CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

2.4 fw changes

Browse Source
This commit is contained in:
m0duspwnens
2022-09-22 10:49:26 -04:00
parent e35c77be62
commit 2995ae32bd
13 changed files with 52 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
files/firewall/portgroups.local.yaml
View File

@@ -1,3 +1,2 @@
firewall: firewall:
aliases:
ports: ports:

38
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -27,16 +27,16 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
sensor: sensors:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
search_node: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }} - {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
heavy_node: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }} - {{ portgroups.minio }}
@@ -109,17 +109,17 @@ role:
{% if ISAIRGAP is sameas true %} {% if ISAIRGAP is sameas true %}
- {{ portgroups.yum }} - {{ portgroups.yum }}
{% endif %} {% endif %}
sensor: sensors:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
search_node: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }} - {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
heavy_node: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }} - {{ portgroups.minio }}
@@ -184,16 +184,16 @@ role:
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
- {{ portgroups.yum }} - {{ portgroups.yum }}
sensor: sensors:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
search_node: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }} - {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
heavy_node: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }} - {{ portgroups.minio }}
@@ -261,16 +261,16 @@ role:
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
- {{ portgroups.yum }} - {{ portgroups.yum }}
sensor: sensors:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
search_node: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }} - {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
heavy_node: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }} - {{ portgroups.minio }}
@@ -339,11 +339,11 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
sensor: sensors:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
search_node: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
@@ -386,7 +386,7 @@ role:
portgroups: portgroups:
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_rest }}
{% if TRUE_CLUSTER %} {% if TRUE_CLUSTER %}
search_node: searchnodes:
portgroups: portgroups:
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
{% endif %} {% endif %}
@@ -472,11 +472,11 @@ role:
portgroups: portgroups:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
sensor: sensors:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
search_node: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
@@ -511,10 +511,10 @@ role:
chain: chain:
DOCKER-USER: DOCKER-USER:
hostgroups: hostgroups:
sensor: sensors:
portgroups: portgroups:
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
search_node: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}

0
salt/firewall/hostgroups/beats_endpoint Normal file
View File

0
salt/firewall/hostgroups/beats_endpoint_ssl Normal file
View File

0
salt/firewall/hostgroups/elastic_agent_endpoint Normal file
View File

0
salt/firewall/hostgroups/elasticsearch_rest Normal file
View File

0
salt/firewall/hostgroups/endgame Normal file
View File

0
salt/firewall/hostgroups/minion Normal file
View File

0
salt/firewall/hostgroups/strelka_frontend Normal file
View File

0
salt/firewall/hostgroups/syslog Normal file
View File

33
salt/firewall/map.jinja
View File

@@ -1,8 +1,8 @@
{% set role = grains.id.split('_') | last %} {% set role = grains.id.split('_') | last %}
{% set translated_pillar_assigned_hostgroups = {} %} {% set translated_pillar_assigned_hostgroups = {} %}
{% import_yaml 'firewall/portgroups.yaml' as default_portgroups %} {% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %}
{% set default_portgroups = default_portgroups.firewall.aliases.ports %} {% set default_portgroups = default_portgroups.firewall.ports %}
{% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %} {% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %}
{% if local_portgroups.firewall.aliases.ports %} {% if local_portgroups.firewall.aliases.ports %}
{% set local_portgroups = local_portgroups.firewall.aliases.ports %} {% set local_portgroups = local_portgroups.firewall.aliases.ports %}
@@ -13,7 +13,34 @@
{% set defined_portgroups = portgroups %} {% set defined_portgroups = portgroups %}
{% import_yaml 'firewall/hostgroups.yaml' as default_hostgroups %} {% import_yaml 'firewall/hostgroups.yaml' as default_hostgroups %}
{% import_yaml 'firewall/hostgroups.local.yaml' as local_hostgroups %} {#% import_yaml 'firewall/hostgroups.local.yaml' as local_hostgroups %#}
{% set local_hostgroups = {'firewall': {'hostgroups': {}}} %}
{% set hostgroup_list = [
'analyst',
'analyst_workstations',
'eval',
'heavynodes',
'idh',
'manager',
'minion',
'receivers',
'searchnodes',
'sensors',
'standalone',
'beats_endpoint',
'beats_endpoint_ssl',
'elasticsearch_rest',
'elastic_agent_endpoint',
'endgame',
'strelka_frontend',
'syslog'
]
%}
{% for hg in hostgroup_list %}
{% import_text 'firewall/hostgroups/' ~ hg as hg_ips %}
{% do local_hostgroups.firewall.hostgroups.update({hg: {'ips': {'insert': hg_ips.split(), 'delete': []}}}) %}
{% endfor %}
{% set hostgroups = salt['defaults.merge'](default_hostgroups.firewall.hostgroups, local_hostgroups.firewall.hostgroups, in_place=False) %} {% set hostgroups = salt['defaults.merge'](default_hostgroups.firewall.hostgroups, local_hostgroups.firewall.hostgroups, in_place=False) %}
{# This block translate the portgroups defined in the pillar to what is defined my portgroups.yaml and portgroups.local.yaml #} {# This block translate the portgroups defined in the pillar to what is defined my portgroups.yaml and portgroups.local.yaml #}

116
salt/firewall/portgroups.yaml
View File

@@ -1,116 +0,0 @@
{% if grains.role == 'so-idh' %}
{% from 'idh/opencanary_config.map.jinja' import OPENCANARYCONFIG %}
{% from 'idh/openssh/map.jinja' import openssh_map %}
{% set idh_services = salt['pillar.get']('idh:services', []) %}
{% set ssh_port = openssh_map.config.port %}
{% else %}
{% set ssh_port = 22 %}
{% endif %}
firewall:
aliases:
ports:
all:
tcp:
- '0:65535'
udp:
- '0:65535'
acng:
tcp:
- 3142
agrules:
tcp:
- 7788
beats_5044:
tcp:
- 5044
beats_5644:
tcp:
- 5644
beats_5066:
tcp:
- 5066
cortex:
tcp:
- 9001
cortex_es_node:
tcp:
- 9500
cortex_es_rest:
tcp:
- 9400
docker_registry:
tcp:
- 5000
elasticsearch_node:
tcp:
- 9300
elasticsearch_rest:
tcp:
- 9200
elastic_agent_control:
tcp:
- 8220
elastic_agent_data:
tcp:
- 5055
endgame:
tcp:
- 3765
influxdb:
tcp:
- 8086
kibana:
tcp:
- 5601
minio:
tcp:
- 9595
mysql:
tcp:
- 3306
nginx:
tcp:
- 80
- 443
playbook:
tcp:
- 3200
redis:
tcp:
- 6379
- 9696
salt_manager:
tcp:
- 4505
- 4506
sensoroni:
tcp:
- 443
ssh:
tcp:
- {{ ssh_port }}
strelka_frontend:
tcp:
- 57314
syslog:
tcp:
- 514
udp:
- 514
yum:
tcp:
- 443
{% if idh_services is defined %}
{% for service in idh_services %}
{% if service in ["smnp","ntp", "tftp"] %}
{% set proto = 'udp' %}
{% else %}
{% set proto = 'tcp' %}
{% endif %}
idh_{{service}}:
{{proto}}:
- {{ OPENCANARYCONFIG[service~'.port'] }}
{% endfor %}
{% endif %}