Move files out of common

salt/kibana/tools/sbin/so-kibana-config-export

@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager', False) %}
+{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node', False) %}
+{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', '') %}
+{%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
+
+KIBANA_HOST={{ MANAGER }}
+KSO_PORT=5601
+OUTFILE="saved_objects.ndjson"
+
+SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://$KIBANA_HOST:$KSO_PORT/ | grep sid | awk '{print $7}')
+curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST -L $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE
+
+# Clean up using PLACEHOLDER
+sed -i "s/$KIBANA_HOST/PLACEHOLDER/g" $OUTFILE
+
+# Clean up for Fleet, if applicable
+# {% if FLEET_NODE or FLEET_MANAGER %}
+# Fleet IP
+sed -i "s/{{ MANAGER }}/FLEETPLACEHOLDER/g" $OUTFILE
+# {% endif %}

salt/kibana/tools/sbin/so-kibana-config-load

@@ -0,0 +1,111 @@
+#!/bin/bash
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{%- set ENDGAMEHOST = salt['pillar.get']('global:endgamehost', 'ENDGAMEHOST') %}
+. /usr/sbin/so-common
+
+check_file() {
+local file=$1
+if [ ! -f "$file" ]; then
+  echo "File $file does not exist."
+  exit 1
+fi
+
+}
+
+RETURN_CODE=0
+
+import() {
+  local BASENAME=$(basename $1 | cut -d'.' -f1)
+  if [ ! -f "/opt/so/state/kibana_$BASENAME.txt" ]; then
+    local file=$1
+    ndjson_file=$(echo $file | sed -e "s/\.template$//")
+    # Copy template file
+    if [ "$file" != "$ndjson_file" ]; then
+      cp "$file" "$ndjson_file"
+    fi
+
+    # SOCtopus and Manager
+    if grep -lq 'PLACEHOLDER' "$ndjson_file"; then
+      sed -i "s/PLACEHOLDER/{{ GLOBALS.url_base }}/g" "$ndjson_file"
+    fi
+
+    # Endgame
+    if grep -lq 'ENDGAMEHOST' "$ndjson_file"; then
+      sed -i "s/ENDGAMEHOST/{{ ENDGAMEHOST }}/g" "$ndjson_file"
+    fi
+
+    wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
+    RETURN_CODE=$?
+
+    SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
+
+    # Load saved objects
+    RESPONSE=$(curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@"$ndjson_file")
+    echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
+
+    if [[ "$RETURN_CODE" != "1" ]]; then
+      touch /opt/so/state/kibana_$BASENAME.txt
+    fi
+  else
+    exit $RETURN_CODE
+  fi
+}
+
+update() {
+  local BASENAME=$(basename $1 | cut -d'.' -f1)
+  if [ ! -f "/opt/so/state/kibana_$BASENAME.txt" ]; then
+    wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
+    RETURN_CODE=$?
+
+    IFS=$'\r\n' GLOBIGNORE='*' command eval  'LINES=($(cat $1))'
+    for i in "${LINES[@]}"; do
+      RESPONSE=$(curl -K /opt/so/conf/elasticsearch/curl.config -X PUT "localhost:5601/api/saved_objects/config/8.7.0" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
+      echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
+    done
+ 
+    if [[ "$RETURN_CODE" != "1" ]]; then
+      touch /opt/so/state/kibana_$BASENAME.txt
+    fi
+  else
+    exit $RETURN_CODE
+  fi
+}
+
+usage()
+{
+cat <<EOF
+  Security Onion Kibana Config Loader
+    Options:
+    -h                   This message
+    -i <filename>        Import saved objects
+    -u <filename>        Update saved objects
+EOF
+}
+
+while getopts "h:i:u:" OPTION
+do
+  case $OPTION in
+    h)
+      usage
+      exit 0
+      ;;
+    i)
+      FILE=${OPTARG}
+      check_file $FILE
+      import $FILE
+      ;;
+    u)
+      FILE=${OPTARG}
+      check_file $FILE
+      update $FILE
+      ;;
+    *)
+      usage
+      exit 0
+      ;;
+  esac
+done

salt/kibana/tools/sbin/so-kibana-restart

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-restart kibana $1

salt/kibana/tools/sbin/so-kibana-savedobjects-defaults

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+echo $banner
+echo "Running kibana.so_savedobjects_defaults Salt state to restore default saved objects."
+printf "This could take a while if another Salt job is running. \nRun this command with --force to stop all Salt jobs before proceeding.\n"
+echo $banner
+
+    if [ "$1" = "--force" ]; then
+        printf "\nForce-stopping all Salt jobs before proceeding\n\n"
+        salt-call saltutil.kill_all_jobs
+    fi
+
+salt-call state.apply kibana.so_savedobjects_defaults -linfo queue=True

salt/kibana/tools/sbin/so-kibana-space-defaults

@@ -0,0 +1,18 @@
+#!/bin/bash
+. /usr/sbin/so-common
+{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
+wait_for_web_response "http://localhost:5601/api/spaces/space/default" "default" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
+## This hackery will be removed if using Elastic Auth ##
+
+# Let's snag a cookie from Kibana
+SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
+
+# Disable certain Features from showing up in the Kibana UI
+echo
+echo "Setting up default Space:"
+{% if HIGHLANDER %}
+curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["enterpriseSearch"]} ' >> /opt/so/log/kibana/misc.log
+{% else %}
+curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","siem","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","securitySolutionCases"]} ' >> /opt/so/log/kibana/misc.log
+{% endif %}
+echo

salt/kibana/tools/sbin/so-kibana-start

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-start kibana $1

salt/kibana/tools/sbin/so-kibana-stop

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-stop kibana $1