CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-15 22:58:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into feature/script-fixes

Browse Source 
# Conflicts:
#	salt/auth/init.sls
#	salt/common/tools/sbin/so-bro-restart
#	salt/common/tools/sbin/so-bro-start
#	salt/common/tools/sbin/so-bro-stop
#	salt/wazuh/files/wazuh-manager-whitelist
This commit is contained in:
William Wernert
2020-02-05 10:58:51 -05:00
parent 50d4693a09 dc89f95d4b
commit 3e97930506
117 changed files with 3671 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/common/grafana/grafana_dashboards/eval/eval.json
+2 -2
View File
@@ -1395,7 +1395,7 @@
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-bro"
"value": "so-zeek"
}
]
}
@@ -1913,7 +1913,7 @@
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-bro"
"value": "so-zeek"
}
]
}
salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json
+2 -2
View File
@@ -1396,7 +1396,7 @@
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-bro"
"value": "so-zeek"
}
]
}
@@ -1901,7 +1901,7 @@
"condition": "AND",
"key": "container_name",
"operator": "=",
"value": "so-bro"
"value": "so-zeek"
}
]
}
salt/common/init.sls
+2 -2
View File
@@ -1,6 +1,6 @@
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
{%- set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
# Add socore Group
socoregroup:
group.present:
@@ -343,7 +343,7 @@ dashboard-{{ SN }}:
{% if salt['pillar.get']('nodestab', False) %}
{%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
dashboard-{{ SN }}:
dashboardsearch-{{ SN }}:
file.managed:
- name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json
- user: 939
salt/common/nginx/nginx.conf.so-heavynode
+89
View File
@@ -0,0 +1,89 @@
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
salt/common/telegraf/scripts/broloss.sh
+2 -2
View File
@@ -1,7 +1,7 @@
#!/bin/bash
BROLOG=$(tac /host/nsm/bro/logs/packetloss.log | head -2)
declare RESULT=($BROLOG)
ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
declare RESULT=($ZEEKLOG)
CURRENTDROP=${RESULT[3]}
PASTDROP=${RESULT[9]}
DROPPED=$(($CURRENTDROP - $PASTDROP))
salt/common/tools/sbin/so-bro-restart
-20
View File
@@ -1,20 +0,0 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common
docker stop so-bro && docker rm so-bro && salt-call state.apply bro
salt/common/tools/sbin/so-bro-start
-20
View File
@@ -1,20 +0,0 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common
docker rm so-bro && salt-call state.apply bro
salt/common/tools/sbin/so-bro-stop
-20
View File
@@ -1,20 +0,0 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common
docker stop so-bro
salt/common/tools/sbin/so-elastic-clear
+1
View File
@@ -14,6 +14,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
. /usr/sbin/so-common
SKIP=0
salt/common/tools/sbin/so-restart
+1
View File
@@ -31,5 +31,6 @@ fi
case $1 in
"cortex") docker stop so-thehive-cortex so-thehive && docker rm so-thehive-cortex so-thehive && salt-call state.apply hive queue=True;;
"steno") docker stop so-steno && docker rm so-steno && salt-call state.apply pcap queue=True;;
*) docker stop so-$1 ; docker rm so-$1 ; salt-call state.apply $1 queue=True;;
esac
salt/common/tools/sbin/so-salt-start
+25
View File
@@ -0,0 +1,25 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common
echo $banner
printf "Starting local Salt Minion...\n"
echo $banner
service salt-minion start
service salt-minion status
salt/common/tools/sbin/so-salt-stop
+25
View File
@@ -0,0 +1,25 @@
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common
echo $banner
printf "Stopping local Salt Minion...\n"
echo $banner
service salt-minion stop
service salt-minion status
salt/common/tools/sbin/so-start
+2 -2
View File
@@ -29,8 +29,8 @@ then
salt-call saltutil.kill_all_jobs
fi
case $1 in
"all") salt-call state.highstate queue=True;;
*) if docker ps | grep -q so-$1; then printf "\n$1 is already running!\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply $1 queue=True; fi
"steno") if docker ps | grep -q so-$1; then printf "\n$1 is already running!\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply pcap queue=True; fi ;;
*) if docker ps | grep -q so-$1; then printf "\n$1 is already running\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply $1 queue=True; fi ;;
esac
salt/common/tools/sbin/so-status
+141
View File
@@ -0,0 +1,141 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# {% raw %}
if ! [ $(id -u)=0 ]; then
echo "This command must be run as root"
exit 1
fi
# Constants
ERROR_STRING="ERROR"
SUCCESS_STRING="OK"
PENDING_STRING="PENDING"
declare -a BAD_STATUSES=("removing", "paused", "exited", "dead")
declare -a PENDING_STATUSES=("paused", "created", "restarting")
declare -a GOOD_STATUSES=("running")
declare -a container_name_list=()
declare -a container_state_list=()
populate_container_lists() {
systemctl is-active --quiet docker
if [[ $? = 0 ]]; then
mapfile -t docker_raw_list < <(curl -s --unix-socket /var/run/docker.sock http:/containers/json?all=1 \
| jq -c '.[] | { Name: .Names[0], State: .State }' \
| tr -d '/{"}')
else
exit 1
fi
local container_name=""
local container_state=""
for line in ${docker_raw_list[@]}; do
container_name="$( echo $line | sed -e 's/Name:\(.*\),State:\(.*\)/\1/' )" # Get value in the first search group (container names)
container_state="$( echo $line | sed -e 's/Name:\(.*\),State:\(.*\)/\2/' )" # Get value in the second search group (container states)
container_name_list+=( "${container_name}" )
container_state_list+=( "${container_state}" )
done
}
parse_status() {
local container_state=${1}
local found=0
for state in "${GOOD_STATUSES[@]}"; do
[[ $container_state = $state ]] && printf $SUCCESS_STRING && return 0
done
if [[ $found = 0 ]]; then
for state in "${PENDING_STATUSES[@]}"; do
[[ $container_state = $state ]] && printf $PENDING_STRING && return 0
done
fi
# This is technically not needed since the default is error state
if [[ $found = 0 ]]; then
for state in "${BAD_STATUSES[@]}"; do
[[ $container_state = $state ]] && printf $ERROR_STRING && return 1
done
fi
printf $ERROR_STRING && return 1
}
columns=$(tput cols)
print_line() {
local service_name=${1}
local service_state=$( parse_status ${2} )
local PADDING_CONSTANT=14
local state_color="\e[0m"
if [[ $service_state = $ERROR_STRING ]]; then
state_color="\e[1;31m"
elif [[ $service_state = $SUCCESS_STRING ]]; then
state_color="\e[1;32m"
elif [[ $service_state = $PENDING_STRING ]]; then
state_color="\e[1;33m"
else
state_color="\e[0m"
fi
printf " $service_name "
for i in $(seq 0 $(( $columns - $PADDING_CONSTANT - ${#service_name} - ${#service_state} ))); do
printf "-"
done
printf " [ "
printf "${state_color}%b\e[0m" "$service_state"
printf "%s \n" " ]"
}
main() {
local focus_color="\e[1;34m"
printf "\n"
printf "${focus_color}%b\e[0m" "Checking Docker status\n\n"
systemctl is-active --quiet docker
if [[ $? = 0 ]]; then
print_line "Docker" "running"
else
print_line "Docker" "exited"
fi
populate_container_lists
printf "\n"
printf "${focus_color}%b\e[0m" "Checking container statuses\n\n"
local num_containers=${#docker_raw_list[@]}
local container_name=""
local container_state=""
for i in $(seq 0 $(($num_containers - 1 ))); do
print_line ${container_name_list[$i]} ${container_state_list[$i]}
done
printf "\n"
}
main
# {% endraw %}
salt/common/tools/sbin/so-suricata-restart
+17 -14
View File
@@ -1,17 +1,20 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
docker stop so-suricata && sudo docker rm so-suricata && salt-call state.apply suricata
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common
/usr/sbin/so-restart suricata $1
salt/common/tools/sbin/so-suricata-start
+17 -14
View File
@@ -1,17 +1,20 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
docker rm so-suricata && salt-call state.apply suricata
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common
/usr/sbin/so-start suricata $1
salt/common/tools/sbin/so-suricata-stop
+17 -14
View File
@@ -1,17 +1,20 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
docker stop so-suricata
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common
/usr/sbin/so-stop suricata $1
salt/common/tools/sbin/so-tcpreplay
+4 -2
View File
@@ -15,14 +15,16 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Usage: so-tcpreplay "/opt/so/samples/*"
REPLAY_ENABLED=$(docker images | grep so-tcpreplay)
REPLAY_RUNNING=$(docker ps | grep so-tcpreplay)
if [ "$REPLAY_ENABLED" != "" ] && [ "$REPLAY_RUNNING" != "" ]; then
docker cp so-tcpreplay:/opt/samples /opt/samples
docker exec -it so-tcpreplay /usr/bin/tcpreplay -i bond0 -M10 $1
docker exec -it so-tcpreplay /usr/local/bin/tcpreplay -i bond0 -M10 $1
else
echo "Replay functionality not enabled! To enable, run `so-tcpreplay-start`"
echo
echo "Note that you will need internet access to download the appropiriate components"
echo "Note that you will need internet access to download the appropriate components"
fi
salt/common/tools/sbin/so-tcpreplay-restart
+1 -1
View File
@@ -17,5 +17,5 @@
. /usr/sbin/so-common
/usr/sbin/so-restart tcreplay $1
/usr/sbin/so-restart tcpreplay $1
salt/common/tools/sbin/so-zeek-restart
+1 -1
View File
@@ -17,4 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-restart bro $1
/usr/sbin/so-restart zeek $1
salt/common/tools/sbin/so-zeek-start
+1 -1
View File
@@ -17,4 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-start bro $1
/usr/sbin/so-start zeek $1
salt/common/tools/sbin/so-zeek-stop
+1 -1
View File
@@ -17,4 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-stop bro $1
/usr/sbin/so-stop zeek $1