Merge branch '2.4/firewall' of https://github.com/Security-Onion-Solutions/securityonion into 2.4/firewall

salt/common/files/vimrc

@@ -3,4 +3,3 @@ filetype plugin indent on
 
 " Sets .sls files to use YAML syntax highlighting
 autocmd BufNewFile,BufRead *.sls set syntax=yaml
-set number

salt/common/tools/sbin/so-minion

@@ -206,7 +206,7 @@ function createSTANDALONE() {
 }
 
 function testConnection() {
-	retry 5 10 "salt '$MINION_ID' test.ping" 0
+	retry 15 3 "salt '$MINION_ID' test.ping" True
 	local ret=$?
 	if [[ $ret != 0 ]]; then
 		echo "The Minion has been accepted but is not online. Try again later"
@@ -230,9 +230,7 @@ if [[ "$OPERATION" = 'add' || "$OPERATION" = 'setup' ]]; then
 	if [ $OPERATION != 'setup' ]; then
 		# Accept the salt key
 		acceptminion
-		# Let the keys echange
-		sleep 3
-		# Need logic here to try and salt ping.. If it doesn't work need to do something
+		# Test to see if the minion was accepted
 		testConnection
 		# Pull the info from the file to build what is needed
 		getinstallinfo

salt/elastalert/init.sls

@@ -5,6 +5,7 @@
 {% if sls in allowed_states %}
 
 {% from 'vars/globals.map.jinja' import GLOBALS %}
+{% from 'docker/docker.map.jinja' import DOCKER %}
 {% from 'elastalert/elastalert_config.map.jinja' import ELASTALERT as elastalert_config with context %}
 
 # Create the group
@@ -86,6 +87,9 @@ so-elastalert:
     - hostname: elastalert
     - name: so-elastalert
     - user: so-elastalert
+    - networks:
+      - sosbridge:
+        - ipv4_address: {{ DOCKER.containers['so-elastalert'].ip }}
     - detach: True
     - binds:
       - /opt/so/rules/elastalert:/opt/elastalert/rules/:ro

salt/filebeat/defaults.yaml

@@ -27,6 +27,7 @@ filebeat:
     - smtp
     - snmp
     - socks
+    - software
     - ssh
     - ssl
     - tunnel