Merge branch 'dev' into feature/script-fixes

# Conflicts: # salt/auth/init.sls # salt/common/tools/sbin/so-bro-restart # salt/common/tools/sbin/so-bro-start # salt/common/tools/sbin/so-bro-stop # salt/wazuh/files/wazuh-manager-whitelist
2026-04-24 21:47:48 +02:00 · 2020-02-05 10:58:51 -05:00
parent 50d4693a09 dc89f95d4b
commit 3e97930506
117 changed files with 3671 additions and 175 deletions
@@ -1,20 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-. /usr/sbin/so-common
-
-docker stop so-bro && docker rm so-bro && salt-call state.apply bro
@@ -1,20 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-. /usr/sbin/so-common
-
-docker rm so-bro && salt-call state.apply bro
@@ -1,20 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-. /usr/sbin/so-common
-
-docker stop so-bro 
@@ -14,6 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
 . /usr/sbin/so-common

 SKIP=0
@@ -31,5 +31,6 @@ fi

 case $1 in
   "cortex") docker stop so-thehive-cortex so-thehive && docker rm so-thehive-cortex so-thehive && salt-call state.apply hive queue=True;;
+   "steno") docker stop so-steno && docker rm so-steno && salt-call state.apply pcap queue=True;;
   *)  docker stop so-$1 ; docker rm so-$1 ; salt-call state.apply $1 queue=True;;
 esac
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+echo $banner
+printf "Starting local Salt Minion...\n"
+echo $banner
+
+service salt-minion start
+service salt-minion status
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+echo $banner
+printf "Stopping local Salt Minion...\n"
+echo $banner
+
+service salt-minion stop
+service salt-minion status
@@ -29,8 +29,8 @@ then
   salt-call saltutil.kill_all_jobs
 fi

-
 case $1 in
   "all") salt-call state.highstate queue=True;;
-   *) if docker ps | grep -q so-$1; then printf "\n$1 is already running!\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply $1 queue=True; fi
+   "steno") if docker ps | grep -q so-$1; then printf "\n$1 is already running!\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply pcap queue=True; fi ;; 
+   *) if docker ps | grep -q so-$1; then printf "\n$1 is already running\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply $1 queue=True; fi ;; 
 esac
@@ -0,0 +1,141 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# {% raw %}
+
+if ! [ $(id -u)=0 ]; then
+   echo "This command must be run as root"
+   exit 1
+fi
+
+# Constants
+ERROR_STRING="ERROR"
+SUCCESS_STRING="OK"
+PENDING_STRING="PENDING"
+declare -a BAD_STATUSES=("removing", "paused", "exited", "dead")
+declare -a PENDING_STATUSES=("paused", "created", "restarting")
+declare -a GOOD_STATUSES=("running")
+
+
+declare -a container_name_list=()
+declare -a container_state_list=()
+populate_container_lists() {
+    systemctl is-active --quiet docker
+
+    if [[ $? = 0 ]]; then
+        mapfile -t docker_raw_list < <(curl -s --unix-socket /var/run/docker.sock http:/containers/json?all=1 \
+            | jq -c '.[] | { Name: .Names[0], State: .State }' \
+            | tr -d '/{"}')
+    else
+        exit 1
+    fi
+
+    local container_name=""
+    local container_state=""
+
+    for line in ${docker_raw_list[@]}; do
+        container_name="$( echo $line | sed -e 's/Name:\(.*\),State:\(.*\)/\1/' )" # Get value in the first search group (container names)
+        container_state="$( echo $line | sed -e 's/Name:\(.*\),State:\(.*\)/\2/' )" # Get value in the second search group (container states)
+        container_name_list+=( "${container_name}" )
+        container_state_list+=( "${container_state}" )
+    done
+}
+
+parse_status() {
+    local container_state=${1}
+    local found=0
+
+    for state in "${GOOD_STATUSES[@]}"; do
+        [[ $container_state = $state ]] && printf $SUCCESS_STRING && return 0
+    done
+
+    if [[ $found = 0 ]]; then
+        for state in "${PENDING_STATUSES[@]}"; do
+            [[ $container_state = $state ]] && printf $PENDING_STRING && return 0
+        done
+    fi
+
+    # This is technically not needed since the default is error state
+    if [[ $found = 0 ]]; then
+        for state in "${BAD_STATUSES[@]}"; do
+            [[ $container_state = $state ]] && printf $ERROR_STRING && return 1
+        done
+    fi
+
+    printf $ERROR_STRING && return 1
+}
+
+columns=$(tput cols)
+
+print_line() {
+    local service_name=${1}
+    local service_state=$( parse_status ${2} )
+    local PADDING_CONSTANT=14
+    local state_color="\e[0m"
+
+    if [[ $service_state = $ERROR_STRING ]]; then
+        state_color="\e[1;31m"
+    elif [[ $service_state = $SUCCESS_STRING ]]; then
+        state_color="\e[1;32m"
+    elif [[ $service_state = $PENDING_STRING ]]; then
+        state_color="\e[1;33m"
+    else
+        state_color="\e[0m"
+    fi
+
+    printf "    $service_name "
+    for i in $(seq 0 $(( $columns - $PADDING_CONSTANT - ${#service_name} - ${#service_state} ))); do
+        printf "-"
+    done
+    printf " [ "
+    printf "${state_color}%b\e[0m" "$service_state"
+    printf "%s    \n" " ]"
+}
+
+main() {
+    local focus_color="\e[1;34m"
+    printf "\n"
+    printf "${focus_color}%b\e[0m" "Checking Docker status\n\n"
+
+    systemctl is-active --quiet docker
+    if [[ $? = 0 ]]; then
+        print_line "Docker" "running"
+    else
+        print_line "Docker" "exited"
+    fi
+
+    populate_container_lists
+
+    printf "\n"
+
+    printf "${focus_color}%b\e[0m" "Checking container statuses\n\n"
+
+
+    local num_containers=${#docker_raw_list[@]}
+    local container_name=""
+    local container_state=""
+
+    for i in $(seq 0 $(($num_containers - 1 ))); do
+        print_line ${container_name_list[$i]} ${container_state_list[$i]}
+    done
+
+    printf "\n"
+}
+
+main
+
+# {% endraw %}
@@ -1,17 +1,20 @@
 #!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
 #
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-docker stop so-suricata && sudo docker rm so-suricata && salt-call state.apply suricata
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-restart suricata $1
@@ -1,17 +1,20 @@
 #!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
 #
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-docker rm so-suricata && salt-call state.apply suricata
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-start suricata $1
@@ -1,17 +1,20 @@
 #!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
 #
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-docker stop so-suricata
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-stop suricata $1
@@ -15,14 +15,16 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.

+# Usage: so-tcpreplay "/opt/so/samples/*"
+
 REPLAY_ENABLED=$(docker images | grep so-tcpreplay)
 REPLAY_RUNNING=$(docker ps | grep so-tcpreplay)

 if  [ "$REPLAY_ENABLED" != "" ] && [ "$REPLAY_RUNNING" != "" ]; then
   docker cp so-tcpreplay:/opt/samples /opt/samples
-   docker exec -it so-tcpreplay /usr/bin/tcpreplay -i bond0 -M10 $1
+   docker exec -it so-tcpreplay /usr/local/bin/tcpreplay -i bond0 -M10 $1
 else
  echo "Replay functionality not enabled!  To enable, run `so-tcpreplay-start`"
  echo
-  echo "Note that you will need internet access to download the appropiriate components"
+  echo "Note that you will need internet access to download the appropriate components"
 fi
@@ -17,5 +17,5 @@

 . /usr/sbin/so-common

-/usr/sbin/so-restart tcreplay $1
+/usr/sbin/so-restart tcpreplay $1

@@ -17,4 +17,4 @@

 . /usr/sbin/so-common

-/usr/sbin/so-restart bro $1
+/usr/sbin/so-restart zeek $1
@@ -17,4 +17,4 @@

 . /usr/sbin/so-common

-/usr/sbin/so-start bro $1
+/usr/sbin/so-start zeek $1
@@ -17,4 +17,4 @@

 . /usr/sbin/so-common

-/usr/sbin/so-stop bro $1
+/usr/sbin/so-stop zeek $1