mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
2.4 fw changes
This commit is contained in:
m0duspwnens
@@ -1,66 +0,0 @@
|
||||
firewall:
|
||||
hostgroups:
|
||||
analyst:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
beats_endpoint:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
beats_endpoint_ssl:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
elasticsearch_rest:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
elastic_agent_endpoint:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
endgame:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
fleet:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
heavy_node:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
idh:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
manager:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
node:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
receiver:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
search_node:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
sensor:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
strelka_frontend:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
syslog:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
@@ -1,23 +0,0 @@
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
firewall:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
- 0.0.0.0/0
|
||||
dockernet:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
- {{ DOCKER.sorange }}
|
||||
localhost:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
- 127.0.0.1
|
||||
self:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
- {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
|
||||
@@ -12,20 +12,16 @@
|
||||
{% set portgroups = salt['defaults.merge'](default_portgroups, local_portgroups, in_place=False) %}
|
||||
{% set defined_portgroups = portgroups %}
|
||||
|
||||
{% import_yaml 'firewall/hostgroups.yaml' as default_hostgroups %}
|
||||
{#% import_yaml 'firewall/hostgroups.local.yaml' as local_hostgroups %#}
|
||||
{% set local_hostgroups = {'firewall': {'hostgroups': {}}} %}
|
||||
|
||||
{% set hostgroup_list = salt['cp.list_master'](prefix='firewall/hostgroups') %}
|
||||
{% do hostgroup_list.remove('firewall/hostgroups.local.yaml') %}
|
||||
{% do hostgroup_list.remove('firewall/hostgroups.yaml') %}
|
||||
|
||||
{% for hg in hostgroup_list %}
|
||||
{% import_text hg as hg_ips %}
|
||||
{% do local_hostgroups.firewall.hostgroups.update({hg.split('/')[2]: {'ips': {'insert': hg_ips.split(), 'delete': []}}}) %}
|
||||
{% endfor %}
|
||||
|
||||
{% set hostgroups = salt['defaults.merge'](default_hostgroups.firewall.hostgroups, local_hostgroups.firewall.hostgroups, in_place=False) %}
|
||||
{% set hostgroups = local_hostgroups.firewall.hostgroups %}
|
||||
|
||||
{# This block translate the portgroups defined in the pillar to what is defined my portgroups.yaml and portgroups.local.yaml #}
|
||||
{% if salt['pillar.get']('firewall:assigned_hostgroups:chain') %}
|
||||
|
||||
@@ -1,552 +0,0 @@
|
||||
role:
|
||||
eval:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- playbook
|
||||
- mysql
|
||||
- kibana
|
||||
- redis
|
||||
- minio
|
||||
- influxdb
|
||||
- cortex
|
||||
- elasticsearch_rest
|
||||
- elasticsearch_node
|
||||
- cortex_es_rest
|
||||
- cortex_es_node
|
||||
minion:
|
||||
portgroups:
|
||||
- acng
|
||||
- docker_registry
|
||||
- influxdb
|
||||
- sensoroni
|
||||
sensor:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
- beats_5644
|
||||
search_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- minio
|
||||
- elasticsearch_node
|
||||
heavy_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- minio
|
||||
- elasticsearch_node
|
||||
self:
|
||||
portgroups:
|
||||
- syslog
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- beats_5644
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- elasticsearch_rest
|
||||
elastic_agent_endpoint:
|
||||
portgroups:
|
||||
- elastic_agent_control
|
||||
- elastic_agent_data
|
||||
strelka_frontend:
|
||||
portgroups:
|
||||
- strelka_frontend
|
||||
syslog:
|
||||
portgroups:
|
||||
- syslog
|
||||
analyst:
|
||||
portgroups:
|
||||
- nginx
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
minion:
|
||||
portgroups:
|
||||
- salt_manager
|
||||
manager:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- playbook
|
||||
- mysql
|
||||
- kibana
|
||||
- redis
|
||||
- minio
|
||||
- influxdb
|
||||
- cortex
|
||||
- elasticsearch_rest
|
||||
- elasticsearch_node
|
||||
- cortex_es_rest
|
||||
- cortex_es_node
|
||||
minion:
|
||||
portgroups:
|
||||
- acng
|
||||
- docker_registry
|
||||
- influxdb
|
||||
- sensoroni
|
||||
- yum
|
||||
sensor:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
- beats_5644
|
||||
search_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- minio
|
||||
- elasticsearch_node
|
||||
- beats_5644
|
||||
heavy_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- minio
|
||||
- elasticsearch_node
|
||||
- beats_5644
|
||||
self:
|
||||
portgroups:
|
||||
- syslog
|
||||
syslog:
|
||||
portgroups:
|
||||
- syslog
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- beats_5644
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- elasticsearch_rest
|
||||
endgame:
|
||||
portgroups:
|
||||
- endgame
|
||||
analyst:
|
||||
portgroups:
|
||||
- nginx
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
minion:
|
||||
portgroups:
|
||||
- salt_manager
|
||||
managersearch:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- playbook
|
||||
- mysql
|
||||
- kibana
|
||||
- redis
|
||||
- minio
|
||||
- influxdb
|
||||
- cortex
|
||||
- elasticsearch_rest
|
||||
- elasticsearch_node
|
||||
- cortex_es_rest
|
||||
- cortex_es_node
|
||||
minion:
|
||||
portgroups:
|
||||
- acng
|
||||
- docker_registry
|
||||
- influxdb
|
||||
- sensoroni
|
||||
- yum
|
||||
sensor:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
- beats_5644
|
||||
search_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- minio
|
||||
- elasticsearch_node
|
||||
heavy_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- minio
|
||||
- elasticsearch_node
|
||||
self:
|
||||
portgroups:
|
||||
- syslog}}
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- beats_5644
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- elasticsearch_rest
|
||||
elastic_agent_endpoint:
|
||||
portgroups:
|
||||
- elastic_agent_control
|
||||
- elastic_agent_data
|
||||
endgame:
|
||||
portgroups:
|
||||
- endgame
|
||||
syslog:
|
||||
portgroups:
|
||||
- syslog
|
||||
analyst:
|
||||
portgroups:
|
||||
- nginx
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
minion:
|
||||
portgroups:
|
||||
- salt_manager
|
||||
standalone:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- playbook
|
||||
- mysql
|
||||
- kibana
|
||||
- redis
|
||||
- minio
|
||||
- influxdb
|
||||
- cortex
|
||||
- elasticsearch_rest
|
||||
- elasticsearch_node
|
||||
- cortex_es_rest
|
||||
- cortex_es_node
|
||||
minion:
|
||||
portgroups:
|
||||
- acng
|
||||
- docker_registry
|
||||
- influxdb
|
||||
- sensoroni
|
||||
- yum
|
||||
sensor:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
- beats_5644
|
||||
search_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- minio
|
||||
- elasticsearch_node
|
||||
heavy_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- minio
|
||||
- elasticsearch_node
|
||||
self:
|
||||
portgroups:
|
||||
- syslog}}
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- beats_5644
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- elasticsearch_rest
|
||||
elastic_agent_endpoint:
|
||||
portgroups:
|
||||
- elastic_agent_control
|
||||
- elastic_agent_data
|
||||
endgame:
|
||||
portgroups:
|
||||
- endgame
|
||||
strelka_frontend:
|
||||
portgroups:
|
||||
- strelka_frontend
|
||||
syslog:
|
||||
portgroups:
|
||||
- syslog
|
||||
analyst:
|
||||
portgroups:
|
||||
- nginx
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
minion:
|
||||
portgroups:
|
||||
- salt_manager
|
||||
helixsensor:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- playbook
|
||||
- mysql
|
||||
- kibana
|
||||
- redis
|
||||
- influxdb
|
||||
- cortex
|
||||
- elasticsearch_rest
|
||||
- elasticsearch_node
|
||||
- cortex_es_rest
|
||||
- cortex_es_node
|
||||
minion:
|
||||
portgroups:
|
||||
- acng
|
||||
- docker_registry
|
||||
- influxdb
|
||||
- sensoroni
|
||||
sensor:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
- beats_5644
|
||||
search_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- elasticsearch_node
|
||||
self:
|
||||
portgroups:
|
||||
- syslog}}
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
analyst:
|
||||
portgroups:
|
||||
- nginx
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
minion:
|
||||
portgroups:
|
||||
- salt_manager
|
||||
searchnode:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- elasticsearch_node
|
||||
- elasticsearch_rest
|
||||
dockernet:
|
||||
portgroups:
|
||||
- elasticsearch_node
|
||||
- elasticsearch_rest
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- elasticsearch_rest
|
||||
search_node:
|
||||
portgroups:
|
||||
- elasticsearch_node
|
||||
self:
|
||||
portgroups:
|
||||
- syslog
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
sensor:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
self:
|
||||
portgroups:
|
||||
- syslog
|
||||
strelka_frontend:
|
||||
portgroups:
|
||||
- strelka_frontend
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
heavynode:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- elasticsearch_node
|
||||
- elasticsearch_rest
|
||||
dockernet:
|
||||
portgroups:
|
||||
- elasticsearch_node
|
||||
- elasticsearch_rest
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- elasticsearch_rest
|
||||
self:
|
||||
portgroups:
|
||||
- syslog
|
||||
strelka_frontend:
|
||||
portgroups:
|
||||
- strelka_frontend
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
import:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- kibana
|
||||
- redis
|
||||
- influxdb
|
||||
- elasticsearch_rest
|
||||
- elasticsearch_node
|
||||
minion:
|
||||
portgroups:
|
||||
- docker_registry
|
||||
- sensoroni
|
||||
sensor:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
- beats_5644
|
||||
search_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- elasticsearch_node
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- beats_5644
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- elasticsearch_rest
|
||||
analyst:
|
||||
portgroups:
|
||||
- nginx
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
minion:
|
||||
portgroups:
|
||||
- salt_manager
|
||||
|
||||
receiver:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
sensor:
|
||||
portgroups:
|
||||
- beats_5644
|
||||
search_node:
|
||||
portgroups:
|
||||
- redis
|
||||
- beats_5644
|
||||
self:
|
||||
portgroups:
|
||||
- redis
|
||||
- syslog
|
||||
- beats_5644
|
||||
syslog:
|
||||
portgroups:
|
||||
- syslog
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- beats_5044
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- beats_5644
|
||||
endgame:
|
||||
portgroups:
|
||||
- endgame
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
idh:
|
||||
chain:
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- ssh
|
||||
dockernet:
|
||||
portgroups:
|
||||
- all
|
||||
localhost:
|
||||
portgroups:
|
||||
- all
|
||||
manager:
|
||||
portgroups:
|
||||
- ssh
|
||||
Reference in New Issue
Block a user