CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-14 04:01:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

heavynode

Browse Source
This commit is contained in:
m0duspwnens
2020-01-28 18:58:26 -05:00
parent 97c0b0ddd1
commit 306cc1127b
18 changed files with 337 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
salt/firewall/init.sls
View File

@@ -1,7 +1,7 @@
# Firewall Magic for the grid
{%- if grains['role'] in ['so-eval','so-master','so-helix','so-mastersearch'] %}
{%- set ip = salt['pillar.get']('static:masterip', '') %}
{%- elif grains['role'] == 'so-node' %}
{%- elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
{%- set ip = salt['pillar.get']('node:mainip', '') %}
{%- elif grains['role'] == 'so-sensor' %}
{%- set ip = salt['pillar.get']('sensor:mainip', '') %}
@@ -584,7 +584,7 @@ enable_standard_analyst_443_{{ip}}:
{% endif %}
# Rules if you are a Node
{% if grains['role'] == 'so-node' %}
{% if 'node' in grains['role'] %}
#This should be more granular
iptables_allow_docker:
@@ -655,3 +655,39 @@ iptables_drop_all_the_things:
- chain: LOGGING
- jump: DROP
- save: True
{% if grains['role'] == 'so-heavynode' %}
# Allow Redis
enable_heavynode_redis_6379_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 6379
- position: 1
- save: True
enable_forwardnode_beats_5044_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 5044
- position: 1
- save: True
enable_forwardnode_beats_5644_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 5644
- position: 1
- save: True
{% endif %}