CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

IDH - Pillarize OpenCanary Config

Browse Source
This commit is contained in:
Josh Brower
2022-02-15 13:57:31 -05:00
parent 1e5b9ef0bf
commit 3ccef12df7
5 changed files with 100 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
salt/idh/config/opencanary.conf
View File

@@ -1,113 +0,0 @@
{%- set HOSTNAME = salt['grains.get']('host') -%}
{
"device.node_id": "{{HOSTNAME}}",
"git.enabled": false,
"git.port" : 9418,
"ftp.enabled": false,
"ftp.port": 21,
"ftp.banner": "FTP server ready",
"http.banner": "Apache/2.2.22 (Ubuntu)",
"http.enabled": false,
"http.port": 80,
"http.skin": "nasLogin",
"http.skin.list": [
{
"desc": "Plain HTML Login",
"name": "basicLogin"
},
{
"desc": "Synology NAS Login",
"name": "nasLogin"
}
],
"httpproxy.enabled" : false,
"httpproxy.port": 8080,
"httpproxy.skin": "squid",
"httproxy.skin.list": [
{
"desc": "Squid",
"name": "squid"
},
{
"desc": "Microsoft ISA Server Web Proxy",
"name": "ms-isa"
}
],
"logger": {
"class": "PyLogger",
"kwargs": {
"formatters": {
"plain": {
"format": "%(message)s"
}
},
"handlers": {
"console": {
"class": "logging.StreamHandler",
"stream": "ext://sys.stdout"
},
"file": {
"class": "logging.FileHandler",
"filename": "/var/tmp/opencanary.log"
}
}
}
},
"portscan.enabled": false,
"portscan.logfile":"/var/log/kern.log",
"portscan.synrate": 5,
"portscan.nmaposrate": 5,
"portscan.lorate": 3,
"smb.auditfile": "/var/log/samba-audit.log",
"smb.enabled": false,
"mysql.enabled": false,
"mysql.port": 3306,
"mysql.banner": "5.5.43-0ubuntu0.14.04.1",
"ssh.enabled": true,
"ssh.port": 2222,
"ssh.version": "SSH-2.0-OpenSSH_7.6p1 Ubuntu 4ubuntu0.3",
"redis.enabled": false,
"redis.port": 6379,
"rdp.enabled": false,
"rdp.port": 3389,
"sip.enabled": false,
"sip.port": 5060,
"snmp.enabled": false,
"snmp.port": 161,
"ntp.enabled": false,
"ntp.port": "123",
"tftp.enabled": false,
"tftp.port": 69,
"tcpbanner.maxnum":10,
"tcpbanner.enabled": false,
"tcpbanner_1.enabled": false,
"tcpbanner_1.port": 8001,
"tcpbanner_1.datareceivedbanner": "",
"tcpbanner_1.initbanner": "",
"tcpbanner_1.alertstring.enabled": false,
"tcpbanner_1.alertstring": "",
"tcpbanner_1.keep_alive.enabled": false,
"tcpbanner_1.keep_alive_secret": "",
"tcpbanner_1.keep_alive_probes": 11,
"tcpbanner_1.keep_alive_interval":300,
"tcpbanner_1.keep_alive_idle": 300,
"telnet.enabled": false,
"telnet.port": "23",
"telnet.banner": "",
"telnet.honeycreds": [
{
"username": "admin",
"password": "$pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA"
},
{
"username": "admin",
"password": "admin1"
}
],
"mssql.enabled": false,
"mssql.version": "2012",
"mssql.port":1433,
"vnc.enabled": true,
"vnc.port":5900
}

90
salt/idh/defaults.yml Normal file
View File

@@ -0,0 +1,90 @@
idh:
opencanary:
config:
device.node_id: opencanary-01
git.enabled: true
git.port: 9418
ftp.enabled: true
ftp.port: 21
ftp.banner: FTP server ready
http.banner: Apache/2.2.22 (Ubuntu)
http.enabled: true
http.port: 80
http.skin: nasLogin
http.skin.list:
- desc: Plain HTML Login
name: basicLogin
- desc: Synology NAS Login
name: nasLogin
httpproxy.enabled: false
httpproxy.port: 8080
httpproxy.skin: squid
httproxy.skin.list:
- desc: Squid
name: squid
- desc: Microsoft ISA Server Web Proxy
name: ms-isa
logger:
class: PyLogger
kwargs:
formatters:
plain:
format: '%(message)s'
handlers:
console:
class: logging.StreamHandler
stream: ext://sys.stdout
file:
class: logging.FileHandler
filename: /var/tmp/opencanary.log
portscan.enabled: false
portscan.logfile: /var/log/kern.log
portscan.synrate: 5
portscan.nmaposrate: 5
portscan.lorate: 3
smb.auditfile: /var/log/samba-audit.log
smb.enabled: false
mysql.enabled: false
mysql.port: 3306
mysql.banner: 5.5.43-0ubuntu0.14.04.1
ssh.enabled: false
ssh.port: 22
ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4
redis.enabled: false
redis.port: 6379
rdp.enabled: false
rdp.port: 3389
sip.enabled: false
sip.port: 5060
snmp.enabled: false
snmp.port: 161
ntp.enabled: false
ntp.port: '123'
tftp.enabled: false
tftp.port: 69
tcpbanner.maxnum: 10
tcpbanner.enabled: false
tcpbanner_1.enabled: false
tcpbanner_1.port: 8001
tcpbanner_1.datareceivedbanner: ''
tcpbanner_1.initbanner: ''
tcpbanner_1.alertstring.enabled: false
tcpbanner_1.alertstring: ''
tcpbanner_1.keep_alive.enabled: false
tcpbanner_1.keep_alive_secret: ''
tcpbanner_1.keep_alive_probes: 11
tcpbanner_1.keep_alive_interval: 300
tcpbanner_1.keep_alive_idle: 300
telnet.enabled: false
telnet.port: '23'
telnet.banner: ''
telnet.honeycreds:
- username: admin
password: $pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA
- username: admin
password: admin1
mssql.enabled: false
mssql.version: '2012'
mssql.port: 1433
vnc.enabled: false
vnc.port: 5000

1
salt/idh/idh.conf.jinja Normal file
View File

@@ -0,0 +1 @@
{{ IDH | tojson(True) }}

16
salt/idh/init.sls
View File

@@ -20,16 +20,14 @@ configdir:
- group: 939
- makedirs: True
# Sync IDH files
idhfiles:
file.recurse:
- name: /opt/so/conf/idh
- user: 0
- group: 0
- file_mode: 755
- source: salt://idh/config
- replace: False
{% from 'idh/opencanary_config.map.jinja' import OPENCANARYCONFIG with context %}
opencanary_config:
file.managed:
- name: /opt/so/conf/idh/opencanary.conf
- source: salt://idh/idh.conf.jinja
- template: jinja
- defaults:
OPENCANARYCONFIG: {{ OPENCANARYCONFIG }}
so-idh:
docker_container.running:

2
salt/idh/opencanary_config.map.jinja Normal file
View File

@@ -0,0 +1,2 @@
{% import_yaml 'idh/defaults.yml' as OPENCANARYCONFIG with context %}
{% set OPENCANARYCONFIG = salt['pillar.get']('idh:opencanary:config', default=OPENCANARYCONFIG.idh.opencanary.config, merge=True) %}