From d2dd68eb443ef02ba822091ef6b8649f92b38aa7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 1 Feb 2023 11:31:36 -0500 Subject: [PATCH 1/7] add global vars for managersearch --- salt/vars/managersearch.map.jinja | 15 +++++++++++++++ salt/vars/searchnode.map.jinja | 4 ++-- 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 salt/vars/managersearch.map.jinja diff --git a/salt/vars/managersearch.map.jinja b/salt/vars/managersearch.map.jinja new file mode 100644 index 000000000..c2a3d9628 --- /dev/null +++ b/salt/vars/managersearch.map.jinja @@ -0,0 +1,15 @@ +{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %} +{% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %} + +{% set ROLE_GLOBALS = {} %} + +{% set MANAGERSEARCH_GLOBALS = + [ + ELASTICSEARCH_GLOBALS, + LOGSTASH_GLOBALS + ] +%} + +{% for sg in MANAGERSEARCH_GLOBALS %} +{% do salt['defaults.merge'](ROLE_GLOBALS, sg, merge_lists=False, in_place=True) %} +{% endfor %} diff --git a/salt/vars/searchnode.map.jinja b/salt/vars/searchnode.map.jinja index 2efabefed..3b9d91bfc 100644 --- a/salt/vars/searchnode.map.jinja +++ b/salt/vars/searchnode.map.jinja @@ -3,13 +3,13 @@ {% set ROLE_GLOBALS = {} %} -{% set STANDALONE_GLOBALS = +{% set SEARCHNODE_GLOBALS = [ ELASTICSEARCH_GLOBALS, LOGSTASH_GLOBALS ] %} -{% for sg in STANDALONE_GLOBALS %} +{% for sg in SEARCHNODE_GLOBALS %} {% do salt['defaults.merge'](ROLE_GLOBALS, sg, merge_lists=False, in_place=True) %} {% endfor %} From 9eae31e48820326b2e5e02435ba6e7554b4e5969 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 2 Feb 2023 10:03:22 -0500 Subject: [PATCH 2/7] add managersearch to allowed roles for so-firewall. fix setup error from so-firewall "Please specify a role with --role=" --- salt/common/tools/sbin/so-firewall | 2 +- setup/so-functions | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-firewall b/salt/common/tools/sbin/so-firewall index 2a8aed0e7..69808c709 100755 --- a/salt/common/tools/sbin/so-firewall +++ b/salt/common/tools/sbin/so-firewall @@ -43,7 +43,7 @@ APPLY=${APPLY,,} function rolecall() { THEROLE=$1 - THEROLES="analyst analyst_workstations beats_endpoint beats_endpoint_ssl elastic_agent_endpoint elasticsearch_rest endgame eval heavynodes idh manager receivers searchnodes sensors standalone strelka_frontend syslog" + THEROLES="analyst analyst_workstations beats_endpoint beats_endpoint_ssl elastic_agent_endpoint elasticsearch_rest endgame eval heavynodes idh manager managersearch receivers searchnodes sensors standalone strelka_frontend syslog" for AROLE in $THEROLES; do if [ "$AROLE" = "$THEROLE" ]; then diff --git a/setup/so-functions b/setup/so-functions index a76126519..b70e73965 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1179,8 +1179,8 @@ firewall_generate_templates() { logCmd "cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/" - for i in analyst beats_endpoint endgame sensor manager minion elastic_agent_endpoint search_node; do - $default_salt_dir/salt/common/tools/sbin/so-firewall includehost "$i" 127.0.0.1 + for i in analyst beats_endpoint endgame sensors manager managersearch elastic_agent_endpoint searchnodes; do + $default_salt_dir/salt/common/tools/sbin/so-firewall --role="$i" --ip=127.0.0.1 done } From 3e808a70fa9b048faf7f92979300c3918bee774e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 2 Feb 2023 12:11:03 -0500 Subject: [PATCH 3/7] allow managersearch. comment out localhost allow in setup --- salt/firewall/assigned_hostgroups.map.yaml | 2 +- setup/so-functions | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index 2af5b2bc6..25dbba1b0 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -164,7 +164,7 @@ role: chain: DOCKER-USER: hostgroups: - manager: + managersearch: portgroups: - {{ portgroups.playbook }} - {{ portgroups.mysql }} diff --git a/setup/so-functions b/setup/so-functions index b70e73965..2730adcc7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1179,9 +1179,10 @@ firewall_generate_templates() { logCmd "cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/" - for i in analyst beats_endpoint endgame sensors manager managersearch elastic_agent_endpoint searchnodes; do - $default_salt_dir/salt/common/tools/sbin/so-firewall --role="$i" --ip=127.0.0.1 - done + # i think this can be commented out for 2.4 + #for i in analyst beats_endpoint endgame sensors manager managersearch elastic_agent_endpoint searchnodes; do + # $default_salt_dir/salt/common/tools/sbin/so-firewall --role="$i" --ip=127.0.0.1 + #done } From df9ef9ffc73b0c23906d27f62a18b65081784b67 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 3 Feb 2023 09:55:33 -0500 Subject: [PATCH 4/7] add managersearch --- salt/firewall/map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/firewall/map.jinja b/salt/firewall/map.jinja index 1ec3271c4..2fa295447 100644 --- a/salt/firewall/map.jinja +++ b/salt/firewall/map.jinja @@ -22,6 +22,7 @@ 'heavynodes', 'idh', 'manager', + 'managersearch', 'receivers', 'searchnodes', 'sensors', From a37f0fd0c0e5ea8b7c50e752310477247ca37d4b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 3 Feb 2023 10:07:07 -0500 Subject: [PATCH 5/7] rename sosbridge to sobridge --- salt/curator/init.sls | 2 +- salt/docker/init.sls | 6 ++--- salt/elastalert/init.sls | 2 +- salt/elastic-fleet-package-registry/init.sls | 2 +- salt/elastic-fleet/init.sls | 2 +- salt/elasticsearch/init.sls | 2 +- salt/filebeat/init.sls | 2 +- salt/firewall/iptables.jinja | 26 ++++++++++---------- salt/grafana/init.sls | 2 +- salt/idstools/init.sls | 2 +- salt/influxdb/init.sls | 2 +- salt/kibana/init.sls | 2 +- salt/kratos/init.sls | 2 +- salt/logstash/init.sls | 2 +- salt/mysql/init.sls | 2 +- salt/nginx/init.sls | 2 +- salt/playbook/init.sls | 2 +- salt/redis/init.sls | 2 +- salt/registry/init.sls | 2 +- salt/soc/init.sls | 2 +- salt/soctopus/init.sls | 2 +- salt/strelka/init.sls | 12 ++++----- 22 files changed, 41 insertions(+), 41 deletions(-) diff --git a/salt/curator/init.sls b/salt/curator/init.sls index 293475187..e62304bce 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -130,7 +130,7 @@ so-curator: - name: so-curator - user: curator - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-curator'].ip }} - interactive: True - tty: True diff --git a/salt/docker/init.sls b/salt/docker/init.sls index 405a75938..687836aef 100644 --- a/salt/docker/init.sls +++ b/salt/docker/init.sls @@ -79,13 +79,13 @@ dockerreserveports: sos_docker_net: docker_network.present: - - name: sosbridge + - name: sobridge - subnet: {{ DOCKER.sosrange }} - gateway: {{ DOCKER.sosbip }} - options: - com.docker.network.bridge.name: 'sosbridge' + com.docker.network.bridge.name: 'sobridge' com.docker.network.driver.mtu: '1500' com.docker.network.bridge.enable_ip_masquerade: 'true' com.docker.network.bridge.enable_icc: 'true' com.docker.network.bridge.host_binding_ipv4: '0.0.0.0' - - unless: 'docker network ls | grep sosbridge' + - unless: 'docker network ls | grep sobridge' diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index 1db789935..37d749223 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -88,7 +88,7 @@ so-elastalert: - name: so-elastalert - user: so-elastalert - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-elastalert'].ip }} - detach: True - binds: diff --git a/salt/elastic-fleet-package-registry/init.sls b/salt/elastic-fleet-package-registry/init.sls index 2a72a417d..b4cea6542 100644 --- a/salt/elastic-fleet-package-registry/init.sls +++ b/salt/elastic-fleet-package-registry/init.sls @@ -29,7 +29,7 @@ so-elastic-fleet-package-registry: - detach: True - user: 948 - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-elastic-fleet-package-registry'].ip }} - extra_hosts: - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }} diff --git a/salt/elastic-fleet/init.sls b/salt/elastic-fleet/init.sls index 1460fda38..be9bac96e 100644 --- a/salt/elastic-fleet/init.sls +++ b/salt/elastic-fleet/init.sls @@ -49,7 +49,7 @@ so-elastic-fleet: - detach: True - user: 947 - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-elastic-fleet'].ip }} - extra_hosts: - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }} diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 857a3a558..43e8d9f72 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -291,7 +291,7 @@ so-elasticsearch: - name: so-elasticsearch - user: elasticsearch - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-elasticsearch'].ip }} - extra_hosts: {{ LOGSTASH_NODES }} - environment: diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index 0bb1eaf34..988807f82 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -99,7 +99,7 @@ so-filebeat: - hostname: so-filebeat - user: root - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-filebeat'].ip }} - extra_hosts: {{ FILEBEAT_EXTRA_HOSTS }} - binds: diff --git a/salt/firewall/iptables.jinja b/salt/firewall/iptables.jinja index 77f6ef012..fe40b69a9 100644 --- a/salt/firewall/iptables.jinja +++ b/salt/firewall/iptables.jinja @@ -33,11 +33,11 @@ {%- endif %} {%- do PR.append("-A POSTROUTING -s " ~ DOCKER.containers[container].ip ~ "/32 -d " ~ DOCKER.containers[container].ip ~ "/32 -p " ~ proto ~ " -m " ~ proto ~ " --dport " ~ containerPort ~ " -j MASQUERADE") %} {%- if bindip | length and bindip != '0.0.0.0' %} -{%- do D1.append("-A DOCKER -d " ~ bindip ~ "/32 ! -i sosbridge -p " ~ proto ~ " -m " ~ proto ~ " --dport " ~ hostPort ~ " -j DNAT --to-destination " ~ DOCKER.containers[container].ip ~ ":" ~ containerPort) %} +{%- do D1.append("-A DOCKER -d " ~ bindip ~ "/32 ! -i sobridge -p " ~ proto ~ " -m " ~ proto ~ " --dport " ~ hostPort ~ " -j DNAT --to-destination " ~ DOCKER.containers[container].ip ~ ":" ~ containerPort) %} {%- else %} -{%- do D1.append("-A DOCKER ! -i sosbridge -p " ~ proto ~ " -m " ~ proto ~ " --dport " ~ hostPort ~ " -j DNAT --to-destination " ~ DOCKER.containers[container].ip ~ ":" ~ containerPort) %} +{%- do D1.append("-A DOCKER ! -i sobridge -p " ~ proto ~ " -m " ~ proto ~ " --dport " ~ hostPort ~ " -j DNAT --to-destination " ~ DOCKER.containers[container].ip ~ ":" ~ containerPort) %} {%- endif %} -{%- do D2.append("-A DOCKER -d " ~ DOCKER.containers[container].ip ~ "/32 ! -i sosbridge -o sosbridge -p " ~ proto ~ " -m " ~ proto ~ " --dport " ~ containerPort ~ " -j ACCEPT") %} +{%- do D2.append("-A DOCKER -d " ~ DOCKER.containers[container].ip ~ "/32 ! -i sobridge -o sobridge -p " ~ proto ~ " -m " ~ proto ~ " --dport " ~ containerPort ~ " -j ACCEPT") %} {%- endfor %} {%- endif %} {%- endfor %} @@ -50,11 +50,11 @@ :DOCKER - [0:0] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER --A POSTROUTING -s {{DOCKER.sosrange}} ! -o sosbridge -j MASQUERADE +-A POSTROUTING -s {{DOCKER.sosrange}} ! -o sobridge -j MASQUERADE {%- for rule in PR %} {{ rule }} {%- endfor %} --A DOCKER -i sosbridge -j RETURN +-A DOCKER -i sobridge -j RETURN {%- for rule in D1 %} {{ rule }} {%- endfor %} @@ -98,10 +98,10 @@ COMMIT -A INPUT -j LOGGING -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION-STAGE-1 --A FORWARD -o sosbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT --A FORWARD -o sosbridge -j DOCKER --A FORWARD -i sosbridge ! -o sosbridge -j ACCEPT --A FORWARD -i sosbridge -o sosbridge -j ACCEPT +-A FORWARD -o sobridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -o sobridge -j DOCKER +-A FORWARD -i sobridge ! -o sobridge -j ACCEPT +-A FORWARD -i sobridge -o sobridge -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -m conntrack --ctstate INVALID -j DROP @@ -113,12 +113,12 @@ COMMIT {{ rule }} {%- endfor %} --A DOCKER-ISOLATION-STAGE-1 -i sosbridge ! -o sosbridge -j DOCKER-ISOLATION-STAGE-2 +-A DOCKER-ISOLATION-STAGE-1 -i sobridge ! -o sobridge -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -j RETURN --A DOCKER-ISOLATION-STAGE-2 -o sosbridge -j DROP +-A DOCKER-ISOLATION-STAGE-2 -o sobridge -j DROP -A DOCKER-ISOLATION-STAGE-2 -j RETURN --A DOCKER-USER ! -i sosbridge -o sosbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT --A DOCKER-USER ! -i sosbridge -o sosbridge -j LOGGING +-A DOCKER-USER ! -i sobridge -o sobridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A DOCKER-USER ! -i sobridge -o sobridge -j LOGGING -A DOCKER-USER -j RETURN -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-dropped: " -A LOGGING -j DROP diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 90bce30c6..1c5f30d5b 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -126,7 +126,7 @@ so-grafana: - hostname: grafana - user: socore - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-grafana'].ip }} - extra_hosts: - {{GLOBALS.influxdb_host}}:{{pillar.node_data[GLOBALS.influxdb_host].ip}} diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls index 490cea3f7..78f6c2735 100644 --- a/salt/idstools/init.sls +++ b/salt/idstools/init.sls @@ -33,7 +33,7 @@ so-idstools: - hostname: so-idstools - user: socore - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-idstools'].ip }} {% if proxy %} - environment: diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 1758f17ae..4fe625209 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -49,7 +49,7 @@ so-influxdb: - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-influxdb:{{ GLOBALS.so_version }} - hostname: influxdb - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-influxdb'].ip }} - environment: - INFLUXDB_HTTP_LOG_ENABLED=false diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index c4222b0a3..19682e105 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -83,7 +83,7 @@ so-kibana: - hostname: kibana - user: kibana - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-kibana'].ip }} - environment: - ELASTICSEARCH_HOST={{ GLOBALS.manager }} diff --git a/salt/kratos/init.sls b/salt/kratos/init.sls index ef77951d9..c52ae15f8 100644 --- a/salt/kratos/init.sls +++ b/salt/kratos/init.sls @@ -69,7 +69,7 @@ so-kratos: - hostname: kratos - name: so-kratos - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-kratos'].ip }} - binds: - /opt/so/conf/kratos/schema.json:/kratos-conf/schema.json:ro diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index 05b184239..1b4aeb334 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -140,7 +140,7 @@ so-logstash: - hostname: so-logstash - name: so-logstash - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-logstash'].ip }} - user: logstash - extra_hosts: {{ REDIS_NODES }} diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls index ebb9b09e7..b2c4a2119 100644 --- a/salt/mysql/init.sls +++ b/salt/mysql/init.sls @@ -85,7 +85,7 @@ so-mysql: - hostname: so-mysql - user: socore - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-mysql'].ip }} - port_bindings: {% for BINDING in DOCKER.containers['so-mysql'].port_bindings %} diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls index 6547732df..eac0e9ac8 100644 --- a/salt/nginx/init.sls +++ b/salt/nginx/init.sls @@ -85,7 +85,7 @@ so-nginx: - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-nginx:{{ GLOBALS.so_version }} - hostname: so-nginx - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-nginx'].ip }} - binds: - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index 237cc398b..799f46099 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -81,7 +81,7 @@ so-playbook: - hostname: playbook - name: so-playbook - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-playbook'].ip }} - binds: - /opt/so/log/playbook:/playbook/log:rw diff --git a/salt/redis/init.sls b/salt/redis/init.sls index dce00bd8b..ebaad842b 100644 --- a/salt/redis/init.sls +++ b/salt/redis/init.sls @@ -47,7 +47,7 @@ so-redis: - hostname: so-redis - user: socore - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-redis'].ip }} - port_bindings: {% for BINDING in DOCKER.containers['so-redis'].port_bindings %} diff --git a/salt/registry/init.sls b/salt/registry/init.sls index 321b1c3d2..428cfd81d 100644 --- a/salt/registry/init.sls +++ b/salt/registry/init.sls @@ -39,7 +39,7 @@ so-dockerregistry: - image: ghcr.io/security-onion-solutions/registry:latest - hostname: so-registry - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-dockerregistry'].ip }} - restart_policy: always - port_bindings: diff --git a/salt/soc/init.sls b/salt/soc/init.sls index 3c1000dee..502b47136 100644 --- a/salt/soc/init.sls +++ b/salt/soc/init.sls @@ -97,7 +97,7 @@ so-soc: - hostname: soc - name: so-soc - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-soc'].ip }} - binds: - /nsm/soc/jobs:/opt/sensoroni/jobs:rw diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index 5097ea112..fe9cb6d60 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -64,7 +64,7 @@ so-soctopus: - hostname: soctopus - name: so-soctopus - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-soctopus'].ip }} - binds: - /opt/so/conf/soctopus/SOCtopus.conf:/SOCtopus/SOCtopus.conf:ro diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index 76fdce509..796533c2d 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -169,7 +169,7 @@ strelka_coordinator: - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-redis:{{ GLOBALS.so_version }} - name: so-strelka-coordinator - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-strelka-coordinator'].ip }} - entrypoint: redis-server --save "" --appendonly no - port_bindings: @@ -187,7 +187,7 @@ strelka_gatekeeper: - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-redis:{{ GLOBALS.so_version }} - name: so-strelka-gatekeeper - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-strelka-gatekeeper'].ip }} - entrypoint: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru - port_bindings: @@ -209,7 +209,7 @@ strelka_frontend: - privileged: True - name: so-strelka-frontend - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-strelka-frontend'].ip }} - command: strelka-frontend - port_bindings: @@ -230,7 +230,7 @@ strelka_backend: - /opt/so/conf/strelka/rules/:/etc/yara/:ro - name: so-strelka-backend - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-strelka-backend'].ip }} - command: strelka-backend - restart_policy: on-failure @@ -247,7 +247,7 @@ strelka_manager: - /opt/so/conf/strelka/manager/:/etc/strelka/:ro - name: so-strelka-manager - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-strelka-manager'].ip }} - command: strelka-manager @@ -264,7 +264,7 @@ strelka_filestream: - /nsm/strelka:/nsm/strelka - name: so-strelka-filestream - networks: - - sosbridge: + - sobridge: - ipv4_address: {{ DOCKER.containers['so-strelka-filestream'].ip }} - command: strelka-filestream From e0e094cd95f5e16f7c6278b863cefc4af81e808c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 3 Feb 2023 10:10:51 -0500 Subject: [PATCH 6/7] rename sosbip and sosrange to sobip and sorange --- salt/docker/defaults.yaml | 4 ++-- salt/docker/docker.map.jinja | 2 +- salt/docker/init.sls | 4 ++-- salt/firewall/hostgroups.yaml | 2 +- salt/firewall/iptables.jinja | 2 +- salt/playbook/init.sls | 4 ++-- salt/soc/defaults.map.jinja | 2 +- setup/so-functions | 4 ++-- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/salt/docker/defaults.yaml b/salt/docker/defaults.yaml index e2ec07d32..7f3d40573 100644 --- a/salt/docker/defaults.yaml +++ b/salt/docker/defaults.yaml @@ -1,8 +1,8 @@ docker: bip: '172.17.0.1' range: '172.17.0.0/24' - sosrange: '172.17.1.0/24' - sosbip: '172.17.1.1' + sorange: '172.17.1.0/24' + sobip: '172.17.1.1' containers: 'so-dockerregistry': final_octet: 20 diff --git a/salt/docker/docker.map.jinja b/salt/docker/docker.map.jinja index 7046fc196..299977d6e 100644 --- a/salt/docker/docker.map.jinja +++ b/salt/docker/docker.map.jinja @@ -1,6 +1,6 @@ {% import_yaml 'docker/defaults.yaml' as DOCKERDEFAULTS %} {% set DOCKER = salt['pillar.get']('docker', DOCKERDEFAULTS.docker, merge=True) %} -{% set RANGESPLIT = DOCKER.sosrange.split('.') %} +{% set RANGESPLIT = DOCKER.sorange.split('.') %} {% set FIRSTTHREE = RANGESPLIT[0] ~ '.' ~ RANGESPLIT[1] ~ '.' ~ RANGESPLIT[2] ~ '.' %} {% for container, vals in DOCKER.containers.items() %} diff --git a/salt/docker/init.sls b/salt/docker/init.sls index 687836aef..37208650e 100644 --- a/salt/docker/init.sls +++ b/salt/docker/init.sls @@ -80,8 +80,8 @@ dockerreserveports: sos_docker_net: docker_network.present: - name: sobridge - - subnet: {{ DOCKER.sosrange }} - - gateway: {{ DOCKER.sosbip }} + - subnet: {{ DOCKER.sorange }} + - gateway: {{ DOCKER.sobip }} - options: com.docker.network.bridge.name: 'sobridge' com.docker.network.driver.mtu: '1500' diff --git a/salt/firewall/hostgroups.yaml b/salt/firewall/hostgroups.yaml index 105b98144..d669d96e4 100644 --- a/salt/firewall/hostgroups.yaml +++ b/salt/firewall/hostgroups.yaml @@ -10,7 +10,7 @@ firewall: ips: delete: insert: - - {{ DOCKER.sosrange }} + - {{ DOCKER.sorange }} localhost: ips: delete: diff --git a/salt/firewall/iptables.jinja b/salt/firewall/iptables.jinja index fe40b69a9..ec2a5ae65 100644 --- a/salt/firewall/iptables.jinja +++ b/salt/firewall/iptables.jinja @@ -50,7 +50,7 @@ :DOCKER - [0:0] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER --A POSTROUTING -s {{DOCKER.sosrange}} ! -o sobridge -j MASQUERADE +-A POSTROUTING -s {{DOCKER.sorange}} ! -o sobridge -j MASQUERADE {%- for rule in PR %} {{ rule }} {%- endfor %} diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index 799f46099..1b75935f1 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -18,7 +18,7 @@ create_playbookdbuser: mysql_user.present: - name: playbookdbuser - password: {{ PLAYBOOKPASS }} - - host: "{{ DOCKER.sosrange.split('/')[0] }}/255.255.255.0" + - host: "{{ DOCKER.sorange.split('/')[0] }}/255.255.255.0" - connection_host: {{ GLOBALS.manager_ip }} - connection_port: 3306 - connection_user: root @@ -27,7 +27,7 @@ create_playbookdbuser: query_playbookdbuser_grants: mysql_query.run: - database: playbook - - query: "GRANT ALL ON playbook.* TO 'playbookdbuser'@'{{ DOCKER.sosrange.split('/')[0] }}/255.255.255.0';" + - query: "GRANT ALL ON playbook.* TO 'playbookdbuser'@'{{ DOCKER.sorange.split('/')[0] }}/255.255.255.0';" - connection_host: {{ GLOBALS.manager_ip }} - connection_port: 3306 - connection_user: root diff --git a/salt/soc/defaults.map.jinja b/salt/soc/defaults.map.jinja index 5f9e87b83..e26a8050f 100644 --- a/salt/soc/defaults.map.jinja +++ b/salt/soc/defaults.map.jinja @@ -19,7 +19,7 @@ {% do SOCDEFAULTS.soc.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %} {% endif %} -{% do SOCDEFAULTS.soc.server.modules.statickeyauth.update({'anonymousCidr': DOCKER.sosrange, 'apiKey': pillar.sensoroni.sensoronikey}) %} +{% do SOCDEFAULTS.soc.server.modules.statickeyauth.update({'anonymousCidr': DOCKER.sorange, 'apiKey': pillar.sensoroni.sensoronikey}) %} {% do SOCDEFAULTS.soc.server.client.case.update({'analyzerNodeId': GLOBALS.minion_id}) %} diff --git a/setup/so-functions b/setup/so-functions index 2730adcc7..580f4076e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1491,8 +1491,8 @@ docker_pillar() { touch $adv_docker_pillar_file printf '%s\n'\ "docker:"\ - " sosrange: '$DOCKERNET2/24'"\ - " sosbip: '$DOCKER2BIP'"\ + " sorange: '$DOCKERNET2/24'"\ + " sobip: '$DOCKER2BIP'"\ " range: '$DOCKERNET/24'"\ " bip: '$DOCKERBIP'" > $docker_pillar_file } From e8a1e164aa1b466fa1f624d2b818581f55882f05 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 3 Feb 2023 10:58:08 -0500 Subject: [PATCH 7/7] add so.version module --- salt/_modules/so.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/_modules/so.py b/salt/_modules/so.py index 037b7da00..86838af7f 100644 --- a/salt/_modules/so.py +++ b/salt/_modules/so.py @@ -5,6 +5,8 @@ import logging def status(): return __salt__['cmd.run']('/usr/sbin/so-status') +def version(): + return __salt__['cp.get_file_str']('/etc/soversion') def mysql_conn(retry): log = logging.getLogger(__name__) @@ -61,4 +63,4 @@ def mysql_conn(retry): for addr in ip_arr: log.debug(f' - {addr}') - return mysql_up \ No newline at end of file + return mysql_up