mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-07 01:32:47 +01:00
Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into dev
This commit is contained in:
m0duspwnens
@@ -10,7 +10,7 @@
|
||||
|
||||
eval:
|
||||
containers:
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
{% if GRAFANA == '1' %}
|
||||
- so-influxdb
|
||||
@@ -54,7 +54,7 @@ eval:
|
||||
{% endif %}
|
||||
heavy_node:
|
||||
containers:
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
- so-redis
|
||||
- so-logstash
|
||||
@@ -69,7 +69,7 @@ heavy_node:
|
||||
{% endif %}
|
||||
helix:
|
||||
containers:
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
- so-idstools
|
||||
- so-steno
|
||||
@@ -79,14 +79,14 @@ helix:
|
||||
- so-filebeat
|
||||
hot_node:
|
||||
containers:
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
- so-logstash
|
||||
- so-elasticsearch
|
||||
- so-curator
|
||||
master_search:
|
||||
containers:
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
- so-soc
|
||||
- so-kratos
|
||||
@@ -127,7 +127,7 @@ master_search:
|
||||
master:
|
||||
containers:
|
||||
- so-dockerregistry
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
{% if GRAFANA == '1' %}
|
||||
- so-influxdb
|
||||
@@ -169,12 +169,12 @@ master:
|
||||
{% endif %}
|
||||
parser_node:
|
||||
containers:
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
- so-logstash
|
||||
search_node:
|
||||
containers:
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
- so-logstash
|
||||
- so-elasticsearch
|
||||
@@ -185,7 +185,7 @@ search_node:
|
||||
{% endif %}
|
||||
sensor:
|
||||
containers:
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
- so-steno
|
||||
- so-suricata
|
||||
@@ -196,7 +196,7 @@ sensor:
|
||||
- so-filebeat
|
||||
warm_node:
|
||||
containers:
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
- so-elasticsearch
|
||||
fleet:
|
||||
@@ -206,6 +206,6 @@ fleet:
|
||||
- so-fleet
|
||||
- so-redis
|
||||
- so-filebeat
|
||||
- so-core
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
{% endif %}
|
||||
@@ -1,8 +1,3 @@
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
|
||||
{% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
|
||||
{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
|
||||
# Add socore Group
|
||||
socoregroup:
|
||||
group.present:
|
||||
@@ -18,34 +13,15 @@ socore:
|
||||
- createhome: True
|
||||
- shell: /bin/bash
|
||||
|
||||
# Create a state directory
|
||||
|
||||
statedir:
|
||||
file.directory:
|
||||
- name: /opt/so/state
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
salttmp:
|
||||
file.directory:
|
||||
- name: /opt/so/tmp
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
# Install packages needed for the sensor
|
||||
|
||||
sensorpkgs:
|
||||
pkg.installed:
|
||||
- skip_suggestions: False
|
||||
- pkgs:
|
||||
- docker-ce
|
||||
- wget
|
||||
- jq
|
||||
{% if grains['os'] != 'CentOS' %}
|
||||
- python-docker
|
||||
- python-m2crypto
|
||||
- apache2-utils
|
||||
{% else %}
|
||||
- net-tools
|
||||
@@ -64,7 +40,6 @@ alwaysupdated:
|
||||
- skip_suggestions: True
|
||||
|
||||
# Set time to UTC
|
||||
|
||||
Etc/UTC:
|
||||
timezone.system
|
||||
|
||||
@@ -77,339 +52,3 @@ utilsyncscripts:
|
||||
- file_mode: 755
|
||||
- template: jinja
|
||||
- source: salt://common/tools/sbin
|
||||
|
||||
# Make sure Docker is running!
|
||||
docker:
|
||||
service.running:
|
||||
- enable: True
|
||||
|
||||
# Drop the correct nginx config based on role
|
||||
|
||||
nginxconfdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/nginx
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
nginxconf:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/nginx/nginx.conf
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://common/nginx/nginx.conf.{{ grains.role }}
|
||||
|
||||
nginxlogdir:
|
||||
file.directory:
|
||||
- name: /opt/so/log/nginx/
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
nginxtmp:
|
||||
file.directory:
|
||||
- name: /opt/so/tmp/nginx/tmp
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
so-core:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-core:{{ VERSION }}
|
||||
- hostname: so-core
|
||||
- user: socore
|
||||
- binds:
|
||||
- /opt/so:/opt/so:rw
|
||||
- /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- /opt/so/log/nginx/:/var/log/nginx:rw
|
||||
- /opt/so/tmp/nginx/:/var/lib/nginx:rw
|
||||
- /opt/so/tmp/nginx/:/run:rw
|
||||
- /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
|
||||
- /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
|
||||
- /opt/so/conf/fleet/packages:/opt/socore/html/packages
|
||||
- cap_add: NET_BIND_SERVICE
|
||||
- port_bindings:
|
||||
- 80:80
|
||||
- 443:443
|
||||
{%- if FLEETMASTER or FLEETNODE %}
|
||||
- 8090:8090
|
||||
{%- endif %}
|
||||
- watch:
|
||||
- file: /opt/so/conf/nginx/nginx.conf
|
||||
|
||||
# Add Telegraf to monitor all the things.
|
||||
tgraflogdir:
|
||||
file.directory:
|
||||
- name: /opt/so/log/telegraf
|
||||
- makedirs: True
|
||||
|
||||
tgrafetcdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/telegraf/etc
|
||||
- makedirs: True
|
||||
|
||||
tgrafetsdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/telegraf/scripts
|
||||
- makedirs: True
|
||||
|
||||
tgrafsyncscripts:
|
||||
file.recurse:
|
||||
- name: /opt/so/conf/telegraf/scripts
|
||||
- user: 939
|
||||
- group: 939
|
||||
- file_mode: 755
|
||||
- template: jinja
|
||||
- source: salt://common/telegraf/scripts
|
||||
|
||||
tgrafconf:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/telegraf/etc/telegraf.conf
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://common/telegraf/etc/telegraf.conf
|
||||
|
||||
so-telegraf:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }}
|
||||
- environment:
|
||||
- HOST_PROC=/host/proc
|
||||
- HOST_ETC=/host/etc
|
||||
- HOST_SYS=/host/sys
|
||||
- HOST_MOUNT_PREFIX=/host
|
||||
- network_mode: host
|
||||
- port_bindings:
|
||||
- 127.0.0.1:8094:8094
|
||||
- binds:
|
||||
- /opt/so/log/telegraf:/var/log/telegraf:rw
|
||||
- /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro
|
||||
- /var/run/utmp:/var/run/utmp:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /:/host/root:ro
|
||||
- /sys:/host/sys:ro
|
||||
- /proc:/host/proc:ro
|
||||
- /nsm:/host/nsm:ro
|
||||
- /etc:/host/etc:ro
|
||||
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-mastersearch' %}
|
||||
- /etc/pki/ca.crt:/etc/telegraf/ca.crt:ro
|
||||
{% else %}
|
||||
- /etc/ssl/certs/intca.crt:/etc/telegraf/ca.crt:ro
|
||||
{% endif %}
|
||||
- /etc/pki/influxdb.crt:/etc/telegraf/telegraf.crt:ro
|
||||
- /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
|
||||
- /opt/so/conf/telegraf/scripts:/scripts:ro
|
||||
- /opt/so/log/stenographer:/var/log/stenographer:ro
|
||||
- /opt/so/log/suricata:/var/log/suricata:ro
|
||||
- watch:
|
||||
- /opt/so/conf/telegraf/etc/telegraf.conf
|
||||
- /opt/so/conf/telegraf/scripts
|
||||
|
||||
# If its a master or eval lets install the back end for now
|
||||
{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
|
||||
|
||||
# Influx DB
|
||||
influxconfdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/influxdb/etc
|
||||
- makedirs: True
|
||||
|
||||
influxdbdir:
|
||||
file.directory:
|
||||
- name: /nsm/influxdb
|
||||
- makedirs: True
|
||||
|
||||
influxdbconf:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/influxdb/etc/influxdb.conf
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://common/influxdb/etc/influxdb.conf
|
||||
|
||||
so-influxdb:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
|
||||
- hostname: influxdb
|
||||
- environment:
|
||||
- INFLUXDB_HTTP_LOG_ENABLED=false
|
||||
- binds:
|
||||
- /opt/so/conf/influxdb/etc/influxdb.conf:/etc/influxdb/influxdb.conf:ro
|
||||
- /nsm/influxdb:/var/lib/influxdb:rw
|
||||
- /etc/pki/influxdb.crt:/etc/ssl/influxdb.crt:ro
|
||||
- /etc/pki/influxdb.key:/etc/ssl/influxdb.key:ro
|
||||
- port_bindings:
|
||||
- 0.0.0.0:8086:8086
|
||||
- watch:
|
||||
- file: /opt/so/conf/influxdb/etc/influxdb.conf
|
||||
|
||||
# Grafana all the things
|
||||
grafanadir:
|
||||
file.directory:
|
||||
- name: /nsm/grafana
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanaconfdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/etc
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashmdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/master
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashevaldir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/eval
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashfndir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashsndir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/search_nodes
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanaconf:
|
||||
file.recurse:
|
||||
- name: /opt/so/conf/grafana/etc
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://common/grafana/etc
|
||||
|
||||
{% if salt['pillar.get']('mastertab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
|
||||
{% set NODETYPE = SN.split('_')|last %}
|
||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||
dashboard-master:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://common/grafana/grafana_dashboards/master/master.json
|
||||
- defaults:
|
||||
SERVERNAME: {{ SN }}
|
||||
MANINT: {{ SNDATA.manint }}
|
||||
MONINT: {{ SNDATA.manint }}
|
||||
CPUS: {{ SNDATA.totalcpus }}
|
||||
UID: {{ SNDATA.guid }}
|
||||
ROOTFS: {{ SNDATA.rootfs }}
|
||||
NSMFS: {{ SNDATA.nsmfs }}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if salt['pillar.get']('sensorstab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
|
||||
{% set NODETYPE = SN.split('_')|last %}
|
||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||
dashboard-{{ SN }}:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://common/grafana/grafana_dashboards/sensor_nodes/sensor.json
|
||||
- defaults:
|
||||
SERVERNAME: {{ SN }}
|
||||
MONINT: {{ SNDATA.monint }}
|
||||
MANINT: {{ SNDATA.manint }}
|
||||
CPUS: {{ SNDATA.totalcpus }}
|
||||
UID: {{ SNDATA.guid }}
|
||||
ROOTFS: {{ SNDATA.rootfs }}
|
||||
NSMFS: {{ SNDATA.nsmfs }}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if salt['pillar.get']('nodestab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
|
||||
{% set NODETYPE = SN.split('_')|last %}
|
||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||
dashboardsearch-{{ SN }}:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://common/grafana/grafana_dashboards/search_nodes/searchnode.json
|
||||
- defaults:
|
||||
SERVERNAME: {{ SN }}
|
||||
MANINT: {{ SNDATA.manint }}
|
||||
MONINT: {{ SNDATA.manint }}
|
||||
CPUS: {{ SNDATA.totalcpus }}
|
||||
UID: {{ SNDATA.guid }}
|
||||
ROOTFS: {{ SNDATA.rootfs }}
|
||||
NSMFS: {{ SNDATA.nsmfs }}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if salt['pillar.get']('evaltab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
|
||||
{% set NODETYPE = SN.split('_')|last %}
|
||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||
dashboard-{{ SN }}:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://common/grafana/grafana_dashboards/eval/eval.json
|
||||
- defaults:
|
||||
SERVERNAME: {{ SN }}
|
||||
MANINT: {{ SNDATA.manint }}
|
||||
MONINT: {{ SNDATA.monint }}
|
||||
CPUS: {{ SNDATA.totalcpus }}
|
||||
UID: {{ SNDATA.guid }}
|
||||
ROOTFS: {{ SNDATA.rootfs }}
|
||||
NSMFS: {{ SNDATA.nsmfs }}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
so-grafana:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
|
||||
- hostname: grafana
|
||||
- user: socore
|
||||
- binds:
|
||||
- /nsm/grafana:/var/lib/grafana:rw
|
||||
- /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro
|
||||
- /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw
|
||||
- /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw
|
||||
- /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw
|
||||
- environment:
|
||||
- GF_SECURITY_ADMIN_PASSWORD=augusta
|
||||
- port_bindings:
|
||||
- 0.0.0.0:3000:3000
|
||||
- watch:
|
||||
- file: /opt/so/conf/grafana/*
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
MASTER=MASTER
|
||||
VERSION="HH1.1.4"
|
||||
TRUSTED_CONTAINERS=( \
|
||||
"so-core:$VERSION" \
|
||||
"so-nginx:$VERSION" \
|
||||
"so-thehive-cortex:$VERSION" \
|
||||
"so-curator:$VERSION" \
|
||||
"so-domainstats:$VERSION" \
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %}
|
||||
# Curator
|
||||
|
||||
8
salt/docker/init.sls
Normal file
8
salt/docker/init.sls
Normal file
@@ -0,0 +1,8 @@
|
||||
installdocker:
|
||||
pkg.installed:
|
||||
- name: docker-ce
|
||||
|
||||
# Make sure Docker is running!
|
||||
docker:
|
||||
service.running:
|
||||
- enable: True
|
||||
@@ -12,7 +12,7 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% if grains['role'] == 'so-master' %}
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
|
||||
{% if FEATURES %}
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MASTERIP = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
|
||||
|
||||
@@ -41,7 +41,7 @@ sleep 120
|
||||
echo "Installing launcher via salt..."
|
||||
salt-call state.apply fleet.install_package queue=True >> /root/fleet-setup.log
|
||||
salt-call state.apply filebeat queue=True >> /root/fleet-setup.log
|
||||
docker stop so-core
|
||||
docker stop so-nginx
|
||||
salt-call state.apply common queue=True >> /root/fleet-setup.log
|
||||
|
||||
echo "Fleet Setup Complete - Login here: https://{{ MAIN_HOSTNAME }}"
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
|
||||
{%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
|
||||
{%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MAINIP = salt['pillar.get']('node:mainip') %}
|
||||
{% set FLEETARCH = salt['grains.get']('role') %}
|
||||
|
||||
175
salt/grafana/init.sls
Normal file
175
salt/grafana/init.sls
Normal file
@@ -0,0 +1,175 @@
|
||||
{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
|
||||
{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
|
||||
|
||||
# Grafana all the things
|
||||
grafanadir:
|
||||
file.directory:
|
||||
- name: /nsm/grafana
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanaconfdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/etc
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashmdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/master
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashevaldir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/eval
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashfndir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashsndir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/search_nodes
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanaconf:
|
||||
file.recurse:
|
||||
- name: /opt/so/conf/grafana/etc
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://grafana/etc
|
||||
|
||||
{% if salt['pillar.get']('mastertab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
|
||||
{% set NODETYPE = SN.split('_')|last %}
|
||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||
dashboard-master:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://grafana/dashboards/master/master.json
|
||||
- defaults:
|
||||
SERVERNAME: {{ SN }}
|
||||
MANINT: {{ SNDATA.manint }}
|
||||
MONINT: {{ SNDATA.manint }}
|
||||
CPUS: {{ SNDATA.totalcpus }}
|
||||
UID: {{ SNDATA.guid }}
|
||||
ROOTFS: {{ SNDATA.rootfs }}
|
||||
NSMFS: {{ SNDATA.nsmfs }}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if salt['pillar.get']('sensorstab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
|
||||
{% set NODETYPE = SN.split('_')|last %}
|
||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||
dashboard-{{ SN }}:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://grafana/dashboards/sensor_nodes/sensor.json
|
||||
- defaults:
|
||||
SERVERNAME: {{ SN }}
|
||||
MONINT: {{ SNDATA.monint }}
|
||||
MANINT: {{ SNDATA.manint }}
|
||||
CPUS: {{ SNDATA.totalcpus }}
|
||||
UID: {{ SNDATA.guid }}
|
||||
ROOTFS: {{ SNDATA.rootfs }}
|
||||
NSMFS: {{ SNDATA.nsmfs }}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if salt['pillar.get']('nodestab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
|
||||
{% set NODETYPE = SN.split('_')|last %}
|
||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||
dashboardsearch-{{ SN }}:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://grafana/dashboards/search_nodes/searchnode.json
|
||||
- defaults:
|
||||
SERVERNAME: {{ SN }}
|
||||
MANINT: {{ SNDATA.manint }}
|
||||
MONINT: {{ SNDATA.manint }}
|
||||
CPUS: {{ SNDATA.totalcpus }}
|
||||
UID: {{ SNDATA.guid }}
|
||||
ROOTFS: {{ SNDATA.rootfs }}
|
||||
NSMFS: {{ SNDATA.nsmfs }}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if salt['pillar.get']('evaltab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
|
||||
{% set NODETYPE = SN.split('_')|last %}
|
||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||
dashboard-{{ SN }}:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://grafana/dashboards/eval/eval.json
|
||||
- defaults:
|
||||
SERVERNAME: {{ SN }}
|
||||
MANINT: {{ SNDATA.manint }}
|
||||
MONINT: {{ SNDATA.monint }}
|
||||
CPUS: {{ SNDATA.totalcpus }}
|
||||
UID: {{ SNDATA.guid }}
|
||||
ROOTFS: {{ SNDATA.rootfs }}
|
||||
NSMFS: {{ SNDATA.nsmfs }}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
so-grafana:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
|
||||
- hostname: grafana
|
||||
- user: socore
|
||||
- binds:
|
||||
- /nsm/grafana:/var/lib/grafana:rw
|
||||
- /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro
|
||||
- /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw
|
||||
- /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw
|
||||
- /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw
|
||||
- environment:
|
||||
- GF_SECURITY_ADMIN_PASSWORD=augusta
|
||||
- port_bindings:
|
||||
- 0.0.0.0:3000:3000
|
||||
- watch:
|
||||
- file: /opt/so/conf/grafana/*
|
||||
|
||||
{% endif %}
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
hiveconfdir:
|
||||
file.directory:
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
# IDSTools Setup
|
||||
idstoolsdir:
|
||||
|
||||
43
salt/influxdb/init.sls
Normal file
43
salt/influxdb/init.sls
Normal file
@@ -0,0 +1,43 @@
|
||||
{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
|
||||
|
||||
{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
|
||||
|
||||
# Influx DB
|
||||
influxconfdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/influxdb/etc
|
||||
- makedirs: True
|
||||
|
||||
influxdbdir:
|
||||
file.directory:
|
||||
- name: /nsm/influxdb
|
||||
- makedirs: True
|
||||
|
||||
influxdbconf:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/influxdb/etc/influxdb.conf
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://influxdb/etc/influxdb.conf
|
||||
|
||||
so-influxdb:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
|
||||
- hostname: influxdb
|
||||
- environment:
|
||||
- INFLUXDB_HTTP_LOG_ENABLED=false
|
||||
- binds:
|
||||
- /opt/so/conf/influxdb/etc/influxdb.conf:/etc/influxdb/influxdb.conf:ro
|
||||
- /nsm/influxdb:/var/lib/influxdb:rw
|
||||
- /etc/pki/influxdb.crt:/etc/ssl/influxdb.crt:ro
|
||||
- /etc/pki/influxdb.key:/etc/ssl/influxdb.key:ro
|
||||
- port_bindings:
|
||||
- 0.0.0.0:8086:8086
|
||||
- watch:
|
||||
- file: influxdbconf
|
||||
|
||||
{% endif %}
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
|
||||
{% if FEATURES %}
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
|
||||
{% if FEATURES %}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
MASTER={{ MASTER }}
|
||||
VERSION="HH1.2.1"
|
||||
VERSION="HH1.2.2"
|
||||
TRUSTED_CONTAINERS=( \
|
||||
"so-core:$VERSION" \
|
||||
"so-nginx:$VERSION" \
|
||||
"so-cyberchef:$VERSION" \
|
||||
"so-acng:$VERSION" \
|
||||
"so-soc:$VERSION" \
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set masterproxy = salt['pillar.get']('static:masterupdate', '0') %}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
|
||||
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MAINIP = salt['pillar.get']('node:mainip') %}
|
||||
{% set FLEETARCH = salt['grains.get']('role') %}
|
||||
|
||||
@@ -299,12 +299,12 @@ http {
|
||||
return 302 /auth/self-service/browser/flows/login;
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
#error_page 404 /404.html;
|
||||
# location = /usr/share/nginx/html/40x.html {
|
||||
#}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
location = /usr/share/nginx/html/50x.html {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -86,12 +86,12 @@ http {
|
||||
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
#error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
#}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
location = /usr/share/nginx/html/50x.html {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -77,12 +77,12 @@ http {
|
||||
# location / {
|
||||
# }
|
||||
#
|
||||
# error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
# }
|
||||
# #error_page 404 /404.html;
|
||||
# # location = /40x.html {
|
||||
# #}
|
||||
#
|
||||
# error_page 500 502 503 504 /50x.html;
|
||||
# location = /50x.html {
|
||||
# location = /usr/share/nginx/html/50x.html {
|
||||
# }
|
||||
# }
|
||||
|
||||
@@ -47,12 +47,12 @@ http {
|
||||
location / {
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
#error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
#}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
location = /usr/share/nginx/html/50x.html {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -299,12 +299,12 @@ http {
|
||||
return 302 /auth/self-service/browser/flows/login;
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
#error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
#}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
location = /usr/share/nginx/html/50x.html {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -299,12 +299,12 @@ http {
|
||||
return 302 /auth/self-service/browser/flows/login;
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
#error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
#}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
location = /usr/share/nginx/html/50x.html {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -47,12 +47,12 @@ http {
|
||||
location / {
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
#error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
#}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
location = /usr/share/nginx/html/50x.html {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -47,12 +47,12 @@ http {
|
||||
location / {
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
#error_page 404 /404.html;
|
||||
# location = /40x.html {
|
||||
#}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
location = /usr/share/nginx/html/50x.html {
|
||||
}
|
||||
}
|
||||
|
||||
BIN
salt/nginx/html/favicon-16x16.png
Normal file
BIN
salt/nginx/html/favicon-16x16.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 948 B |
BIN
salt/nginx/html/favicon-32x32.png
Normal file
BIN
salt/nginx/html/favicon-32x32.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 3.0 KiB |
BIN
salt/nginx/html/favicon.ico
Normal file
BIN
salt/nginx/html/favicon.ico
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 5.3 KiB |
13
salt/nginx/html/index.html
Normal file
13
salt/nginx/html/index.html
Normal file
@@ -0,0 +1,13 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<title>Security Onion - Hybrid Hunter</title>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
|
||||
<link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
|
||||
</head>
|
||||
<body>
|
||||
Security Onion
|
||||
</body>
|
||||
</html>
|
||||
64
salt/nginx/init.sls
Normal file
64
salt/nginx/init.sls
Normal file
@@ -0,0 +1,64 @@
|
||||
{% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
|
||||
{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
|
||||
# Drop the correct nginx config based on role
|
||||
nginxconfdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/nginx/html
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
nginxhtml:
|
||||
file.recurse:
|
||||
- name: /opt/so/conf/nginx/html
|
||||
- source: salt://nginx/html/
|
||||
- user: 939
|
||||
- group: 939
|
||||
|
||||
nginxconf:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/nginx/nginx.conf
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://nginx/etc/nginx.conf.{{ grains.role }}
|
||||
|
||||
nginxlogdir:
|
||||
file.directory:
|
||||
- name: /opt/so/log/nginx/
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
nginxtmp:
|
||||
file.directory:
|
||||
- name: /opt/so/tmp/nginx/tmp
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
so-nginx:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-nginx:{{ VERSION }}
|
||||
- hostname: so-nginx
|
||||
- binds:
|
||||
- /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- /opt/so/log/nginx/:/var/log/nginx:rw
|
||||
- /opt/so/tmp/nginx/:/var/lib/nginx:rw
|
||||
- /opt/so/tmp/nginx/:/run:rw
|
||||
- /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
|
||||
- /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
|
||||
- /opt/so/conf/fleet/packages:/opt/socore/html/packages
|
||||
- cap_add: NET_BIND_SERVICE
|
||||
- port_bindings:
|
||||
- 80:80
|
||||
- 443:443
|
||||
{%- if FLEETMASTER or FLEETNODE %}
|
||||
- 8090:8090
|
||||
{%- endif %}
|
||||
- watch:
|
||||
- file: nginxconf
|
||||
- file: nginxconfdir
|
||||
@@ -61,7 +61,7 @@ noderedlog:
|
||||
|
||||
so-nodered:
|
||||
docker_container.running:
|
||||
- image: soshybridhunter/so-nodered:HH1.2.1
|
||||
- image: soshybridhunter/so-nodered:HH1.2.2
|
||||
- interactive: True
|
||||
- binds:
|
||||
- /opt/so/conf/nodered/:/data:rw
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
|
||||
{% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
|
||||
playbookdb:
|
||||
|
||||
@@ -55,7 +55,7 @@ def run():
|
||||
|
||||
# Run Docker container that will build the packages
|
||||
gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=/opt/so/saltstack/salt/fleet/packages,target=/output", \
|
||||
"--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.1", \
|
||||
"--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.2", \
|
||||
f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')
|
||||
|
||||
# Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set lsaccessip = salt['pillar.get']('master:lsaccessip', '') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
|
||||
# Redis Setup
|
||||
|
||||
@@ -1,3 +1,28 @@
|
||||
# Create a state directory
|
||||
|
||||
statedir:
|
||||
file.directory:
|
||||
- name: /opt/so/state
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
salttmp:
|
||||
file.directory:
|
||||
- name: /opt/so/tmp
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
{% if grains['os'] != 'CentOS' %}
|
||||
saltpymodules:
|
||||
pkg.installed:
|
||||
- pkgs:
|
||||
- python-docker
|
||||
- python-m2crypto
|
||||
{% endif %}
|
||||
|
||||
|
||||
salt_minion_service:
|
||||
service.running:
|
||||
- name: salt-minion
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
|
||||
sensoronidir:
|
||||
|
||||
@@ -6,6 +6,13 @@ selfservice:
|
||||
password:
|
||||
enabled: true
|
||||
|
||||
settings:
|
||||
privileged_session_max_age: 1m
|
||||
after:
|
||||
profile:
|
||||
hooks:
|
||||
- hook: verify
|
||||
|
||||
verify:
|
||||
return_to: https://{{ WEBACCESS }}/
|
||||
|
||||
@@ -14,29 +21,14 @@ selfservice:
|
||||
|
||||
login:
|
||||
request_lifespan: 10m
|
||||
after:
|
||||
password:
|
||||
-
|
||||
job: session
|
||||
-
|
||||
job: redirect
|
||||
config:
|
||||
default_redirect_url: https://{{ WEBACCESS }}/
|
||||
allow_user_defined_redirect: true
|
||||
|
||||
registration:
|
||||
request_lifespan: 10m
|
||||
after:
|
||||
password:
|
||||
-
|
||||
job: verify
|
||||
-
|
||||
job: session
|
||||
-
|
||||
job: redirect
|
||||
config:
|
||||
default_redirect_url: https://{{ WEBACCESS }}/
|
||||
allow_user_defined_redirect: true
|
||||
hooks:
|
||||
- hook: session
|
||||
- hook: verify
|
||||
|
||||
log:
|
||||
level: debug
|
||||
@@ -58,7 +50,7 @@ urls:
|
||||
public: https://{{ WEBACCESS }}/auth/
|
||||
admin: https://{{ WEBACCESS }}/kratos/
|
||||
default_return_to: https://{{ WEBACCESS }}/
|
||||
whitelisted_return_to_domains:
|
||||
whitelisted_return_to_urls:
|
||||
- http://127.0.0.1
|
||||
|
||||
hashers:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
|
||||
socdir:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
|
||||
soctopusdir:
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{%- set MASTER = grains['master'] %}
|
||||
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
|
||||
# Strelka config
|
||||
strelkaconfdir:
|
||||
@@ -72,7 +72,7 @@ strelka_gatekeeper:
|
||||
|
||||
strelka_frontend:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:HH1.2.1
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:HH1.2.2
|
||||
- binds:
|
||||
- /opt/so/conf/strelka/frontend/:/etc/strelka/:ro
|
||||
- /nsm/strelka/log/:/var/log/strelka/:rw
|
||||
@@ -84,7 +84,7 @@ strelka_frontend:
|
||||
|
||||
strelka_backend:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:HH1.2.1
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:HH1.2.2
|
||||
- binds:
|
||||
- /opt/so/conf/strelka/backend/:/etc/strelka/:ro
|
||||
- /opt/so/conf/strelka/backend/yara:/etc/yara/:ro
|
||||
@@ -94,7 +94,7 @@ strelka_backend:
|
||||
|
||||
strelka_manager:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:HH1.2.1
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:HH1.2.2
|
||||
- binds:
|
||||
- /opt/so/conf/strelka/manager/:/etc/strelka/:ro
|
||||
- name: so-strelka-manager
|
||||
@@ -102,7 +102,7 @@ strelka_manager:
|
||||
|
||||
strelka_filestream:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:HH1.2.1
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:HH1.2.2
|
||||
- binds:
|
||||
- /opt/so/conf/strelka/filestream/:/etc/strelka/:ro
|
||||
- /nsm/strelka:/nsm/strelka
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
|
||||
{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
|
||||
{% set BROVER = salt['pillar.get']('static:broversion', '') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
|
||||
{% set BPF_STATUS = 0 %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
|
||||
so-tcpreplay:
|
||||
|
||||
70
salt/telegraf/init.sls
Normal file
70
salt/telegraf/init.sls
Normal file
@@ -0,0 +1,70 @@
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
|
||||
# Add Telegraf to monitor all the things.
|
||||
tgraflogdir:
|
||||
file.directory:
|
||||
- name: /opt/so/log/telegraf
|
||||
- makedirs: True
|
||||
|
||||
tgrafetcdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/telegraf/etc
|
||||
- makedirs: True
|
||||
|
||||
tgrafetsdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/telegraf/scripts
|
||||
- makedirs: True
|
||||
|
||||
tgrafsyncscripts:
|
||||
file.recurse:
|
||||
- name: /opt/so/conf/telegraf/scripts
|
||||
- user: 939
|
||||
- group: 939
|
||||
- file_mode: 755
|
||||
- template: jinja
|
||||
- source: salt://telegraf/scripts
|
||||
|
||||
tgrafconf:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/telegraf/etc/telegraf.conf
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://telegraf/etc/telegraf.conf
|
||||
|
||||
so-telegraf:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }}
|
||||
- environment:
|
||||
- HOST_PROC=/host/proc
|
||||
- HOST_ETC=/host/etc
|
||||
- HOST_SYS=/host/sys
|
||||
- HOST_MOUNT_PREFIX=/host
|
||||
- network_mode: host
|
||||
- port_bindings:
|
||||
- 127.0.0.1:8094:8094
|
||||
- binds:
|
||||
- /opt/so/log/telegraf:/var/log/telegraf:rw
|
||||
- /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro
|
||||
- /var/run/utmp:/var/run/utmp:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /:/host/root:ro
|
||||
- /sys:/host/sys:ro
|
||||
- /proc:/host/proc:ro
|
||||
- /nsm:/host/nsm:ro
|
||||
- /etc:/host/etc:ro
|
||||
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-mastersearch' %}
|
||||
- /etc/pki/ca.crt:/etc/telegraf/ca.crt:ro
|
||||
{% else %}
|
||||
- /etc/ssl/certs/intca.crt:/etc/telegraf/ca.crt:ro
|
||||
{% endif %}
|
||||
- /etc/pki/influxdb.crt:/etc/telegraf/telegraf.crt:ro
|
||||
- /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
|
||||
- /opt/so/conf/telegraf/scripts:/scripts:ro
|
||||
- /opt/so/log/stenographer:/var/log/stenographer:ro
|
||||
- /opt/so/log/suricata:/var/log/suricata:ro
|
||||
- watch:
|
||||
- file: tgrafconf
|
||||
- file: tgrafsyncscripts
|
||||
25
salt/top.sls
25
salt/top.sls
@@ -11,15 +11,17 @@
|
||||
|
||||
base:
|
||||
'*':
|
||||
- salt
|
||||
- docker
|
||||
- patch.os.schedule
|
||||
- motd
|
||||
- salt
|
||||
|
||||
'*_helix':
|
||||
- ca
|
||||
- ssl
|
||||
- registry
|
||||
- common
|
||||
- telegraf
|
||||
- firewall
|
||||
- idstools
|
||||
- pcap
|
||||
@@ -34,6 +36,7 @@ base:
|
||||
- ca
|
||||
- ssl
|
||||
- common
|
||||
- telegraf
|
||||
- firewall
|
||||
- pcap
|
||||
- suricata
|
||||
@@ -57,6 +60,10 @@ base:
|
||||
- registry
|
||||
- master
|
||||
- common
|
||||
- nginx
|
||||
- telegraf
|
||||
- influxdb
|
||||
- grafana
|
||||
- soc
|
||||
- firewall
|
||||
- idstools
|
||||
@@ -105,6 +112,10 @@ base:
|
||||
- ssl
|
||||
- registry
|
||||
- common
|
||||
- nginx
|
||||
- telegraf
|
||||
- influxdb
|
||||
- grafana
|
||||
- soc
|
||||
- firewall
|
||||
- master
|
||||
@@ -179,6 +190,7 @@ base:
|
||||
- ca
|
||||
- ssl
|
||||
- common
|
||||
- telegraf
|
||||
- firewall
|
||||
{%- if WAZUH != 0 %}
|
||||
- wazuh
|
||||
@@ -194,6 +206,10 @@ base:
|
||||
|
||||
'*_mastersensor':
|
||||
- common
|
||||
- nginx
|
||||
- telegraf
|
||||
- influxdb
|
||||
- grafana
|
||||
- firewall
|
||||
- sensor
|
||||
- master
|
||||
@@ -207,6 +223,10 @@ base:
|
||||
- ssl
|
||||
- registry
|
||||
- common
|
||||
- nginx
|
||||
- telegraf
|
||||
- influxdb
|
||||
- grafana
|
||||
- soc
|
||||
- firewall
|
||||
- master
|
||||
@@ -248,6 +268,7 @@ base:
|
||||
- ca
|
||||
- ssl
|
||||
- common
|
||||
- telegraf
|
||||
- firewall
|
||||
- redis
|
||||
{%- if WAZUH != 0 %}
|
||||
@@ -272,6 +293,8 @@ base:
|
||||
- ca
|
||||
- ssl
|
||||
- common
|
||||
- nginx
|
||||
- telegraf
|
||||
- firewall
|
||||
- mysql
|
||||
- redis
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- set HOSTNAME = salt['grains.get']('host', '') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
# Add ossec group
|
||||
ossecgroup:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
|
||||
{% set BPF_STATUS = 0 %}
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
SCRIPTDIR=$(dirname "$0")
|
||||
source $SCRIPTDIR/so-whiptail
|
||||
SOVERSION=1.2.1
|
||||
SOVERSION=1.2.2
|
||||
|
||||
accept_salt_key_local() {
|
||||
echo "Accept the key locally on the master" >> $SETUPLOG 2>&1
|
||||
@@ -579,7 +579,7 @@ docker_seed_registry() {
|
||||
if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then
|
||||
TRUSTED_CONTAINERS=( \
|
||||
"so-acng:$VERSION" \
|
||||
"so-core:$VERSION" \
|
||||
"so-nginx:$VERSION" \
|
||||
"so-thehive-cortex:$VERSION" \
|
||||
"so-curator:$VERSION" \
|
||||
"so-domainstats:$VERSION" \
|
||||
@@ -614,7 +614,7 @@ docker_seed_registry() {
|
||||
"so-zeek:$VERSION" )
|
||||
else
|
||||
TRUSTED_CONTAINERS=( \
|
||||
"so-core:$VERSION" \
|
||||
"so-nginx:$VERSION" \
|
||||
"so-filebeat:$VERSION" \
|
||||
"so-idstools:$VERSION" \
|
||||
"so-logstash:$VERSION" \
|
||||
@@ -626,7 +626,7 @@ docker_seed_registry() {
|
||||
"so-zeek:$VERSION" )
|
||||
fi
|
||||
|
||||
if [ ! -f /nsm/docker-registry/docker/so-dockers-$VERSION.tar ]; then
|
||||
if [ ! -f /nsm/docker-registry/docker/registry.tar ]; then
|
||||
# Download the container from the interwebs
|
||||
for i in "${TRUSTED_CONTAINERS[@]}"
|
||||
do
|
||||
@@ -646,8 +646,8 @@ docker_seed_registry() {
|
||||
else
|
||||
# We already have the goods son
|
||||
cd /nsm/docker-registry/docker
|
||||
tar xvf so-dockers-$VERSION.tar
|
||||
rm /nsm/docker-registry/docker/so-dockers-$VERSION.tar
|
||||
tar xvf registry.tar
|
||||
rm /nsm/docker-registry/docker/registry.tar
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
# Set the new SO Version
|
||||
|
||||
UPDATEVERSION=1.2.1
|
||||
UPDATEVERSION=1.2.2
|
||||
BUILD=HH
|
||||
|
||||
#Determine the current install version
|
||||
@@ -35,7 +35,6 @@ HOSTNAME=$(hostname)
|
||||
if [ $MASTERCHECK != 'so-helix' ]; then
|
||||
TRUSTED_CONTAINERS=( \
|
||||
"so-acng:$BUILD$UPDATEVERSION" \
|
||||
"so-core:$BUILD$UPDATEVERSION" \
|
||||
"so-thehive-cortex:$BUILD$UPDATEVERSION" \
|
||||
"so-curator:$BUILD$UPDATEVERSION" \
|
||||
"so-domainstats:$BUILD$UPDATEVERSION" \
|
||||
@@ -53,6 +52,7 @@ if [ $MASTERCHECK != 'so-helix' ]; then
|
||||
"so-logstash:$BUILD$UPDATEVERSION" \
|
||||
"so-mysql:$BUILD$UPDATEVERSION" \
|
||||
"so-navigator:$BUILD$UPDATEVERSION" \
|
||||
"so-nginx:$BUILD$UPDATEVERSION" \
|
||||
"so-playbook:$BUILD$UPDATEVERSION" \
|
||||
"so-redis:$BUILD$UPDATEVERSION" \
|
||||
"so-soc:$BUILD$UPDATEVERSION" \
|
||||
@@ -67,10 +67,10 @@ if [ $MASTERCHECK != 'so-helix' ]; then
|
||||
"so-zeek:$BUILD$UPDATEVERSION" )
|
||||
else
|
||||
TRUSTED_CONTAINERS=( \
|
||||
"so-core:$BUILD$UPDATEVERSION" \
|
||||
"so-filebeat:$BUILD$UPDATEVERSION" \
|
||||
"so-idstools:$BUILD$UPDATEVERSION" \
|
||||
"so-logstash:$BUILD$UPDATEVERSION" \
|
||||
"so-nginx:$BUILD$UPDATEVERSION" \
|
||||
"so-redis:$BUILD$UPDATEVERSION" \
|
||||
"so-steno:$BUILD$UPDATEVERSION" \
|
||||
"so-suricata:$BUILD$UPDATEVERSION" \
|
||||
|
||||
Reference in New Issue
Block a user