CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 22:17:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move files out of common

Browse Source
This commit is contained in:
Mike Reeves
2023-05-01 15:21:31 -04:00
parent 102906f5dd
commit 2d4f4791e0
81 changed files with 272 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/common/tools/sbin/so-elastic-fleet-agent-policy-delete
-19
View File
@@ -1,19 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
POLICY_ID=$1
# Let's snag a cookie from Kibana
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
echo "Deleting agent policy $POLICY_ID..."
# Delete agent policy
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/fleet/agent_policies/delete" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d"{\"agentPolicyId\": \"$POLICY_ID\"}"
echo
salt/common/tools/sbin/so-elastic-fleet-agent-policy-list
-17
View File
@@ -1,17 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
# Let's snag a cookie from Kibana
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
echo "Setting up default Security Onion package policies for Elastic Agent..."
# List configured agent policies
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies" | jq
echo
salt/common/tools/sbin/so-elastic-fleet-agent-policy-view
-19
View File
@@ -1,19 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
POLICY_ID=$1
# Let's snag a cookie from Kibana
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
echo "Viewing agent policy $POLICY_ID"
# View agent policy
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$POLICY_ID/full" | jq
echo
salt/common/tools/sbin/so-elastic-fleet-data-streams-list
-17
View File
@@ -1,17 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
# Let's snag a cookie from Kibana
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
echo "Retrieving data stream information..."
# Retrieve data stream information
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/data_streams" | jq
echo
salt/common/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete
-23
View File
@@ -1,23 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
POLICY_ID=$1
# Let's snag a cookie from Kibana
SESSIONCOOKIE=$(curl -q -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
# Get integration policies relative to agent policy
INTEGRATION_POLICY_IDS=$(curl -q -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$POLICY_ID" | jq -r '.item.package_policies[].id')
for i in $INTEGRATION_POLICY_IDS; do
# Delete integration policies
echo "Deleting integration policy: $i..."
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/fleet/package_policies/delete" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d"{\"packagePolicyIds\": [\"$i\"], \"force\":true}";
echo
echo
done
salt/common/tools/sbin/so-elastic-fleet-integration-policy-delete
-19
View File
@@ -1,19 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
POLICY_ID=$1
# Let's snag a cookie from Kibana
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
echo "Deleting integration policy $POLICY_ID..."
# List configured package policies
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/fleet/package_policies/delete" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d"{\"packagePolicyIds\": [\"$POLICY_ID\"]}"
echo
salt/common/tools/sbin/so-elastic-fleet-integration-policy-list
-17
View File
@@ -1,17 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
# Let's snag a cookie from Kibana
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
echo "Setting up default Security Onion package policies for Elastic Agent..."
# List configured package policies
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/package_policies" | jq
echo
salt/common/tools/sbin/so-elastic-fleet-integration-policy-load
-21
View File
@@ -1,21 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
# Initial Endpoints
for INTEGRATION in /opt/so/saltstack/default/salt/elasticfleet/files/integrations/endpoints-initial/*.json
do
printf "\n\nInitial Endpoint Policy - Loading $INTEGRATION\n"
elastic_fleet_integration_create "@$INTEGRATION"
done
# Grid Nodes
for INTEGRATION in /opt/so/saltstack/default/salt/elasticfleet/files/integrations/grid-nodes/*.json
do
printf "\n\nGrid Nodes Policy - Loading $INTEGRATION\n"
elastic_fleet_integration_create "@$INTEGRATION"
done
salt/common/tools/sbin/so-elastic-fleet-restart
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart elasticfleet $1
salt/common/tools/sbin/so-elastic-fleet-setup
-92
View File
@@ -1,92 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
# this file except in compliance with the Elastic License 2.0.
{% from 'vars/globals.map.jinja' import GLOBALS %}
. /usr/sbin/so-common
printf "\n### Create ES Token ###\n"
ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq -r .value)
### Create Outputs & Fleet URLs ###
printf "\nAdd Manager Elasticsearch Ouput...\n"
ESCACRT=$(openssl x509 -in /etc/pki/tls/certs/intca.crt)
JSON_STRING=$( jq -n \
--arg ESCACRT "$ESCACRT" \
'{"name":"so-manager_elasticsearch","id":"so-manager_elasticsearch","type":"elasticsearch","hosts":["https://{{ GLOBALS.manager_ip }}:9200","https://{{ GLOBALS.manager }}:9200"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate_authorities": [$ESCACRT]}}' )
curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/outputs" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
printf "\n\n"
printf "\nCreate Logstash Output if node is not an Import or Eval install\n"
{% if grains.role not in ['so-import', 'so-eval'] %}
LOGSTASHCRT=$(openssl x509 -in /etc/pki/elasticfleet-logstash.crt)
LOGSTASHKEY=$(openssl rsa -in /etc/pki/elasticfleet-logstash.key)
LOGSTASHCA=$(openssl x509 -in /etc/pki/tls/certs/intca.crt)
JSON_STRING=$( jq -n \
--arg LOGSTASHCRT "$LOGSTASHCRT" \
--arg LOGSTASHKEY "$LOGSTASHKEY" \
--arg LOGSTASHCA "$LOGSTASHCA" \
'{"name":"grid-logstash","is_default":true,"is_default_monitoring":true,"id":"so-manager_logstash","type":"logstash","hosts":["{{ GLOBALS.manager_ip }}:5055", "{{ GLOBALS.manager }}:5055"],"config_yaml":"","ssl":{"certificate": $LOGSTASHCRT,"key": $LOGSTASHKEY,"certificate_authorities":[ $LOGSTASHCA ]},"proxy_id":null}'
)
curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/outputs" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
printf "\n\n"
{%- endif %}
printf "\nAdd SO-Manager Fleet URL\n"
## This array replaces whatever URLs are currently configured
curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/settings" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d '{"fleet_server_hosts":["https://{{ GLOBALS.manager_ip }}:8220", "https://{{ GLOBALS.manager }}:8220"]}'
printf "\n\n"
### Create Policies & Associated Integration Configuration ###
# Manager Fleet Server Host
elastic_fleet_policy_create "FleetServer_{{ GLOBALS.hostname }}" "Fleet Server - {{ GLOBALS.hostname }}" "true" | jq
#Temp Fixup for ES Output bug
JSON_STRING=$( jq -n \
--arg NAME "FleetServer_{{ GLOBALS.hostname }}" \
'{"name": $NAME,"description": $NAME,"namespace":"default","monitoring_enabled":["logs"],"inactivity_timeout":120,"data_output_id":"so-manager_elasticsearch"}'
)
curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/agent_policies/FleetServer_{{ GLOBALS.hostname }}" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
# Initial Endpoints Policy
elastic_fleet_policy_create "endpoints-initial" "Initial Endpoint Policy" "false"
# Grid Nodes Policy
elastic_fleet_policy_create "so-grid-nodes" "SO Grid Node Policy" "false"
# Load Integrations for default policies
so-elastic-fleet-integration-policy-load
### Finalization ###
# Query for Enrollment Tokens for default policies
ENDPOINTSENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("endpoints-default")) | .api_key')
GRIDNODESENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "localhost:5601/api/fleet/enrollment_api_keys" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq .list | jq -r -c '.[] | select(.policy_id | contains("so-grid-nodes")) | .api_key')
# Store needed data in minion pillar
pillar_file=/opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls
printf '%s\n'\
"elasticfleet:"\
" server:"\
" es_token: '$ESTOKEN'"\
" endpoints_enrollment: '$ENDPOINTSENROLLMENTOKEN'"\
" grid_enrollment: '$GRIDNODESENROLLMENTOKEN'"\
"" >> "$pillar_file"
#Store Grid Nodes Enrollment token in Global pillar
global_pillar_file=/opt/so/saltstack/local/pillar/global/soc_global.sls
printf '%s\n'\
" fleet_grid_enrollment_token: '$GRIDNODESENROLLMENTOKEN'"\
"" >> "$global_pillar_file"
# Call Elastic-Fleet Salt State
salt-call state.apply elasticfleet queue=True
# Generate installers & install Elastic Agent on the node
so-elastic-agent-gen-installers
salt-call state.apply elasticfleet.install_agent_grid queue=True
salt/common/tools/sbin/so-elastic-fleet-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start elasticfleet $1
salt/common/tools/sbin/so-elastic-fleet-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop elasticfleet $1
salt/common/tools/sbin/so-idh-restart
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart idh $1
salt/common/tools/sbin/so-idh-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start idh $1
salt/common/tools/sbin/so-idh-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop idh $1
salt/common/tools/sbin/so-influxdb-manage
-285
View File
@@ -1,285 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
usage() {
echo "Usage: $0 <operation> [args]"
echo ""
echo "Supported Operations:"
echo " dashboardpath Returns the URL path for a dashboard, requires: <name-of-dashboard>"
echo " export Exports all templates to stdout"
echo " setup Loads all templates and creates all required buckets"
echo " userlist Lists users"
echo " useradd Adds a new user, requires: <email>"
echo " userdel Removes an existing user, requires: <email>"
echo " userenable Enables a user, requires: <email>"
echo " userdisable Disables a user, requires: <email>"
echo " userpass Updates a user's password, requires: <email>"
echo " userpromote Promotes a user to admin: <email>"
echo " userdemote Demotes a user from admin: <email>"
echo ""
echo "If required, the password will be read from STDIN."
exit 1
}
if [ $# -lt 1 ]; then
usage
fi
COMMAND=$(basename $0)
OP=$1
shift
set -eo pipefail
log() {
echo -e "$(date) | $COMMAND | $@" >&2
}
check_response() {
response=$1
if [[ "$response" =~ "\"code\":" ]]; then
log "Failed. Check the response for more details.\n$response"
exit 1
fi
}
request() {
curl -skK /opt/so/conf/influxdb/curl.config "https://localhost:8086/api/v2/$@"
}
lookup_user_id() {
email=$1
response=$(request users?limit=100)
check_response "$response"
uid=$(echo "$response" | jq -r ".users[] | select(.name == \"$email\").id")
if [[ -z "$uid" ]]; then
log "User not found"
exit 1
fi
echo "$uid"
}
lookup_stack_id() {
oid=$1
response=$(request "stacks?orgID=$oid&name=Security+Onion")
check_response "$response"
stackid=$(echo "$response" | jq -r ".stacks[0].id")
if [[ -z "$stackid" || "$stackid" == null ]]; then
response=$(request stacks -X POST -d "{\"name\":\"Security Onion\",\"orgID\":\"$oid\"}")
check_response "$response"
stackid=$(echo "$response" | jq -r .id)
fi
echo "$stackid"
}
change_password() {
uid=$1
set +e
test -t 0
if [[ $? == 0 ]]; then
echo "Enter new password:"
fi
set -e
read -rs pass
check_password_and_exit "$pass"
response=$(request users/$uid/password -X POST -d "{\"password\":\"$pass\"}")
check_response "$response"
}
apply_templates() {
oid=$1
stackid=$2
template_objects_array=$3
body="{\"orgID\":\"$oid\",\"stackID\":\"$stackid\",\"templates\":$template_objects_array}"
response=$(request templates/apply -X POST -d "$body")
check_response "$response"
}
setup_bucket() {
oid=$1
name=$2
age=$3
shardduration=$4
response=$(request "buckets?orgID=$oid&name=$name")
bucketid=$(echo "$response" | jq -r ".buckets[0].id")
if [[ -z "$bucketid" || "$bucketid" == null ]]; then
response=$(request buckets -X POST -d "{\"name\":\"$name\",\"orgID\":\"$oid\"}")
check_response "$response"
bucketid=$(echo "$response" | jq -r .id)
fi
response=$(request buckets/$bucketid -X PATCH -d "{\"name\":\"$name\",\"retentionRules\":[{\"everySeconds\":$age,\"shardGroupDurationSeconds\":$shardduration,\"type\":\"expire\"}]}")
check_response "$response"
}
lookup_org_id_with_wait() {
max_attempts=30
attempts=0
wait=10
while [[ $attempts -lt $max_attempts ]]; do
response=$(request orgs?org=Security+Onion)
oid=$(echo "$response" | jq -r ".orgs[] | select(.name == \"Security Onion\").id")
if [[ -z $oid ]]; then
attempts=$((attempts+1))
log "Server does not appear to be running or fully initialized - will try again in $wait seconds ($attempts / $max_attempts)"
sleep $wait
else
echo "$oid"
return
fi
done
log "Server has not started after $max_attempts attempts - aborting"
exit 1
}
oid=$(lookup_org_id_with_wait)
case "$OP" in
setup)
log "Ensuring organization is setup correctly"
# Load templates if at least one has been modified since the last setup
newest=$(ls -1t /opt/so/conf/influxdb/templates/ | head -1)
if [ /opt/so/conf/influxdb/templates/$newest -nt /opt/so/conf/influxdb/last_template_setup ]; then
log "Updating templates"
stackid=$(lookup_stack_id "$oid")
for file in /opt/so/conf/influxdb/templates/*; do
if [[ "$templates_array" != "" ]]; then
templates_array="$templates_array,"
fi
template=$(cat "$file")
templates_array="$templates_array{\"contents\":$template}"
done
apply_templates "$oid" "$stackid" "[$templates_array]"
echo $(date) > /opt/so/conf/influxdb/last_template_setup
else
log "Templates have not been modified since last setup"
fi
# Setup buckets and retention periods if at least one has been modified since the last setup
if [ /opt/so/conf/influxdb/buckets.json -nt /opt/so/conf/influxdb/last_bucket_setup ]; then
log "Updating buckets and retention periods"
for rp in so_short_term so_long_term; do
bucket=telegraf/$rp
log "Ensuring bucket is created and configured; bucket=$bucket"
age=$(cat /opt/so/conf/influxdb/buckets.json | jq -r .$rp.duration)
shard_duration=$(cat /opt/so/conf/influxdb/buckets.json | jq -r .$rp.shard_duration)
setup_bucket "$oid" "$bucket" "$age" "$shard_duration"
done
echo $(date) > /opt/so/conf/influxdb/last_bucket_setup
else
log "Buckets have not been modified since last setup"
fi
;;
userlist)
log "Listing existing users"
response=$(request users)
check_response "$response"
echo "$response" | jq -r '.users[] | "\(.id): \(.name) (\(.status))"'
;;
useradd)
[ $# -ne 1 ] && usage
email=$1
log "Adding new user; email=$email"
response=$(request users -X POST -d "{\"name\":\"$email\"}")
check_response "$response"
uid=$(echo "$response" | jq -r .id)
log "Adding new user to organization"
response=$(request orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}")
check_response "$response"
change_password "$uid"
;;
userpass)
[ $# -ne 1 ] && usage
email=$1
log "Updating user password; email=$email"
uid=$(lookup_user_id "$email")
change_password "$uid"
;;
userdel)
[ $# -ne 1 ] && usage
email=$1
log "Deleting user; email=$email"
uid=$(lookup_user_id "$email")
response=$(request users/$uid -X DELETE)
check_response "$response"
;;
userenable)
[ $# -ne 1 ] && usage
email=$1
log "Enabling user; email=$email"
uid=$(lookup_user_id "$email")
response=$(request users/$uid -X PATCH -d "{\"name\":\"$email\",\"status\":\"active\"}")
check_response "$response"
;;
userdisable)
[ $# -ne 1 ] && usage
email=$1
log "Disabling user; email=$email"
uid=$(lookup_user_id "$email")
response=$(request users/$uid -X PATCH -d "{\"name\":\"$email\",\"status\":\"inactive\"}")
check_response "$response"
;;
userpromote)
[ $# -ne 1 ] && usage
email=$1
log "Promoting user to admin; email=$email"
uid=$(lookup_user_id "$email")
response=$(request orgs/$oid/members/$uid -X DELETE)
response=$(request orgs/$oid/owners -X POST -d "{\"id\":\"$uid\"}")
check_response "$response"
;;
userdemote)
[ $# -ne 1 ] && usage
email=$1
log "Demoting user from admin; email=$email"
uid=$(lookup_user_id "$email")
response=$(request orgs/$oid/owners/$uid -X DELETE)
response=$(request orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}")
check_response "$response"
;;
export)
log "Exporting all organization templates"
request templates/export -X POST -d "{\"orgIDs\":[{\"orgID\":\"$oid\"}]}" -H "Content-Type: application/json"
;;
dashboardpath)
[ $# -ne 1 ] && usage
name=$1
response=$(request dashboards?limit=100&orgID=$oid)
check_response "$response"
dbid=$(echo "$response" | jq -r ".dashboards[] | select(.name == \"$name\").id")
if [[ -z "$dbid" ]]; then
log "Dashboard not found"
exit 1
fi
echo -n "/influxdb/orgs/$oid/dashboards/$dbid"
;;
*)
usage
;;
esac
salt/common/tools/sbin/so-influxdb-restart
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart influxdb $1
salt/common/tools/sbin/so-influxdb-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start influxdb $1
salt/common/tools/sbin/so-influxdb-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop influxdb $1
salt/common/tools/sbin/so-kibana-config-export
-27
View File
@@ -1,27 +0,0 @@
#!/bin/bash
#
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) %}
{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) %}
{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', '') %}
{%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
KIBANA_HOST={{ MANAGER }}
KSO_PORT=5601
OUTFILE="saved_objects.ndjson"
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://$KIBANA_HOST:$KSO_PORT/ | grep sid | awk '{print $7}')
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST -L $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE
# Clean up using PLACEHOLDER
sed -i "s/$KIBANA_HOST/PLACEHOLDER/g" $OUTFILE
# Clean up for Fleet, if applicable
# {% if FLEET_NODE or FLEET_MANAGER %}
# Fleet IP
sed -i "s/{{ MANAGER }}/FLEETPLACEHOLDER/g" $OUTFILE
# {% endif %}
salt/common/tools/sbin/so-kibana-restart
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart kibana $1
salt/common/tools/sbin/so-kibana-savedobjects-defaults
-22
View File
@@ -1,22 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
echo $banner
echo "Running kibana.so_savedobjects_defaults Salt state to restore default saved objects."
printf "This could take a while if another Salt job is running. \nRun this command with --force to stop all Salt jobs before proceeding.\n"
echo $banner
if [ "$1" = "--force" ]; then
printf "\nForce-stopping all Salt jobs before proceeding\n\n"
salt-call saltutil.kill_all_jobs
fi
salt-call state.apply kibana.so_savedobjects_defaults -linfo queue=True
salt/common/tools/sbin/so-kibana-space-defaults
-18
View File
@@ -1,18 +0,0 @@
#!/bin/bash
. /usr/sbin/so-common
{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
wait_for_web_response "http://localhost:5601/api/spaces/space/default" "default" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
## This hackery will be removed if using Elastic Auth ##
# Let's snag a cookie from Kibana
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
# Disable certain Features from showing up in the Kibana UI
echo
echo "Setting up default Space:"
{% if HIGHLANDER %}
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["enterpriseSearch"]} ' >> /opt/so/log/kibana/misc.log
{% else %}
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","siem","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","securitySolutionCases"]} ' >> /opt/so/log/kibana/misc.log
{% endif %}
echo
salt/common/tools/sbin/so-kibana-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start kibana $1
salt/common/tools/sbin/so-kibana-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop kibana $1
salt/common/tools/sbin/so-logstash-events
-17
View File
@@ -1,17 +0,0 @@
#!/bin/bash
#
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% set MAININT = salt['pillar.get']('host:mainint') -%}
{% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%}
. /usr/sbin/so-common
if [ "$1" == "" ]; then
for i in $(curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines | jq '. | to_entries | .[].key' | sed 's/\"//g'); do echo ${i^}:; curl -s localhost:9600/_node/stats | jq .pipelines.$i.events; done
else
curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines.$1.events
fi
salt/common/tools/sbin/so-logstash-get-parsed
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
docker exec -it so-redis redis-cli llen logstash:unparsed
salt/common/tools/sbin/so-logstash-get-unparsed
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
docker exec -it so-redis redis-cli llen logstash:unparsed
salt/common/tools/sbin/so-logstash-pipeline-stats
-17
View File
@@ -1,17 +0,0 @@
#!/bin/bash
#
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% set MAININT = salt['pillar.get']('host:mainint') -%}
{% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%}
. /usr/sbin/so-common
if [ "$1" == "" ]; then
curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines
else
curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines.$1
fi
salt/common/tools/sbin/so-logstash-restart
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart logstash $1
salt/common/tools/sbin/so-logstash-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start logstash $1
salt/common/tools/sbin/so-logstash-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop logstash $1
salt/common/tools/sbin/so-mysql-restart
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart mysql $1
salt/common/tools/sbin/so-mysql-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start mysql $1
salt/common/tools/sbin/so-mysql-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop mysql $1
salt/common/tools/sbin/so-nodered-restart
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart nodered $1
salt/common/tools/sbin/so-nodered-start
-13
View File
@@ -1,13 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start nodered $1
salt/common/tools/sbin/so-nodered-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop nodered $1
salt/common/tools/sbin/so-playbook-import
-14
View File
@@ -1,14 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
ENABLEPLAY=${1:-False}
docker exec so-soctopus /usr/local/bin/python -c "import playbook; print(playbook.play_import($ENABLEPLAY))"
salt/common/tools/sbin/so-playbook-reset
-22
View File
@@ -1,22 +0,0 @@
#!/bin/bash
#
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
salt-call state.apply playbook.db_init,playbook
/usr/sbin/so-soctopus-restart
salt-call state.apply playbook,playbook.automation_user_create
/usr/sbin/so-soctopus-restart
echo "Importing Plays - NOTE: this will continue after installation finishes and could take an hour or more. Rebooting while the import is in progress will delay playbook imports."
sleep 5
so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 &
salt/common/tools/sbin/so-playbook-restart
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart playbook $1
salt/common/tools/sbin/so-playbook-ruleupdate
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
docker exec so-soctopus python3 playbook_bulk-update.py
salt/common/tools/sbin/so-playbook-sigma-refresh
-29
View File
@@ -1,29 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
if ! [ -f /opt/so/state/playbook_regen_plays ] || [ "$1" = "--force" ]; then
echo "Refreshing Sigma & regenerating plays... "
# Regenerate ElastAlert & update Plays
docker exec so-soctopus python3 playbook_play-update.py
# Delete current Elastalert Rules
rm /opt/so/rules/elastalert/playbook/*.yaml
# Regenerate Elastalert Rules
so-playbook-sync
# Create state file
touch /opt/so/state/playbook_regen_plays
else
printf "\nState file found, exiting...\nRerun with --force to override.\n"
fi
salt/common/tools/sbin/so-playbook-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start playbook $1
salt/common/tools/sbin/so-playbook-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop playbook $1
salt/common/tools/sbin/so-playbook-sync
-16
View File
@@ -1,16 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
# Check to see if we are already running
NUM_RUNNING=$(pgrep -cf "/bin/bash /usr/sbin/so-playbook-sync")
[ "$NUM_RUNNING" -gt 1 ] && echo "$(date) - $NUM_RUNNING Playbook sync processes running...exiting." && exit 0
docker exec so-soctopus python3 playbook_play-sync.py
salt/common/tools/sbin/so-redis-count
-10
View File
@@ -1,10 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{%- set REDIS_PASS = salt['pillar.get']('redis:config:requirepass', '0') %}
. /usr/sbin/so-common
docker exec so-redis /bin/sh -c "export REDISCLI_AUTH={{ REDIS_PASS }} && redis-cli llen logstash:unparsed"
salt/common/tools/sbin/so-redis-restart
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart redis $1
salt/common/tools/sbin/so-redis-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start redis $1
salt/common/tools/sbin/so-redis-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop redis $1
salt/common/tools/sbin/so-soc-restart
-14
View File
@@ -1,14 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
rm -f /opt/so/conf/soc/salt/pipe
pkill salt-relay.sh
/usr/sbin/so-restart soc $1
salt/common/tools/sbin/so-soc-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start soc $1
salt/common/tools/sbin/so-soc-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop soc $1
salt/common/tools/sbin/so-strelka-restart
-18
View File
@@ -1,18 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop strelka-filestream $1
/usr/sbin/so-stop strelka-manager $1
/usr/sbin/so-stop strelka-frontend $1
/usr/sbin/so-stop strelka-backend $1
/usr/sbin/so-stop strelka-gatekeeper $1
/usr/sbin/so-stop strelka-coordinator $1
/usr/sbin/so-start strelka $1
salt/common/tools/sbin/so-strelka-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start strelka $1
salt/common/tools/sbin/so-strelka-stop
-17
View File
@@ -1,17 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop strelka-filestream $1
/usr/sbin/so-stop strelka-manager $1
/usr/sbin/so-stop strelka-frontend $1
/usr/sbin/so-stop strelka-backend $1
/usr/sbin/so-stop strelka-gatekeeper $1
/usr/sbin/so-stop strelka-coordinator $1
salt/common/tools/sbin/so-telegraf-restart
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart telegraf $1
salt/common/tools/sbin/so-telegraf-start
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start telegraf $1
salt/common/tools/sbin/so-telegraf-stop
-12
View File
@@ -1,12 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop telegraf $1