CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into dev

Browse Source
This commit is contained in:
m0duspwnens
2020-12-01 09:28:27 -05:00
parent ae464c38b2 c303cdff09
commit 3ee562a243
6 changed files with 65 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
salt/_modules/so.py
View File

@@ -18,34 +18,47 @@ def mysql_conn(retry):
return False
mainint = __salt__['pillar.get']('host:mainint')
mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0]
ip_arr = __salt__['grains.get']('ip_interfaces').get(mainint)
mysql_up = False
for i in range(0, retry):
log.debug(f'Connection attempt {i+1}')
try:
db = _mysql.connect(
host=mainip,
user='root',
passwd=__salt__['pillar.get']('secrets:mysql')
)
log.debug(f'Connected to MySQL server on {mainip} after {i} attempts.')
db.query("""SELECT 1;""")
log.debug(f'Successfully completed query against MySQL server on {mainip}')
db.close()
mysql_up = True
break
except _mysql.OperationalError as e:
log.debug(e)
except Exception as e:
log.error('Unexpected error occured.')
log.error(e)
break
sleep(1)
if not mysql_up:
log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.')
if len(ip_arr) == 1:
mainip = ip_arr[0]
if not(retry >= 1):
log.debug('`retry` set to value below 1, resetting it to 1 to prevent errors.')
retry = 1
for i in range(0, retry):
log.debug(f'Connection attempt {i+1}')
try:
db = _mysql.connect(
host=mainip,
user='root',
passwd=__salt__['pillar.get']('secrets:mysql')
)
log.debug(f'Connected to MySQL server on {mainip} after {i+1} attempts.')
db.query("""SELECT 1;""")
log.debug(f'Successfully completed query against MySQL server on {mainip}')
db.close()
mysql_up = True
break
except _mysql.OperationalError as e:
log.debug(e)
except Exception as e:
log.error('Unexpected error occured.')
log.error(e)
break
sleep(1)
if not mysql_up:
log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.')
else:
log.error(f'Main interface {mainint} has more than one IP address assigned to it, which is not supported.')
log.debug(f'{mainint}:')
for addr in ip_arr:
log.debug(f' - {addr}')
return mysql_up

7
salt/common/tools/sbin/so-fleet-setup
View File

@@ -26,10 +26,9 @@ docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/pac
docker exec so-fleet fleetctl apply -f /packs/osquery-config.conf
# Enable Fleet
echo "Enabling Fleet..."
sleep 5
salt-call state.apply fleet.event_enable-fleet queue=True >> /root/fleet-setup.log
# Update the Enroll Secret
echo "Updating the Enroll Secret..."
salt-call state.apply fleet.event_update-enroll-secret queue=True >> /root/fleet-setup.log
salt-call state.apply nginx queue=True >> /root/fleet-setup.log
# Generate osquery install packages

10
salt/fleet/event_enable-fleet.sls
View File

@@ -1,10 +1,3 @@
{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
{% if FLEETNODE or FLEETMANAGER %}
{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %}
{% else %}
{% set ENROLLSECRET = '' %}
{% endif %}
{% set MAININT = salt['pillar.get']('host:mainint') %}
{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
@@ -14,5 +7,4 @@ so/fleet:
action: 'enablefleet'
hostname: {{ grains.host }}
mainip: {{ MAINIP }}
role: {{ grains.role }}
enroll-secret: {{ ENROLLSECRET }}
role: {{ grains.role }}

7
salt/fleet/event_update-enroll-secret.sls Normal file
View File

@@ -0,0 +1,7 @@
{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %}
so/fleet:
event.send:
- data:
action: 'update-enrollsecret'
enroll-secret: {{ ENROLLSECRET }}

19
salt/reactor/fleet.sls
View File

@@ -17,7 +17,6 @@ def run():
if ACTION == 'enablefleet':
logging.info('so/fleet enablefleet reactor')
ESECRET = data['data']['enroll-secret']
MAINIP = data['data']['mainip']
ROLE = data['data']['role']
HOSTNAME = data['data']['hostname']
@@ -30,12 +29,6 @@ def run():
line = re.sub(r'fleet_manager: \S*', f"fleet_manager: True", line.rstrip())
print(line)
# Update the enroll secret in the secrets pillar
if ESECRET != "":
for line in fileinput.input(SECRETSFILE, inplace=True):
line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
print(line)
# Update the Fleet host in the static pillar
for line in fileinput.input(STATICFILE, inplace=True):
line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: '{HOSTNAME}'", line.rstrip())
@@ -46,6 +39,18 @@ def run():
line = re.sub(r'fleet_ip: \S*', f"fleet_ip: '{MAINIP}'", line.rstrip())
print(line)
if ACTION == 'update-enrollsecret':
logging.info('so/fleet update-enrollsecret reactor')
ESECRET = data['data']['enroll-secret']
# Update the enroll secret in the secrets pillar
if ESECRET != "":
for line in fileinput.input(SECRETSFILE, inplace=True):
line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
print(line)
if ACTION == 'genpackages':
logging.info('so/fleet genpackages reactor')

3
setup/so-setup
View File

@@ -691,6 +691,9 @@ fi
if [[ "$OSQUERY" = 1 ]]; then
set_progress_str 75 "$(print_salt_state_apply 'fleet.event_enable-fleet')"
salt-call state.apply -l info fleet.event_enable-fleet >> $setup_log 2>&1
set_progress_str 75 "$(print_salt_state_apply 'fleet')"
salt-call state.apply -l info fleet >> $setup_log 2>&1