CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move In Day

Browse Source
This commit is contained in:
Mike Reeves
2022-09-07 09:06:25 -04:00
parent dcb7b49dbe
commit 2bd9dd80e2
611 changed files with 8015 additions and 16211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
salt/nginx/etc/nginx.conf
View File

@@ -1,15 +1,8 @@
{%- set role = grains.id.split('_') | last %}
{%- if role == 'fleet' %}
{% set mainint = salt['pillar.get']('host:mainint') %}
{% set main_ip = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %}
{%- endif %}
{%- set manager_ip = salt['pillar.get']('manager:mainip', '') %}
{%- set manager_ip = salt['pillar.get']('global:managerip', '') %}
{%- set url_base = salt['pillar.get']('global:url_base') %}
{%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %}
{%- set fleet_node = salt['pillar.get']('global:fleet_node') %}
{%- set fleet_ip = salt['pillar.get']('global:fleet_ip', None) %}
{%- set airgap = salt['pillar.get']('global:airgap', 'False') %}
@@ -44,45 +37,7 @@ http {
include /etc/nginx/conf.d/*.conf;
{%- if role in ['eval', 'managersearch', 'manager', 'standalone', 'fleet', 'import'] %}
{%- if (fleet_manager or role == 'fleet') and role != 'import' %}
server {
listen 8090 ssl http2 default_server;
server_name {{ url_base }};
root /opt/socore/html;
index blank.html;
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
{%- if role == 'fleet' %}
grpc_pass grpcs://{{ main_ip }}:8080;
{%- else %}
grpc_pass grpcs://{{ manager_ip }}:8080;
{%- endif %}
grpc_set_header Host $host;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
}
location ~ ^/kolide.launcher.QueryTarget/GetTargets$ {
{%- if role == 'fleet' %}
grpc_pass grpcs://{{ main_ip }}:8080;
{%- else %}
grpc_pass grpcs://{{ manager_ip }}:8080;
{%- endif %}
grpc_set_header Host $host;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
}
}
{%- endif %}
{%- if role in ['eval', 'managersearch', 'manager', 'standalone', 'import'] %}
server {
listen 80 default_server;
@@ -106,40 +61,8 @@ http {
{%- endif %}
{%- if role == 'fleet' %}
server {
listen 443 ssl http2;
server_name {{ main_ip }};
root /opt/socore/html;
index index.html;
{%- if role in ['eval', 'managersearch', 'manager', 'standalone', 'import'] %}
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
location /fleet/ {
proxy_pass https://{{ main_ip }}:8080;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
error_page 500 502 503 504 /50x.html;
location = /usr/share/nginx/html/50x.html {
}
}
{%- elif role in ['eval', 'managersearch', 'manager', 'standalone', 'import'] %}
{%- if airgap is sameas true %}
server {
listen 7788;
server_name {{ url_base }};
@@ -154,8 +77,7 @@ http {
autoindex_localtime on;
}
}
{%- endif %}
server {
listen 443 ssl http2;
server_name {{ url_base }};
@@ -252,7 +174,6 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
}
{%- if airgap is sameas true %}
location /repo/ {
allow all;
sendfile on;
@@ -262,7 +183,6 @@ http {
autoindex_format html;
autoindex_localtime on;
}
{%- endif %}
location /grafana/ {
auth_request /auth/sessions/whoami;
@@ -316,29 +236,7 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
}
{%- if fleet_node %}
location /fleet/ {
return 307 https://{{ fleet_ip }}/fleet;
}
{%- else %}
location /fleet/ {
proxy_pass https://{{ manager_ip }}:8080;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
{%- endif %}
location /soctopus/ {
auth_request /auth/sessions/whoami;
proxy_pass http://{{ manager_ip }}:7000/;
@@ -355,10 +253,6 @@ http {
rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
}
location /kibana/app/fleet/ {
rewrite ^/kibana/app/fleet/(.*) /fleet/$1 permanent;
}
location /kibana/app/soctopus/ {
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
}

49
salt/nginx/files/nav_layer_playbook.json
View File

@@ -1,52 +1,27 @@
{
"name": "Playbook Coverage",
"versions": {
"attack": "11",
"navigator": "4.6.4",
"layer": "4.3"
},
"domain": "enterprise-attack",
"description": "",
"name": "Playbook",
"version": "3.0",
"domain": "mitre-enterprise",
"description": "Current Coverage of Playbook",
"filters": {
"stages": ["act"],
"platforms": [
"Linux",
"macOS",
"Windows",
"Azure AD",
"Office 365",
"SaaS",
"IaaS",
"Google Workspace",
"PRE",
"Network",
"Containers"
"windows",
"linux",
"mac"
]
},
"sorting": 0,
"layout": {
"layout": "side",
"aggregateFunction": "average",
"showID": false,
"showName": true,
"showAggregateScores": false,
"countUnscored": false
},
"viewMode": 0,
"hideDisabled": false,
"techniques": [],
"gradient": {
"colors": [
"#ff6666ff",
"#ffe766ff",
"#8ec843ff"
],
"colors": ["#ff6666", "#ffe766", "#8ec843"],
"minValue": 0,
"maxValue": 100
},
"legendItems": [],
"metadata": [],
"links": [],
"showTacticRowBackground": false,
"tacticRowBackground": "#dddddd",
"selectTechniquesAcrossTactics": true,
"selectSubtechniquesWithParent": false
}
"selectTechniquesAcrossTactics": true
}

78
salt/nginx/files/navigator_config.json
View File

@@ -1,62 +1,58 @@
{%- set URL_BASE = salt['pillar.get']('global:url_base', '') %}
{
"versions": [
{
"name": "ATT&CK v11",
"version": "11",
"domains": [
{
"name": "Enterprise",
"identifier": "enterprise-attack",
"data": ["assets/so/enterprise-attack.json"]
}
]
"enterprise_attack_url": "assets/enterprise-attack.json",
"pre_attack_url": "assets/pre-attack.json",
"mobile_data_url": "assets/mobile-attack.json",
"taxii_server": {
"enabled": false,
"url": "https://cti-taxii.mitre.org/",
"collections": {
"enterprise_attack": "95ecc380-afe9-11e4-9b6c-751b66dd541e",
"pre_attack": "062767bd-02d2-4b72-84ba-56caef0f8658",
"mobile_attack": "2f669986-b40b-4423-b720-4396ca6a462b"
}
],
"custom_context_menu_items": [ {"label": "view related plays","url": " https://{{URL_BASE}}/playbook/projects/detection-playbooks/issues?utf8=%E2%9C%93&set_filter=1&sort=id%3Adesc&f%5B%5D=cf_15&op%5Bcf_15%5D=%3D&f%5B%5D=&c%5B%5D=status&c%5B%5D=cf_10&c%5B%5D=cf_13&c%5B%5D=cf_18&c%5B%5D=cf_19&c%5B%5D=cf_1&c%5B%5D=updated_on&v%5Bcf_15%5D%5B%5D=~Technique_ID~"}],
"default_layers": {
"enabled": true,
"urls": ["assets/so/nav_layer_playbook.json"]
},
"domain": "mitre-enterprise",
"custom_context_menu_items": [ {"label": "view related plays","url": " https://{{URL_BASE}}/playbook/projects/detection-playbooks/issues?utf8=%E2%9C%93&set_filter=1&sort=id%3Adesc&f%5B%5D=cf_15&op%5Bcf_15%5D=%3D&f%5B%5D=&c%5B%5D=status&c%5B%5D=cf_10&c%5B%5D=cf_13&c%5B%5D=cf_18&c%5B%5D=cf_19&c%5B%5D=cf_1&c%5B%5D=updated_on&v%5Bcf_15%5D%5B%5D=~Technique_ID~"}],
"default_layers": {
"enabled": true,
"urls": [
"assets/playbook.json"
]
},
"comment_color": "yellow",
"link_color": "blue",
"banner": "",
"features": [
{"name": "leave_site_dialog", "enabled": true, "description": "Disable to remove the dialog prompt when leaving site."},
{"name": "tabs", "enabled": true, "description": "Disable to remove the ability to open new tabs."},
{"name": "selecting_techniques", "enabled": true, "description": "Disable to remove the ability to select techniques."},
{"name": "header", "enabled": true, "description": "Disable to remove the header containing 'MITRE ATT&CK Navigator' and the link to the help page. The help page can still be accessed from the new tab menu."},
{"name": "subtechniques", "enabled": true, "description": "Disable to remove all sub-technique features from the interface."},
{"name": "selection_controls", "enabled": true, "description": "Disable to to disable all subfeatures", "subfeatures": [
{"name": "search", "enabled": true, "description": "Disable to remove the technique search panel from the interface."},
{"name": "multiselect", "enabled": true, "description": "Disable to remove the multiselect panel from interface."},
{"name": "deselect_all", "enabled": true, "description": "Disable to remove the deselect all button from the interface."}
]},
{"name": "layer_controls", "enabled": true, "description": "Disable to disable all subfeatures", "subfeatures": [
{"name": "layer_info", "enabled": true, "description": "Disable to remove the layer info (name, description and layer metadata) panel from the interface. Note that the layer can still be renamed in the tab."},
{"name": "layer_controls", "enabled": true, "description": "Disable to to disable all subfeatures", "subfeatures": [
{"name": "layer_info", "enabled": true, "description": "Disable to remove the layer info (name, description and metadata) panel from the interface. Note that the layer can still be renamed in the tab."},
{"name": "download_layer", "enabled": true, "description": "Disable to remove the button to download the layer."},
{"name": "export_render", "enabled": true, "description": "Disable to remove the button to render the current layer."},
{"name": "export_excel", "enabled": true, "description": "Disable to remove the button to export the current layer to MS Excel (.xlsx) format."},
{"name": "filters", "enabled": true, "description": "Disable to remove the filters panel from interface."},
{"name": "sorting", "enabled": true, "description": "Disable to remove the sorting button from the interface."},
{"name": "color_setup", "enabled": true, "description": "Disable to remove the color setup panel from interface, containing customization controls for scoring gradient and tactic row color."},
{"name": "toggle_hide_disabled", "enabled": true, "description": "Disable to remove the hide disabled techniques button from the interface."},
{"name": "layout_controls", "enabled": true, "description": "Disable to remove the ability to change the current matrix layout."},
{"name": "legend", "enabled": true, "description": "Disable to remove the legend panel from the interface."}
{"name": "export_render", "enabled": true, "description": "Disable to the remove the button to render the current layer."},
{"name": "export_excel", "enabled": true, "description": "Disable to the remove the button to export the current layer to MS Excel (.xlsx) format."},
{"name": "filters", "enabled": true, "description": "Disable to the remove the filters panel from interface."},
{"name": "sorting", "enabled": true, "description": "Disable to the remove the sorting button from the interface."},
{"name": "color_setup", "enabled": true, "description": "Disable to the remove the color setup panel from interface, containing customization controls for scoring gradient and tactic row color."},
{"name": "toggle_hide_disabled", "enabled": true, "description": "Disable to the remove the hide disabled techniques button from the interface."},
{"name": "toggle_view_mode", "enabled": true, "description": "Disable to the remove the toggle view mode button from interface."},
{"name": "legend", "enabled": true, "description": "Disable to the remove the legend panel from the interface."}
]},
{"name": "technique_controls", "enabled": true, "description": "Disable to disable all subfeatures", "subfeatures": [
{"name": "disable_techniques", "enabled": true, "description": "Disable to remove the ability to disable techniques."},
{"name": "manual_color", "enabled": true, "description": "Disable to remove the ability to assign manual colors to techniques."},
{"name": "scoring", "enabled": true, "description": "Disable to remove the ability to score techniques."},
{"name": "comments", "enabled": true, "description": "Disable to remove the ability to add comments to techniques."},
{"name": "comment_underline", "enabled": true, "description": "Disable to remove the comment underline effect on techniques."},
{"name": "links", "enabled": true, "description": "Disable to remove the ability to assign hyperlinks to techniques."},
{"name": "link_underline", "enabled": true, "description": "Disable to remove the hyperlink underline effect on techniques."},
{"name": "metadata", "enabled": true, "description": "Disable to remove the ability to add metadata to techniques."},
{"name": "technique_controls", "enabled": true, "description": "Disable to to disable all subfeatures", "subfeatures": [
{"name": "disable_techniques", "enabled": true, "description": "Disable to the remove the ability to disable techniques."},
{"name": "manual_color", "enabled": true, "description": "Disable to the remove the ability to assign manual colors to techniques."},
{"name": "scoring", "enabled": true, "description": "Disable to the remove the ability to score techniques."},
{"name": "comments", "enabled": true, "description": "Disable to the remove the ability to add comments to techniques."},
{"name": "clear_annotations", "enabled": true, "description": "Disable to remove the button to clear all annotations on the selected techniques."}
]}
]

30
salt/nginx/init.sls
View File

@@ -1,10 +1,8 @@
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls in allowed_states %}
{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
{% set MANAGER = salt['grains.get']('master') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set VERSION = salt['pillar.get']('global:soversion') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set ISAIRGAP = salt['pillar.get']('global:airgap') %}
@@ -50,7 +48,7 @@ nginxtmp:
navigatorconfig:
file.managed:
- name: /opt/so/conf/navigator/config.json
- name: /opt/so/conf/navigator/navigator_config.json
- source: salt://nginx/files/navigator_config.json
- user: 939
- group: 939
@@ -59,7 +57,7 @@ navigatorconfig:
navigatordefaultlayer:
file.managed:
- name: /opt/so/conf/navigator/layers/nav_layer_playbook.json
- name: /opt/so/conf/navigator/nav_layer_playbook.json
- source: salt://nginx/files/nav_layer_playbook.json
- user: 939
- group: 939
@@ -69,7 +67,7 @@ navigatordefaultlayer:
navigatorpreattack:
file.managed:
- name: /opt/so/conf/navigator/layers/pre-attack.json
- name: /opt/so/conf/navigator/pre-attack.json
- source: salt://nginx/files/pre-attack.json
- user: 939
- group: 939
@@ -78,7 +76,7 @@ navigatorpreattack:
navigatorenterpriseattack:
file.managed:
- name: /opt/so/conf/navigator/layers/enterprise-attack.json
- name: /opt/so/conf/navigator/enterprise-attack.json
- source: salt://nginx/files/enterprise-attack.json
- user: 939
- group: 939
@@ -94,16 +92,17 @@ so-nginx:
- /opt/so/log/nginx/:/var/log/nginx:rw
- /opt/so/tmp/nginx/:/var/lib/nginx:rw
- /opt/so/tmp/nginx/:/run:rw
- /opt/so/conf/fleet/packages:/opt/socore/html/packages
{% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %}
- /opt/so/conf/elastic-fleet/so_agent-installers:/opt/socore/html/packages
{% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import'] %}
- /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro
- /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro
# ATT&CK Navigator binds
- /opt/so/conf/navigator/layers/:/opt/socore/html/navigator/assets/so:ro
- /opt/so/conf/navigator/config.json:/opt/socore/html/navigator/assets/config.json:ro
{% endif %}
{% if ISAIRGAP is sameas true %}
- /opt/so/conf/navigator/navigator_config.json:/opt/socore/html/navigator/assets/config.json:ro
- /opt/so/conf/navigator/nav_layer_playbook.json:/opt/socore/html/navigator/assets/playbook.json:ro
- /opt/so/conf/navigator/enterprise-attack.json:/opt/socore/html/navigator/assets/enterprise-attack.json:ro
- /opt/so/conf/navigator/pre-attack.json:/opt/socore/html/navigator/assets/pre-attack.json:ro
- /nsm/repo:/opt/socore/html/repo:ro
{% endif %}
- cap_add: NET_BIND_SERVICE
- port_bindings:
@@ -112,15 +111,12 @@ so-nginx:
{% if ISAIRGAP is sameas true %}
- 7788:7788
{% endif %}
{%- if FLEETMANAGER or FLEETNODE %}
- 8090:8090
{%- endif %}
- watch:
- file: nginxconf
- file: nginxconfdir
- require:
- file: nginxconf
{% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import', 'so-fleet'] %}
{% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import'] %}
- x509: managerssl_key
- x509: managerssl_crt
- file: navigatorconfig