CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2359 from Security-Onion-Solutions/fix/so-status-import-node

Browse Source 
Fix/so status import node
This commit is contained in:
Josh Patterson
2020-12-16 14:22:08 -05:00
committed by GitHub
parent eecb323459 2d497cb724
commit 3ff99da302
5 changed files with 25 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/common/tools/sbin/so-import-pcap
View File

@@ -217,6 +217,6 @@ https://{{ URLBASE }}/#/hunt?q=import.id:${HASH}%20%7C%20groupby%20event.module%
or you can manually set your Time Range to be (in UTC): or you can manually set your Time Range to be (in UTC):
From: $START_OLDEST To: $END_NEWEST From: $START_OLDEST To: $END_NEWEST
Please note that it may take 30 seconds or more for events to appear in Onion Hunt. Please note that it may take 30 seconds or more for events to appear in Hunt.
EOF EOF
fi fi

15
salt/pcap/init.sls
View File

@@ -133,18 +133,19 @@ append_so-steno_so-status.conf:
file.append: file.append:
- name: /opt/so/conf/so-status/so-status.conf - name: /opt/so/conf/so-status/so-status.conf
- text: so-steno - text: so-steno
- unless: grep so-steno /opt/so/conf/so-status/so-status.conf - unless: grep -q so-steno /opt/so/conf/so-status/so-status.conf
{% if STENOOPTIONS.status == 'running' %}
delete_so-steno_so-status.disabled: {% if not STENOOPTIONS.start %}
file.uncomment:
- name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-steno$
{% elif STENOOPTIONS.status == 'stopped' %}
so-steno_so-status.disabled: so-steno_so-status.disabled:
file.comment: file.comment:
- name: /opt/so/conf/so-status/so-status.conf - name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-steno$ - regex: ^so-steno$
{% else %}
delete_so-steno_so-status.disabled:
file.uncomment:
- name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-steno$
{% endif %} {% endif %}
{% else %} {% else %}

8
salt/suricata/init.sls
View File

@@ -167,6 +167,14 @@ append_so-suricata_so-status.conf:
file.append: file.append:
- name: /opt/so/conf/so-status/so-status.conf - name: /opt/so/conf/so-status/so-status.conf
- text: so-suricata - text: so-suricata
- unless: grep -q so-suricata /opt/so/conf/so-status/so-status.conf
{% if grains.role == 'so-import' %}
disable_so-suricata_so-status.conf:
file.comment:
- name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-suricata$
{% endif %}
surilogrotate: surilogrotate:
file.managed: file.managed:

8
salt/zeek/init.sls
View File

@@ -200,6 +200,14 @@ append_so-zeek_so-status.conf:
file.append: file.append:
- name: /opt/so/conf/so-status/so-status.conf - name: /opt/so/conf/so-status/so-status.conf
- text: so-zeek - text: so-zeek
- unless: grep -q so-zeek /opt/so/conf/so-status/so-status.conf
{% if grains.role == 'so-import' %}
disable_so-zeek_so-status.conf:
file.comment:
- name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-zeek$
{% endif %}
{% else %} {% else %}

1
setup/so-functions
View File

@@ -1941,7 +1941,6 @@ sensor_pillar() {
if [ "$HNSENSOR" != 'inherit' ]; then if [ "$HNSENSOR" != 'inherit' ]; then
echo " hnsensor: $HNSENSOR" >> "$pillar_file" echo " hnsensor: $HNSENSOR" >> "$pillar_file"
fi fi
} }
set_default_log_size() { set_default_log_size() {