Merge pull request #522 from Security-Onion-Solutions/bugfix/fleet-ingest

Fleet pipeline fixes

pillar/firewall/fleet_nodes.sls

@@ -1,3 +0,0 @@
-fleet_nodes:
-  - 127.0.0.1
-  

salt/firewall/init.sls

@@ -8,6 +8,8 @@
 {%- elif grains['role'] == 'so-fleet' %}
 {%- set ip = salt['pillar.get']('node:mainip', '') %}
 {%- endif %}
+{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
+{%- set FLEET_NODE_IP = salt['pillar.get']('static:fleet_ip') %}
 
 # Quick Fix for Docker being difficult
 iptables_fix_docker:
@@ -424,6 +426,22 @@ enable_forwardnode_sensoroni_9822_{{ip}}:
 
 {% endfor %}
 
+# Allow Fleet Node to send its beats traffic
+{% if FLEET_NODE %}
+
+enable_fleetnode_beats_5644_{{FLEET_NODE_IP}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ FLEET_NODE_IP }}
+    - dport: 5644
+    - position: 1
+    - save: True
+
+{% endif %}
+
 {% for ip in pillar.get('search_nodes')  %}
 
 enable_searchnode_redis_6379_{{ip}}:

salt/fleet/event_gen-packages.sls

@@ -1,4 +1,4 @@
-{% set ENROLLSECRET = salt['pillar.get']('auth:fleet_enroll-secret') %}
+{% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
 
 so/fleet:
   event.send:

salt/fleet/files/dedicated-index.html

@@ -86,40 +86,9 @@ a {
 			<p>
                 <div style="text-align: center;">
                     <h1>Security Onion - Dedicated Fleet Node</h1>
-					<h2>Osquery Packages</h2>
 				</div>
 				<br/>
-				<h2>Notes</h2>
-				<ul>
-					<li>These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from <a href="https://osquery.io/downloads">osquery.io</a></li>
-					<li>Packages are not signed.</li>
-				</ul>
 				<br/>
-				<h2>Downloads</h2>
-				<div>
-					Generated: {{ PACKAGESTS }}
-					<br/>
-					<br/>
-					Packages:
-					<ul>
-						<li><a href="/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
-						<li><a href="/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
-                        <li><a href="/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
-                        <li><a href="/launcher.pkg" download="pkg-launcher.pkg">PKG (MacOS)</a></li>
-					</ul>
-					<br/>
-					<br/>
-					Config Files:
-					<ul>
-						<li><a href="/launcher.flags" download="launcher.flags.txt">RPM & DEB Flag File</a></li>
-						<li><a href="/launcher-msi.flags" download="launcher-msi.flags.txt">MSI Flag File</a></li>
-					</ul>
-				</div>
-				<br/>
-				<h2>Known Issues</h2>
-				<ul>
-					<li>None</li>
-				</ul>
 			  </p>
 		  </div>
 	</div>

salt/reactor/fleet.sls

@@ -15,9 +15,9 @@ def run():
   MAINIP = data['data']['mainip']
 
   STATICFILE = '/opt/so/saltstack/pillar/static.sls'
-  AUTHFILE = '/opt/so/saltstack/pillar/auth.sls'
+  SECRETSFILE = '/opt/so/saltstack/pillar/secrets.sls'
 
-  if MINIONID.split('_')[-1] in ['master','eval','fleet']:
+  if MINIONID.split('_')[-1] in ['master','eval','fleet','mastersearch']:
     if ACTION == 'enablefleet':
       logging.info('so/fleet enablefleet reactor')
       
@@ -29,8 +29,8 @@ def run():
           line = re.sub(r'fleet_master: \S*', f"fleet_master: True", line.rstrip())
         print(line) 
 
-      # Update the enroll secret in the auth pillar
+      # Update the enroll secret in the secrets pillar
-      for line in fileinput.input(AUTHFILE, inplace=True):
+      for line in fileinput.input(SECRETSFILE, inplace=True):
         line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
         print(line)