mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
Update all configs to pass user/pass to ES
This commit is contained in:
Jason Ertel
@@ -3,6 +3,8 @@
|
||||
{% elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
|
||||
{%- set elasticsearch = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %})
|
||||
|
||||
---
|
||||
# Remember, leave a key empty if there is no value. None will be a string,
|
||||
@@ -11,6 +13,8 @@ client:
|
||||
hosts:
|
||||
- {{elasticsearch}}
|
||||
port: 9200
|
||||
username: {{ ES_USER }}
|
||||
password: {{ ES_PASS }}
|
||||
url_prefix:
|
||||
use_ssl: True
|
||||
certificate:
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %})
|
||||
elastalert:
|
||||
config:
|
||||
rules_folder: /opt/elastalert/rules/
|
||||
@@ -19,8 +21,8 @@ elastalert:
|
||||
use_ssl: true
|
||||
verify_certs: false
|
||||
#es_send_get_body_as: GET
|
||||
#es_username: someusername
|
||||
#es_password: somepassword
|
||||
es_username: {{ ES_USER }}
|
||||
es_password: {{ ES_PASS }}
|
||||
writeback_index: elastalert_status
|
||||
alert_time_limit:
|
||||
days: 2
|
||||
@@ -45,4 +47,4 @@ elastalert:
|
||||
level: INFO
|
||||
handlers:
|
||||
- file
|
||||
propagate: false
|
||||
propagate: false
|
||||
|
||||
@@ -3,6 +3,8 @@
|
||||
{%- else %}
|
||||
{%- set MANAGER = salt['grains.get']('master') %}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_beats_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_beats_user:pass', '') %})
|
||||
|
||||
|
||||
{%- set HOSTNAME = salt['grains.get']('host', '') %}
|
||||
@@ -261,6 +263,8 @@ output.{{ type }}:
|
||||
output.elasticsearch:
|
||||
enabled: true
|
||||
hosts: ["https://{{ MANAGER }}:9200"]
|
||||
username: "{{ ES_USER }}"
|
||||
password: "{{ ES_PASS }}"
|
||||
ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
|
||||
pipelines:
|
||||
- pipeline: "%{[module]}.%{[dataset]}"
|
||||
|
||||
@@ -1,14 +1,16 @@
|
||||
---
|
||||
# Default Kibana configuration from kibana-docker.
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass', '') %})
|
||||
server.name: kibana
|
||||
server.host: "0"
|
||||
server.basePath: /kibana
|
||||
elasticsearch.hosts: [ "https://{{ ES }}:9200" ]
|
||||
elasticsearch.ssl.verificationMode: none
|
||||
#kibana.index: ".kibana"
|
||||
#elasticsearch.username: elastic
|
||||
#elasticsearch.password: changeme
|
||||
elasticsearch.username: {{ ES_USER }}
|
||||
elasticsearch.password: {{ ES_PASS }}
|
||||
#xpack.monitoring.ui.container.elasticsearch.enabled: true
|
||||
elasticsearch.requestTimeout: 90000
|
||||
logging.dest: /var/log/kibana/kibana.log
|
||||
@@ -19,4 +21,4 @@ xpack.security.authc.providers:
|
||||
anonymous.anonymous1:
|
||||
order: 0
|
||||
credentials: "elasticsearch_anonymous_user"
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
@@ -3,11 +3,15 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
output {
|
||||
if [module] =~ "zeek" and "import" not in [tags] {
|
||||
elasticsearch {
|
||||
pipeline => "%{module}.%{dataset}"
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-zeek"
|
||||
template_name => "so-zeek"
|
||||
template => "/templates/so-zeek-template.json"
|
||||
|
||||
@@ -3,11 +3,15 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
output {
|
||||
if "import" in [tags] {
|
||||
elasticsearch {
|
||||
pipeline => "%{module}.%{dataset}"
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-import"
|
||||
template_name => "so-import"
|
||||
template => "/templates/so-import-template.json"
|
||||
|
||||
@@ -3,10 +3,14 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
output {
|
||||
if [event_type] == "sflow" {
|
||||
elasticsearch {
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-flow"
|
||||
template_name => "so-flow"
|
||||
template => "/templates/so-flow-template.json"
|
||||
|
||||
@@ -3,10 +3,14 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
output {
|
||||
if [event_type] == "ids" and "import" not in [tags] {
|
||||
elasticsearch {
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-ids"
|
||||
template_name => "so-ids"
|
||||
template => "/templates/so-ids-template.json"
|
||||
|
||||
@@ -3,11 +3,15 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
output {
|
||||
if [module] =~ "syslog" {
|
||||
elasticsearch {
|
||||
pipeline => "%{module}"
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-syslog"
|
||||
template_name => "so-syslog"
|
||||
template => "/templates/so-syslog-template.json"
|
||||
|
||||
@@ -3,11 +3,15 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_pass:pass', '') %})
|
||||
output {
|
||||
if [module] =~ "osquery" and "live_query" not in [dataset] {
|
||||
elasticsearch {
|
||||
pipeline => "%{module}.%{dataset}"
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-osquery"
|
||||
template_name => "so-osquery"
|
||||
template => "/templates/so-osquery-template.json"
|
||||
|
||||
@@ -3,6 +3,8 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
|
||||
|
||||
filter {
|
||||
@@ -30,6 +32,8 @@ output {
|
||||
elasticsearch {
|
||||
pipeline => "osquery.live_query"
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-osquery"
|
||||
template_name => "so-osquery"
|
||||
template => "/templates/so-osquery-template.json"
|
||||
|
||||
@@ -3,10 +3,14 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
output {
|
||||
if [dataset] =~ "firewall" {
|
||||
elasticsearch {
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-firewall"
|
||||
template_name => "so-firewall"
|
||||
template => "/templates/so-firewall-template.json"
|
||||
|
||||
@@ -3,11 +3,15 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
output {
|
||||
if [module] =~ "suricata" and "import" not in [tags] {
|
||||
elasticsearch {
|
||||
pipeline => "%{module}.%{dataset}"
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-ids"
|
||||
template_name => "so-ids"
|
||||
template => "/templates/so-ids-template.json"
|
||||
|
||||
@@ -3,11 +3,15 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
output {
|
||||
if "beat-ext" in [tags] and "import" not in [tags] {
|
||||
elasticsearch {
|
||||
pipeline => "beats.common"
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-beats"
|
||||
template_name => "so-beats"
|
||||
template => "/templates/so-beats-template.json"
|
||||
|
||||
@@ -3,11 +3,15 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
output {
|
||||
if [module] =~ "ossec" {
|
||||
elasticsearch {
|
||||
pipeline => "%{module}"
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-ossec"
|
||||
template_name => "so-ossec"
|
||||
template => "/templates/so-ossec-template.json"
|
||||
|
||||
@@ -3,11 +3,15 @@
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %})
|
||||
output {
|
||||
if [module] =~ "strelka" {
|
||||
elasticsearch {
|
||||
pipeline => "%{module}.%{dataset}"
|
||||
hosts => "{{ ES }}"
|
||||
username => "{{ ES_USER }}"
|
||||
password => "{{ ES_PASS }}"
|
||||
index => "so-strelka"
|
||||
template_name => "so-strelka"
|
||||
template => "/templates/so-strelka-template.json"
|
||||
|
||||
@@ -18,6 +18,8 @@
|
||||
{%- import_json "soc/files/soc/menu.actions.json" as menu_actions %}
|
||||
{%- import_json "soc/files/soc/tools.json" as tools %}
|
||||
{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %})
|
||||
|
||||
{
|
||||
"logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
|
||||
@@ -47,8 +49,8 @@
|
||||
{%- endfor %}
|
||||
],
|
||||
{%- endif %}
|
||||
"username": "",
|
||||
"password": "",
|
||||
"username": "{{ ES_USER }}",
|
||||
"password": "{{ ES_PASS }}",
|
||||
"cacheMs": {{ ES_FIELDCAPS_CACHE }},
|
||||
"verifyCert": false,
|
||||
"timeoutMs": {{ API_TIMEOUT }}
|
||||
|
||||
@@ -3,13 +3,14 @@
|
||||
{%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %}
|
||||
{%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
|
||||
{%- set PLAYBOOK_KEY = salt['pillar.get']('playbook:api_key', '') %}
|
||||
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %})
|
||||
|
||||
[es]
|
||||
es_url = https://{{MANAGER}}:9200
|
||||
es_ip = {{MANAGER}}
|
||||
es_user =
|
||||
es_pass =
|
||||
es_user = {{ ES_USER }}
|
||||
es_pass = {{ ES_PASS }}
|
||||
es_index_pattern = so-*
|
||||
es_verifycert = no
|
||||
|
||||
|
||||
@@ -14,6 +14,8 @@
|
||||
# for numbers and booleans they should be plain (ie, $INT_VAR, $BOOL_VAR)
|
||||
|
||||
{%- set MANAGER = salt['grains.get']('master') %}
|
||||
{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %})
|
||||
{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %})
|
||||
{% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %}
|
||||
{% set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %}
|
||||
{% set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %}
|
||||
@@ -620,10 +622,14 @@
|
||||
{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %}
|
||||
[[inputs.elasticsearch]]
|
||||
servers = ["https://{{ MANAGER }}:9200"]
|
||||
username = "{{ ES_USER }}"
|
||||
password = "{{ ES_PASS }}"
|
||||
insecure_skip_verify = true
|
||||
{% elif grains['role'] in ['so-node', 'so-hotnode', 'so-warmnode', 'so-heavynode'] %}
|
||||
[[inputs.elasticsearch]]
|
||||
servers = ["https://{{ NODEIP }}:9200"]
|
||||
username = "{{ ES_USER }}"
|
||||
password = "{{ ES_PASS }}"
|
||||
insecure_skip_verify = true
|
||||
{% endif %}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user