From 3d7f2bc691f4b251dde2b8093b75877e06b99052 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 27 Apr 2023 13:23:53 -0400 Subject: [PATCH] Fix annotations and file locations --- salt/common/init.sls | 7 +- salt/common/tools/sbin/so-helix-apikey | 27 -- .../files/bin}/so-curator-restart | 0 .../files/bin}/so-curator-start | 0 .../files/bin}/so-curator-stop | 0 .../bin}/so-elastalert-create | 0 .../bin}/so-elastalert-restart | 0 .../bin}/so-elastalert-start | 0 .../bin}/so-elastalert-stop | 0 .../bin}/so-elastalert-test | 0 .../sbin/so-elasticsearch-cluster-space-total | 0 .../sbin/so-elasticsearch-cluster-space-used | 0 .../so-elasticsearch-component-templates-list | 0 .../so-elasticsearch-ilm-lifecycle-status | 0 .../sbin/so-elasticsearch-ilm-policy-delete | 0 .../so-elasticsearch-ilm-policy-load copy} | 0 .../sbin/so-elasticsearch-ilm-policy-view | 0 .../tools/sbin/so-elasticsearch-ilm-restart | 0 .../tools/sbin/so-elasticsearch-ilm-start | 0 .../tools/sbin/so-elasticsearch-ilm-status | 0 .../tools/sbin/so-elasticsearch-ilm-stop | 0 .../so-elasticsearch-index-templates-list | 0 .../tools/sbin/so-elasticsearch-indices-list | 0 .../tools/sbin/so-elasticsearch-indices-rw | 0 .../sbin/so-elasticsearch-pipeline-stats | 0 .../tools/sbin/so-elasticsearch-pipeline-view | 0 .../sbin/so-elasticsearch-pipelines-list | 0 .../tools/sbin/so-elasticsearch-query | 0 .../tools/sbin/so-elasticsearch-restart | 0 .../tools/sbin/so-elasticsearch-shards-list | 0 .../tools/sbin/so-elasticsearch-start | 0 .../tools/sbin/so-elasticsearch-stop | 0 .../sbin/so-elasticsearch-template-remove | 0 .../tools/sbin/so-elasticsearch-template-view | 0 .../sbin/so-elasticsearch-templates-list | 0 .../tools/sbin/so-elasticsearch-wait | 0 salt/firewall/soc_firewall.yaml | 413 ++++++++++++++++++ .../sbin => idstools/bin}/so-idstools-restart | 0 .../sbin => idstools/bin}/so-idstools-start | 0 .../sbin => idstools/bin}/so-idstools-stop | 0 salt/manager/{files => sbin}/so-repo-sync | 0 salt/manager/sbin/so-saltstack-update | 53 +++ .../tools/sbin => zeek/bin}/so-zeek-restart | 0 .../tools/sbin => zeek/bin}/so-zeek-start | 0 .../tools/sbin => zeek/bin}/so-zeek-stats | 0 .../tools/sbin => zeek/bin}/so-zeek-stop | 0 setup/so-functions | 10 + setup/so-variables | 12 + 48 files changed, 491 insertions(+), 31 deletions(-) delete mode 100755 salt/common/tools/sbin/so-helix-apikey rename salt/{common/tools/sbin => curator/files/bin}/so-curator-restart (100%) mode change 100755 => 100644 rename salt/{common/tools/sbin => curator/files/bin}/so-curator-start (100%) mode change 100755 => 100644 rename salt/{common/tools/sbin => curator/files/bin}/so-curator-stop (100%) mode change 100755 => 100644 rename salt/{common/tools/sbin => elastalert/bin}/so-elastalert-create (100%) rename salt/{common/tools/sbin => elastalert/bin}/so-elastalert-restart (100%) rename salt/{common/tools/sbin => elastalert/bin}/so-elastalert-start (100%) rename salt/{common/tools/sbin => elastalert/bin}/so-elastalert-stop (100%) rename salt/{common/tools/sbin => elastalert/bin}/so-elastalert-test (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-cluster-space-total (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-cluster-space-used (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-component-templates-list (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-ilm-lifecycle-status (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-ilm-policy-delete (100%) rename salt/{common/tools/sbin/so-elasticsearch-ilm-policy-load => elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load copy} (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-ilm-policy-view (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-ilm-restart (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-ilm-start (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-ilm-status (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-ilm-stop (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-index-templates-list (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-indices-list (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-indices-rw (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-pipeline-stats (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-pipeline-view (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-pipelines-list (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-query (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-restart (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-shards-list (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-start (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-stop (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-template-remove (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-template-view (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-templates-list (100%) rename salt/{common => elasticsearch}/tools/sbin/so-elasticsearch-wait (100%) create mode 100644 salt/firewall/soc_firewall.yaml rename salt/{common/tools/sbin => idstools/bin}/so-idstools-restart (100%) rename salt/{common/tools/sbin => idstools/bin}/so-idstools-start (100%) rename salt/{common/tools/sbin => idstools/bin}/so-idstools-stop (100%) rename salt/manager/{files => sbin}/so-repo-sync (100%) create mode 100755 salt/manager/sbin/so-saltstack-update rename salt/{common/tools/sbin => zeek/bin}/so-zeek-restart (100%) rename salt/{common/tools/sbin => zeek/bin}/so-zeek-start (100%) rename salt/{common/tools/sbin => zeek/bin}/so-zeek-stats (100%) rename salt/{common/tools/sbin => zeek/bin}/so-zeek-stop (100%) diff --git a/salt/common/init.sls b/salt/common/init.sls index f23a05757..2feee941c 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -49,13 +49,12 @@ so-status.conf: - name: /opt/so/conf/so-status/so-status.conf - unless: ls /opt/so/conf/so-status/so-status.conf -sosaltstackperms: +socore_opso_perms: file.directory: - - name: /opt/so/saltstack + - name: /opt/so - user: 939 - group: 939 - - dir_mode: 770 - + so_log_perms: file.directory: - name: /opt/so/log diff --git a/salt/common/tools/sbin/so-helix-apikey b/salt/common/tools/sbin/so-helix-apikey deleted file mode 100755 index c58d2ad89..000000000 --- a/salt/common/tools/sbin/so-helix-apikey +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -local_salt_dir=/opt/so/saltstack/local - -got_root() { - - # Make sure you are root - if [ "$(id -u)" -ne 0 ]; then - echo "This script must be run using sudo!" - exit 1 - fi - -} - -got_root -if [ ! -f $local_salt_dir/pillar/fireeye/init.sls ]; then - echo "This is nto configured for Helix Mode. Please re-install." - exit -else - echo "Enter your Helix API Key: " - read APIKEY - sed -i "s/^ api_key.*/ api_key: $APIKEY/g" $local_salt_dir/pillar/fireeye/init.sls - docker stop so-logstash - docker rm so-logstash - echo "Restarting Logstash for updated key" - salt-call state.apply logstash queue=True -fi diff --git a/salt/common/tools/sbin/so-curator-restart b/salt/curator/files/bin/so-curator-restart old mode 100755 new mode 100644 similarity index 100% rename from salt/common/tools/sbin/so-curator-restart rename to salt/curator/files/bin/so-curator-restart diff --git a/salt/common/tools/sbin/so-curator-start b/salt/curator/files/bin/so-curator-start old mode 100755 new mode 100644 similarity index 100% rename from salt/common/tools/sbin/so-curator-start rename to salt/curator/files/bin/so-curator-start diff --git a/salt/common/tools/sbin/so-curator-stop b/salt/curator/files/bin/so-curator-stop old mode 100755 new mode 100644 similarity index 100% rename from salt/common/tools/sbin/so-curator-stop rename to salt/curator/files/bin/so-curator-stop diff --git a/salt/common/tools/sbin/so-elastalert-create b/salt/elastalert/bin/so-elastalert-create similarity index 100% rename from salt/common/tools/sbin/so-elastalert-create rename to salt/elastalert/bin/so-elastalert-create diff --git a/salt/common/tools/sbin/so-elastalert-restart b/salt/elastalert/bin/so-elastalert-restart similarity index 100% rename from salt/common/tools/sbin/so-elastalert-restart rename to salt/elastalert/bin/so-elastalert-restart diff --git a/salt/common/tools/sbin/so-elastalert-start b/salt/elastalert/bin/so-elastalert-start similarity index 100% rename from salt/common/tools/sbin/so-elastalert-start rename to salt/elastalert/bin/so-elastalert-start diff --git a/salt/common/tools/sbin/so-elastalert-stop b/salt/elastalert/bin/so-elastalert-stop similarity index 100% rename from salt/common/tools/sbin/so-elastalert-stop rename to salt/elastalert/bin/so-elastalert-stop diff --git a/salt/common/tools/sbin/so-elastalert-test b/salt/elastalert/bin/so-elastalert-test similarity index 100% rename from salt/common/tools/sbin/so-elastalert-test rename to salt/elastalert/bin/so-elastalert-test diff --git a/salt/common/tools/sbin/so-elasticsearch-cluster-space-total b/salt/elasticsearch/tools/sbin/so-elasticsearch-cluster-space-total similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-cluster-space-total rename to salt/elasticsearch/tools/sbin/so-elasticsearch-cluster-space-total diff --git a/salt/common/tools/sbin/so-elasticsearch-cluster-space-used b/salt/elasticsearch/tools/sbin/so-elasticsearch-cluster-space-used similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-cluster-space-used rename to salt/elasticsearch/tools/sbin/so-elasticsearch-cluster-space-used diff --git a/salt/common/tools/sbin/so-elasticsearch-component-templates-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-component-templates-list similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-component-templates-list rename to salt/elasticsearch/tools/sbin/so-elasticsearch-component-templates-list diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-lifecycle-status b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-lifecycle-status similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-ilm-lifecycle-status rename to salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-lifecycle-status diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-delete similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete rename to salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-delete diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load copy similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-ilm-policy-load rename to salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load copy diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-view b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-view similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-ilm-policy-view rename to salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-view diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-restart b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-restart similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-ilm-restart rename to salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-restart diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-start b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-ilm-start rename to salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-status b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-status similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-ilm-status rename to salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-status diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-stop b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-ilm-stop rename to salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop diff --git a/salt/common/tools/sbin/so-elasticsearch-index-templates-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-index-templates-list similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-index-templates-list rename to salt/elasticsearch/tools/sbin/so-elasticsearch-index-templates-list diff --git a/salt/common/tools/sbin/so-elasticsearch-indices-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-indices-list similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-indices-list rename to salt/elasticsearch/tools/sbin/so-elasticsearch-indices-list diff --git a/salt/common/tools/sbin/so-elasticsearch-indices-rw b/salt/elasticsearch/tools/sbin/so-elasticsearch-indices-rw similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-indices-rw rename to salt/elasticsearch/tools/sbin/so-elasticsearch-indices-rw diff --git a/salt/common/tools/sbin/so-elasticsearch-pipeline-stats b/salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-stats similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-pipeline-stats rename to salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-stats diff --git a/salt/common/tools/sbin/so-elasticsearch-pipeline-view b/salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-view similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-pipeline-view rename to salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-view diff --git a/salt/common/tools/sbin/so-elasticsearch-pipelines-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-pipelines-list similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-pipelines-list rename to salt/elasticsearch/tools/sbin/so-elasticsearch-pipelines-list diff --git a/salt/common/tools/sbin/so-elasticsearch-query b/salt/elasticsearch/tools/sbin/so-elasticsearch-query similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-query rename to salt/elasticsearch/tools/sbin/so-elasticsearch-query diff --git a/salt/common/tools/sbin/so-elasticsearch-restart b/salt/elasticsearch/tools/sbin/so-elasticsearch-restart similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-restart rename to salt/elasticsearch/tools/sbin/so-elasticsearch-restart diff --git a/salt/common/tools/sbin/so-elasticsearch-shards-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-shards-list similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-shards-list rename to salt/elasticsearch/tools/sbin/so-elasticsearch-shards-list diff --git a/salt/common/tools/sbin/so-elasticsearch-start b/salt/elasticsearch/tools/sbin/so-elasticsearch-start similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-start rename to salt/elasticsearch/tools/sbin/so-elasticsearch-start diff --git a/salt/common/tools/sbin/so-elasticsearch-stop b/salt/elasticsearch/tools/sbin/so-elasticsearch-stop similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-stop rename to salt/elasticsearch/tools/sbin/so-elasticsearch-stop diff --git a/salt/common/tools/sbin/so-elasticsearch-template-remove b/salt/elasticsearch/tools/sbin/so-elasticsearch-template-remove similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-template-remove rename to salt/elasticsearch/tools/sbin/so-elasticsearch-template-remove diff --git a/salt/common/tools/sbin/so-elasticsearch-template-view b/salt/elasticsearch/tools/sbin/so-elasticsearch-template-view similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-template-view rename to salt/elasticsearch/tools/sbin/so-elasticsearch-template-view diff --git a/salt/common/tools/sbin/so-elasticsearch-templates-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-list similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-templates-list rename to salt/elasticsearch/tools/sbin/so-elasticsearch-templates-list diff --git a/salt/common/tools/sbin/so-elasticsearch-wait b/salt/elasticsearch/tools/sbin/so-elasticsearch-wait similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-wait rename to salt/elasticsearch/tools/sbin/so-elasticsearch-wait diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml new file mode 100644 index 000000000..452c3c26f --- /dev/null +++ b/salt/firewall/soc_firewall.yaml @@ -0,0 +1,413 @@ +firewall: + hostgroups: + analyst: &hostgroupsettings + description: List of IP or CIDR blocks to allow access to for this hostgroup. + helplink: firewall.html + multiline: True + regex: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + regexFailureMessage: You must enter a properly formatted IP address or CIDR. + anywhere: *hostgroupsettings + beats_endpoint: *hostgroupsettings + beats_endpoint_ssl: *hostgroupsettings + dockernet: *hostgroupsettings + elastic_agent_endpoint: *hostgroupsettings + elasticsearch_rest: *hostgroupsettings + endgame: *hostgroupsettings + eval: *hostgroupsettings + fleet: *hostgroupsettings + heavynodes: *hostgroupsettings + idh: *hostgroupsettings + localhost: *hostgroupsettings + manager: *hostgroupsettings + receivers: *hostgroupsettings + searchnodes: *hostgroupsettings + securityonion_desktops: *hostgroupsettings + self: *hostgroupsettings + sensors: *hostgroupsettings + standalone: *hostgroupsettings + strelka_frontend: *hostgroupsettings + syslog: *hostgroupsettings + portgroups: + all: + tcp: + udp: + agrules: + tcp: + udp: + beats_5044: + tcp: + udp: + beats_5644: + tcp: + udp: + beats_5066: + tcp: + udp: + beats_5056: + tcp: + udp: + docker_registry: + tcp: + udp: + elasticsearch_node: + tcp: + udp: + elasticsearch_rest: + tcp: + udp: + elastic_agent_control: + tcp: + udp: + elastic_agent_data: + tcp: + udp: + endgame: + tcp: + udp: + influxdb: + tcp: + udp: + kibana: + tcp: + udp: + mysql: + tcp: + udp: + nginx: + tcp: + udp: + playbook: + tcp: + udp: + redis: + tcp: + udp: + salt_manager: + tcp: + udp: + sensoroni: + tcp: + udp: + ssh: + tcp: + udp: + strelka_frontend: + tcp: + udp: + syslog: + tcp: + udp: + yum: + tcp: + udp: + role: + eval: + chain: + DOCKER-USER: + hostgroups: + eval: + portgroups: + sensors: + portgroups: + searchnodes: + portgroups: + heavynodes: + portgroups: + self: + portgroups: + beats_endpoint: + portgroups: + beats_endpoint_ssl: + portgroups: + elasticsearch_rest: + portgroups: + elastic_agent_endpoint: + portgroups: + strelka_frontend: + portgroups: + syslog: + portgroups: + analyst: + portgroups: + INPUT: + hostgroups: + anywhere: + portgroups: + dockernet: + portgroups: + localhost: + portgroups: + fleet: + chain: + DOCKER-USER: + hostgroups: + sensors: + portgroups: + elastic_agent_endpoint: + portgroups: + INPUT: + hostgroups: + anywhere: + portgroups: + dockernet: + portgroups: + localhost: + portgroups: + standalone: + portgroups: + sensors: + portgroups: + searchnodes: + portgroups: + heavynodes: + portgroups: + manager: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + sensors: + portgroups: + searchnodes: + portgroups: + heavynodes: + portgroups: + self: + portgroups: + syslog: + portgroups: + beats_endpoint: + portgroups: + beats_endpoint_ssl: + portgroups: + elasticsearch_rest: + portgroups: + elastic_agent_endpoint: + portgroups: + endgame: + portgroups: + analyst: + portgroups: + INPUT: + hostgroups: + anywhere: + portgroups: + dockernet: + portgroups: + localhost: + portgroups: + sensors: + portgroups: + searchnodes: + portgroups: + heavynodes: + portgroups: + managersearch: + chain: + DOCKER-USER: + hostgroups: + managersearch: + portgroups: + sensors: + portgroups: + searchnodes: + portgroups: + heavynodes: + portgroups: + self: + portgroups: + beats_endpoint: + portgroups: + beats_endpoint_ssl: + portgroups: + elasticsearch_rest: + portgroups: + elastic_agent_endpoint: + portgroups: + endgame: + portgroups: + syslog: + portgroups: + analyst: + portgroups: + INPUT: + hostgroups: + anywhere: + portgroups: + dockernet: + portgroups: + localhost: + portgroups: + sensors: + portgroups: + searchnodes: + portgroups: + heavynodes: + portgroups: + standalone: + chain: + DOCKER-USER: + hostgroups: + localhost: + portgroups: + standalone: + portgroups: + fleet: + portgroups: + sensors: + portgroups: + searchnodes: + portgroups: + heavynodes: + portgroups: + self: + portgroups: + beats_endpoint: + portgroups: + beats_endpoint_ssl: + portgroups: + elasticsearch_rest: + portgroups: + elastic_agent_endpoint: + portgroups: + endgame: + portgroups: + strelka_frontend: + portgroups: + syslog: + portgroups: + analyst: + portgroups: + INPUT: + hostgroups: + anywhere: + portgroups: + dockernet: + portgroups: + fleet: + portgroups: + localhost: + portgroups: + standalone: + portgroups: + sensors: + portgroups: + searchnodes: + portgroups: + heavynodes: + portgroups: + searchnode: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + dockernet: + portgroups: + elasticsearch_rest: + portgroups: + searchnodes: + portgroups: + self: + portgroups: + INPUT: + hostgroups: + anywhere: + portgroups: + dockernet: + portgroups: + localhost: + portgroups: + sensor: + chain: + DOCKER-USER: + hostgroups: + self: + portgroups: + strelka_frontend: + portgroups: + INPUT: + hostgroups: + anywhere: + portgroups: + dockernet: + portgroups: + localhost: + portgroups: + heavynode: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + dockernet: + portgroups: + elasticsearch_rest: + portgroups: + self: + portgroups: + strelka_frontend: + portgroups: + INPUT: + hostgroups: + anywhere: + portgroups: + dockernet: + portgroups: + localhost: + portgroups: + import: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + sensors: + portgroups: + searchnodes: + portgroups: + beats_endpoint: + portgroups: + beats_endpoint_ssl: + portgroups: + elasticsearch_rest: + portgroups: + elastic_agent_endpoint: + portgroups: + analyst: + portgroups: + INPUT: + hostgroups: + anywhere: + portgroups: + dockernet: + portgroups: + localhost: + portgroups: + receiver: + chain: + DOCKER-USER: + hostgroups: + sensors: + portgroups: + searchnodes: + portgroups: + self: + portgroups: + syslog: + portgroups: + beats_endpoint: + portgroups: + beats_endpoint_ssl: + portgroups: + endgame: + portgroups: + INPUT: + hostgroups: + anywhere: + portgroups: + dockernet: + portgroups: + localhost: + portgroups: diff --git a/salt/common/tools/sbin/so-idstools-restart b/salt/idstools/bin/so-idstools-restart similarity index 100% rename from salt/common/tools/sbin/so-idstools-restart rename to salt/idstools/bin/so-idstools-restart diff --git a/salt/common/tools/sbin/so-idstools-start b/salt/idstools/bin/so-idstools-start similarity index 100% rename from salt/common/tools/sbin/so-idstools-start rename to salt/idstools/bin/so-idstools-start diff --git a/salt/common/tools/sbin/so-idstools-stop b/salt/idstools/bin/so-idstools-stop similarity index 100% rename from salt/common/tools/sbin/so-idstools-stop rename to salt/idstools/bin/so-idstools-stop diff --git a/salt/manager/files/so-repo-sync b/salt/manager/sbin/so-repo-sync similarity index 100% rename from salt/manager/files/so-repo-sync rename to salt/manager/sbin/so-repo-sync diff --git a/salt/manager/sbin/so-saltstack-update b/salt/manager/sbin/so-saltstack-update new file mode 100755 index 000000000..73c9c7791 --- /dev/null +++ b/salt/manager/sbin/so-saltstack-update @@ -0,0 +1,53 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + + +default_salt_dir=/opt/so/saltstack/default +clone_to_tmp() { + + # Make a temp location for the files + mkdir /tmp/sogh + cd /tmp/sogh + git clone https://github.com/Security-Onion-Solutions/securityonion.git + cd /tmp + +} + +copy_new_files() { + + # Copy new files over to the salt dir + cd /tmp/sogh/securityonion + git checkout $BRANCH + VERSION=$(cat VERSION) + # We need to overwrite if there is a repo file + if [ -d /opt/so/repo ]; then + tar -czf /opt/so/repo/"$VERSION".tar.gz -C "$(pwd)/.." . + fi + rsync -a salt $default_salt_dir/ + rsync -a pillar $default_salt_dir/ + chown -R socore:socore $default_salt_dir/salt + chown -R socore:socore $default_salt_dir/pillar + chmod 755 $default_salt_dir/pillar/firewall/addfirewall.sh + + rm -rf /tmp/sogh +} + +got_root(){ + if [ "$(id -u)" -ne 0 ]; then + echo "This script must be run using sudo!" + exit 1 + fi +} + +got_root +if [ $# -ne 1 ] ; then + BRANCH=2.4/main +else + BRANCH=$1 +fi +clone_to_tmp +copy_new_files diff --git a/salt/common/tools/sbin/so-zeek-restart b/salt/zeek/bin/so-zeek-restart similarity index 100% rename from salt/common/tools/sbin/so-zeek-restart rename to salt/zeek/bin/so-zeek-restart diff --git a/salt/common/tools/sbin/so-zeek-start b/salt/zeek/bin/so-zeek-start similarity index 100% rename from salt/common/tools/sbin/so-zeek-start rename to salt/zeek/bin/so-zeek-start diff --git a/salt/common/tools/sbin/so-zeek-stats b/salt/zeek/bin/so-zeek-stats similarity index 100% rename from salt/common/tools/sbin/so-zeek-stats rename to salt/zeek/bin/so-zeek-stats diff --git a/salt/common/tools/sbin/so-zeek-stop b/salt/zeek/bin/so-zeek-stop similarity index 100% rename from salt/common/tools/sbin/so-zeek-stop rename to salt/zeek/bin/so-zeek-stop diff --git a/setup/so-functions b/setup/so-functions index 92c47211f..a3f1fe0d5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1341,6 +1341,16 @@ kibana_pillar() { touch $kibana_pillar_file } +logrotate_pillar() { + touch $adv_logrotate_pillar_file + touch $logrotate_pillar_file +} + +patch_pillar() { + touch $adv_patch_pillar_file + touch $patch_pillar_file +} + logstash_pillar() { # Create the logstash advanced pillar touch $adv_logstash_pillar_file diff --git a/setup/so-variables b/setup/so-variables index 3d599afb4..b2e439a5c 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -201,3 +201,15 @@ export influxdb_pillar_file adv_influxdb_pillar_file="$local_salt_dir/pillar/influxdb/adv_influxdb.sls" export adv_influxdb_pillar_file + +logrotate_pillar_file="$local_salt_dir/pillar/logrotate/soc_logrotate.sls" +export logrotate_pillar_file + +adv_logrotate_pillar_file="$local_salt_dir/pillar/logrotate/adv_logrotate.sls" +export adv_logrotate_pillar_file + +patch_pillar_file="$local_salt_dir/pillar/patch/soc_patch.sls" +export patch_pillar_file + +adv_patch_pillar_file="$local_salt_dir/pillar/patch/adv_patch.sls" +export adv_patch_pillar_file \ No newline at end of file