From 5f7c270984649fcafbb0aa6b71936b42fd1ab3ca Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Sep 2020 10:22:12 -0400 Subject: [PATCH 1/3] only allow strelka to run on nodes that are sensors --- setup/so-setup | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index f771d7d57..028683325 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -678,8 +678,10 @@ fi fi if [[ "$STRELKA" = 1 ]]; then - set_progress_str 80 "$(print_salt_state_apply 'strelka')" - salt-call state.apply -l info strelka >> $setup_log 2>&1 + if [[ $is_sensor ]]; then + set_progress_str 80 "$(print_salt_state_apply 'strelka')" + salt-call state.apply -l info strelka >> $setup_log 2>&1 + fi if [[ $STRELKARULES == 1 ]]; then /usr/sbin/so-yara-update >> $setup_log 2>&1 fi From bb0e6864448f399dbebcc446870792544efaa4c6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Sep 2020 11:35:17 -0400 Subject: [PATCH 2/3] add elasticsearch to top for nodes missing it --- salt/top.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/top.sls b/salt/top.sls index 0e6e8d917..9c2a748c8 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -286,6 +286,7 @@ base: {%- if WAZUH != 0 %} - wazuh {%- endif %} + - elasticsearch - logstash - curator - filebeat @@ -331,6 +332,7 @@ base: {%- if WAZUH != 0 %} - wazuh {%- endif %} + - elasticsearch - logstash - redis - curator @@ -368,6 +370,7 @@ base: {%- if WAZUH != 0 %} - wazuh {%- endif %} + - elasticsearch - logstash - redis - curator From 15563f2ee6e87d793b763c886aa8992474007b2f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Sep 2020 12:28:42 -0400 Subject: [PATCH 3/3] add nginx to top for sensor --- salt/top.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/top.sls b/salt/top.sls index 9c2a748c8..04627b18f 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -62,6 +62,7 @@ base: - common - telegraf - firewall + - nginx - pcap - suricata - healthcheck