.jinja
View File

@@ -1,7 +0,0 @@
{% set docker = {
'containers': [
'so-thehive',
'so-thehive-es',
'so-cortex'
]
} %}

7
salt/common/maps/warmnode.map.jinja
View File

@@ -1,7 +0,0 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-elasticsearch'
]
} %}

5
salt/common/maps/wazuh.map.jinja
View File

@@ -1,5 +0,0 @@
{% set docker = {
'containers': [
'so-wazuh'
]
} %}

13
salt/common/tools/sbin/so-status
View File

@@ -14,8 +14,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
{%- from 'common/maps/so-status.map.jinja' import docker with context %}
{%- set container_list = docker['containers'] | sort | unique %}
if ! [ "$(id -u)" = 0 ]; then
echo "This command must be run as root"
@@ -39,9 +37,8 @@ declare -a BAD_STATUSES=("removing" "paused" "exited" "dead")
declare -a PENDING_STATUSES=("paused" "created" "restarting")
declare -a GOOD_STATUSES=("running")
declare -a DISABLED_CONTAINERS=()
{%- if salt['pillar.get']('steno:enabled', 'True') is sameas false %}
DISABLED_CONTAINERS+=("so-steno")
{%- endif %}
mapfile -t DISABLED_CONTAINERS < <(sort -u /opt/so/conf/so-status/so-status.disabled.conf)
declare -a temp_container_name_list=()
declare -a temp_container_state_list=()
@@ -83,9 +80,9 @@ compare_lists() {
# {% endraw %}
create_expected_container_list() {
{% for item in container_list -%}
expected_container_list+=("{{ item }}")
{% endfor -%}
mapfile -t expected_container_list < <(sort -u /opt/so/conf/so-status/so-status.conf)
}
populate_container_lists() {

6
salt/curator/init.sls
View File

@@ -127,6 +127,12 @@ so-curator:
- /opt/so/conf/curator/curator.yml:/etc/curator/config/curator.yml:ro
- /opt/so/conf/curator/action/:/etc/curator/action:ro
- /opt/so/log/curator:/var/log/curator:rw
append_so-curator_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-curator
# Begin Curator Cron Jobs
# Close

5
salt/domainstats/init.sls
View File

@@ -56,6 +56,11 @@ so-domainstats:
- binds:
- /opt/so/log/domainstats:/var/log/domain_stats
append_so-domainstats_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-domainstats
{% else %}
domainstats_state_not_allowed:

6
salt/elastalert/init.sls
View File

@@ -121,6 +121,12 @@ so-elastalert:
- {{MANAGER_URL}}:{{MANAGER_IP}}
- require:
- module: wait_for_elasticsearch
append_so-elastalert_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-elastalert
{% endif %}
{% else %}

6
salt/elasticsearch/init.sls
View File

@@ -215,13 +215,17 @@ so-elasticsearch:
- /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro
- /etc/pki/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro
- /opt/so/conf/elasticsearch/sotls.yml:/usr/share/elasticsearch/config/sotls.yml:ro
- watch:
- file: cacertz
- file: esyml
- file: esingestconf
- file: so-elasticsearch-pipelines-file
append_so-elasticsearch_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-elasticsearch
so-elasticsearch-pipelines-file:
file.managed:
- name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines

5
salt/filebeat/init.sls
View File

@@ -86,6 +86,11 @@ so-filebeat:
- watch:
- file: /opt/so/conf/filebeat/etc/filebeat.yml
append_so-filebeat_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-filebeat
{% else %}
filebeat_state_not_allowed:

5
salt/fleet/init.sls
View File

@@ -134,4 +134,9 @@ so-fleet:
- watch:
- /opt/so/conf/fleet/etc
append_so-fleet_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-fleet
{% endif %}

5
salt/freqserver/init.sls
View File

@@ -56,6 +56,11 @@ so-freq:
- binds:
- /opt/so/log/freq_server:/var/log/freq_server:rw
append_so-freq_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-freq
{% else %}
freqserver_state_not_allowed:

5
salt/grafana/init.sls
View File

@@ -236,6 +236,11 @@ so-grafana:
- watch:
- file: /opt/so/conf/grafana/*
append_so-grafana_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-grafana
{% endif %}
{% else %}

5
salt/idstools/init.sls
View File

@@ -76,6 +76,11 @@ so-idstools:
- watch:
- file: idstoolsetcsync
append_so-idstools_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-idstools
{% else %}
idstools_state_not_allowed:

5
salt/influxdb/init.sls
View File

@@ -54,6 +54,11 @@ so-influxdb:
- watch:
- file: influxdbconf
append_so-influxdb_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-influxdb
{% endif %}
{% else %}

5
salt/kibana/init.sls
View File

@@ -90,6 +90,11 @@ so-kibana:
- port_bindings:
- 0.0.0.0:5601:5601
append_so-kibana_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-kibana
kibanadashtemplate:
file.managed:
- name: /opt/so/conf/kibana/saved_objects.ndjson.template

5
salt/logstash/init.sls
View File

@@ -202,6 +202,11 @@ so-logstash:
- file: es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}
{% endfor %}
append_so-logstash_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-logstash
{% else %}
logstash_state_not_allowed:

5
salt/manager/init.sls
View File

@@ -81,6 +81,11 @@ so-aptcacherng:
- /opt/so/log/aptcacher-ng:/var/log/apt-cacher-ng:rw
- /opt/so/conf/aptcacher-ng/etc/acng.conf:/etc/apt-cacher-ng/acng.conf:ro
append_so-aptcacher_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-aptcacherng
{% endif %}
strelka_yara_update:

5
salt/minio/init.sls
View File

@@ -62,6 +62,11 @@ so-minio:
- /etc/pki/minio.crt:/.minio/certs/public.crt:ro
- entrypoint: "/usr/bin/docker-entrypoint.sh server --certs-dir /.minio/certs --address :9595 /data"
append_so-minio_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-minio
{% else %}
minio_state_not_allowed:

6
salt/mysql/init.sls
View File

@@ -97,6 +97,12 @@ so-mysql:
- timeout: 900
- onchanges:
- docker_container: so-mysql
append_so-mysql_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-mysql
{% endif %}
{% else %}

5
salt/nginx/init.sls
View File

@@ -98,6 +98,11 @@ so-nginx:
- file: nginxconf
- file: nginxconfdir
append_so-nginx_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-nginx
{% else %}
nginx_state_not_allowed:

5
salt/nodered/init.sls
View File

@@ -74,6 +74,11 @@ so-nodered:
- port_bindings:
- 0.0.0.0:1880:1880
append_so-nodered_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-nodered
so-nodered-flows:
cmd.run:
- name: /usr/sbin/so-nodered-load-flows

23
salt/pcap/init.sls
View File

@@ -152,6 +152,24 @@ so-steno:
- watch:
- file: /opt/so/conf/steno/config
append_so-steno_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-steno
{% if STENOOPTIONS.status == 'running' %}
delete_so-steno_so-status.disabled:
file.line:
- name: /opt/so/conf/so-status/so-status.disabled.conf
- match: so-steno
- mode: delete
{% elif STENOOPTIONS.status == 'stopped' %}
append_so-steno_so-status.disabled:
file.append:
- name: /opt/so/conf/so-status/so-status.disabled.conf
- text: so-steno
{% endif %}
so-sensoroni:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }}
@@ -166,6 +184,11 @@ so-sensoroni:
- watch:
- file: /opt/so/conf/sensoroni/sensoroni.json
append_so-sensoroni_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-sensoroni
{% else %}
pcap_state_not_allowed:

5
salt/playbook/init.sls
View File

@@ -93,6 +93,11 @@ so-playbook:
- port_bindings:
- 0.0.0.0:3200:3000
append_so-playbook_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-playbook
{% endif %}
so-playbooksynccron:

5
salt/redis/init.sls
View File

@@ -70,6 +70,11 @@ so-redis:
- watch:
- file: /opt/so/conf/redis/etc
append_so-redis_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-redis
{% else %}
redis_state_not_allowed:

5
salt/registry/init.sls
View File

@@ -57,6 +57,11 @@ so-dockerregistry:
- /etc/pki/registry.crt:/etc/pki/registry.crt:ro
- /etc/pki/registry.key:/etc/pki/registry.key:ro
append_so-dockerregistry_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-dockerregistry
{% else %}
registry_state_not_allowed:

10
salt/soc/init.sls
View File

@@ -67,6 +67,11 @@ so-soc:
- watch:
- file: /opt/so/conf/soc/*
append_so-soc_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-soc
# Add Kratos Group
kratosgroup:
group.present:
@@ -119,6 +124,11 @@ so-kratos:
- watch:
- file: /opt/so/conf/kratos
append_so-kratos_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-kratos
{% else %}
soc_state_not_allowed:

5
salt/soctopus/init.sls
View File

@@ -73,6 +73,11 @@ so-soctopus:
- extra_hosts:
- {{MANAGER_URL}}:{{MANAGER_IP}}
append_so-soctopus_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-soctopus
{% else %}
soctopus_state_not_allowed:

30
salt/strelka/init.sls
View File

@@ -87,6 +87,11 @@ strelka_coordinator:
- port_bindings:
- 0.0.0.0:6380:6379
append_so-strelka-coordinator_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-strelka-coordinator
strelka_gatekeeper:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
@@ -95,6 +100,11 @@ strelka_gatekeeper:
- port_bindings:
- 0.0.0.0:6381:6379
append_so-strelka-gatekeeper_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-strelka-gatekeeper
strelka_frontend:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-frontend:{{ VERSION }}
@@ -107,6 +117,11 @@ strelka_frontend:
- port_bindings:
- 0.0.0.0:57314:57314
append_so-strelka-frontend_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-strelka-frontend
strelka_backend:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-backend:{{ VERSION }}
@@ -117,6 +132,11 @@ strelka_backend:
- command: strelka-backend
- restart_policy: on-failure
append_so-strelka-backend_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-strelka-backend
strelka_manager:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-manager:{{ VERSION }}
@@ -125,6 +145,11 @@ strelka_manager:
- name: so-strelka-manager
- command: strelka-manager
append_so-strelka-manager_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-strelka-manager
strelka_filestream:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-filestream:{{ VERSION }}
@@ -133,6 +158,11 @@ strelka_filestream:
- /nsm/strelka:/nsm/strelka
- name: so-strelka-filestream
- command: strelka-filestream
append_so-strelka-filestream_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-strelka-filestream
strelka_zeek_extracted_sync:
cron.present:

5
salt/suricata/init.sls
View File

@@ -163,6 +163,11 @@ so-suricata:
- file: /opt/so/conf/suricata/rules/
- file: /opt/so/conf/suricata/bpf
append_so-suricata_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-suricata
surilogrotate:
file.managed:
- name: /opt/so/conf/suricata/suri-rotate.conf

5
salt/telegraf/init.sls
View File

@@ -73,6 +73,11 @@ so-telegraf:
- file: tgrafconf
- file: tgrafsyncscripts
append_so-telegraf_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-telegraf
{% else %}
telegraf_state_not_allowed:

15
salt/thehive/init.sls
View File

@@ -102,6 +102,11 @@ so-thehive-es:
- 0.0.0.0:9400:9400
- 0.0.0.0:9500:9500
append_so-thehive-es_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-thehive-es
# Install Cortex
so-cortex:
docker_container.running:
@@ -116,6 +121,11 @@ so-cortex:
- port_bindings:
- 0.0.0.0:9001:9001
append_so-cortex_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-cortex
cortexscript:
cmd.script:
- source: salt://thehive/scripts/cortex_init
@@ -136,6 +146,11 @@ so-thehive:
- port_bindings:
- 0.0.0.0:9000:9000
append_so-thehive_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-thehive
thehivescript:
cmd.script:
- source: salt://thehive/scripts/hive_init

5
salt/wazuh/init.sls
View File

@@ -110,6 +110,11 @@ so-wazuh:
- binds:
- /nsm/wazuh:/var/ossec/data:rw
append_so-wazuh_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-wazuh
# Register the agent
registertheagent:
cmd.run:

5
salt/zeek/init.sls
View File

@@ -196,6 +196,11 @@ so-zeek:
- file: /opt/so/conf/zeek/policy
- file: /opt/so/conf/zeek/bpf
append_so-zeek_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-zeek
{% else %}
zeek_state_not_allowed: