CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-20 16:03:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix verify so copying sigma rules isnt fail

Browse Source
This commit is contained in:
Mike Reeves
2023-05-15 15:33:32 -04:00
parent 64e294ef48 bc2d3e43f0
commit 214117e0e0
4 changed files with 66 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
setup/so-functions
View File

@@ -904,7 +904,7 @@ create_manager_pillars() {
influxdb_pillar
logrotate_pillar
patch_pillar
nginx_pillar
}
create_repo() {
@@ -967,7 +967,7 @@ download_elastic_agent_artifacts() {
else
logCmd "mkdir -p /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
logCmd "curl --retry 5 --retry-delay 60 https://repo.securityonion.net/file/so-repo/prod/2.4/elasticagent/elastic-agent_SO-$SOVERSION.tar.gz --output /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz"
logCmd "tar -xf /nsm/elastic-fleet/artifacts/beats/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
logCmd "tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
fi
}
@@ -1389,6 +1389,19 @@ idstools_pillar() {
touch $adv_idstools_pillar_file
}
nginx_pillar() {
title "Creating the NGINX pillar"
[[ -z "$TESTING" ]] && return
# When testing, set the login rate limiting to high values to avoid failing automated logins
printf '%s\n'\
"nginx:"\
" config:"\
" throttle_login_burst: 9999"\
" throttle_login_rate: 9999"\
"" > "$nginx_pillar_file"
}
soc_pillar() {
title "Creating the SOC pillar"
touch $adv_soc_pillar_file

5
setup/so-verify
View File

@@ -32,8 +32,6 @@ log_has_errors() {
# Ignore Failed: 0 since that is the salt state output, and we detect state failures
# via Result: False already.
# Ignore "/tmp/__salt.tmp." and "retcode: 126" as they seem to be related to a transient issue with the elastic agent for linux
grep -E "FAILED|Failed|failed|ERROR|Result: False" "$setup_log" | \
grep -vE "The Salt Master has cached the public key for this node" | \
grep -vE "Minion failed to authenticate with the master" | \
@@ -46,9 +44,6 @@ log_has_errors() {
grep -vE "Exception in callback None" | \
grep -vE "deprecation: ERROR" | \
grep -vE "code: 100" | \
grep -vE "/tmp/__salt.tmp." | \
grep -vE "retcode: 126" | \
grep -vE "/nsm/repo/rules/sigma/rules*" | \
grep -vE "Running scope as unit" &> "$error_log"
if [[ $? -eq 0 ]]; then