Merge pull request #1193 from Security-Onion-Solutions/issue/1039

Issue/1039
2025-12-07 09:42:46 +01:00 · 2020-08-14 18:45:12 -04:00
parent 5663edfaee e6da423dc3
commit 2c9c328a40
14 changed files with 18 additions and 17 deletions
--- a/salt/common/tools/sbin/so-import-pcap
+++ b/salt/common/tools/sbin/so-import-pcap
@@ -15,10 +15,11 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{% set MANAGER = salt['grains.get']('master') %}
+{%- set MANAGER = salt['grains.get']('master') %}
-{% set VERSION = salt['pillar.get']('global:soversion') %}
+{%- set VERSION = salt['pillar.get']('global:soversion') %}
-{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
+{%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
 {%- set URLBASE = salt['pillar.get']('global:url_base') %}
 . /usr/sbin/so-common
@@ -212,7 +213,7 @@ cat << EOF
 Import complete!
 You can use the following hyperlink to view data in the time range of your import.  You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
-https://{{ MANAGERIP }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
+https://{{ URLBASE }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
 or you can manually set your Time Range to be (in UTC):
 From: $START_OLDEST    To: $END_NEWEST
--- a/salt/common/tools/sbin/so-kibana-config-export
+++ b/salt/common/tools/sbin/so-kibana-config-export
@@ -3,7 +3,7 @@
 # {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
 # {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) -%}
 # {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', '') %}
-# {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
+# {%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
 #
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
--- a/salt/elastalert/files/rules/so/suricata_thehive.yaml
+++ b/salt/elastalert/files/rules/so/suricata_thehive.yaml
@@ -1,7 +1,7 @@
 {% set es = salt['pillar.get']('global:managerip', '') %}
 {% set hivehost = salt['pillar.get']('global:managerip', '') %}
 {% set hivekey = salt['pillar.get']('global:hivekey', '') %}
-{% set MANAGER = salt['pillar.get']('manager:url_base', '') %}
+{% set MANAGER = salt['pillar.get']('global:url_base', '') %}
 # Elastalert rule to forward Suricata alerts from Security Onion to a specified TheHive instance.
 #
--- a/salt/elastalert/files/rules/so/wazuh_thehive.yaml
+++ b/salt/elastalert/files/rules/so/wazuh_thehive.yaml
@@ -1,7 +1,7 @@
 {% set es = salt['pillar.get']('global:managerip', '') %}
 {% set hivehost = salt['pillar.get']('global:managerip', '') %}
 {% set hivekey = salt['pillar.get']('global:hivekey', '') %}
-{% set MANAGER = salt['pillar.get']('manager:url_base', '') %}
+{% set MANAGER = salt['pillar.get']('global:url_base', '') %}
 # Elastalert rule to forward high level Wazuh alerts from Security Onion to a specified TheHive instance.
 #
--- a/salt/fleet/event_gen-packages.sls
+++ b/salt/fleet/event_gen-packages.sls
@@ -11,7 +11,7 @@
 {% elif FLEETNODE %}
   {% set HOSTNAME = grains.host  %}
 {% else %}
-   {% set HOSTNAME = salt['pillar.get']('manager:url_base')  %}
+   {% set HOSTNAME = salt['pillar.get']('global:url_base')  %}
 {% endif %}
 so/fleet:
--- a/salt/kibana/bin/so-kibana-config-load
+++ b/salt/kibana/bin/so-kibana-config-load
@@ -1,7 +1,7 @@
 #!/bin/bash
 # {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
 # {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) -%}
-# {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
+# {%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
 KIBANA_VERSION="7.6.1"
--- a/salt/motd/files/so_motd.jinja
+++ b/salt/motd/files/so_motd.jinja
@@ -1,6 +1,6 @@
 {% set needs_restarting_check = salt['mine.get']('*', 'needs_restarting.check', tgt_type='glob') -%}
 {% set role = grains.id.split('_') | last -%}
-{% set url = salt['pillar.get']('manager:url_base') -%}
+{% set url = salt['pillar.get']('global:url_base') -%}
 {% if role in ['eval', 'managersearch', 'manager', 'standalone'] %}
 Access the Security Onion web interface at https://{{ url }}
--- a/salt/nginx/files/navigator_config.json
+++ b/salt/nginx/files/navigator_config.json
@@ -1,4 +1,4 @@
-{%- set URL_BASE = salt['pillar.get']('manager:url_base', '') %}
+{%- set URL_BASE = salt['pillar.get']('global:url_base', '') %}
 {
    "enterprise_attack_url": "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json",
--- a/salt/soc/files/kratos/kratos.yaml
+++ b/salt/soc/files/kratos/kratos.yaml
@@ -1,4 +1,4 @@
-{%- set WEBACCESS = salt['pillar.get']('manager:url_base', '') -%}
+{%- set WEBACCESS = salt['pillar.get']('global:url_base', '') -%}
 {%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
 selfservice:
--- a/salt/soctopus/files/SOCtopus.conf
+++ b/salt/soctopus/files/SOCtopus.conf
@@ -1,4 +1,4 @@
-{%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
+{%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
 {%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %}
 {%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
--- a/salt/soctopus/files/templates/generic.template
+++ b/salt/soctopus/files/templates/generic.template
@@ -1,4 +1,4 @@
-{% set es = salt['pillar.get']('manager:url_base', '') %}
+{% set es = salt['pillar.get']('global:url_base', '') %}
 {% set hivehost = salt['pillar.get']('global:managerip', '') %}
 {% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 alert:
--- a/salt/soctopus/files/templates/osquery.template
+++ b/salt/soctopus/files/templates/osquery.template
@@ -1,4 +1,4 @@
-{% set es = salt['pillar.get']('manager:url_base', '') %}
+{% set es = salt['pillar.get']('global:url_base', '') %}
 {% set hivehost = salt['pillar.get']('global:managerip', '') %}
 {% set hivekey = salt['pillar.get']('global:hivekey', '') %}
 alert:
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -1,7 +1,7 @@
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{%- set MANAGER_URL = salt['pillar.get']('manager:url_base', '') %}
+{%- set MANAGER_URL = salt['pillar.get']('global:url_base', '') %}
 {%- set MANAGER_IP = salt['pillar.get']('global:managerip', '') %}
 soctopusdir:
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1035,7 +1035,6 @@ manager_pillar() {
 		"  osquery: $OSQUERY"\
 		"  thehive: $THEHIVE"\
 		"  playbook: $PLAYBOOK"\
 		"  url_base: $REDIRECTIT"\
 		""\
 		"elasticsearch:"\
 		"  mainip: $MAINIP"\
@@ -1094,6 +1093,7 @@ manager_global() {
                "  proxy: $PROXY"\
                "  zeekversion: $ZEEKVERSION"\
                "  ids: $NIDS"\
 				"  url_base: $REDIRECTIT"\
                "  managerip: $MAINIP" > "$global_pillar"
        # Check if TheHive is enabled.  If so, add creds and other details