CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Raid refactor + yara and rule proxy

Browse Source
This commit is contained in:
Mike Reeves
2023-08-03 17:11:43 -04:00
parent 13c3e7f5ff
commit 2caca92082
3 changed files with 62 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
salt/common/tools/sbin_jinja/so-raid-status
View File

@@ -9,25 +9,26 @@
. /usr/sbin/so-common . /usr/sbin/so-common
appliance_check() {
{%- if salt['grains.get']('sosmodel', '') %} {%- if salt['grains.get']('sosmodel', '') %}
APPLIANCE=1 {%- set model = salt['grains.get']('sosmodel') %}
{%- if grains['sosmodel'] in ['SO2AMI01', 'SO2GCI01', 'SO2AZI01'] %} model={{ model }}
# Don't need cloud images to use this
if [[ $model =~ ^(SO2AMI01|SO2AZI01|SO2GCI01)$ ]]; then
exit 0 exit 0
{%- endif %}
DUDEYOUGOTADELL=$(dmidecode |grep Dell)
if [[ -n $DUDEYOUGOTADELL ]]; then
APPTYPE=dell
else
APPTYPE=sm
fi fi
mkdir -p /opt/so/log/raid
{%- else %} {%- else %}
echo "This is not an appliance" echo "This is not an appliance"
exit 0 exit 0
{%- endif %} {%- endif %}
} if [[ $model =~ ^(SOS10K|SOS500|SOS1000|SOS1000F|SOS4000|SOSSN7200|SOSSNNV|SOSMN)$ ]]; then
is_bossraid=true
fi
if [[ $model =~ ^(SOSSNNV|SOSMN)$ ]]; then
is_swraid=true
fi
if [[ $model =~ ^(SOS10K|SOS500|SOS1000|SOS1000F|SOS4000|SOSSN7200)$ ]]; then
is_hwraid=true
fi
check_nsm_raid() { check_nsm_raid() {
PERCCLI=$(/opt/raidtools/perccli/perccli64 /c0/v0 show|grep RAID|grep Optl) PERCCLI=$(/opt/raidtools/perccli/perccli64 /c0/v0 show|grep RAID|grep Optl)
@@ -49,61 +50,44 @@ check_nsm_raid() {
check_boss_raid() { check_boss_raid() {
MVCLI=$(/usr/local/bin/mvcli info -o vd |grep status |grep functional) MVCLI=$(/usr/local/bin/mvcli info -o vd |grep status |grep functional)
if [[ -n $DUDEYOUGOTADELL ]]; then
if [[ -n $MVCLI ]]; then if [[ -n $MVCLI ]]; then
BOSSRAID=0 BOSSRAID=0
else else
BOSSRAID=1 BOSSRAID=1
fi fi
fi
} }
check_software_raid() { check_software_raid() {
if [[ -n $DUDEYOUGOTADELL ]]; then
SWRC=$(grep "_" /proc/mdstat) SWRC=$(grep "_" /proc/mdstat)
if [[ -n $SWRC ]]; then if [[ -n $SWRC ]]; then
# RAID is failed in some way # RAID is failed in some way
SWRAID=1 SWRAID=1
else else
SWRAID=0 SWRAID=0
fi fi
fi
} }
# This script checks raid status if you use SO appliances # Set everything to 0
SWRAID=0
BOSSRAID=0
HWRAID=0
# See if this is an appliance if [[ $is_hwraid ]]; then
appliance_check
check_nsm_raid check_nsm_raid
fi
if [[ $is_bossraid ]]; then
check_boss_raid check_boss_raid
{%- if salt['grains.get']('sosmodel', '') %} fi
{%- if grains['sosmodel'] in ['SOSMN', 'SOSSNNV'] %} if [[ $is_swraid ]]; then
check_software_raid check_software_raid
{%- endif %} fi
{%- endif %}
if [[ -n $SWRAID ]]; then sum=$(($SWRAID + $BOSSRAID + $HWRAID))
if [[ $SWRAID == '0' && $BOSSRAID == '0' ]]; then
if [[ $sum == "0" ]]; then
RAIDSTATUS=0 RAIDSTATUS=0
else else
RAIDSTATUS=1 RAIDSTATUS=1
fi fi
elif [[ -n $DUDEYOUGOTADELL ]]; then
if [[ $BOSSRAID == '0' && $HWRAID == '0' ]]; then
RAIDSTATUS=0
else
RAIDSTATUS=1
fi
elif [[ "$APPTYPE" == 'sm' ]]; then
if [[ -n "$HWRAID" ]]; then
RAIDSTATUS=0
else
RAIDSTATUS=1
fi
fi
echo "nsmraid=$RAIDSTATUS" > /opt/so/log/raid/status.log echo "nsmraid=$RAIDSTATUS" > /opt/so/log/raid/status.log

14
salt/idstools/tools/sbin_jinja/so-rule-update
View File

@@ -3,17 +3,21 @@
{%- from 'vars/globals.map.jinja' import GLOBALS %} {%- from 'vars/globals.map.jinja' import GLOBALS %}
{%- from 'idstools/map.jinja' import IDSTOOLSMERGED %} {%- from 'idstools/map.jinja' import IDSTOOLSMERGED %}
{%- set proxy = salt['pillar.get']('manager:proxy') %} {%- set proxy = salt['pillar.get']('manager:proxy') %}
{%- set noproxy = salt['pillar.get']('manager:no_proxy', '') %}
# Download the rules from the internet
{%- if proxy %}
export http_proxy={{ proxy }}
export https_proxy={{ proxy }}
export no_proxy="{{ noproxy }}"
{%- endif %}
mkdir -p /nsm/rules/suricata mkdir -p /nsm/rules/suricata
chown -R socore:socore /nsm/rules/suricata chown -R socore:socore /nsm/rules/suricata
# Download the rules from the internet # Download the rules from the internet
{%- if GLOBALS.airgap != 'True' %} {%- if GLOBALS.airgap != 'True' %}
{%- if proxy %}
export http_proxy={{ proxy }}
export https_proxy={{ proxy }}
export no_proxy=salt['pillar.get']('manager:no_proxy')
{%- endif %}
{%- if IDSTOOLSMERGED.config.ruleset == 'ETOPEN' %} {%- if IDSTOOLSMERGED.config.ruleset == 'ETOPEN' %}
docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force docker exec so-idstools idstools-rulecat -v --suricata-version 6.0 -o /nsm/rules/suricata/ --merged=/nsm/rules/suricata/emerging-all.rules --force
{%- elif IDSTOOLSMERGED.config.ruleset == 'ETPRO' %} {%- elif IDSTOOLSMERGED.config.ruleset == 'ETPRO' %}

3
salt/manager/tools/sbin_jinja/so-yara-download
View File

@@ -3,12 +3,13 @@ NOROOT=1
. /usr/sbin/so-common . /usr/sbin/so-common
{%- set proxy = salt['pillar.get']('manager:proxy') %} {%- set proxy = salt['pillar.get']('manager:proxy') %}
{%- set noproxy = salt['pillar.get']('manager:no_proxy', '') %}
# Download the rules from the internet # Download the rules from the internet
{%- if proxy %} {%- if proxy %}
export http_proxy={{ proxy }} export http_proxy={{ proxy }}
export https_proxy={{ proxy }} export https_proxy={{ proxy }}
export no_proxy=salt['pillar.get']('manager:no_proxy') export no_proxy="{{ noproxy }}"
{%- endif %} {%- endif %}
repos="/opt/so/conf/strelka/repos.txt" repos="/opt/so/conf/strelka/repos.txt"