From cb46ca4832e79486f913756ab7b63acf60a44edb Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 22 Jul 2020 14:26:55 -0400 Subject: [PATCH 1/8] Ensure distributed installations have the check-in interval correctly set --- salt/pcap/files/sensoroni.json | 2 +- setup/so-functions | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/salt/pcap/files/sensoroni.json b/salt/pcap/files/sensoroni.json index 76fb0e502..e379d5003 100644 --- a/salt/pcap/files/sensoroni.json +++ b/salt/pcap/files/sensoroni.json @@ -1,6 +1,6 @@ {%- set MANAGER = salt['grains.get']('master') -%} {%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%} -{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms') -%} +{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms', 10000) -%} { "logFilename": "/opt/sensoroni/logs/sensoroni.log", "logLevel":"debug", diff --git a/setup/so-functions b/setup/so-functions index 89d0fdc7a..12bdf3a4c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -979,9 +979,6 @@ manager_pillar() { " lsheap: $LS_HEAP_SIZE"\ " ls_pipeline_workers: $num_cpu_cores"\ ""\ - "pcap:">> "$pillar_file"\ - " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ - ""\ "idstools:"\ " config:"\ " ruleset: $RULESETUP"\ @@ -1036,6 +1033,8 @@ manager_static() { " wazuh: $WAZUH"\ " managerupdate: $MANAGERUPDATES"\ " imagerepo: $IMAGEREPO"\ + "pcap:"\ + " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ "strelka:"\ " enabled: $STRELKA"\ " rules: $STRELKARULES"\ From 46e7d29f12d0d67be8353071bc557439db57b7e6 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 22 Jul 2020 14:35:50 -0400 Subject: [PATCH 2/8] Add support for custom branches in soup --- VERSION | 2 +- salt/common/tools/sbin/soup | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/VERSION b/VERSION index d0c10bc48..0637814cd 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0.0-rc.1 \ No newline at end of file +2.0.1-rc.1 \ No newline at end of file diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 878372e68..44c32280e 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -43,8 +43,11 @@ clone_to_tmp() { # Make a temp location for the files mkdir -p /tmp/sogh cd /tmp/sogh - #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git - git clone https://github.com/Security-Onion-Solutions/securityonion.git + SOUP_BRANCH="" + if [ -n "$BRANCH" ]; then + SOUP_BRANCH="-b $BRANCH" + fi + git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git cd /tmp if [ ! -f $UPDATE_DIR/VERSION ]; then echo "Update was unable to pull from github. Please check your internet." From b9e6ddf7df5acba5e222b96fdcd8798686dbf38e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 22 Jul 2020 15:50:56 -0400 Subject: [PATCH 3/8] Clean up static.sls passwords --- salt/thehive/scripts/cortex_init | 8 ++++++++ salt/thehive/scripts/hive_init | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/salt/thehive/scripts/cortex_init b/salt/thehive/scripts/cortex_init index 90980da9c..9fc1caf25 100644 --- a/salt/thehive/scripts/cortex_init +++ b/salt/thehive/scripts/cortex_init @@ -9,6 +9,12 @@ default_salt_dir=/opt/so/saltstack/default +cortex_clean(){ + sed -i '/^ cortexuser:/d' /opt/so/saltstack/local/pillar/static.sls + sed -i '/^ cortexpassword:/d' /opt/so/saltstack/local/pillar/static.sls + sed -i '/^ cortexorguser:/d' /opt/so/saltstack/local/pillar/static.sls +} + cortex_init(){ sleep 60 CORTEX_IP="{{MANAGERIP}}" @@ -51,6 +57,7 @@ cortex_init(){ } if [ -f /opt/so/state/cortex.txt ]; then + cortex_clean exit 0 else rm -f garbage_file @@ -63,4 +70,5 @@ else rm -f garbage_file sleep 5 cortex_init + cortex_clean fi diff --git a/salt/thehive/scripts/hive_init b/salt/thehive/scripts/hive_init index a8307c0d6..0caff6e2d 100755 --- a/salt/thehive/scripts/hive_init +++ b/salt/thehive/scripts/hive_init @@ -4,6 +4,11 @@ # {%- set THEHIVEPASSWORD = salt['pillar.get']('static:hivepassword', 'hivechangeme') %} # {%- set THEHIVEKEY = salt['pillar.get']('static:hivekey', '') %} +thehive_clean(){ + sed -i '/^ hiveuser:/d' /opt/so/saltstack/local/pillar/static.sls + sed -i '/^ hivepassword:/d' /opt/so/saltstack/local/pillar/static.sls +} + thehive_init(){ sleep 120 THEHIVE_IP="{{MANAGERIP}}" @@ -49,6 +54,7 @@ thehive_init(){ } if [ -f /opt/so/state/thehive.txt ]; then + thehive_clean exit 0 else rm -f garbage_file @@ -61,4 +67,5 @@ else rm -f garbage_file sleep 5 thehive_init + thehive_clean fi From b24c82d49c1315b87435802aebbf7304554390c8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 22 Jul 2020 16:09:28 -0400 Subject: [PATCH 4/8] Fix Docker List --- salt/common/tools/sbin/so-docker-refresh | 7 +++++-- salt/common/tools/sbin/soup | 6 +++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh index 16b8fb930..ace1e9554 100755 --- a/salt/common/tools/sbin/so-docker-refresh +++ b/salt/common/tools/sbin/so-docker-refresh @@ -64,7 +64,7 @@ if [ $MANAGERCHECK != 'so-helix' ]; then "so-thehive-cortex:$VERSION" \ "so-curator:$VERSION" \ "so-domainstats:$VERSION" \ - "so-elastalert$VERSION" \ + "so-elastalert:$VERSION" \ "so-elasticsearch:$VERSION" \ "so-filebeat:$VERSION" \ "so-fleet:$VERSION" \ @@ -84,7 +84,10 @@ if [ $MANAGERCHECK != 'so-helix' ]; then "so-soc:$VERSION" \ "so-soctopus:$VERSION" \ "so-steno:$VERSION" \ - "so-strelka:$VERSION" \ + "so-strelka-frontend:$VERSION" \ + "so-strelka-manager:$VERSION" \ + "so-strelka-backend:$VERSION" \ + "so-strelka-filestream:$VERSION" \ "so-suricata:$VERSION" \ "so-telegraf:$VERSION" \ "so-thehive:$VERSION" \ diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 44c32280e..cd3e57e21 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -106,6 +106,10 @@ update_dockers() { "so-soctopus" \ "so-steno" \ "so-strelka" \ + "so-strelka-frontend" \ + "so-strelka-manager" \ + "so-strelka-backend" \ + "so-strelka-filestream" \ "so-suricata" \ "so-telegraf" \ "so-thehive" \ @@ -142,7 +146,7 @@ update_version() { # Update the version to the latest echo "Updating the version file." echo $NEWVERSION > /etc/soversion - sed -i 's/$INSTALLEDVERSION/$NEWVERISON/g' /opt/so/saltstack/local/pillar/static.sls + sed -i 's/$INSTALLEDVERSION/$NEWVERSION/g' /opt/so/saltstack/local/pillar/static.sls } upgrade_check() { From 6d6ba04dcd871453a997c2dccbbdd8ed103e0997 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 22 Jul 2020 16:15:32 -0400 Subject: [PATCH 5/8] Fix version replace --- salt/common/tools/sbin/soup | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index cd3e57e21..8f2484768 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -146,7 +146,7 @@ update_version() { # Update the version to the latest echo "Updating the version file." echo $NEWVERSION > /etc/soversion - sed -i 's/$INSTALLEDVERSION/$NEWVERSION/g' /opt/so/saltstack/local/pillar/static.sls + sed -i "s/$INSTALLEDVERSION/$NEWVERSION/g" /opt/so/saltstack/local/pillar/static.sls } upgrade_check() { @@ -199,10 +199,10 @@ echo "" echo "Copying new code" copy_new_files echo "" -echo "Running a highstate to complete upgrade" -highstate -echo "" echo "Updating version" update_version echo "" +echo "Running a highstate to complete upgrade" +highstate +echo "" echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete." From 201efd285ab84b08a1b0f26632c211e1ea0f7f9c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 22 Jul 2020 16:34:50 -0400 Subject: [PATCH 6/8] Fix passwords from conflicting with yaml --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 12bdf3a4c..26681b864 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1014,10 +1014,10 @@ manager_static() { " ids: $NIDS"\ " managerip: $MAINIP"\ " hiveuser: $WEBUSER"\ - " hivepassword: $WEBPASSWD1"\ + " hivepassword: '$WEBPASSWD1'"\ " hivekey: $HIVEKEY"\ " cortexuser: $WEBUSER"\ - " cortexpassword: $WEBPASSWD1"\ + " cortexpassword: '$WEBPASSWD1'"\ " cortexkey: $CORTEXKEY"\ " cortexorgname: SecurityOnion"\ " cortexorguser: $WEBUSER"\ From 74faab92ab7c786e8b93e1b1d7423efabc958f18 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 23 Jul 2020 09:21:05 -0400 Subject: [PATCH 7/8] Remove variables.txt --- salt/common/init.sls | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/salt/common/init.sls b/salt/common/init.sls index 69aaa4a17..967c74c42 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -1,5 +1,10 @@ {% set role = grains.id.split('_') | last %} +# Remove variables.txt from /tmp - This is temp +rmvariablesfile: + file.absent: + - name: /tmp/variables.txt + # Add socore Group socoregroup: group.present: From ff77abfdc8fb4a104ef8ee718a2982584d17ff00 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 23 Jul 2020 09:51:52 -0400 Subject: [PATCH 8/8] Update soup Remove strelka that isn't an image. Fix formatting --- salt/common/tools/sbin/soup | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 8f2484768..b2b8cacc4 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -105,11 +105,10 @@ update_dockers() { "so-soc" \ "so-soctopus" \ "so-steno" \ - "so-strelka" \ "so-strelka-frontend" \ - "so-strelka-manager" \ - "so-strelka-backend" \ - "so-strelka-filestream" \ + "so-strelka-manager" \ + "so-strelka-backend" \ + "so-strelka-filestream" \ "so-suricata" \ "so-telegraf" \ "so-thehive" \