CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-18 06:52:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix annotations and file locations

Browse Source
This commit is contained in:
Mike Reeves
2023-04-27 13:23:53 -04:00
parent e799edaf49
commit 3d7f2bc691
48 changed files with 491 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

413
salt/firewall/soc_firewall.yaml Normal file
View File

@@ -0,0 +1,413 @@
firewall:
hostgroups:
analyst: &hostgroupsettings
description: List of IP or CIDR blocks to allow access to for this hostgroup.
helplink: firewall.html
multiline: True
regex: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
regexFailureMessage: You must enter a properly formatted IP address or CIDR.
anywhere: *hostgroupsettings
beats_endpoint: *hostgroupsettings
beats_endpoint_ssl: *hostgroupsettings
dockernet: *hostgroupsettings
elastic_agent_endpoint: *hostgroupsettings
elasticsearch_rest: *hostgroupsettings
endgame: *hostgroupsettings
eval: *hostgroupsettings
fleet: *hostgroupsettings
heavynodes: *hostgroupsettings
idh: *hostgroupsettings
localhost: *hostgroupsettings
manager: *hostgroupsettings
receivers: *hostgroupsettings
searchnodes: *hostgroupsettings
securityonion_desktops: *hostgroupsettings
self: *hostgroupsettings
sensors: *hostgroupsettings
standalone: *hostgroupsettings
strelka_frontend: *hostgroupsettings
syslog: *hostgroupsettings
portgroups:
all:
tcp:
udp:
agrules:
tcp:
udp:
beats_5044:
tcp:
udp:
beats_5644:
tcp:
udp:
beats_5066:
tcp:
udp:
beats_5056:
tcp:
udp:
docker_registry:
tcp:
udp:
elasticsearch_node:
tcp:
udp:
elasticsearch_rest:
tcp:
udp:
elastic_agent_control:
tcp:
udp:
elastic_agent_data:
tcp:
udp:
endgame:
tcp:
udp:
influxdb:
tcp:
udp:
kibana:
tcp:
udp:
mysql:
tcp:
udp:
nginx:
tcp:
udp:
playbook:
tcp:
udp:
redis:
tcp:
udp:
salt_manager:
tcp:
udp:
sensoroni:
tcp:
udp:
ssh:
tcp:
udp:
strelka_frontend:
tcp:
udp:
syslog:
tcp:
udp:
yum:
tcp:
udp:
role:
eval:
chain:
DOCKER-USER:
hostgroups:
eval:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
self:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
elasticsearch_rest:
portgroups:
elastic_agent_endpoint:
portgroups:
strelka_frontend:
portgroups:
syslog:
portgroups:
analyst:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
fleet:
chain:
DOCKER-USER:
hostgroups:
sensors:
portgroups:
elastic_agent_endpoint:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
standalone:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
manager:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
self:
portgroups:
syslog:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
elasticsearch_rest:
portgroups:
elastic_agent_endpoint:
portgroups:
endgame:
portgroups:
analyst:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
managersearch:
chain:
DOCKER-USER:
hostgroups:
managersearch:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
self:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
elasticsearch_rest:
portgroups:
elastic_agent_endpoint:
portgroups:
endgame:
portgroups:
syslog:
portgroups:
analyst:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
standalone:
chain:
DOCKER-USER:
hostgroups:
localhost:
portgroups:
standalone:
portgroups:
fleet:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
self:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
elasticsearch_rest:
portgroups:
elastic_agent_endpoint:
portgroups:
endgame:
portgroups:
strelka_frontend:
portgroups:
syslog:
portgroups:
analyst:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
fleet:
portgroups:
localhost:
portgroups:
standalone:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
searchnode:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
dockernet:
portgroups:
elasticsearch_rest:
portgroups:
searchnodes:
portgroups:
self:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
sensor:
chain:
DOCKER-USER:
hostgroups:
self:
portgroups:
strelka_frontend:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
heavynode:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
dockernet:
portgroups:
elasticsearch_rest:
portgroups:
self:
portgroups:
strelka_frontend:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
import:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
elasticsearch_rest:
portgroups:
elastic_agent_endpoint:
portgroups:
analyst:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
receiver:
chain:
DOCKER-USER:
hostgroups:
sensors:
portgroups:
searchnodes:
portgroups:
self:
portgroups:
syslog:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
endgame:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups: