Move files out of common

2025-12-20 07:53:06 +01:00 · 2023-05-01 15:21:31 -04:00
parent 102906f5dd
commit 2d4f4791e0
81 changed files with 272 additions and 37 deletions
--- a/salt/playbook/tools/sbin/so-playbook-import
+++ b/salt/playbook/tools/sbin/so-playbook-import
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+ENABLEPLAY=${1:-False}
+
+docker exec so-soctopus /usr/local/bin/python -c "import playbook; print(playbook.play_import($ENABLEPLAY))"
--- a/salt/playbook/tools/sbin/so-playbook-reset
+++ b/salt/playbook/tools/sbin/so-playbook-reset
@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+salt-call state.apply playbook.db_init,playbook
+
+/usr/sbin/so-soctopus-restart
+
+salt-call state.apply playbook,playbook.automation_user_create
+
+/usr/sbin/so-soctopus-restart
+
+echo "Importing Plays - NOTE: this will continue after installation finishes and could take an hour or more. Rebooting while the import is in progress will delay playbook imports."
+sleep 5
+so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 &
--- a/salt/playbook/tools/sbin/so-playbook-restart
+++ b/salt/playbook/tools/sbin/so-playbook-restart
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-restart playbook $1
--- a/salt/playbook/tools/sbin/so-playbook-ruleupdate
+++ b/salt/playbook/tools/sbin/so-playbook-ruleupdate
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+docker exec so-soctopus python3 playbook_bulk-update.py
--- a/salt/playbook/tools/sbin/so-playbook-sigma-refresh
+++ b/salt/playbook/tools/sbin/so-playbook-sigma-refresh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+if ! [ -f /opt/so/state/playbook_regen_plays ] || [ "$1" = "--force" ]; then
+
+    echo "Refreshing Sigma & regenerating plays... "
+
+    # Regenerate ElastAlert & update Plays
+    docker exec so-soctopus python3 playbook_play-update.py
+
+    # Delete current Elastalert Rules
+    rm /opt/so/rules/elastalert/playbook/*.yaml
+
+    # Regenerate Elastalert Rules
+    so-playbook-sync
+    
+    # Create state file
+    touch /opt/so/state/playbook_regen_plays
+else
+  printf "\nState file found, exiting...\nRerun with --force to override.\n"
+fi
--- a/salt/playbook/tools/sbin/so-playbook-start
+++ b/salt/playbook/tools/sbin/so-playbook-start
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-start playbook $1
--- a/salt/playbook/tools/sbin/so-playbook-stop
+++ b/salt/playbook/tools/sbin/so-playbook-stop
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-stop playbook $1
--- a/salt/playbook/tools/sbin/so-playbook-sync
+++ b/salt/playbook/tools/sbin/so-playbook-sync
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
+
+. /usr/sbin/so-common
+
+# Check to see if we are already running
+NUM_RUNNING=$(pgrep -cf "/bin/bash /usr/sbin/so-playbook-sync")
+[ "$NUM_RUNNING" -gt 1 ] && echo "$(date) - $NUM_RUNNING Playbook sync processes running...exiting." && exit 0
+
+docker exec so-soctopus python3 playbook_play-sync.py