CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove old modules

Browse Source
This commit is contained in:
Mike Reeves
2021-05-26 10:11:47 -04:00
parent 525d4325c7
commit 34d4eedf67
8 changed files with 12 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/common/tools/sbin/so-filebeat-module-setup
View File

@@ -49,6 +49,12 @@ if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
fi
echo "Setting up ingest pipeline(s)"
docker exec -it so-filebeat filebeat setup modules -pipelines -modules activemq,apache,auditd,aws,azure,barracuda,bluecoat,cef,checkpoint,cisco,coredns,crowdstrike,cyberark,cylance,elasticsearch,envoyproxy,f5,fortinet,gcp,google_workspace,googlecloud,gsuite,haproxy,ibmmq,icinga,iis,imperva,infoblox,iptables,juniper,kafka,kibana,logstash,microsoft,misp,mondogb,mssql,mysql,mysqlenterprise,nats,netflow,netscout,nginx,o365,okta,osquery,panw,pensando,postgresql,rabbitmq,radware,redis,santa,snort,snyk,sonicwall,sophos,squid,suricata,system,threatintel,tomcat,traefik,zeek,zoom,zscaler -c $FB_MODULE_YML
for MODULE in activemq apache auditd aws azure barracuda bluecoat cef checkpoint cisco coredns crowdstrike cyberark cylance elasticsearch envoyproxy f5 fortinet gcp google_workspace googlecloud gsuite haproxy ibmmq icinga iis imperva infoblox iptables juniper kafka kibana logstash microsoft misp mongodb mssql mysql nats netscout nginx o365 okta osquery panw postgresql rabbitmq radware redis santa snort snyk sonicwall sophos squid suricata system tomcat traefik zeek zscaler
do
echo "Loading $MODULE"
docker exec -it so-filebeat filebeat setup modules -pipelines -modules $MODULE -c $FB_MODULE_YML
sleep 2
done

6
salt/common/tools/sbin/so-zeek-logs
View File

@@ -14,7 +14,6 @@ whiptail_manager_adv_service_zeeklogs() {
"conn" "Connection Logging" ON \
"dce_rpc" "RPC Logs" ON \
"dhcp" "DHCP Logs" ON \
"dhcpv6" "DHCP IPv6 Logs" ON \
"dnp3" "DNP3 Logs" ON \
"dns" "DNS Logs" ON \
"dpd" "DPD Logs" ON \
@@ -25,25 +24,20 @@ whiptail_manager_adv_service_zeeklogs() {
"irc" "IRC Chat Logs" ON \
"kerberos" "Kerberos Logs" ON \
"modbus" "MODBUS Logs" ON \
"mqtt" "MQTT Logs" ON \
"notice" "Zeek Notice Logs" ON \
"ntlm" "NTLM Logs" ON \
"openvpn" "OPENVPN Logs" ON \
"pe" "PE Logs" ON \
"radius" "Radius Logs" ON \
"rfb" "RFB Logs" ON \
"rdp" "RDP Logs" ON \
"signatures" "Signatures Logs" ON \
"sip" "SIP Logs" ON \
"smb_files" "SMB Files Logs" ON \
"smb_mapping" "SMB Mapping Logs" ON \
"smtp" "SMTP Logs" ON \
"snmp" "SNMP Logs" ON \
"software" "Software Logs" ON \
"ssh" "SSH Logs" ON \
"ssl" "SSL Logs" ON \
"syslog" "Syslog Logs" ON \
"telnet" "Telnet Logs" ON \
"tunnel" "Tunnel Logs" ON \
"weird" "Zeek Weird Logs" ON \
"mysql" "MySQL Logs" ON \

2
salt/filebeat/etc/module_config.yml.jinja
View File

@@ -3,7 +3,7 @@
- module: {{ module }}
{%- for fileset in MODULES.modules[module] %}
{{ fileset }}:
enabled: {{ MODULES.modules[module][fileset].enabled }}
enabled: {{ MODULES.modules[module][fileset].enabled|string|lower }}
{#- only manage the settings if the fileset is enabled #}
{%- if MODULES.modules[module][fileset].enabled %}
{%- for var, value in MODULES.modules[module][fileset].items() %}

2
salt/filebeat/securityoniondefaults.yaml
View File

@@ -21,6 +21,8 @@ securityonion_filebeat:
log:
enabled: true
var.paths: ["/logs/redis.log"]
slowlog:
enabled: false
suricata:
eve:
enabled: true

17
salt/filebeat/thirdpartydefaults.yaml
View File

@@ -199,12 +199,6 @@ third_party_filebeat:
okta:
system:
enabled: false
pesando:
dfw:
enabled: false
var.input: udp
var.syslog_host: 0.0.0.0
var.syslog_port: 9001
proofpoint:
emailsecurity:
enabled: false
@@ -251,17 +245,6 @@ third_party_filebeat:
var.input: udp
var.syslog_host: 0.0.0.0
var.syslog_port: 9520
threatintel:
abuseurl:
enabled: false
abusemalware:
enabled: false
misp:
enabled: false
otx:
enabled: false
anomali:
enabled: false
tomcat:
log:
enabled: false

2
salt/zeek/init.sls
View File

@@ -183,6 +183,8 @@ so-zeek:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}
- start: {{ START }}
- privileged: True
- ulimits:
- core=0
- binds:
- /nsm/zeek/logs:/nsm/zeek/logs:rw
- /nsm/zeek/spool:/nsm/zeek/spool:rw

6
setup/so-functions
View File

@@ -2827,7 +2827,6 @@ zeek_logs_enabled() {
" - conn"\
" - dce_rpc"\
" - dhcp"\
" - dhcpv6"\
" - dnp3"\
" - dns"\
" - dpd"\
@@ -2838,25 +2837,20 @@ zeek_logs_enabled() {
" - irc"\
" - kerberos"\
" - modbus"\
" - mqtt"\
" - notice"\
" - ntlm"\
" - openvpn"\
" - pe"\
" - radius"\
" - rfb"\
" - rdp"\
" - signatures"\
" - sip"\
" - smb_files"\
" - smb_mapping"\
" - smtp"\
" - snmp"\
" - software"\
" - ssh"\
" - ssl"\
" - syslog"\
" - telnet"\
" - tunnel"\
" - weird"\
" - mysql"\

6
setup/so-whiptail
View File

@@ -1154,7 +1154,6 @@ whiptail_manager_adv_service_zeeklogs() {
"conn" "Connection Logging" ON \
"dce_rpc" "RPC Logs" ON \
"dhcp" "DHCP Logs" ON \
"dhcpv6" "DHCP IPv6 Logs" ON \
"dnp3" "DNP3 Logs" ON \
"dns" "DNS Logs" ON \
"dpd" "DPD Logs" ON \
@@ -1165,25 +1164,20 @@ whiptail_manager_adv_service_zeeklogs() {
"irc" "IRC Chat Logs" ON \
"kerberos" "Kerberos Logs" ON \
"modbus" "MODBUS Logs" ON \
"mqtt" "MQTT Logs" ON \
"notice" "Zeek Notice Logs" ON \
"ntlm" "NTLM Logs" ON \
"openvpn" "OPENVPN Logs" ON \
"pe" "PE Logs" ON \
"radius" "Radius Logs" ON \
"rfb" "RFB Logs" ON \
"rdp" "RDP Logs" ON \
"signatures" "Signatures Logs" ON \
"sip" "SIP Logs" ON \
"smb_files" "SMB Files Logs" ON \
"smb_mapping" "SMB Mapping Logs" ON \
"smtp" "SMTP Logs" ON \
"snmp" "SNMP Logs" ON \
"software" "Software Logs" ON \
"ssh" "SSH Logs" ON \
"ssl" "SSL Logs" ON \
"syslog" "Syslog Logs" ON \
"telnet" "Telnet Logs" ON \
"tunnel" "Tunnel Logs" ON \
"weird" "Zeek Weird Logs" ON \
"mysql" "MySQL Logs" ON \