CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #624 from Security-Onion-Solutions/issue/619

Browse Source 
Issue/619
This commit is contained in:
Josh Patterson
2020-05-01 15:44:12 -04:00
committed by GitHub
parent cb541ebea2 2dd2289c94
commit 285d74767d
23 changed files with 246 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pillar/top.sls
View File

@@ -1,7 +1,6 @@
base:
'*':
- patch.needs_restarting
- docker.config
'*_eval or *_helix or *_heavynode or *_sensor':
- match: compound

5
salt/common/maps/broversion.map.jinja Normal file
View File

@@ -0,0 +1,5 @@
{% set docker = {
'containers': [
'so-zeek'
]
} %}

5
salt/common/maps/domainstats.map.jinja Normal file
View File

@@ -0,0 +1,5 @@
{% set docker = {
'containers': [
'so-domainstats'
]
} %}

18
salt/common/maps/eval.map.jinja Normal file
View File

@@ -0,0 +1,18 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-dockerregistry',
'so-soc',
'so-kratos',
'so-idstools',
'so-elasticsearch',
'so-kibana',
'so-steno',
'so-suricata',
'so-zeek',
'so-curator',
'so-elastalert',
'so-soctopus'
]
} %}

10
salt/common/maps/fleet.map.jinja Normal file
View File

@@ -0,0 +1,10 @@
{% set docker = {
'containers': [
'so-mysql',
'so-fleet',
'so-redis',
'so-filebeat',
'so-nginx',
'so-telegraf'
]
} %}

7
salt/common/maps/fleet_master.map.jinja Normal file
View File

@@ -0,0 +1,7 @@
{% set docker = {
'containers': [
'so-mysql',
'so-fleet',
'so-redis'
]
} %}

5
salt/common/maps/freq.map.jinja Normal file
View File

@@ -0,0 +1,5 @@
{% set docker = {
'containers': [
'so-freqserver'
]
} %}

6
salt/common/maps/grafana.map.jinja Normal file
View File

@@ -0,0 +1,6 @@
{% set docker = {
'containers': [
'so-influxdb',
'so-grafana'
]
} %}

14
salt/common/maps/heavynode.map.jinja Normal file
View File

@@ -0,0 +1,14 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-redis',
'so-logstash',
'so-elasticsearch',
'so-curator',
'so-steno',
'so-suricata',
'so-wazuh',
'so-filebeat
]
} %}

12
salt/common/maps/helixsensor.map.jinja Normal file
View File

@@ -0,0 +1,12 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-idstools',
'so-steno',
'so-zeek',
'so-redis',
'so-logstash',
'so-filebeat
]
} %}

9
salt/common/maps/hotnode.map.jinja Normal file
View File

@@ -0,0 +1,9 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-logstash',
'so-elasticsearch',
'so-curator',
]
} %}

18
salt/common/maps/master.map.jinja Normal file
View File

@@ -0,0 +1,18 @@
{% set docker = {
'containers': [
'so-dockerregistry',
'so-nginx',
'so-telegraf',
'so-soc',
'so-kratos',
'so-acng',
'so-idstools',
'so-redis',
'so-elasticsearch',
'so-logstash',
'so-kibana',
'so-elastalert',
'so-filebeat',
'so-soctopus'
]
} %}

18
salt/common/maps/mastersearch.map.jinja Normal file
View File

@@ -0,0 +1,18 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-soc',
'so-kratos',
'so-acng',
'so-idstools',
'so-redis',
'so-logstash',
'so-elasticsearch',
'so-curator',
'so-kibana',
'so-elastalert',
'so-filebeat',
'so-soctopus'
]
} %}

6
salt/common/maps/playbook.map.jinja Normal file
View File

@@ -0,0 +1,6 @@
{% set docker = {
'containers': [
'so-playbook',
'so-navigator'
]
} %}

10
salt/common/maps/searchnode.map.jinja Normal file
View File

@@ -0,0 +1,10 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-logstash',
'so-elasticsearch',
'so-curator',
'so-filebeat'
]
} %}

9
salt/common/maps/sensor.map.jinja Normal file
View File

@@ -0,0 +1,9 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-steno',
'so-suricata',
'so-filebeat'
]
} %}

61
salt/common/maps/so-status.map.jinja Normal file
View File

@@ -0,0 +1,61 @@
{% set role = grains.id.split('_') | last %}
{% from 'common/maps/'~ role ~'.map.jinja' import docker with context %}
# Check if the service is enabled and append it's required containers
# to the list predefined by the role / minion id affix
{% macro append_containers(pillar_name, k, compare )%}
{% if salt['pillar.get'](pillar_name~':'~k, {}) != compare %}
{% from 'common/maps/'~k~'.map.jinja' import docker as d with context %}
{% for li in d['containers'] %}
{{ docker['containers'].append(li) }}
{% endfor %}
{% endif %}
{% endmacro %}
{% set docker = salt['grains.filter_by']({
'*_'~role: {
'containers': docker['containers']
}
},grain='id', merge=salt['pillar.get']('docker')) %}
{% if role == 'eval' %}
{{ append_containers('master', 'grafana', 0) }}
{{ append_containers('static', 'fleet_master', 0) }}
{{ append_containers('master', 'wazuh', 0) }}
{{ append_containers('master', 'thehive', 0) }}
{{ append_containers('master', 'playbook', 0) }}
{{ append_containers('master', 'freq', 0) }}
{{ append_containers('master', 'domainstats', 0) }}
{% endif %}
{% if role == 'heavynode' %}
{{ append_containers('static', 'broversion', 'SURICATA') }}
{% endif %}
{% if role == 'mastersearch' %}
{{ append_containers('master', 'grafana', 0) }}
{{ append_containers('static', 'fleet_master', 0) }}
{{ append_containers('master', 'wazuh', 0) }}
{{ append_containers('master', 'thehive', 0) }}
{{ append_containers('master', 'playbook', 0) }}
{{ append_containers('master', 'freq', 0) }}
{{ append_containers('master', 'domainstats', 0) }}
{% endif %}
{% if role == 'master' %}
{{ append_containers('master', 'grafana', 0) }}
{{ append_containers('static', 'fleet_master', 0) }}
{{ append_containers('master', 'wazuh', 0) }}
{{ append_containers('master', 'thehive', 0) }}
{{ append_containers('master', 'playbook', 0) }}
{{ append_containers('master', 'freq', 0) }}
{{ append_containers('master', 'domainstats', 0) }}
{% endif %}
{% if role == 'searchnode' %}
{{ append_containers('master', 'wazuh', 0) }}
{% endif %}
{% if role == 'sensor' %}
{{ append_containers('static', 'broversion', 'SURICATA') }}
{% endif %}

7
salt/common/maps/thehive.map.jinja Normal file
View File

@@ -0,0 +1,7 @@
{% set docker = {
'containers': [
'so-thehive',
'so-thehive-es',
'so-cortex'
]
} %}

7
salt/common/maps/warmnode.map.jinja Normal file
View File

@@ -0,0 +1,7 @@
{% set docker = {
'containers': [
'so-nginx',
'so-telegraf',
'so-elasticsearch'
]
} %}

5
salt/common/maps/wazuh.map.jinja Normal file
View File

@@ -0,0 +1,5 @@
{% set docker = {
'containers': [
'so-wazuh'
]
} %}

31
salt/common/tools/sbin/so-status
View File

@@ -14,35 +14,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
{%- set pillar_suffix = ':containers' -%}
{%- if (salt['grains.get']('role') == 'so-mastersearch') -%}
{%- set pillar_val = 'master_search' -%}
{%- elif (salt['grains.get']('role') == 'so-master') -%}
{%- set pillar_val = 'master' -%}
{%- elif (salt['grains.get']('role') == 'so-heavynode') -%}
{%- set pillar_val = 'heavy_node' -%}
{%- elif (salt['grains.get']('role') == 'so-sensor') -%}
{%- set pillar_val = 'sensor' -%}
{%- elif (salt['grains.get']('role') == 'so-eval') -%}
{%- set pillar_val = 'eval' -%}
{%- elif (salt['grains.get']('role') == 'so-fleet') -%}
{%- set pillar_val = 'fleet' -%}
{%- elif (salt['grains.get']('role') == 'so-helix') -%}
{%- set pillar_val = 'helix' -%}
{%- elif (salt['grains.get']('role') == 'so-node') -%}
{%- if (salt['pillar.get']('node:node_type') == 'parser') -%}
{%- set pillar_val = 'parser_node' -%}
{%- elif (salt['pillar.get']('node:node_type') == 'hot') -%}
{%- set pillar_val = 'hot_node' -%}
{%- elif (salt['pillar.get']('node:node_type') == 'warm') -%}
{%- set pillar_val = 'warm_node' -%}
{%- elif (salt['pillar.get']('node:node_type') == 'search') -%}
{%- set pillar_val = 'search_node' -%}
{%- endif -%}
{%- endif -%}
{%- set pillar_name = pillar_val ~ pillar_suffix -%}
{%- set container_list = salt['pillar.get'](pillar_name) %}
{%- from 'common/maps/so-status.map.jinja' import docker with context %}
{%- set container_list = docker['containers'] %}
if ! [ "$(id -u)" = 0 ]; then
echo "This command must be run as root"

20
setup/so-functions
View File

@@ -818,10 +818,10 @@ install_master() {
else
if [ $OSVER != "xenial" ]; then
apt-get install -y salt-common=2019.2.3+ds-1 salt-master=2019.2.3+ds-1 salt-minion=2019.2.3+ds-1 libssl-dev python-m2crypto
apt-get install -y salt-common=2019.2.4+ds-1 salt-master=2019.2.4+ds-1 salt-minion=2019.2.4+ds-1 libssl-dev python-m2crypto
apt-mark hold salt-common salt-master salt-minion
else
apt-get install -y salt-common=2019.2.3+ds-1 salt-master=2019.2.3+ds-1 salt-minion=2019.2.3+ds-1 libssl-dev python-m2crypto
apt-get install -y salt-common=2019.2.4+ds-1 salt-master=2019.2.4+ds-1 salt-minion=2019.2.4+ds-1 libssl-dev python-m2crypto
apt-mark hold salt-common salt-master salt-minion
fi
fi
@@ -1233,17 +1233,17 @@ EOF
fi
yum clean expire-cache
yum -y install epel-release salt-minion-2019.2.3 yum-utils device-mapper-persistent-data lvm2 openssl jq
yum -y install epel-release salt-minion-2019.2.4 yum-utils device-mapper-persistent-data lvm2 openssl jq
yum -y update exclude=salt*
systemctl enable salt-minion
if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
yum -y install salt-master-2019.2.3 python3 python36-m2crypto salt-minion-2019.2.3 python36-dateutil python36-mysql python36-docker
yum -y install salt-master-2019.2.4 python3 python36-m2crypto salt-minion-2019.2.4 python36-dateutil python36-mysql python36-docker
systemctl enable salt-master
elif [ $INSTALLTYPE == 'FLEET' ]; then
yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker python36-mysql
yum -y install salt-minion-2019.2.4 python3 python36-m2crypto python36-dateutil python36-docker python36-mysql
else
yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker
yum -y install salt-minion-2019.2.4 python3 python36-m2crypto python36-dateutil python36-docker
fi
echo "exclude=salt*" >> /etc/yum.conf
@@ -1298,11 +1298,11 @@ EOF
# Initialize the new repos
apt-get update >> $SETUPLOG 2>&1
if [ $OSVER != "xenial" ]; then
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
apt-get -y install salt-minion=2019.2.4+ds-1 salt-common=2019.2.4+ds-1 python3-dateutil python3-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
apt-mark hold salt-minion salt-common
else
# Need to add python packages here
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
apt-get -y install salt-minion=2019.2.4+ds-1 salt-common=2019.2.4+ds-1 python-dateutil python-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
apt-mark hold salt-minion salt-common
fi
else
@@ -1329,11 +1329,11 @@ EOF
# Initialize the new repos
apt-get update >> $SETUPLOG 2>&1
if [ $OSVER != "xenial" ]; then
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto >> $SETUPLOG 2>&1
apt-get -y install salt-minion=2019.2.4+ds-1 salt-common=2019.2.4+ds-1 python3-dateutil python3-m2crypto >> $SETUPLOG 2>&1
apt-mark hold salt-minion salt-common
else
# Need to add python packages here
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto >> $SETUPLOG 2>&1
apt-get -y install salt-minion=2019.2.4+ds-1 salt-common=2019.2.4+ds-1 python-dateutil python-m2crypto >> $SETUPLOG 2>&1
apt-mark hold salt-minion salt-common
fi
fi

4
upgrade/so-update-functions
View File

@@ -156,12 +156,12 @@ salt_highstate() {
update_held_packages() {
if [ $OS == "centos" ]
SALTVER=2019.2.3
SALTVER=2019.2.4
DOCKERVER=
yum -y --disableexcludes=all update salt-$SALTVER
yum -y --disableexcludes=all update docker-ce-$DOCKERVER
else
SALTVER=2019.2.3+ds-1
SALTVER=2019.2.4+ds-1
DOCKERVER=5:19.03.8~3-0~ubuntu-xenial
fi