CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-22 00:43:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Elastic Rework

Browse Source
This commit is contained in:
Mike Reeves
2018-10-10 17:02:18 -04:00
parent bf229f65e3
commit 2760012741
3 changed files with 68 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pillar/top.sls
View File

@@ -3,6 +3,7 @@ base:
- sensors.schedule - sensors.schedule
- sensors.{{ grains.host }} - sensors.{{ grains.host }}
- static - static
- firewall.*
'G@role:so-master': 'G@role:so-master':
- masters.schedule - masters.schedule
@@ -14,3 +15,4 @@ base:
- nodes.schedule - nodes.schedule
- nodes.{{ grains.host }} - nodes.{{ grains.host }}
- static - static
- firewall.*

14
salt/elasticsearch/files/elasticsearch.yml
View File

@@ -1,3 +1,4 @@
{% if grains['role'] == 'so-master' %}
{%- set esclustername = salt['pillar.get']('master:esclustername', '') %} {%- set esclustername = salt['pillar.get']('master:esclustername', '') %}
cluster.name: "{{ esclustername }}" cluster.name: "{{ esclustername }}"
network.host: 0.0.0.0 network.host: 0.0.0.0
@@ -8,3 +9,16 @@ network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1 discovery.zen.minimum_master_nodes: 1
# This is a test -- if this is here, then the volume is mounted correctly. # This is a test -- if this is here, then the volume is mounted correctly.
path.logs: /var/log/elasticsearch path.logs: /var/log/elasticsearch
action.destructive_requires_name: true
{%- else %}
{%- set esclustername = salt['grains.get']('host', '') %}
{%- set nodeip = salt['pillar.get']('node:mainip', '') -%}
cluster.name: "{{ esclustername }}"
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
path.logs: /var/log/elasticsearch
action.destructive_requires_name: true
transport.bind_host: 0.0.0.0
transport.publish_host: {{ nodeip }}
transport.publish_port: 9300
{%- endif %}

64
salt/firewall/init.sls
View File

@@ -63,18 +63,6 @@ iptables_log_input_drops:
- jump: LOGGING - jump: LOGGING
- save: True - save: True
# Set the policy to deny everything unless defined
#enable_reject_policy:
# iptables.set_policy:
# - table: filter
# - chain: INPUT
# - policy: DROP
# - require:
# - iptables: iptables_allow_localhost
# - iptables: iptables_allow_established
# - iptables: iptables_allow_ssh
# - iptables: iptables_allow_pings
# Enable global DOCKER-USER block rule # Enable global DOCKER-USER block rule
enable_docker_user_fw_policy: enable_docker_user_fw_policy:
iptables.insert: iptables.insert:
@@ -291,6 +279,58 @@ enable_standard_analyst_5601_{{ip}}:
{% endif %} {% endif %}
# Rules if you are a Storage Node # Rules if you are a Storage Node
{% if grains['role'] == 'so-node' %}
#This should be more granular
iptables_allow_docker:
iptables.insert:
- table: filter
- chain: INPUT
- jump: ACCEPT
- source: 172.17.0.0/24
- position: 1
- save: True
enable_docker_ES_9200:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: 172.17.0.0/24
- dport: 9200
- position: 1
- save: True
enable_docker_ES_9300:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: 172.17.0.0/24
- dport: 9300
- position: 1
- save: True
{% for ip in pillar.get('masterfw') %}
enable_cluster_ES_9300_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 9300
- position: 1
- save: True
{% endfor %}
{% endif %}
# Rules if you are a Sensor # Rules if you are a Sensor
{% if grains['role'] == 'so-sensor' %} {% if grains['role'] == 'so-sensor' %}