Merge pull request #308 from Security-Onion-Solutions/quickfix/helix

Quickfix/helix

salt/logstash/etc/logstash.yml

@@ -63,7 +63,7 @@
 #
 # path.config:
 # /etc/logstash/conf.d is mapped to /usr/share/logstash/pipeline in the Docker image
-{%- if grains.role != 'so-mastersearch' and grains.role != 'so-heavynode' and grains.role != 'so-master' and grains.role != 'so-eval' %}
+{%- if grains.role != 'so-mastersearch' and grains.role != 'so-heavynode' and grains.role != 'so-master' and grains.role != 'so-eval' and grains.role != 'so-helix' %}
 path.config: /usr/share/logstash/pipeline.enabled/*.conf
 {%- else %} 
 #path.config: /usr/share/logstash/pipeline.enabled/*.conf

salt/top.sls

@@ -15,6 +15,7 @@ base:
   'G@role:so-helix':
     - ca
     - ssl
+    - registry
     - common
     - firewall
     - idstools

setup/so-functions

@@ -453,42 +453,55 @@ docker_registry() {
   echo "Docker Registry Setup - Complete" >> $SETUPLOG 2>&1
 
 }
-
 docker_seed_registry() {
   VERSION="HH1.1.4"
-  TRUSTED_CONTAINERS=( \
-  "so-acng:$VERSION" \
-  "so-auth-api:$VERSION" \
-  "so-auth-ui:$VERSION" \
-  "so-core:$VERSION" \
-  "so-thehive-cortex:$VERSION" \
-  "so-curator:$VERSION" \
-  "so-domainstats:$VERSION" \
-  "so-elastalert:$VERSION" \
-  "so-elasticsearch:$VERSION" \
-  "so-filebeat:$VERSION" \
-  "so-fleet:$VERSION" \
-  "so-fleet-launcher:$VERSION" \
-  "so-freqserver:$VERSION" \
-  "so-grafana:$VERSION" \
-  "so-idstools:$VERSION" \
-  "so-influxdb:$VERSION" \
-  "so-kibana:$VERSION" \
-  "so-logstash:$VERSION" \
-  "so-mysql:$VERSION" \
-  "so-navigator:$VERSION" \
-  "so-playbook:$VERSION" \
-  "so-redis:$VERSION" \
-  "so-sensoroni:$VERSION" \
-  "so-soctopus:$VERSION" \
-  "so-steno:$VERSION" \
-  #"so-strelka:$VERSION" \
-  "so-suricata:$VERSION" \
-  "so-telegraf:$VERSION" \
-  "so-thehive:$VERSION" \
-  "so-thehive-es:$VERSION" \
-  "so-wazuh:$VERSION" \
-  "so-zeek:$VERSION" )
+  if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then
+    TRUSTED_CONTAINERS=( \
+    "so-acng:$VERSION" \
+    "so-auth-api:$VERSION" \
+    "so-auth-ui:$VERSION" \
+    "so-core:$VERSION" \
+    "so-thehive-cortex:$VERSION" \
+    "so-curator:$VERSION" \
+    "so-domainstats:$VERSION" \
+    "so-elastalert:$VERSION" \
+    "so-elasticsearch:$VERSION" \
+    "so-filebeat:$VERSION" \
+    "so-fleet:$VERSION" \
+    "so-fleet-launcher:$VERSION" \
+    "so-freqserver:$VERSION" \
+    "so-grafana:$VERSION" \
+    "so-idstools:$VERSION" \
+    "so-influxdb:$VERSION" \
+    "so-kibana:$VERSION" \
+    "so-logstash:$VERSION" \
+    "so-mysql:$VERSION" \
+    "so-navigator:$VERSION" \
+    "so-playbook:$VERSION" \
+    "so-redis:$VERSION" \
+    "so-sensoroni:$VERSION" \
+    "so-soctopus:$VERSION" \
+    "so-steno:$VERSION" \
+    #"so-strelka:$VERSION" \
+    "so-suricata:$VERSION" \
+    "so-telegraf:$VERSION" \
+    "so-thehive:$VERSION" \
+    "so-thehive-es:$VERSION" \
+    "so-wazuh:$VERSION" \
+    "so-zeek:$VERSION" )
+  else
+    TRUSTED_CONTAINERS=( \
+    "so-core:$VERSION" \
+    "so-filebeat:$VERSION" \
+    "so-idstools:$VERSION" \
+    "so-logstash:$VERSION" \
+    "so-redis:$VERSION" \
+    "so-sensoroni:$VERSION" \
+    "so-steno:$VERSION" \
+    "so-suricata:$VERSION" \
+    "so-telegraf:$VERSION" \
+    "so-zeek:$VERSION" )
+  fi
 
   if [ ! -f /nsm/docker-registry/docker/so-dockers-$VERSION.tar ]; then
     # Download the container from the interwebs

setup/so-setup

@@ -213,6 +213,9 @@ if (whiptail_you_sure) ; then
       salt_checkin >> $SETUPLOG 2>&1
       salt-call state.apply ca >> $SETUPLOG 2>&1
       salt-call state.apply ssl >> $SETUPLOG 2>&1
+      echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
+      salt-call state.apply registry >> $SETUPLOG 2>&1
+      docker_seed_registry >> $SETUPLOG 2>&1
       echo -e "XXX\n43\nInstalling Common Components... \nXXX"
       salt-call state.apply common >> $SETUPLOG 2>&1
       echo -e "XXX\n45\nApplying firewall rules... \nXXX"