mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-06-14 22:28:43 +02:00
Move In Day
This commit is contained in:
Mike Reeves
@@ -1,4 +1,9 @@
|
||||
#!/bin/bash
|
||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||
# Elastic License 2.0.
|
||||
|
||||
{%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
|
||||
{%- set ENDGAMEHOST = salt['pillar.get']('soc:endgamehost', 'ENDGAMEHOST') %}
|
||||
. /usr/sbin/so-common
|
||||
@@ -34,13 +39,13 @@ import() {
|
||||
sed -i "s/ENDGAMEHOST/{{ ENDGAMEHOST }}/g" "$ndjson_file"
|
||||
fi
|
||||
|
||||
wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}"
|
||||
wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
|
||||
RETURN_CODE=$?
|
||||
|
||||
SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
|
||||
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
|
||||
|
||||
# Load saved objects
|
||||
RESPONSE=$({{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@"$ndjson_file")
|
||||
RESPONSE=$(curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@"$ndjson_file")
|
||||
echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
|
||||
|
||||
if [[ "$RETURN_CODE" != "1" ]]; then
|
||||
@@ -54,12 +59,12 @@ import() {
|
||||
update() {
|
||||
local BASENAME=$(basename $1 | cut -d'.' -f1)
|
||||
if [ ! -f "/opt/so/state/kibana_$BASENAME.txt" ]; then
|
||||
wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}"
|
||||
wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
|
||||
RETURN_CODE=$?
|
||||
|
||||
IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))'
|
||||
for i in "${LINES[@]}"; do
|
||||
RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.3.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
|
||||
RESPONSE=$(curl -K /opt/so/conf/elasticsearch/curl.config-X PUT "localhost:5601/api/saved_objects/config/8.4.1" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
|
||||
echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
|
||||
done
|
||||
|
||||
|
||||
@@ -1,11 +1,7 @@
|
||||
{% import_yaml 'kibana/defaults.yaml' as KIBANACONFIG with context %}
|
||||
{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
|
||||
|
||||
{% if salt['pillar.get']('elasticsearch:auth:enabled', False) %}
|
||||
{% do KIBANACONFIG.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass')}) %}
|
||||
{% else %}
|
||||
{% do KIBANACONFIG.kibana.config.xpack.update({'security': {'authc': {'providers': {'anonymous': {'anonymous1': {'order': 0, 'credentials': 'elasticsearch_anonymous_user'}}}}}}) %}
|
||||
{% endif %}
|
||||
{% do KIBANACONFIG.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass')}) %}
|
||||
|
||||
{% if salt['pillar.get']('kibana:secrets') %}
|
||||
{% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey']}}) %}
|
||||
|
||||
@@ -8,7 +8,7 @@ kibana:
|
||||
publicBaseUrl: https://{{salt['pillar.get']('global:url_base')}}/kibana
|
||||
elasticsearch:
|
||||
hosts:
|
||||
- https://{{salt['pillar.get']('manager:mainip')}}:9200
|
||||
- https://{{salt['pillar.get']('global:managerip')}}:9200
|
||||
ssl:
|
||||
verificationMode: none
|
||||
requestTimeout: 90000
|
||||
@@ -33,3 +33,60 @@ kibana:
|
||||
reporting:
|
||||
kibanaServer:
|
||||
hostname: localhost
|
||||
fleet:
|
||||
packages:
|
||||
- name: fleet_server
|
||||
version: latest
|
||||
- name: osquery_manager
|
||||
version: latest
|
||||
- name: system
|
||||
version: latest
|
||||
- name: windows
|
||||
version: latest
|
||||
agentPolicies:
|
||||
- name: SO-Manager
|
||||
id: so-manager
|
||||
description: "SO Manager Fleet Server Policy"
|
||||
namespace: default
|
||||
is_default_fleet_server: true
|
||||
monitoring_enabled: ['logs']
|
||||
package_policies:
|
||||
- name: fleet-server_manager
|
||||
package:
|
||||
name: fleet_server
|
||||
- name: SO-Grid-Nodes
|
||||
id: so-grid-nodes
|
||||
description: "SO Grid Node Policy"
|
||||
namespace: default
|
||||
monitoring_enabled: ['logs']
|
||||
package_policies:
|
||||
- name: osquery-grid-nodes
|
||||
package:
|
||||
name: osquery_manager
|
||||
- name: system-grid-nodes
|
||||
package:
|
||||
name: system
|
||||
inputs:
|
||||
- type: system/metrics
|
||||
enabled: false
|
||||
- name: Endpoints-Initial
|
||||
id: endpoints
|
||||
description: "Initial Endpoint Policy"
|
||||
namespace: default
|
||||
monitoring_enabled: ['logs']
|
||||
package_policies:
|
||||
- name: system-endpoints
|
||||
package:
|
||||
name: system
|
||||
inputs:
|
||||
- type: system/metrics
|
||||
enabled: false
|
||||
- name: osquery-endpoints
|
||||
package:
|
||||
name: osquery_manager
|
||||
- name: windows-endpoints
|
||||
package:
|
||||
name: windows
|
||||
inputs:
|
||||
- type: windows/metrics
|
||||
enabled: false
|
||||
@@ -1 +1 @@
|
||||
{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.3.2","id": "8.3.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
|
||||
{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.4.1","id": "8.4.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="}
|
||||
|
||||
@@ -1,10 +1,12 @@
|
||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||
# Elastic License 2.0.
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
{% set MANAGER = salt['grains.get']('master') %}
|
||||
{% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
|
||||
|
||||
{% import_yaml 'kibana/defaults.yaml' as default_settings %}
|
||||
{% set KIBANA_SETTINGS = salt['grains.filter_by'](default_settings, default='kibana', merge=salt['pillar.get']('kibana', {})) %}
|
||||
@@ -73,19 +75,17 @@ kibanabin:
|
||||
- source: salt://kibana/bin/so-kibana-config-load
|
||||
- mode: 755
|
||||
- template: jinja
|
||||
- defaults:
|
||||
ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
|
||||
|
||||
# Start the kibana docker
|
||||
so-kibana:
|
||||
docker_container.running:
|
||||
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kibana:{{ VERSION }}
|
||||
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kibana:{{ GLOBALS.so_version }}
|
||||
- hostname: kibana
|
||||
- user: kibana
|
||||
- environment:
|
||||
- ELASTICSEARCH_HOST={{ MANAGER }}
|
||||
- ELASTICSEARCH_HOST={{ GLOBALS.manager }}
|
||||
- ELASTICSEARCH_PORT=9200
|
||||
- MANAGER={{ MANAGER }}
|
||||
- MANAGER={{ GLOBALS.manager }}
|
||||
- binds:
|
||||
- /opt/so/conf/kibana/etc:/usr/share/kibana/config:rw
|
||||
- /opt/so/log/kibana:/var/log/kibana:rw
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||
# Elastic License 2.0.
|
||||
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||
# Elastic License 2.0.
|
||||
|
||||
include:
|
||||
- kibana
|
||||
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||
# Elastic License 2.0.
|
||||
|
||||
{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
|
||||
include:
|
||||
- kibana
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||
# Elastic License 2.0.
|
||||
|
||||
include:
|
||||
- kibana
|
||||
- kibana.so_config_load
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||
# Elastic License 2.0.
|
||||
|
||||
include:
|
||||
- kibana
|
||||
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
kibana:
|
||||
config:
|
||||
elasticsearch:
|
||||
requestTimeout: 90000
|
||||
description: Request timeout length.
|
||||
Reference in New Issue
Block a user