From 3f8e15d16f8ca57cf366b2b8ea3deb33f023bd1c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 15 May 2023 09:41:44 -0400 Subject: [PATCH] enabled/disable elaticfleet in ui --- salt/elasticfleet/config.sls | 60 ++++++++++ salt/elasticfleet/defaults.yaml | 8 ++ salt/elasticfleet/disabled.sls | 27 +++++ salt/elasticfleet/enabled.sls | 62 ++++++++++ salt/elasticfleet/init.sls | 107 ++---------------- salt/elasticfleet/map.jinja | 7 ++ salt/elasticfleet/soc_elasticfleet.yaml | 52 +++++---- salt/elasticfleet/sostatus.sls | 21 ++++ .../tools/sbin_jinja/so-elastic-fleet-setup | 11 +- salt/manager/tools/sbin/so-minion | 5 +- 10 files changed, 230 insertions(+), 130 deletions(-) create mode 100644 salt/elasticfleet/config.sls create mode 100644 salt/elasticfleet/defaults.yaml create mode 100644 salt/elasticfleet/disabled.sls create mode 100644 salt/elasticfleet/enabled.sls create mode 100644 salt/elasticfleet/map.jinja create mode 100644 salt/elasticfleet/sostatus.sls diff --git a/salt/elasticfleet/config.sls b/salt/elasticfleet/config.sls new file mode 100644 index 000000000..29aa7eb30 --- /dev/null +++ b/salt/elasticfleet/config.sls @@ -0,0 +1,60 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} + +# Add EA Group +elasticsagentgroup: + group.present: + - name: elastic-agent + - gid: 947 + +# Add EA user +elastic-agent: + user.present: + - uid: 947 + - gid: 947 + - home: /opt/so/conf/elastic-fleet + - createhome: False + +elasticfleet_sbin: + file.recurse: + - name: /usr/sbin + - source: salt://elasticfleet/tools/sbin + - user: 947 + - group: 939 + - file_mode: 755 + +elasticfleet_sbin_jinja: + file.recurse: + - name: /usr/sbin + - source: salt://elasticfleet/tools/sbin_jinja + - user: 947 + - group: 939 + - file_mode: 755 + - template: jinja + +eaconfdir: + file.directory: + - name: /opt/so/conf/elastic-fleet + - user: 947 + - group: 939 + - makedirs: True + +eastatedir: + file.directory: + - name: /opt/so/conf/elastic-fleet/state + - user: 947 + - group: 939 + - makedirs: True + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/elasticfleet/defaults.yaml b/salt/elasticfleet/defaults.yaml new file mode 100644 index 000000000..d29e08f9a --- /dev/null +++ b/salt/elasticfleet/defaults.yaml @@ -0,0 +1,8 @@ +elasticfleet: + enabled: False + config: + server: + endpoints_enrollment: '' + es_token: '' + grid_enrollment: '' + url: '' diff --git a/salt/elasticfleet/disabled.sls b/salt/elasticfleet/disabled.sls new file mode 100644 index 000000000..1b3f69bc4 --- /dev/null +++ b/salt/elasticfleet/disabled.sls @@ -0,0 +1,27 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} + +include: + - elasticfleet.sostatus + +so-elastic-fleet: + docker_container.absent: + - force: True + +so-elastic-fleet_so-status.disabled: + file.comment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-elastic-fleet$ + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls new file mode 100644 index 000000000..a3982e760 --- /dev/null +++ b/salt/elasticfleet/enabled.sls @@ -0,0 +1,62 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} +{% from 'vars/globals.map.jinja' import GLOBALS %} +{% from 'docker/docker.map.jinja' import DOCKER %} +{# This value is generated during node install and stored in minion pillar #} +{% set SERVICETOKEN = salt['pillar.get']('elasticfleet:config:server:es_token','') %} + +include: + - elasticfleet.config + - elasticfleet.sostatus + +{% if SERVICETOKEN != '' %} +so-elastic-fleet: + docker_container.running: + - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent:{{ GLOBALS.so_version }} + - name: so-elastic-fleet + - hostname: FleetServer-{{ GLOBALS.hostname }} + - detach: True + - user: 947 + - networks: + - sobridge: + - ipv4_address: {{ DOCKER.containers['so-elastic-fleet'].ip }} + - extra_hosts: + - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} + - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }} + - port_bindings: + {% for BINDING in DOCKER.containers['so-elastic-fleet'].port_bindings %} + - {{ BINDING }} + {% endfor %} + - binds: + - /etc/pki:/etc/pki:ro + #- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw + - environment: + - FLEET_SERVER_ENABLE=true + - FLEET_URL=https://{{ GLOBALS.node_ip }}:8220 + - FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager }}:9200 + - FLEET_SERVER_SERVICE_TOKEN={{ SERVICETOKEN }} + - FLEET_SERVER_POLICY_ID=FleetServer_{{ GLOBALS.hostname }} + - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt + - FLEET_SERVER_CERT=/etc/pki/elasticfleet.crt + - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet.key + - FLEET_CA=/etc/pki/tls/certs/intca.crt +{% endif %} + +delete_so-elastic-fleet_so-status.disabled: + file.uncomment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-elastic-fleet$ + + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/elasticfleet/init.sls b/salt/elasticfleet/init.sls index 9476c3b94..c46ca157c 100644 --- a/salt/elasticfleet/init.sls +++ b/salt/elasticfleet/init.sls @@ -1,104 +1,13 @@ # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use -# this file except in compliance with the Elastic License 2.0. -{% from 'allowed_states.map.jinja' import allowed_states %} -{% if sls in allowed_states %} -{% from 'vars/globals.map.jinja' import GLOBALS %} -{% from 'docker/docker.map.jinja' import DOCKER %} +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. -# These values are generated during node install and stored in minion pillar -{% set SERVICETOKEN = salt['pillar.get']('elasticfleet:server:es_token','') %} -#{% set FLEETSERVERPOLICY = salt['pillar.get']('elasticfleet:server:server_policy','so-manager') %} -#{% set FLEETURL = salt['pillar.get']('elasticfleet:server:url') %} - -# Add EA Group -elasticsagentgroup: - group.present: - - name: elastic-agent - - gid: 947 - -# Add EA user -elastic-agent: - user.present: - - uid: 947 - - gid: 947 - - home: /opt/so/conf/elastic-fleet - - createhome: False - -elasticfleet_sbin: - file.recurse: - - name: /usr/sbin - - source: salt://elasticfleet/tools/sbin - - user: 947 - - group: 939 - - file_mode: 755 - -elasticfleet_sbin_jinja: - file.recurse: - - name: /usr/sbin - - source: salt://elasticfleet/tools/sbin_jinja - - user: 947 - - group: 939 - - file_mode: 755 - - template: jinja - -eaconfdir: - file.directory: - - name: /opt/so/conf/elastic-fleet - - user: 947 - - group: 939 - - makedirs: True - -eastatedir: - file.directory: - - name: /opt/so/conf/elastic-fleet/state - - user: 947 - - group: 939 - - makedirs: True - - - {% if SERVICETOKEN != '' %} -so-elastic-fleet: - docker_container.running: - - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent:{{ GLOBALS.so_version }} - - name: so-elastic-fleet - - hostname: FleetServer-{{ GLOBALS.hostname }} - - detach: True - - user: 947 - - networks: - - sobridge: - - ipv4_address: {{ DOCKER.containers['so-elastic-fleet'].ip }} - - extra_hosts: - - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} - - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }} - - port_bindings: - {% for BINDING in DOCKER.containers['so-elastic-fleet'].port_bindings %} - - {{ BINDING }} - {% endfor %} - - binds: - - /etc/pki:/etc/pki:ro - #- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw - - environment: - - FLEET_SERVER_ENABLE=true - - FLEET_URL=https://{{ GLOBALS.node_ip }}:8220 - - FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager }}:9200 - - FLEET_SERVER_SERVICE_TOKEN={{ SERVICETOKEN }} - - FLEET_SERVER_POLICY_ID=FleetServer_{{ GLOBALS.hostname }} - - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt - - FLEET_SERVER_CERT=/etc/pki/elasticfleet.crt - - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet.key - - FLEET_CA=/etc/pki/tls/certs/intca.crt - {% endif %} - -append_so-elastic-fleet_so-status.conf: - file.append: - - name: /opt/so/conf/so-status/so-status.conf - - text: so-elastic-fleet +{% from 'elasticfleet/map.jinja' import ELASTICFLEETMERGED %} +include: +{% if ELASTICFLEETMERGED.enabled %} + - elasticfleet.enabled {% else %} - -{{sls}}_state_not_allowed: - test.fail_without_changes: - - name: {{sls}}_state_not_allowed - + - elasticfleet.disabled {% endif %} diff --git a/salt/elasticfleet/map.jinja b/salt/elasticfleet/map.jinja new file mode 100644 index 000000000..09c3497d0 --- /dev/null +++ b/salt/elasticfleet/map.jinja @@ -0,0 +1,7 @@ +{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one + or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at + https://securityonion.net/license; you may not use this file except in compliance with the + Elastic License 2.0. #} + +{% import_yaml 'elasticfleet/defaults.yaml' as ELASTICFLEETDEFAULTS %} +{% set ELASTICFLEETMERGED = salt['pillar.get']('elasticfleet', ELASTICFLEETDEFAULTS.elasticfleet, merge=True) %} diff --git a/salt/elasticfleet/soc_elasticfleet.yaml b/salt/elasticfleet/soc_elasticfleet.yaml index 4d523c548..61ac222b5 100644 --- a/salt/elasticfleet/soc_elasticfleet.yaml +++ b/salt/elasticfleet/soc_elasticfleet.yaml @@ -1,25 +1,29 @@ elasticfleet: - server: - endpoints_enrollment: - description: Endpoint enrollment key. - global: True - helpLink: elastic-fleet.html - sensitive: True - advanced: True - es_token: - description: Elastic auth token. - global: True - helpLink: elastic-fleet.html - sensitive: True - advanced: True - grid_enrollment: - description: Grid enrollment key. - global: True - helpLink: elastic-fleet.html - sensitive: True - advanced: True - url: - description: Agent connection URL. - global: True - helpLink: elastic-fleet.html - advanced: True \ No newline at end of file + enabled: + description: You can enable or disable Elastic Fleet. + helpLink: elastic-fleet.html + config: + server: + endpoints_enrollment: + description: Endpoint enrollment key. + global: True + helpLink: elastic-fleet.html + sensitive: True + advanced: True + es_token: + description: Elastic auth token. + global: True + helpLink: elastic-fleet.html + sensitive: True + advanced: True + grid_enrollment: + description: Grid enrollment key. + global: True + helpLink: elastic-fleet.html + sensitive: True + advanced: True + url: + description: Agent connection URL. + global: True + helpLink: elastic-fleet.html + advanced: True diff --git a/salt/elasticfleet/sostatus.sls b/salt/elasticfleet/sostatus.sls new file mode 100644 index 000000000..964abe929 --- /dev/null +++ b/salt/elasticfleet/sostatus.sls @@ -0,0 +1,21 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} + +append_so-elastic-fleet_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-elastic-fleet + - unless: grep -q so-elastic-fleet /opt/so/conf/so-status/so-status.conf + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup index 8005def18..71d76be69 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup @@ -81,10 +81,11 @@ GRIDNODESENROLLMENTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L "loc pillar_file=/opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls printf '%s\n'\ "elasticfleet:"\ - " server:"\ - " es_token: '$ESTOKEN'"\ - " endpoints_enrollment: '$ENDPOINTSENROLLMENTOKEN'"\ - " grid_enrollment: '$GRIDNODESENROLLMENTOKEN'"\ + " config:"\ + " server:"\ + " es_token: '$ESTOKEN'"\ + " endpoints_enrollment: '$ENDPOINTSENROLLMENTOKEN'"\ + " grid_enrollment: '$GRIDNODESENROLLMENTOKEN'"\ "" >> "$pillar_file" #Store Grid Nodes Enrollment token in Global pillar @@ -98,4 +99,4 @@ salt-call state.apply elasticfleet queue=True # Generate installers & install Elastic Agent on the node so-elastic-agent-gen-installers -salt-call state.apply elasticfleet.install_agent_grid queue=True \ No newline at end of file +salt-call state.apply elasticfleet.install_agent_grid queue=True diff --git a/salt/manager/tools/sbin/so-minion b/salt/manager/tools/sbin/so-minion index 4941367de..8ac8207b7 100755 --- a/salt/manager/tools/sbin/so-minion +++ b/salt/manager/tools/sbin/so-minion @@ -143,8 +143,9 @@ function add_fleet_to_minion() { # Write out settings to minion file printf '%s\n'\ "elasticfleet:"\ - " server:"\ - " es_token: '$ESTOKEN'"\ + " config:"\ + " server:"\ + " es_token: '$ESTOKEN'"\ " " >> $PILLARFILE }