CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6039 from Security-Onion-Solutions/issue/5759

Browse Source 
Issue/5759
This commit is contained in:
Josh Patterson
2021-10-28 09:24:44 -04:00
committed by GitHub
parent 05e0f92ec5 5c5b4004e9
commit 3000c57428
3 changed files with 20 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
salt/telegraf/etc/telegraf.conf
View File

@@ -20,6 +20,9 @@
{%- set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %}
{%- set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %}
{%- set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %}
{%- set ZEEK_ENABLED = salt['pillar.get']('zeek:enabled', True) %}
{%- set MDENGINE = salt['pillar.get']('global:mdengine', 'ZEEK') %}
# Global tags can be specified here in key="value" format.
[global_tags]
@@ -740,10 +743,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
{%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
{%- endif %}
"/scripts/oldpcap.sh",
"/scripts/raid.sh",
"/scripts/beatseps.sh"
@@ -757,10 +760,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
{%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
{%- endif %}
"/scripts/oldpcap.sh",
"/scripts/eps.sh",
"/scripts/raid.sh",
@@ -776,10 +779,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
{%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
{%- endif %}
"/scripts/oldpcap.sh",
"/scripts/eps.sh",
"/scripts/raid.sh",
@@ -794,10 +797,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
{%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
{%- endif %}
"/scripts/oldpcap.sh",
"/scripts/influxdbsize.sh",
"/scripts/raid.sh",
@@ -811,10 +814,10 @@
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
{% if salt['pillar.get']('global:mdengine', 'ZEEK') == 'ZEEK' %}
{%- if MDENGINE == 'ZEEK' and ZEEK_ENABLED %}
"/scripts/zeekloss.sh",
"/scripts/zeekcaptureloss.sh",
{% endif %}
{%- endif %}
"/scripts/oldpcap.sh",
"/scripts/helixeps.sh"
]

2
salt/zeek/init.sls
View File

@@ -146,7 +146,7 @@ plcronscript:
- mode: 755
zeekpacketlosscron:
cron.present:
cron.{{ZEEKOPTIONS.pl_cron_state}}:
- name: /usr/local/bin/packetloss.sh
- user: root
- minute: '*/10'

8
salt/zeek/map.jinja
View File

@@ -1,14 +1,16 @@
{% set ZEEKOPTIONS = {} %}
{% set ENABLED = salt['pillar.get']('zeek:enabled', 'True') %}
{% set ENABLED = salt['pillar.get']('zeek:enabled', True) %}
# don't start the docker container if it is an import node or disabled via pillar
{% if grains.id.split('_')|last == 'import' or ENABLED is sameas false %}
{% if grains.id.split('_')|last == 'import' or not ENABLED %}
{% do ZEEKOPTIONS.update({'start': False}) %}
{% do ZEEKOPTIONS.update({'pl_cron_state': 'absent'}) %}
{% else %}
{% do ZEEKOPTIONS.update({'start': True}) %}
{% do ZEEKOPTIONS.update({'pl_cron_state': 'present'}) %}
{% endif %}
{% if ENABLED is sameas false %}
{% if not ENABLED %}
{% do ZEEKOPTIONS.update({'status': 'absent'}) %}
{% else %}
{% do ZEEKOPTIONS.update({'status': 'running'}) %}