mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
This commit is contained in:
m0duspwnens
@@ -13,8 +13,8 @@ role:
|
||||
fleet:
|
||||
heavynode:
|
||||
helixsensor:
|
||||
master:
|
||||
mastersearch:
|
||||
manager:
|
||||
managersearch:
|
||||
standalone:
|
||||
searchnode:
|
||||
sensor:
|
||||
@@ -24,7 +24,7 @@ firewall:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
master:
|
||||
manager:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
|
||||
{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
|
||||
{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
|
||||
{% set WAZUH = salt['pillar.get']('master:wazuh', '0') %}
|
||||
{% set THEHIVE = salt['pillar.get']('master:thehive', '0') %}
|
||||
{% set PLAYBOOK = salt['pillar.get']('master:playbook', '0') %}
|
||||
{% set FREQSERVER = salt['pillar.get']('master:freq', '0') %}
|
||||
{% set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') %}
|
||||
{% set WAZUH = salt['pillar.get']('manager:wazuh', '0') %}
|
||||
{% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
|
||||
{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
|
||||
{% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
|
||||
{% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
|
||||
{% set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
|
||||
{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
|
||||
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
|
||||
|
||||
eval:
|
||||
containers:
|
||||
@@ -20,7 +20,7 @@ eval:
|
||||
- so-soc
|
||||
- so-kratos
|
||||
- so-idstools
|
||||
{% if FLEETMASTER %}
|
||||
{% if FLEETMANAGER %}
|
||||
- so-mysql
|
||||
- so-fleet
|
||||
- so-redis
|
||||
@@ -83,7 +83,7 @@ hot_node:
|
||||
- so-logstash
|
||||
- so-elasticsearch
|
||||
- so-curator
|
||||
master_search:
|
||||
manager_search:
|
||||
containers:
|
||||
- so-nginx
|
||||
- so-telegraf
|
||||
@@ -99,7 +99,7 @@ master_search:
|
||||
- so-elastalert
|
||||
- so-filebeat
|
||||
- so-soctopus
|
||||
{% if FLEETMASTER %}
|
||||
{% if FLEETMANAGER %}
|
||||
- so-mysql
|
||||
- so-fleet
|
||||
- so-redis
|
||||
@@ -122,7 +122,7 @@ master_search:
|
||||
{% if DOMAINSTATS != '0' %}
|
||||
- so-domainstats
|
||||
{% endif %}
|
||||
master:
|
||||
manager:
|
||||
containers:
|
||||
- so-dockerregistry
|
||||
- so-nginx
|
||||
@@ -141,7 +141,7 @@ master:
|
||||
- so-kibana
|
||||
- so-elastalert
|
||||
- so-filebeat
|
||||
{% if FLEETMASTER %}
|
||||
{% if FLEETMANAGER %}
|
||||
- so-mysql
|
||||
- so-fleet
|
||||
- so-redis
|
||||
|
||||
@@ -17,7 +17,7 @@ firewall:
|
||||
- 5644
|
||||
- 9822
|
||||
udp:
|
||||
master:
|
||||
manager:
|
||||
ports:
|
||||
tcp:
|
||||
- 1514
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
logstash:
|
||||
pipelines:
|
||||
master:
|
||||
manager:
|
||||
config:
|
||||
- so/0009_input_beats.conf
|
||||
- so/0010_input_hhbeats.conf
|
||||
@@ -6,10 +6,10 @@ base:
|
||||
- match: compound
|
||||
- zeek
|
||||
|
||||
'*_mastersearch or *_heavynode':
|
||||
'*_managersearch or *_heavynode':
|
||||
- match: compound
|
||||
- logstash
|
||||
- logstash.master
|
||||
- logstash.manager
|
||||
- logstash.search
|
||||
|
||||
'*_sensor':
|
||||
@@ -18,16 +18,16 @@ base:
|
||||
- healthcheck.sensor
|
||||
- minions.{{ grains.id }}
|
||||
|
||||
'*_master or *_mastersearch':
|
||||
'*_manager or *_managersearch':
|
||||
- match: compound
|
||||
- static
|
||||
- data.*
|
||||
- secrets
|
||||
- minions.{{ grains.id }}
|
||||
|
||||
'*_master':
|
||||
'*_manager':
|
||||
- logstash
|
||||
- logstash.master
|
||||
- logstash.manager
|
||||
|
||||
'*_eval':
|
||||
- static
|
||||
@@ -39,7 +39,7 @@ base:
|
||||
|
||||
'*_standalone':
|
||||
- logstash
|
||||
- logstash.master
|
||||
- logstash.manager
|
||||
- logstash.search
|
||||
- data.*
|
||||
- brologs
|
||||
|
||||
@@ -6,7 +6,7 @@ import socket
|
||||
|
||||
def send(data):
|
||||
|
||||
mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('master:mainint'))
|
||||
mainint = __salt__['pillar.get']('sensor:mainint', __salt__['pillar.get']('manager:mainint'))
|
||||
mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0]
|
||||
dstport = 8094
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set master = salt['grains.get']('master') %}
|
||||
{% set manager = salt['grains.get']('manager') %}
|
||||
/etc/salt/minion.d/signing_policies.conf:
|
||||
file.managed:
|
||||
- source: salt://ca/files/signing_policies.conf
|
||||
@@ -20,7 +20,7 @@ pki_private_key:
|
||||
/etc/pki/ca.crt:
|
||||
x509.certificate_managed:
|
||||
- signing_private_key: /etc/pki/ca.key
|
||||
- CN: {{ master }}
|
||||
- CN: {{ manager }}
|
||||
- C: US
|
||||
- ST: Utah
|
||||
- L: Salt Lake City
|
||||
|
||||
@@ -18,14 +18,14 @@
|
||||
}
|
||||
},grain='id', merge=salt['pillar.get']('docker')) %}
|
||||
|
||||
{% if role in ['eval', 'mastersearch', 'master', 'standalone'] %}
|
||||
{{ append_containers('master', 'grafana', 0) }}
|
||||
{{ append_containers('static', 'fleet_master', 0) }}
|
||||
{{ append_containers('master', 'wazuh', 0) }}
|
||||
{{ append_containers('master', 'thehive', 0) }}
|
||||
{{ append_containers('master', 'playbook', 0) }}
|
||||
{{ append_containers('master', 'freq', 0) }}
|
||||
{{ append_containers('master', 'domainstats', 0) }}
|
||||
{% if role in ['eval', 'managersearch', 'manager', 'standalone'] %}
|
||||
{{ append_containers('manager', 'grafana', 0) }}
|
||||
{{ append_containers('static', 'fleet_manager', 0) }}
|
||||
{{ append_containers('manager', 'wazuh', 0) }}
|
||||
{{ append_containers('manager', 'thehive', 0) }}
|
||||
{{ append_containers('manager', 'playbook', 0) }}
|
||||
{{ append_containers('manager', 'freq', 0) }}
|
||||
{{ append_containers('manager', 'domainstats', 0) }}
|
||||
{% endif %}
|
||||
|
||||
{% if role in ['eval', 'heavynode', 'sensor', 'standalone'] %}
|
||||
@@ -37,7 +37,7 @@
|
||||
{% endif %}
|
||||
|
||||
{% if role == 'searchnode' %}
|
||||
{{ append_containers('master', 'wazuh', 0) }}
|
||||
{{ append_containers('manager', 'wazuh', 0) }}
|
||||
{% endif %}
|
||||
|
||||
{% if role == 'sensor' %}
|
||||
|
||||
@@ -11,7 +11,7 @@ bro_logs_enabled() {
|
||||
|
||||
}
|
||||
|
||||
whiptail_master_adv_service_brologs() {
|
||||
whiptail_manager_adv_service_brologs() {
|
||||
|
||||
BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 78 12 \
|
||||
"conn" "Connection Logging" ON \
|
||||
@@ -54,5 +54,5 @@ whiptail_master_adv_service_brologs() {
|
||||
"x509" "x.509 Logs" ON 3>&1 1>&2 2>&3 )
|
||||
}
|
||||
|
||||
whiptail_master_adv_service_brologs
|
||||
whiptail_manager_adv_service_brologs
|
||||
bro_logs_enabled
|
||||
|
||||
@@ -21,13 +21,13 @@ got_root(){
|
||||
fi
|
||||
}
|
||||
|
||||
master_check() {
|
||||
# Check to see if this is a master
|
||||
MASTERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
|
||||
if [ $MASTERCHECK == 'so-eval' ] || [ $MASTERCHECK == 'so-master' ] || [ $MASTERCHECK == 'so-mastersearch' ] || [ $MASTERCHECK == 'so-standalone' ] || [ $MASTERCHECK == 'so-helix' ]; then
|
||||
echo "This is a master. We can proceed"
|
||||
manager_check() {
|
||||
# Check to see if this is a manager
|
||||
MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
|
||||
if [ $MANAGERCHECK == 'so-eval' ] || [ $MANAGERCHECK == 'so-manager' ] || [ $MANAGERCHECK == 'so-managersearch' ] || [ $MANAGERCHECK == 'so-standalone' ] || [ $MANAGERCHECK == 'so-helix' ]; then
|
||||
echo "This is a manager. We can proceed"
|
||||
else
|
||||
echo "Please run soup on the master. The master controls all updates."
|
||||
echo "Please run soup on the manager. The manager controls all updates."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
@@ -56,13 +56,13 @@ version_check() {
|
||||
fi
|
||||
}
|
||||
got_root
|
||||
master_check
|
||||
manager_check
|
||||
version_check
|
||||
|
||||
# Use the hostname
|
||||
HOSTNAME=$(hostname)
|
||||
# List all the containers
|
||||
if [ $MASTERCHECK != 'so-helix' ]; then
|
||||
if [ $MANAGERCHECK != 'so-helix' ]; then
|
||||
TRUSTED_CONTAINERS=( \
|
||||
"so-acng:$VERSION" \
|
||||
"so-thehive-cortex:$VERSION" \
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
|
||||
{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') -%}
|
||||
. /usr/sbin/so-common
|
||||
|
||||
SKIP=0
|
||||
@@ -50,7 +50,7 @@ done
|
||||
if [ $SKIP -ne 1 ]; then
|
||||
# List indices
|
||||
echo
|
||||
curl {{ MASTERIP }}:9200/_cat/indices?v
|
||||
curl {{ MANAGERIP }}:9200/_cat/indices?v
|
||||
echo
|
||||
# Inform user we are about to delete all data
|
||||
echo
|
||||
@@ -89,10 +89,10 @@ fi
|
||||
# Delete data
|
||||
echo "Deleting data..."
|
||||
|
||||
INDXS=$(curl -s -XGET {{ MASTERIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }')
|
||||
INDXS=$(curl -s -XGET {{ MANAGERIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }')
|
||||
for INDX in ${INDXS}
|
||||
do
|
||||
curl -XDELETE "{{ MASTERIP }}:9200/${INDX}" > /dev/null 2>&1
|
||||
curl -XDELETE "{{ MANAGERIP }}:9200/${INDX}" > /dev/null 2>&1
|
||||
done
|
||||
|
||||
#Start Logstash/Filebeat
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
MASTER=MASTER
|
||||
MANAGER=MANAGER
|
||||
VERSION="HH1.1.4"
|
||||
TRUSTED_CONTAINERS=( \
|
||||
"so-nginx:$VERSION" \
|
||||
@@ -37,7 +37,7 @@ do
|
||||
echo "Downloading $i"
|
||||
docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
|
||||
# Tag it with the new registry destination
|
||||
docker tag soshybridhunter/$i $MASTER:5000/soshybridhunter/$i
|
||||
docker push $MASTER:5000/soshybridhunter/$i
|
||||
docker tag soshybridhunter/$i $MANAGER:5000/soshybridhunter/$i
|
||||
docker push $MANAGER:5000/soshybridhunter/$i
|
||||
docker rmi soshybridhunter/$i
|
||||
done
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
|
||||
IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
|
||||
ESPORT=9200
|
||||
THEHIVEESPORT=9400
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
|
||||
{% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
|
||||
#!/bin/bash
|
||||
# Copyright 2014,2015,2016,2017,2018,2019 Security Onion Solutions, LLC
|
||||
#
|
||||
@@ -16,7 +16,7 @@
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
default_salt_dir=/opt/so/saltstack/default
|
||||
ELASTICSEARCH_HOST="{{ MASTERIP}}"
|
||||
ELASTICSEARCH_HOST="{{ MANAGERIP}}"
|
||||
ELASTICSEARCH_PORT=9200
|
||||
#ELASTICSEARCH_AUTH=""
|
||||
|
||||
|
||||
@@ -15,9 +15,9 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion') %}
|
||||
{%- set MASTERIP = salt['pillar.get']('static:masterip') -%}
|
||||
{%- set MANAGERIP = salt['pillar.get']('static:managerip') -%}
|
||||
|
||||
function usage {
|
||||
cat << EOF
|
||||
@@ -30,13 +30,13 @@ EOF
|
||||
function pcapinfo() {
|
||||
PCAP=$1
|
||||
ARGS=$2
|
||||
docker run --rm -v $PCAP:/input.pcap --entrypoint capinfos {{ MASTER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap $ARGS
|
||||
docker run --rm -v $PCAP:/input.pcap --entrypoint capinfos {{ MANAGER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap $ARGS
|
||||
}
|
||||
|
||||
function pcapfix() {
|
||||
PCAP=$1
|
||||
PCAP_OUT=$2
|
||||
docker run --rm -v $PCAP:/input.pcap -v $PCAP_OUT:$PCAP_OUT --entrypoint pcapfix {{ MASTER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap -o $PCAP_OUT > /dev/null 2>&1
|
||||
docker run --rm -v $PCAP:/input.pcap -v $PCAP_OUT:$PCAP_OUT --entrypoint pcapfix {{ MANAGER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap -o $PCAP_OUT > /dev/null 2>&1
|
||||
}
|
||||
|
||||
function suricata() {
|
||||
@@ -57,7 +57,7 @@ function suricata() {
|
||||
-v ${NSM_PATH}/:/nsm/:rw \
|
||||
-v $PCAP:/input.pcap:ro \
|
||||
-v /opt/so/conf/suricata/bpf:/etc/suricata/bpf:ro \
|
||||
{{ MASTER }}:5000/soshybridhunter/so-suricata:{{ VERSION }} \
|
||||
{{ MANAGER }}:5000/soshybridhunter/so-suricata:{{ VERSION }} \
|
||||
--runmode single -k none -r /input.pcap > $LOG_PATH/console.log 2>&1
|
||||
}
|
||||
|
||||
@@ -85,7 +85,7 @@ function zeek() {
|
||||
-v /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro \
|
||||
--entrypoint /opt/zeek/bin/zeek \
|
||||
-w /nsm/zeek/logs \
|
||||
{{ MASTER }}:5000/soshybridhunter/so-zeek:{{ VERSION }} \
|
||||
{{ MANAGER }}:5000/soshybridhunter/so-zeek:{{ VERSION }} \
|
||||
-C -r /input.pcap local > $NSM_PATH/logs/console.log 2>&1
|
||||
}
|
||||
|
||||
@@ -212,7 +212,7 @@ cat << EOF
|
||||
Import complete!
|
||||
|
||||
You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
|
||||
https://{{ MASTERIP }}/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'${START_OLDEST}T00:00:00.000Z',mode:absolute,to:'${END_NEWEST}T00:00:00.000Z'))
|
||||
https://{{ MANAGERIP }}/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'${START_OLDEST}T00:00:00.000Z',mode:absolute,to:'${END_NEWEST}T00:00:00.000Z'))
|
||||
|
||||
or you can manually set your Time Range to be:
|
||||
From: $START_OLDEST To: $END_NEWEST
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# {%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master', False) -%}
|
||||
# {%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
|
||||
# {%- set FLEET_NODE = salt['pillar.get']('static:fleet_node', False) -%}
|
||||
# {%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', '') %}
|
||||
# {%- set MASTER = salt['pillar.get']('master:url_base', '') %}
|
||||
# {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
|
||||
#
|
||||
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
|
||||
#
|
||||
@@ -20,7 +20,7 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
KIBANA_HOST={{ MASTER }}
|
||||
KIBANA_HOST={{ MANAGER }}
|
||||
KSO_PORT=5601
|
||||
OUTFILE="saved_objects.ndjson"
|
||||
curl -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE
|
||||
@@ -29,7 +29,7 @@ curl -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST $KIBANA_H
|
||||
sed -i "s/$KIBANA_HOST/PLACEHOLDER/g" $OUTFILE
|
||||
|
||||
# Clean up for Fleet, if applicable
|
||||
# {% if FLEET_NODE or FLEET_MASTER %}
|
||||
# {% if FLEET_NODE or FLEET_MANAGER %}
|
||||
# Fleet IP
|
||||
sed -i "s/{{ MASTER }}/FLEETPLACEHOLDER/g" $OUTFILE
|
||||
sed -i "s/{{ MANAGER }}/FLEETPLACEHOLDER/g" $OUTFILE
|
||||
# {% endif %}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
|
||||
{%- set cur_close_days = salt['pillar.get']('elasticsearch:cur_close_days', '') -%}
|
||||
{%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
|
||||
{%- set cur_close_days = salt['pillar.get']('master:cur_close_days', '') -%}
|
||||
{%- elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
|
||||
{%- set cur_close_days = salt['pillar.get']('manager:cur_close_days', '') -%}
|
||||
{%- endif -%}
|
||||
|
||||
---
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{%- if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
|
||||
{%- set log_size_limit = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
|
||||
{%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
|
||||
{%- set log_size_limit = salt['pillar.get']('master:log_size_limit', '') -%}
|
||||
{%- elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
|
||||
{%- set log_size_limit = salt['pillar.get']('manager:log_size_limit', '') -%}
|
||||
{%- endif %}
|
||||
---
|
||||
# Remember, leave a key empty if there is no value. None will be a string,
|
||||
|
||||
@@ -5,10 +5,10 @@
|
||||
{%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- set ELASTICSEARCH_PORT = salt['pillar.get']('elasticsearch:es_port', '') -%}
|
||||
{%- set LOG_SIZE_LIMIT = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
|
||||
{%- elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
|
||||
{%- set ELASTICSEARCH_HOST = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ELASTICSEARCH_PORT = salt['pillar.get']('master:es_port', '') -%}
|
||||
{%- set LOG_SIZE_LIMIT = salt['pillar.get']('master:log_size_limit', '') -%}
|
||||
{%- elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
|
||||
{%- set ELASTICSEARCH_HOST = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- set ELASTICSEARCH_PORT = salt['pillar.get']('manager:es_port', '') -%}
|
||||
{%- set LOG_SIZE_LIMIT = salt['pillar.get']('manager:log_size_limit', '') -%}
|
||||
{%- endif -%}
|
||||
|
||||
# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{% if grains['role'] in ['so-node', 'so-heavynode'] %}
|
||||
{%- set elasticsearch = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{% elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
|
||||
{%- set elasticsearch = salt['pillar.get']('master:mainip', '') -%}
|
||||
{% elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
|
||||
{%- set elasticsearch = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
---
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% if grains['role'] in ['so-eval', 'so-node', 'so-mastersearch', 'so-heavynode', 'so-standalone'] %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone'] %}
|
||||
# Curator
|
||||
# Create the group
|
||||
curatorgroup:
|
||||
@@ -119,7 +119,7 @@ so-curatordeletecron:
|
||||
|
||||
so-curator:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-curator:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-curator:{{ VERSION }}
|
||||
- hostname: curator
|
||||
- name: so-curator
|
||||
- user: curator
|
||||
|
||||
@@ -127,11 +127,11 @@
|
||||
@load policy/hassh
|
||||
|
||||
# You can load your own intel into:
|
||||
# /opt/so/saltstack/bro/policy/intel/ on the master
|
||||
# /opt/so/saltstack/bro/policy/intel/ on the manager
|
||||
@load intel
|
||||
|
||||
# Load a custom Bro policy
|
||||
# /opt/so/saltstack/bro/policy/custom/ on the master
|
||||
# /opt/so/saltstack/bro/policy/custom/ on the manager
|
||||
#@load custom/somebropolicy.bro
|
||||
|
||||
# Write logs in JSON
|
||||
|
||||
@@ -121,11 +121,11 @@
|
||||
@load policy/ja3
|
||||
|
||||
# You can load your own intel into:
|
||||
# /opt/so/saltstack/bro/policy/intel/ on the master
|
||||
# /opt/so/saltstack/bro/policy/intel/ on the manager
|
||||
@load intel
|
||||
|
||||
# Load a custom Bro policy
|
||||
# /opt/so/saltstack/bro/policy/custom/ on the master
|
||||
# /opt/so/saltstack/bro/policy/custom/ on the manager
|
||||
#@load custom/somebropolicy.bro
|
||||
|
||||
# Use JSON
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set esip = salt['pillar.get']('master:mainip', '') %}
|
||||
{% set esport = salt['pillar.get']('master:es_port', '') %}
|
||||
{% set esip = salt['pillar.get']('manager:mainip', '') %}
|
||||
{% set esport = salt['pillar.get']('manager:es_port', '') %}
|
||||
# This is the folder that contains the rule yaml files
|
||||
# Any .yaml file will be loaded as a rule
|
||||
rules_folder: /opt/elastalert/rules/
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{% set es = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set hivehost = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set es = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set hivehost = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
|
||||
{% set MASTER = salt['pillar.get']('master:url_base', '') %}
|
||||
{% set MANAGER = salt['pillar.get']('manager:url_base', '') %}
|
||||
|
||||
# Elastalert rule to forward Suricata alerts from Security Onion to a specified TheHive instance.
|
||||
#
|
||||
@@ -39,7 +39,7 @@ hive_alert_config:
|
||||
title: '{match[rule][name]}'
|
||||
type: 'NIDS'
|
||||
source: 'SecurityOnion'
|
||||
description: "`SOC Hunt Pivot:` \n\n <https://{{MASTER}}/#/hunt?q=network.community_id%3A%20%20%22{match[network][community_id]}%22%20%7C%20groupby%20source.ip%20destination.ip,event.module,%20event.dataset> \n\n `Kibana Dashboard Pivot:` \n\n <https://{{MASTER}}/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'*:so-*',key:network.community_id,negate:!f,params:(query:'{match[network][community_id]}'),type:phrase),query:(match_phrase:(network.community_id:'{match[network][community_id]}')))),refreshInterval:(pause:!t,value:0),time:(from:now-7d,to:now))> \n\n `IPs: `{match[source][ip]}:{match[source][port]} --> {match[destination][ip]}:{match[destination][port]} \n\n `Signature:`{match[rule][rule]}"
|
||||
description: "`SOC Hunt Pivot:` \n\n <https://{{MANAGER}}/#/hunt?q=network.community_id%3A%20%20%22{match[network][community_id]}%22%20%7C%20groupby%20source.ip%20destination.ip,event.module,%20event.dataset> \n\n `Kibana Dashboard Pivot:` \n\n <https://{{MANAGER}}/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'*:so-*',key:network.community_id,negate:!f,params:(query:'{match[network][community_id]}'),type:phrase),query:(match_phrase:(network.community_id:'{match[network][community_id]}')))),refreshInterval:(pause:!t,value:0),time:(from:now-7d,to:now))> \n\n `IPs: `{match[source][ip]}:{match[source][port]} --> {match[destination][ip]}:{match[destination][port]} \n\n `Signature:`{match[rule][rule]}"
|
||||
severity: 2
|
||||
tags: ['{match[rule][uuid]}','{match[source][ip]}','{match[destination][ip]}']
|
||||
tlp: 3
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{% set es = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set hivehost = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set es = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set hivehost = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
|
||||
{% set MASTER = salt['pillar.get']('master:url_base', '') %}
|
||||
{% set MANAGER = salt['pillar.get']('manager:url_base', '') %}
|
||||
|
||||
# Elastalert rule to forward high level Wazuh alerts from Security Onion to a specified TheHive instance.
|
||||
#
|
||||
@@ -38,7 +38,7 @@ hive_alert_config:
|
||||
title: '{match[rule][name]}'
|
||||
type: 'wazuh'
|
||||
source: 'SecurityOnion'
|
||||
description: "`SOC Hunt Pivot:` \n\n <https://{{MASTER}}/#/hunt?q=event.module%3A%20ossec%20AND%20rule.id%3A{match[rule][id]}%20%7C%20groupby%20host.name%20rule.name> \n\n `Kibana Dashboard Pivot:` \n\n <https://{{MASTER}}/kibana/app/kibana#/dashboard/ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'sid:')),sort:!('@timestamp',desc))>"
|
||||
description: "`SOC Hunt Pivot:` \n\n <https://{{MANAGER}}/#/hunt?q=event.module%3A%20ossec%20AND%20rule.id%3A{match[rule][id]}%20%7C%20groupby%20host.name%20rule.name> \n\n `Kibana Dashboard Pivot:` \n\n <https://{{MANAGER}}/kibana/app/kibana#/dashboard/ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'sid:')),sort:!('@timestamp',desc))>"
|
||||
severity: 2
|
||||
tags: ['{match[rule][id]}','{match[host][name]}']
|
||||
tlp: 3
|
||||
|
||||
@@ -13,12 +13,12 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
|
||||
{% if grains['role'] in ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
|
||||
{% set esalert = salt['pillar.get']('master:elastalert', '1') %}
|
||||
{% set esip = salt['pillar.get']('master:mainip', '') %}
|
||||
{% set esport = salt['pillar.get']('master:es_port', '') %}
|
||||
{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
|
||||
{% set esalert = salt['pillar.get']('manager:elastalert', '1') %}
|
||||
{% set esip = salt['pillar.get']('manager:mainip', '') %}
|
||||
{% set esport = salt['pillar.get']('manager:es_port', '') %}
|
||||
{% elif grains['role'] == 'so-node' %}
|
||||
{% set esalert = salt['pillar.get']('elasticsearch:elastalert', '0') %}
|
||||
{% endif %}
|
||||
@@ -101,7 +101,7 @@ elastaconf:
|
||||
|
||||
so-elastalert:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-elastalert:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-elastalert:{{ VERSION }}
|
||||
- hostname: elastalert
|
||||
- name: so-elastalert
|
||||
- user: elastalert
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
|
||||
{%- set esclustername = salt['pillar.get']('master:esclustername', '') %}
|
||||
{% if grains['role'] == 'so-manager' or grains['role'] == 'so-eval' %}
|
||||
{%- set esclustername = salt['pillar.get']('manager:esclustername', '') %}
|
||||
cluster.name: "{{ esclustername }}"
|
||||
network.host: 0.0.0.0
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
|
||||
|
||||
{% if FEATURES %}
|
||||
@@ -22,9 +22,9 @@
|
||||
{% set FEATURES = '' %}
|
||||
{% endif %}
|
||||
|
||||
{% if grains['role'] in ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
|
||||
{% set esclustername = salt['pillar.get']('master:esclustername', '') %}
|
||||
{% set esheap = salt['pillar.get']('master:esheap', '') %}
|
||||
{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
|
||||
{% set esclustername = salt['pillar.get']('manager:esclustername', '') %}
|
||||
{% set esheap = salt['pillar.get']('manager:esheap', '') %}
|
||||
{% elif grains['role'] in ['so-node','so-heavynode'] %}
|
||||
{% set esclustername = salt['pillar.get']('elasticsearch:esclustername', '') %}
|
||||
{% set esheap = salt['pillar.get']('elasticsearch:esheap', '') %}
|
||||
@@ -101,7 +101,7 @@ eslogdir:
|
||||
|
||||
so-elasticsearch:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-elasticsearch:{{ VERSION }}{{ FEATURES }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-elasticsearch:{{ VERSION }}{{ FEATURES }}
|
||||
- hostname: elasticsearch
|
||||
- name: so-elasticsearch
|
||||
- user: elasticsearch
|
||||
@@ -141,7 +141,7 @@ so-elasticsearch-pipelines:
|
||||
- file: esyml
|
||||
- file: so-elasticsearch-pipelines-file
|
||||
|
||||
{% if grains['role'] in ['so-master', 'so-eval', 'so-mastersearch', 'so-standalone'] %}
|
||||
{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %}
|
||||
so-elasticsearch-templates:
|
||||
cmd.run:
|
||||
- name: /usr/sbin/so-elasticsearch-templates
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{%- if grains.role == 'so-heavynode' %}
|
||||
{%- set MASTER = salt['pillar.get']('sensor:mainip' '') %}
|
||||
{%- set MANAGER = salt['pillar.get']('sensor:mainip' '') %}
|
||||
{%- else %}
|
||||
{%- set MASTER = grains['master'] %}
|
||||
{%- set MANAGER = grains['manager'] %}
|
||||
{%- endif %}
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
|
||||
{%- set WAZUHENABLED = salt['pillar.get']('static:wazuh', '0') %}
|
||||
{%- set STRELKAENABLED = salt['pillar.get']('strelka:enabled', '0') %}
|
||||
{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
|
||||
{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
|
||||
{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
|
||||
|
||||
name: {{ HOSTNAME }}
|
||||
@@ -214,7 +214,7 @@ filebeat.inputs:
|
||||
|
||||
{%- endif %}
|
||||
|
||||
{%- if FLEETMASTER or FLEETNODE %}
|
||||
{%- if FLEETMANAGER or FLEETNODE %}
|
||||
|
||||
- type: log
|
||||
paths:
|
||||
@@ -252,7 +252,7 @@ output.{{ type }}:
|
||||
{%- if grains['role'] == "so-eval" %}
|
||||
output.elasticsearch:
|
||||
enabled: true
|
||||
hosts: ["{{ MASTER }}:9200"]
|
||||
hosts: ["{{ MANAGER }}:9200"]
|
||||
pipelines:
|
||||
- pipeline: "%{[module]}.%{[dataset]}"
|
||||
indices:
|
||||
@@ -280,7 +280,7 @@ output.logstash:
|
||||
enabled: true
|
||||
|
||||
# The Logstash hosts
|
||||
hosts: ["{{ MASTER }}:5644"]
|
||||
hosts: ["{{ MANAGER }}:5644"]
|
||||
|
||||
# Number of workers per Logstash host.
|
||||
#worker: 1
|
||||
|
||||
@@ -12,8 +12,8 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MASTERIP = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
|
||||
{% if FEATURES %}
|
||||
{% set FEATURES = "-features" %}
|
||||
@@ -51,10 +51,10 @@ filebeatconfsync:
|
||||
OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }}
|
||||
so-filebeat:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-filebeat:{{ VERSION }}{{ FEATURES }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-filebeat:{{ VERSION }}{{ FEATURES }}
|
||||
- hostname: so-filebeat
|
||||
- user: root
|
||||
- extra_hosts: {{ MASTER }}:{{ MASTERIP }}
|
||||
- extra_hosts: {{ MANAGER }}:{{ MANAGERIP }}
|
||||
- binds:
|
||||
- /nsm:/nsm:ro
|
||||
- /opt/so/log/filebeat:/usr/share/filebeat/logs:rw
|
||||
|
||||
@@ -6,7 +6,7 @@ role:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
master:
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ portgroups.wazuh_agent }}
|
||||
- {{ portgroups.wazuh_api }}
|
||||
@@ -85,12 +85,12 @@ role:
|
||||
- {{ portgroups.all }}
|
||||
minion:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_master }}
|
||||
master:
|
||||
- {{ portgroups.salt_manager }}
|
||||
manager:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
master:
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ portgroups.wazuh_agent }}
|
||||
- {{ portgroups.wazuh_api }}
|
||||
@@ -166,12 +166,12 @@ role:
|
||||
- {{ portgroups.all }}
|
||||
minion:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_master }}
|
||||
mastersearch:
|
||||
- {{ portgroups.salt_manager }}
|
||||
managersearch:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
master:
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ portgroups.wazuh_agent }}
|
||||
- {{ portgroups.wazuh_api }}
|
||||
@@ -247,12 +247,12 @@ role:
|
||||
- {{ portgroups.all }}
|
||||
minion:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_master }}
|
||||
- {{ portgroups.salt_manager }}
|
||||
standalone:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
master:
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ portgroups.wazuh_agent }}
|
||||
- {{ portgroups.wazuh_api }}
|
||||
@@ -328,12 +328,12 @@ role:
|
||||
- {{ portgroups.all }}
|
||||
minion:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_master }}
|
||||
- {{ portgroups.salt_manager }}
|
||||
helixsensor:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
master:
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ portgroups.wazuh_agent }}
|
||||
- {{ portgroups.playbook }}
|
||||
@@ -391,12 +391,12 @@ role:
|
||||
- {{ portgroups.all }}
|
||||
minion:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_master }}
|
||||
- {{ portgroups.salt_manager }}
|
||||
searchnode:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
master:
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
dockernet:
|
||||
|
||||
@@ -19,4 +19,4 @@ firewall:
|
||||
ips:
|
||||
delete:
|
||||
insert:
|
||||
- {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
|
||||
- {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
|
||||
@@ -61,7 +61,7 @@ firewall:
|
||||
redis:
|
||||
tcp:
|
||||
- 6379
|
||||
salt_master:
|
||||
salt_manager:
|
||||
tcp:
|
||||
- 4505
|
||||
- 4506
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
|
||||
{% set CURRENTPACKAGEVERSION = salt['pillar.get']('static:fleet_packages-version') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion') %}
|
||||
@@ -19,6 +19,6 @@ so/fleet:
|
||||
mainip: {{ grains.host }}
|
||||
enroll-secret: {{ ENROLLSECRET }}
|
||||
current-package-version: {{ CURRENTPACKAGEVERSION }}
|
||||
master: {{ MASTER }}
|
||||
manager: {{ MANAGER }}
|
||||
version: {{ VERSION }}
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
{%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
|
||||
{%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set FLEETARCH = salt['grains.get']('role') %}
|
||||
|
||||
{% if FLEETARCH == "so-fleet" %}
|
||||
{% set MAININT = salt['pillar.get']('host:mainint') %}
|
||||
{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
|
||||
{% else %}
|
||||
{% set MAINIP = salt['pillar.get']('static:masterip') %}
|
||||
{% set MAINIP = salt['pillar.get']('static:managerip') %}
|
||||
{% endif %}
|
||||
|
||||
include:
|
||||
@@ -105,7 +105,7 @@ fleet_password_none:
|
||||
|
||||
so-fleet:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-fleet:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-fleet:{{ VERSION }}
|
||||
- hostname: so-fleet
|
||||
- port_bindings:
|
||||
- 0.0.0.0:8080:8080
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
|
||||
{%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
|
||||
{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
|
||||
{%- set FLEETHOSTNAME = salt['pillar.get']('static:fleet_hostname', False) -%}
|
||||
{%- set FLEETIP = salt['pillar.get']('static:fleet_ip', False) -%}
|
||||
|
||||
@@ -9,14 +9,14 @@ providers:
|
||||
disableDeletion: false
|
||||
editable: true
|
||||
options:
|
||||
path: /etc/grafana/grafana_dashboards/master
|
||||
path: /etc/grafana/grafana_dashboards/manager
|
||||
- name: 'Master Search'
|
||||
folder: 'Master Search'
|
||||
type: file
|
||||
disableDeletion: false
|
||||
editable: true
|
||||
options:
|
||||
path: /etc/grafana/grafana_dashboards/mastersearch
|
||||
path: /etc/grafana/grafana_dashboards/managersearch
|
||||
- name: 'Sensor Nodes'
|
||||
folder: 'Sensor Nodes'
|
||||
type: file
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{%- set MASTER = salt['pillar.get']('static:masterip', '') %}
|
||||
{%- set MANAGER = salt['pillar.get']('static:managerip', '') %}
|
||||
apiVersion: 1
|
||||
|
||||
deleteDatasources:
|
||||
@@ -10,7 +10,7 @@ datasources:
|
||||
type: influxdb
|
||||
access: proxy
|
||||
database: telegraf
|
||||
url: https://{{ MASTER }}:8086
|
||||
url: https://{{ MANAGER }}:8086
|
||||
jsonData:
|
||||
tlsAuth: false
|
||||
tlsAuthWithCACert: false
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
|
||||
{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
|
||||
{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
|
||||
|
||||
# Grafana all the things
|
||||
grafanadir:
|
||||
@@ -28,14 +28,14 @@ grafanadashdir:
|
||||
|
||||
grafanadashmdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/master
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/manager
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
grafanadashmsdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/mastersearch
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/managersearch
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
@@ -76,17 +76,17 @@ grafanaconf:
|
||||
- template: jinja
|
||||
- source: salt://grafana/etc
|
||||
|
||||
{% if salt['pillar.get']('mastertab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
|
||||
{% if salt['pillar.get']('managertab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('managertab', {}).items() %}
|
||||
{% set NODETYPE = SN.split('_')|last %}
|
||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||
dashboard-master:
|
||||
dashboard-manager:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/manager/{{ SN }}-Master.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://grafana/dashboards/master/master.json
|
||||
- source: salt://grafana/dashboards/manager/manager.json
|
||||
- defaults:
|
||||
SERVERNAME: {{ SN }}
|
||||
MANINT: {{ SNDATA.manint }}
|
||||
@@ -99,17 +99,17 @@ dashboard-master:
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if salt['pillar.get']('mastersearchtab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('mastersearchtab', {}).items() %}
|
||||
{% if salt['pillar.get']('managersearchtab', False) %}
|
||||
{% for SN, SNDATA in salt['pillar.get']('managersearchtab', {}).items() %}
|
||||
{% set NODETYPE = SN.split('_')|last %}
|
||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||
dashboard-mastersearch:
|
||||
dashboard-managersearch:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/mastersearch/{{ SN }}-MasterSearch.json
|
||||
- name: /opt/so/conf/grafana/grafana_dashboards/managersearch/{{ SN }}-MasterSearch.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- template: jinja
|
||||
- source: salt://grafana/dashboards/mastersearch/mastersearch.json
|
||||
- source: salt://grafana/dashboards/managersearch/managersearch.json
|
||||
- defaults:
|
||||
SERVERNAME: {{ SN }}
|
||||
MANINT: {{ SNDATA.manint }}
|
||||
@@ -216,7 +216,7 @@ dashboard-{{ SN }}:
|
||||
|
||||
so-grafana:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
|
||||
- hostname: grafana
|
||||
- user: socore
|
||||
- binds:
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
# IDSTools Setup
|
||||
idstoolsdir:
|
||||
file.directory:
|
||||
@@ -60,7 +60,7 @@ synclocalnidsrules:
|
||||
|
||||
so-idstools:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-idstools:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-idstools:{{ VERSION }}
|
||||
- hostname: so-idstools
|
||||
- user: socore
|
||||
- binds:
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
|
||||
|
||||
{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
|
||||
{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
|
||||
|
||||
# Influx DB
|
||||
influxconfdir:
|
||||
@@ -26,7 +26,7 @@ influxdbconf:
|
||||
|
||||
so-influxdb:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
|
||||
- hostname: influxdb
|
||||
- environment:
|
||||
- INFLUXDB_HTTP_LOG_ENABLED=false
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
# Wait for ElasticSearch to come up, so that we can query for version infromation
|
||||
echo -n "Waiting for ElasticSearch..."
|
||||
COUNT=0
|
||||
|
||||
@@ -1,20 +1,20 @@
|
||||
#!/bin/bash
|
||||
# {%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master', False) -%}
|
||||
# {%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager', False) -%}
|
||||
# {%- set FLEET_NODE = salt['pillar.get']('static:fleet_node', False) -%}
|
||||
# {%- set MASTER = salt['pillar.get']('master:url_base', '') %}
|
||||
# {%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
|
||||
|
||||
KIBANA_VERSION="7.6.1"
|
||||
|
||||
# Copy template file
|
||||
cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_objects.ndjson
|
||||
|
||||
# {% if FLEET_NODE or FLEET_MASTER %}
|
||||
# {% if FLEET_NODE or FLEET_MANAGER %}
|
||||
# Fleet IP
|
||||
sed -i "s/FLEETPLACEHOLDER/{{ MASTER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
|
||||
sed -i "s/FLEETPLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
|
||||
# {% endif %}
|
||||
|
||||
# SOCtopus and Master
|
||||
sed -i "s/PLACEHOLDER/{{ MASTER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
|
||||
sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
|
||||
|
||||
# Load saved objects
|
||||
curl -X POST "localhost:5601/api/saved_objects/_import" -H "kbn-xsrf: true" --form file=@/opt/so/conf/kibana/saved_objects.ndjson > /dev/null 2>&1
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
# Default Kibana configuration from kibana-docker.
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
server.name: kibana
|
||||
server.host: "0"
|
||||
server.basePath: /kibana
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
|
||||
{% if FEATURES %}
|
||||
{% set FEATURES = "-features" %}
|
||||
@@ -69,13 +69,13 @@ kibanabin:
|
||||
# Start the kibana docker
|
||||
so-kibana:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-kibana:{{ VERSION }}{{ FEATURES }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-kibana:{{ VERSION }}{{ FEATURES }}
|
||||
- hostname: kibana
|
||||
- user: kibana
|
||||
- environment:
|
||||
- ELASTICSEARCH_HOST={{ MASTER }}
|
||||
- ELASTICSEARCH_HOST={{ MANAGER }}
|
||||
- ELASTICSEARCH_PORT=9200
|
||||
- MASTER={{ MASTER }}
|
||||
- MANAGER={{ MANAGER }}
|
||||
- binds:
|
||||
- /opt/so/conf/kibana/etc:/usr/share/kibana/config:rw
|
||||
- /opt/so/log/kibana:/var/log/kibana:rw
|
||||
@@ -94,7 +94,7 @@ kibanadashtemplate:
|
||||
wait_for_kibana:
|
||||
module.run:
|
||||
- http.wait_for_successful_query:
|
||||
- url: "http://{{MASTER}}:5601/api/saved_objects/_find?type=config"
|
||||
- url: "http://{{MANAGER}}:5601/api/saved_objects/_find?type=config"
|
||||
- wait_for: 180
|
||||
- onchanges:
|
||||
- file: kibanadashtemplate
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
|
||||
|
||||
{% if FEATURES %}
|
||||
@@ -24,13 +24,13 @@
|
||||
|
||||
# Logstash Section - Decide which pillar to use
|
||||
{% set lsheap = salt['pillar.get']('logstash_settings:lsheap', '') %}
|
||||
{% if grains['role'] in ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
|
||||
{% set freq = salt['pillar.get']('master:freq', '0') %}
|
||||
{% set dstats = salt['pillar.get']('master:domainstats', '0') %}
|
||||
{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %}
|
||||
{% set freq = salt['pillar.get']('manager:freq', '0') %}
|
||||
{% set dstats = salt['pillar.get']('manager:domainstats', '0') %}
|
||||
{% set nodetype = salt['grains.get']('role', '') %}
|
||||
{% elif grains['role'] == 'so-helix' %}
|
||||
{% set freq = salt['pillar.get']('master:freq', '0') %}
|
||||
{% set dstats = salt['pillar.get']('master:domainstats', '0') %}
|
||||
{% set freq = salt['pillar.get']('manager:freq', '0') %}
|
||||
{% set dstats = salt['pillar.get']('manager:domainstats', '0') %}
|
||||
{% set nodetype = salt['grains.get']('role', '') %}
|
||||
{% endif %}
|
||||
|
||||
@@ -159,7 +159,7 @@ lslogdir:
|
||||
|
||||
so-logstash:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-logstash:{{ VERSION }}{{ FEATURES }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-logstash:{{ VERSION }}{{ FEATURES }}
|
||||
- hostname: so-logstash
|
||||
- name: so-logstash
|
||||
- user: logstash
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
{%- if grains.role == 'so-heavynode' %}
|
||||
{%- set MASTER = salt['pillar.get']('elasticsearch:mainip', '') %}
|
||||
{%- set MANAGER = salt['pillar.get']('elasticsearch:mainip', '') %}
|
||||
{%- else %}
|
||||
{%- set MASTER = salt['pillar.get']('static:masterip', '') %}
|
||||
{%- set MANAGER = salt['pillar.get']('static:managerip', '') %}
|
||||
{% endif -%}
|
||||
{%- set THREADS = salt['pillar.get']('logstash_settings:ls_input_threads', '') %}
|
||||
|
||||
input {
|
||||
redis {
|
||||
host => '{{ MASTER }}'
|
||||
host => '{{ MANAGER }}'
|
||||
data_type => 'list'
|
||||
key => 'logstash:unparsed'
|
||||
type => 'redis-input'
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- if grains['role'] == 'so-eval' -%}
|
||||
{%- set ES = salt['pillar.get']('master:mainip', '') -%}
|
||||
{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
|
||||
{%- else %}
|
||||
{%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
{% set MASTER = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set MANAGER = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set BATCH = salt['pillar.get']('logstash_settings:ls_pipeline_batch_size', 125) %}
|
||||
|
||||
output {
|
||||
redis {
|
||||
host => '{{ MASTER }}'
|
||||
host => '{{ MANAGER }}'
|
||||
data_type => 'list'
|
||||
key => 'logstash:unparsed'
|
||||
congestion_interval => 1
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
MASTER={{ MASTER }}
|
||||
MANAGER={{ MANAGER }}
|
||||
VERSION="HH1.2.2"
|
||||
TRUSTED_CONTAINERS=( \
|
||||
"so-nginx:$VERSION" \
|
||||
@@ -41,6 +41,6 @@ do
|
||||
# Pull down the trusted docker image
|
||||
docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
|
||||
# Tag it with the new registry destination
|
||||
docker tag soshybridhunter/$i $MASTER:5000/soshybridhunter/$i
|
||||
docker push $MASTER:5000/soshybridhunter/$i
|
||||
docker tag soshybridhunter/$i $MANAGER:5000/soshybridhunter/$i
|
||||
docker push $MANAGER:5000/soshybridhunter/$i
|
||||
done
|
||||
@@ -13,8 +13,8 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set masterproxy = salt['pillar.get']('static:masterupdate', '0') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set managerproxy = salt['pillar.get']('static:managerupdate', '0') %}
|
||||
|
||||
socore_own_saltstack:
|
||||
file.directory:
|
||||
@@ -25,7 +25,7 @@ socore_own_saltstack:
|
||||
- user
|
||||
- group
|
||||
|
||||
{% if masterproxy == 1 %}
|
||||
{% if managerproxy == 1 %}
|
||||
|
||||
# Create the directories for apt-cacher-ng
|
||||
aptcacherconfdir:
|
||||
@@ -54,12 +54,12 @@ aptcacherlogdir:
|
||||
acngcopyconf:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/aptcacher-ng/etc/acng.conf
|
||||
- source: salt://master/files/acng/acng.conf
|
||||
- source: salt://manager/files/acng/acng.conf
|
||||
|
||||
# Install the apt-cacher-ng container
|
||||
so-aptcacherng:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-acng:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-acng:{{ VERSION }}
|
||||
- hostname: so-acng
|
||||
- restart_policy: always
|
||||
- port_bindings:
|
||||
@@ -13,8 +13,8 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
{% set access_key = salt['pillar.get']('master:access_key', '') %}
|
||||
{% set access_secret = salt['pillar.get']('master:access_secret', '') %}
|
||||
{% set access_key = salt['pillar.get']('manager:access_key', '') %}
|
||||
{% set access_secret = salt['pillar.get']('manager:access_secret', '') %}
|
||||
|
||||
# Minio Setup
|
||||
minioconfdir:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
|
||||
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
|
||||
{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set MAINIP = salt['pillar.get']('elasticsearch:mainip') %}
|
||||
{% set FLEETARCH = salt['grains.get']('role') %}
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
{% set MAININT = salt['pillar.get']('host:mainint') %}
|
||||
{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
|
||||
{% else %}
|
||||
{% set MAINIP = salt['pillar.get']('static:masterip') %}
|
||||
{% set MAINIP = salt['pillar.get']('static:managerip') %}
|
||||
{% endif %}
|
||||
|
||||
# MySQL Setup
|
||||
@@ -71,7 +71,7 @@ mysql_password_none:
|
||||
|
||||
so-mysql:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-mysql:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-mysql:{{ VERSION }}
|
||||
- hostname: so-mysql
|
||||
- user: socore
|
||||
- port_bindings:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- set masterip = salt['pillar.get']('master:mainip', '') %}
|
||||
{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
|
||||
{%- set managerip = salt['pillar.get']('manager:mainip', '') %}
|
||||
{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
|
||||
{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
|
||||
{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
|
||||
# For more information on configuration, see:
|
||||
@@ -66,7 +66,7 @@ http {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
{% if FLEET_MASTER %}
|
||||
{% if FLEET_MANAGER %}
|
||||
server {
|
||||
listen 8090 ssl http2 default_server;
|
||||
server_name _;
|
||||
@@ -81,7 +81,7 @@ http {
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
||||
grpc_pass grpcs://{{ masterip }}:8080;
|
||||
grpc_pass grpcs://{{ managerip }}:8080;
|
||||
grpc_set_header Host $host;
|
||||
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_buffering off;
|
||||
@@ -110,7 +110,7 @@ http {
|
||||
#include /etc/nginx/default.d/*.conf;
|
||||
|
||||
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
||||
proxy_pass http://{{ masterip }}:9822;
|
||||
proxy_pass http://{{ managerip }}:9822;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -124,7 +124,7 @@ http {
|
||||
|
||||
location / {
|
||||
auth_request /auth/sessions/whoami;
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_pass http://{{ managerip }}:9822/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -138,7 +138,7 @@ http {
|
||||
|
||||
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
||||
rewrite /auth/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:4433;
|
||||
proxy_pass http://{{ managerip }}:4433;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -185,7 +185,7 @@ http {
|
||||
location /grafana/ {
|
||||
auth_request /auth/sessions/whoami;
|
||||
rewrite /grafana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:3000/;
|
||||
proxy_pass http://{{ managerip }}:3000/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -198,7 +198,7 @@ http {
|
||||
location /kibana/ {
|
||||
auth_request /auth/sessions/whoami;
|
||||
rewrite /kibana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:5601/;
|
||||
proxy_pass http://{{ managerip }}:5601/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -209,7 +209,7 @@ http {
|
||||
}
|
||||
|
||||
location /nodered/ {
|
||||
proxy_pass http://{{ masterip }}:1880/;
|
||||
proxy_pass http://{{ managerip }}:1880/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -222,7 +222,7 @@ http {
|
||||
}
|
||||
|
||||
location /playbook/ {
|
||||
proxy_pass http://{{ masterip }}:3200/playbook/;
|
||||
proxy_pass http://{{ managerip }}:3200/playbook/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -238,7 +238,7 @@ http {
|
||||
}
|
||||
{%- else %}
|
||||
location /fleet/ {
|
||||
proxy_pass https://{{ masterip }}:8080;
|
||||
proxy_pass https://{{ managerip }}:8080;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -250,7 +250,7 @@ http {
|
||||
{%- endif %}
|
||||
|
||||
location /thehive/ {
|
||||
proxy_pass http://{{ masterip }}:9000/thehive/;
|
||||
proxy_pass http://{{ managerip }}:9000/thehive/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
@@ -262,7 +262,7 @@ http {
|
||||
}
|
||||
|
||||
location /cortex/ {
|
||||
proxy_pass http://{{ masterip }}:9001/cortex/;
|
||||
proxy_pass http://{{ managerip }}:9001/cortex/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
@@ -274,7 +274,7 @@ http {
|
||||
}
|
||||
|
||||
location /soctopus/ {
|
||||
proxy_pass http://{{ masterip }}:7000/;
|
||||
proxy_pass http://{{ managerip }}:7000/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -297,7 +297,7 @@ http {
|
||||
}
|
||||
|
||||
location /sensoroniagents/ {
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_pass http://{{ managerip }}:9822/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- set masterip = salt['pillar.get']('master:mainip', '') %}
|
||||
{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
|
||||
{%- set managerip = salt['pillar.get']('manager:mainip', '') %}
|
||||
{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
|
||||
{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
|
||||
{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
|
||||
# For more information on configuration, see:
|
||||
@@ -66,7 +66,7 @@ http {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
{% if FLEET_MASTER %}
|
||||
{% if FLEET_MANAGER %}
|
||||
server {
|
||||
listen 8090 ssl http2 default_server;
|
||||
server_name _;
|
||||
@@ -81,7 +81,7 @@ http {
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
||||
grpc_pass grpcs://{{ masterip }}:8080;
|
||||
grpc_pass grpcs://{{ managerip }}:8080;
|
||||
grpc_set_header Host $host;
|
||||
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_buffering off;
|
||||
@@ -110,7 +110,7 @@ http {
|
||||
#include /etc/nginx/default.d/*.conf;
|
||||
|
||||
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
||||
proxy_pass http://{{ masterip }}:9822;
|
||||
proxy_pass http://{{ managerip }}:9822;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -124,7 +124,7 @@ http {
|
||||
|
||||
location / {
|
||||
auth_request /auth/sessions/whoami;
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_pass http://{{ managerip }}:9822/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -138,7 +138,7 @@ http {
|
||||
|
||||
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
||||
rewrite /auth/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:4433;
|
||||
proxy_pass http://{{ managerip }}:4433;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -185,7 +185,7 @@ http {
|
||||
location /grafana/ {
|
||||
auth_request /auth/sessions/whoami;
|
||||
rewrite /grafana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:3000/;
|
||||
proxy_pass http://{{ managerip }}:3000/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -198,7 +198,7 @@ http {
|
||||
location /kibana/ {
|
||||
auth_request /auth/sessions/whoami;
|
||||
rewrite /kibana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:5601/;
|
||||
proxy_pass http://{{ managerip }}:5601/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -209,7 +209,7 @@ http {
|
||||
}
|
||||
|
||||
location /nodered/ {
|
||||
proxy_pass http://{{ masterip }}:1880/;
|
||||
proxy_pass http://{{ managerip }}:1880/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -222,7 +222,7 @@ http {
|
||||
}
|
||||
|
||||
location /playbook/ {
|
||||
proxy_pass http://{{ masterip }}:3200/playbook/;
|
||||
proxy_pass http://{{ managerip }}:3200/playbook/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -238,7 +238,7 @@ http {
|
||||
}
|
||||
{%- else %}
|
||||
location /fleet/ {
|
||||
proxy_pass https://{{ masterip }}:8080;
|
||||
proxy_pass https://{{ managerip }}:8080;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -250,7 +250,7 @@ http {
|
||||
{%- endif %}
|
||||
|
||||
location /thehive/ {
|
||||
proxy_pass http://{{ masterip }}:9000/thehive/;
|
||||
proxy_pass http://{{ managerip }}:9000/thehive/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
@@ -262,7 +262,7 @@ http {
|
||||
}
|
||||
|
||||
location /cortex/ {
|
||||
proxy_pass http://{{ masterip }}:9001/cortex/;
|
||||
proxy_pass http://{{ managerip }}:9001/cortex/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
@@ -274,7 +274,7 @@ http {
|
||||
}
|
||||
|
||||
location /soctopus/ {
|
||||
proxy_pass http://{{ masterip }}:7000/;
|
||||
proxy_pass http://{{ managerip }}:7000/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -297,7 +297,7 @@ http {
|
||||
}
|
||||
|
||||
location /sensoroniagents/ {
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_pass http://{{ managerip }}:9822/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- set masterip = salt['pillar.get']('master:mainip', '') %}
|
||||
{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
|
||||
{%- set managerip = salt['pillar.get']('manager:mainip', '') %}
|
||||
{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
|
||||
{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
|
||||
{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
|
||||
# For more information on configuration, see:
|
||||
@@ -66,7 +66,7 @@ http {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
{% if FLEET_MASTER %}
|
||||
{% if FLEET_MANAGER %}
|
||||
server {
|
||||
listen 8090 ssl http2 default_server;
|
||||
server_name _;
|
||||
@@ -81,7 +81,7 @@ http {
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
||||
grpc_pass grpcs://{{ masterip }}:8080;
|
||||
grpc_pass grpcs://{{ managerip }}:8080;
|
||||
grpc_set_header Host $host;
|
||||
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_buffering off;
|
||||
@@ -109,7 +109,7 @@ http {
|
||||
#include /etc/nginx/default.d/*.conf;
|
||||
|
||||
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
||||
proxy_pass http://{{ masterip }}:9822;
|
||||
proxy_pass http://{{ managerip }}:9822;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -123,7 +123,7 @@ http {
|
||||
|
||||
location / {
|
||||
auth_request /auth/sessions/whoami;
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_pass http://{{ managerip }}:9822/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -137,7 +137,7 @@ http {
|
||||
|
||||
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
||||
rewrite /auth/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:4433;
|
||||
proxy_pass http://{{ managerip }}:4433;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -184,7 +184,7 @@ http {
|
||||
location /grafana/ {
|
||||
auth_request /auth/sessions/whoami;
|
||||
rewrite /grafana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:3000/;
|
||||
proxy_pass http://{{ managerip }}:3000/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -197,7 +197,7 @@ http {
|
||||
location /kibana/ {
|
||||
auth_request /auth/sessions/whoami;
|
||||
rewrite /kibana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:5601/;
|
||||
proxy_pass http://{{ managerip }}:5601/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -208,7 +208,7 @@ http {
|
||||
}
|
||||
|
||||
location /nodered/ {
|
||||
proxy_pass http://{{ masterip }}:1880/;
|
||||
proxy_pass http://{{ managerip }}:1880/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -221,7 +221,7 @@ http {
|
||||
}
|
||||
|
||||
location /playbook/ {
|
||||
proxy_pass http://{{ masterip }}:3200/playbook/;
|
||||
proxy_pass http://{{ managerip }}:3200/playbook/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -237,7 +237,7 @@ http {
|
||||
}
|
||||
{%- else %}
|
||||
location /fleet/ {
|
||||
proxy_pass https://{{ masterip }}:8080;
|
||||
proxy_pass https://{{ managerip }}:8080;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -249,7 +249,7 @@ http {
|
||||
{%- endif %}
|
||||
|
||||
location /thehive/ {
|
||||
proxy_pass http://{{ masterip }}:9000/thehive/;
|
||||
proxy_pass http://{{ managerip }}:9000/thehive/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
@@ -261,7 +261,7 @@ http {
|
||||
}
|
||||
|
||||
location /cortex/ {
|
||||
proxy_pass http://{{ masterip }}:9001/cortex/;
|
||||
proxy_pass http://{{ managerip }}:9001/cortex/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
@@ -273,7 +273,7 @@ http {
|
||||
}
|
||||
|
||||
location /soctopus/ {
|
||||
proxy_pass http://{{ masterip }}:7000/;
|
||||
proxy_pass http://{{ managerip }}:7000/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -296,7 +296,7 @@ http {
|
||||
}
|
||||
|
||||
location /sensoroniagents/ {
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_pass http://{{ managerip }}:9822/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -1,5 +1,5 @@
|
||||
{%- set masterip = salt['pillar.get']('master:mainip', '') %}
|
||||
{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
|
||||
{%- set managerip = salt['pillar.get']('manager:mainip', '') %}
|
||||
{%- set FLEET_MANAGER = salt['pillar.get']('static:fleet_manager') %}
|
||||
{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
|
||||
{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
|
||||
# For more information on configuration, see:
|
||||
@@ -66,7 +66,7 @@ http {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
{% if FLEET_MASTER %}
|
||||
{% if FLEET_MANAGER %}
|
||||
server {
|
||||
listen 8090 ssl http2 default_server;
|
||||
server_name _;
|
||||
@@ -81,7 +81,7 @@ http {
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location ~ ^/kolide.agent.Api/(RequestEnrollment|RequestConfig|RequestQueries|PublishLogs|PublishResults|CheckHealth)$ {
|
||||
grpc_pass grpcs://{{ masterip }}:8080;
|
||||
grpc_pass grpcs://{{ managerip }}:8080;
|
||||
grpc_set_header Host $host;
|
||||
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_buffering off;
|
||||
@@ -110,7 +110,7 @@ http {
|
||||
#include /etc/nginx/default.d/*.conf;
|
||||
|
||||
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
|
||||
proxy_pass http://{{ masterip }}:9822;
|
||||
proxy_pass http://{{ managerip }}:9822;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -124,7 +124,7 @@ http {
|
||||
|
||||
location / {
|
||||
auth_request /auth/sessions/whoami;
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_pass http://{{ managerip }}:9822/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -138,7 +138,7 @@ http {
|
||||
|
||||
location ~ ^/auth/.*?(whoami|login|logout|settings) {
|
||||
rewrite /auth/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:4433;
|
||||
proxy_pass http://{{ managerip }}:4433;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -185,7 +185,7 @@ http {
|
||||
location /grafana/ {
|
||||
auth_request /auth/sessions/whoami;
|
||||
rewrite /grafana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:3000/;
|
||||
proxy_pass http://{{ managerip }}:3000/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -198,7 +198,7 @@ http {
|
||||
location /kibana/ {
|
||||
auth_request /auth/sessions/whoami;
|
||||
rewrite /kibana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:5601/;
|
||||
proxy_pass http://{{ managerip }}:5601/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -209,7 +209,7 @@ http {
|
||||
}
|
||||
|
||||
location /nodered/ {
|
||||
proxy_pass http://{{ masterip }}:1880/;
|
||||
proxy_pass http://{{ managerip }}:1880/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -222,7 +222,7 @@ http {
|
||||
}
|
||||
|
||||
location /playbook/ {
|
||||
proxy_pass http://{{ masterip }}:3200/playbook/;
|
||||
proxy_pass http://{{ managerip }}:3200/playbook/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -238,7 +238,7 @@ http {
|
||||
}
|
||||
{%- else %}
|
||||
location /fleet/ {
|
||||
proxy_pass https://{{ masterip }}:8080;
|
||||
proxy_pass https://{{ managerip }}:8080;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -250,7 +250,7 @@ http {
|
||||
{%- endif %}
|
||||
|
||||
location /thehive/ {
|
||||
proxy_pass http://{{ masterip }}:9000/thehive/;
|
||||
proxy_pass http://{{ managerip }}:9000/thehive/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
@@ -262,7 +262,7 @@ http {
|
||||
}
|
||||
|
||||
location /cortex/ {
|
||||
proxy_pass http://{{ masterip }}:9001/cortex/;
|
||||
proxy_pass http://{{ managerip }}:9001/cortex/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
@@ -274,7 +274,7 @@ http {
|
||||
}
|
||||
|
||||
location /soctopus/ {
|
||||
proxy_pass http://{{ masterip }}:7000/;
|
||||
proxy_pass http://{{ managerip }}:7000/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -297,7 +297,7 @@ http {
|
||||
}
|
||||
|
||||
location /sensoroniagents/ {
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_pass http://{{ managerip }}:9822/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{%- set ip = salt['pillar.get']('static:masterip', '') %}
|
||||
{%- set ip = salt['pillar.get']('static:managerip', '') %}
|
||||
|
||||
{
|
||||
"enterprise_attack_url": "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
|
||||
{% set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) %}
|
||||
{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
|
||||
# Drop the correct nginx config based on role
|
||||
@@ -61,15 +61,15 @@ navigatordefaultlayer:
|
||||
|
||||
so-nginx:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-nginx:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-nginx:{{ VERSION }}
|
||||
- hostname: so-nginx
|
||||
- binds:
|
||||
- /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- /opt/so/log/nginx/:/var/log/nginx:rw
|
||||
- /opt/so/tmp/nginx/:/var/lib/nginx:rw
|
||||
- /opt/so/tmp/nginx/:/run:rw
|
||||
- /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
|
||||
- /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
|
||||
- /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro
|
||||
- /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro
|
||||
- /opt/so/conf/fleet/packages:/opt/socore/html/packages
|
||||
# ATT&CK Navigator binds
|
||||
- /opt/so/conf/navigator/navigator_config.json:/opt/socore/html/navigator/assets/config.json:ro
|
||||
@@ -78,7 +78,7 @@ so-nginx:
|
||||
- port_bindings:
|
||||
- 80:80
|
||||
- 443:443
|
||||
{%- if FLEETMASTER or FLEETNODE %}
|
||||
{%- if FLEETMANAGER or FLEETNODE %}
|
||||
- 8090:8090
|
||||
{%- endif %}
|
||||
- watch:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{%- set ip = salt['pillar.get']('static:masterip', '') -%}
|
||||
{%- set ip = salt['pillar.get']('static:managerip', '') -%}
|
||||
#!/bin/bash
|
||||
default_salt_dir=/opt/so/saltstack/default
|
||||
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -1,11 +1,11 @@
|
||||
{%- set MASTER = grains['master'] -%}
|
||||
{%- set MANAGER = grains['manager'] -%}
|
||||
{%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
|
||||
{
|
||||
"logFilename": "/opt/sensoroni/logs/sensoroni.log",
|
||||
"logLevel":"debug",
|
||||
"agent": {
|
||||
"pollIntervalMs": 10000,
|
||||
"serverUrl": "https://{{ MASTER }}/sensoroniagents",
|
||||
"serverUrl": "https://{{ MANAGER }}/sensoroniagents",
|
||||
"verifyCert": false,
|
||||
"modules": {
|
||||
"statickeyauth": {
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
|
||||
{% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
|
||||
{% set BPF_COMPILED = "" %}
|
||||
@@ -129,7 +129,7 @@ sensoronilog:
|
||||
|
||||
so-steno:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-steno:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-steno:{{ VERSION }}
|
||||
- network_mode: host
|
||||
- privileged: True
|
||||
- port_bindings:
|
||||
@@ -146,7 +146,7 @@ so-steno:
|
||||
|
||||
so-sensoroni:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
|
||||
- network_mode: host
|
||||
- binds:
|
||||
- /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
|
||||
{% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
{% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %}
|
||||
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
|
||||
{%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook', None) -%}
|
||||
|
||||
@@ -40,7 +40,7 @@ query_playbookdbuser_grants:
|
||||
query_updatwebhooks:
|
||||
mysql_query.run:
|
||||
- database: playbook
|
||||
- query: "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
|
||||
- query: "update webhooks set url = 'http://{{MANAGERIP}}:7000/playbook/webhook' where project_id = 1"
|
||||
- connection_host: {{ MAINIP }}
|
||||
- connection_port: 3306
|
||||
- connection_user: root
|
||||
@@ -53,8 +53,8 @@ query_updatepluginurls:
|
||||
update settings set value =
|
||||
"--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
|
||||
project: '1'
|
||||
convert_url: http://{{MASTERIP}}:7000/playbook/sigmac
|
||||
create_url: http://{{MASTERIP}}:7000/playbook/play"
|
||||
convert_url: http://{{MANAGERIP}}:7000/playbook/sigmac
|
||||
create_url: http://{{MANAGERIP}}:7000/playbook/play"
|
||||
where id = 43
|
||||
- connection_host: {{ MAINIP }}
|
||||
- connection_port: 3306
|
||||
@@ -73,11 +73,11 @@ playbook_password_none:
|
||||
|
||||
so-playbook:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-playbook:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-playbook:{{ VERSION }}
|
||||
- hostname: playbook
|
||||
- name: so-playbook
|
||||
- environment:
|
||||
- REDMINE_DB_MYSQL={{ MASTERIP }}
|
||||
- REDMINE_DB_MYSQL={{ MANAGERIP }}
|
||||
- REDMINE_DB_DATABASE=playbook
|
||||
- REDMINE_DB_USERNAME=playbookdbuser
|
||||
- REDMINE_DB_PASSWORD={{ PLAYBOOKPASS }}
|
||||
|
||||
@@ -13,7 +13,7 @@ def run():
|
||||
STATICFILE = f"{LOCAL_SALT_DIR}/pillar/static.sls"
|
||||
SECRETSFILE = f"{LOCAL_SALT_DIR}/pillar/secrets.sls"
|
||||
|
||||
if MINIONID.split('_')[-1] in ['master','eval','fleet','mastersearch','standalone']:
|
||||
if MINIONID.split('_')[-1] in ['manager','eval','fleet','managersearch','standalone']:
|
||||
if ACTION == 'enablefleet':
|
||||
logging.info('so/fleet enablefleet reactor')
|
||||
|
||||
@@ -27,7 +27,7 @@ def run():
|
||||
if ROLE == 'so-fleet':
|
||||
line = re.sub(r'fleet_node: \S*', f"fleet_node: True", line.rstrip())
|
||||
else:
|
||||
line = re.sub(r'fleet_master: \S*', f"fleet_master: True", line.rstrip())
|
||||
line = re.sub(r'fleet_manager: \S*', f"fleet_manager: True", line.rstrip())
|
||||
print(line)
|
||||
|
||||
# Update the enroll secret in the secrets pillar
|
||||
@@ -50,7 +50,7 @@ def run():
|
||||
|
||||
PACKAGEVERSION = data['data']['current-package-version']
|
||||
PACKAGEHOSTNAME = data['data']['package-hostname']
|
||||
MASTER = data['data']['master']
|
||||
MANAGER = data['data']['manager']
|
||||
VERSION = data['data']['version']
|
||||
ESECRET = data['data']['enroll-secret']
|
||||
|
||||
@@ -59,7 +59,7 @@ def run():
|
||||
|
||||
# Run Docker container that will build the packages
|
||||
gen_packages = subprocess.run(["docker", "run","--rm", "--mount", f"type=bind,source={LOCAL_SALT_DIR}/salt/fleet/packages,target=/output", \
|
||||
"--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:{ VERSION }", \
|
||||
"--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MANAGER }:5000/soshybridhunter/so-fleet-launcher:{ VERSION }", \
|
||||
f"{ESECRET}", f"{PACKAGEHOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')
|
||||
|
||||
# Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
|
||||
|
||||
@@ -13,7 +13,7 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
|
||||
# Redis Setup
|
||||
redisconfdir:
|
||||
@@ -47,7 +47,7 @@ redisconfsync:
|
||||
|
||||
so-redis:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-redis:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-redis:{{ VERSION }}
|
||||
- hostname: so-redis
|
||||
- user: socore
|
||||
- port_bindings:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{%- set WEBACCESS = salt['pillar.get']('master:url_base', '') -%}
|
||||
{%- set WEBACCESS = salt['pillar.get']('manager:url_base', '') -%}
|
||||
{%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
|
||||
|
||||
selfservice:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
|
||||
{%- set MANAGERIP = salt['pillar.get']('static:managerip', '') -%}
|
||||
{%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
|
||||
{
|
||||
"logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
|
||||
@@ -12,10 +12,10 @@
|
||||
"jobDir": "jobs"
|
||||
},
|
||||
"kratos": {
|
||||
"hostUrl": "http://{{ MASTERIP }}:4434/"
|
||||
"hostUrl": "http://{{ MANAGERIP }}:4434/"
|
||||
},
|
||||
"elastic": {
|
||||
"hostUrl": "http://{{ MASTERIP }}:9200",
|
||||
"hostUrl": "http://{{ MANAGERIP }}:9200",
|
||||
"username": "",
|
||||
"password": "",
|
||||
"verifyCert": false
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
||||
{% set MASTER = salt['grains.get']('master') %}
|
||||
{% set MANAGER = salt['grains.get']('manager') %}
|
||||
|
||||
socdir:
|
||||
file.directory:
|
||||
@@ -33,7 +33,7 @@ socsync:
|
||||
|
||||
so-soc:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
|
||||
- hostname: soc
|
||||
- name: so-soc
|
||||
- binds:
|
||||
@@ -84,7 +84,7 @@ kratossync:
|
||||
|
||||
so-kratos:
|
||||
docker_container.running:
|
||||
- image: {{ MASTER }}:5000/soshybridhunter/so-kratos:{{ VERSION }}
|
||||
- image: {{ MANAGER }}:5000/soshybridhunter/so-kratos:{{ VERSION }}
|
||||
- hostname: kratos
|
||||
- name: so-kratos
|
||||
- binds:
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
{%- set MASTER = salt['pillar.get']('master:url_base', '') %}
|
||||
{%- set MANAGER = salt['pillar.get']('manager:url_base', '') %}
|
||||
{%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}
|
||||
{%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
|
||||
|
||||
[es]
|
||||
es_url = http://{{MASTER}}:9200
|
||||
es_ip = {{MASTER}}
|
||||
es_url = http://{{MANAGER}}:9200
|
||||
es_ip = {{MANAGER}}
|
||||
es_user = YOURESUSER
|
||||
es_pass = YOURESPASS
|
||||
es_index_pattern = so-*
|
||||
@@ -12,7 +12,7 @@ es_verifycert = no
|
||||
|
||||
[cortex]
|
||||
auto_analyze_alerts = no
|
||||
cortex_url = https://{{MASTER}}/cortex/
|
||||
cortex_url = https://{{MANAGER}}/cortex/
|
||||
cortex_key = {{ CORTEXKEY }}
|
||||
supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS
|
||||
|
||||
@@ -33,7 +33,7 @@ grr_user = YOURGRRUSER
|
||||
grr_pass = YOURGRRPASS
|
||||
|
||||
[hive]
|
||||
hive_url = https://{{MASTER}}/thehive/
|
||||
hive_url = https://{{MANAGER}}/thehive/
|
||||
hive_key = {{ HIVEKEY }}
|
||||
hive_tlp = 3
|
||||
hive_verifycert = no
|
||||
@@ -60,7 +60,7 @@ slack_url = YOURSLACKWORKSPACE
|
||||
slack_webhook = YOURSLACKWEBHOOK
|
||||
|
||||
[playbook]
|
||||
playbook_url = http://{{MASTER}}:3200/playbook
|
||||
playbook_url = http://{{MANAGER}}:3200/playbook
|
||||
playbook_key = de6639318502476f2fa5aa06f43f51fb389a3d7f
|
||||
playbook_verifycert = no
|
||||
playbook_unit_test_index = playbook-testing
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set ES = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set ES = salt['pillar.get']('static:managerip', '') %}
|
||||
|
||||
alert: modules.so.playbook-es.PlaybookESAlerter
|
||||
elasticsearch_host: "{{ ES }}:9200"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set es = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set hivehost = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set es = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set hivehost = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
|
||||
alert: hivealerter
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% set es = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set hivehost = salt['pillar.get']('static:masterip', '') %}
|
||||
{% set es = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set hivehost = salt['pillar.get']('static:managerip', '') %}
|
||||
{% set hivekey = salt['pillar.get']('static:hivekey', '') %}
|
||||
alert: hivealerter
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user