CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6328 from Security-Onion-Solutions/kilo

Browse Source 
WAZUH hotfix
This commit is contained in:
Jason Ertel
2021-11-23 12:06:34 -05:00
committed by GitHub
parent 9737a4088c 0dd251e2a9
commit 273842eb43
3 changed files with 21 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
salt/common/tools/sbin/so-allow
View File

@@ -23,7 +23,6 @@ import sys
import argparse import argparse
import re import re
from lxml import etree as ET from lxml import etree as ET
from xml.dom import minidom
from datetime import datetime as dt from datetime import datetime as dt
from datetime import timezone as tz from datetime import timezone as tz
@@ -79,20 +78,15 @@ def ip_prompt() -> str:
def wazuh_enabled() -> bool: def wazuh_enabled() -> bool:
for file in os.listdir(f'{LOCAL_SALT_DIR}/pillar'): file = f'{LOCAL_SALT_DIR}/pillar/global.sls'
with open(file, 'r') as pillar: with open(file, 'r') as pillar:
if 'wazuh: 1' in pillar.read(): if 'wazuh: 1' in pillar.read():
return True return True
return False return False
def root_to_str(root: ET.ElementTree) -> str: def root_to_str(root: ET.ElementTree) -> str:
xml_str = ET.tostring(root, encoding='unicode', method='xml').replace('\n', '') return ET.tostring(root, encoding='unicode', method='xml', xml_declaration=False, pretty_print=True)
xml_str = re.sub(r'(?:(?<=>) *)', '', xml_str)
xml_str = re.sub(r' -', '', xml_str)
xml_str = re.sub(r' -->', ' -->', xml_str)
dom = minidom.parseString(xml_str)
return dom.toprettyxml(indent=" ")
def add_wl(ip): def add_wl(ip):
@@ -124,7 +118,7 @@ def apply(role: str, ip: str) -> int:
else: else:
return cmd.returncode return cmd.returncode
if cmd.returncode == 0: if cmd.returncode == 0:
if wazuh_enabled and role=='analyst': if wazuh_enabled() and role=='analyst':
try: try:
add_wl(ip) add_wl(ip)
print(f'Added whitelist entry for {ip} from {WAZUH_CONF}', file=sys.stderr) print(f'Added whitelist entry for {ip} from {WAZUH_CONF}', file=sys.stderr)

26
salt/common/tools/sbin/soup
View File

@@ -933,21 +933,21 @@ main() {
echo "Upgrading Salt" echo "Upgrading Salt"
# Update the repo files so it can actually upgrade # Update the repo files so it can actually upgrade
upgrade_salt upgrade_salt
fi
echo "Checking if Salt was upgraded." echo "Checking if Salt was upgraded."
echo ""
# Check that Salt was upgraded
SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
echo "Once the issue is resolved, run soup again."
echo "Exiting."
echo ""
exit 0
else
echo "Salt upgrade success."
echo "" echo ""
# Check that Salt was upgraded
SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
echo "Once the issue is resolved, run soup again."
echo "Exiting."
echo ""
exit 0
else
echo "Salt upgrade success."
echo ""
fi
fi fi
preupgrade_changes preupgrade_changes

2
setup/so-whiptail
View File

@@ -753,7 +753,7 @@ whiptail_install_type_dist() {
dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \ dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \
"New Deployment " "Create a new Security Onion deployment" \ "New Deployment " "Create a new Security Onion deployment" \
"Existing Deployment " "Join to an exisiting Security Onion deployment " \ "Existing Deployment " "Join to an existing Security Onion deployment " \
3>&1 1>&2 2>&3 3>&1 1>&2 2>&3
) )
local exitstatus=$? local exitstatus=$?