Final airgap tweaks

salt/airgap/init.sls

@@ -9,6 +9,7 @@ airgap.repo:
     - humanname: Airgap Repo
     - baseurl: https://{{ MANAGER }}/repo
     - gpgcheck: 0
+    - sslverify: 0
 
 agbase:
   file.absent:
@@ -53,3 +54,7 @@ agtesting:
 agssrepo:
   file.absent:
     - name: /etc/yum.repos.d/saltstack.repo
+
+agwazrepo:
+  file.absent:
+    - name: /etc/yum.repos.d/wazuh.repo

salt/idstools/localrules/local.rules

@@ -1 +1 @@
-# Put your own custom Snort/Suricata rules in /opt/so/saltstack/local/salt/idstools/localrules/local.rules
+# Put your own custom Snort/Suricata rules in this file! /opt/so/saltstack/local/salt/idstools/localrules/local.rules

salt/nginx/etc/nginx.conf.so-eval

@@ -2,6 +2,8 @@
 {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
+{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
+
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -182,6 +184,19 @@ http {
 			proxy_set_header      X-Forwarded-Proto $scheme;
 		}
 
+        {%- if ISAIRGAP is sameas true %}
+        location /repo/ {
+            allow all;
+            sendfile on;
+            sendfile_max_chunk 1m;
+            autoindex on;
+            autoindex_exact_size off;
+            autoindex_format html;
+            autoindex_localtime on;
+        }
+
+		{%- endif %}
+		
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /grafana/(.*) /$1 break;

salt/nginx/etc/nginx.conf.so-manager

@@ -2,6 +2,8 @@
 {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
+{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
+
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -232,6 +234,19 @@ http {
 			proxy_set_header      X-Forwarded-Proto $scheme;
 		}
 
+		{%- if ISAIRGAP is sameas true %}
+        location /repo/ {
+            allow all;
+            sendfile on;
+            sendfile_max_chunk 1m;
+            autoindex on;
+            autoindex_exact_size off;
+            autoindex_format html;
+            autoindex_localtime on;
+        }
+
+		{%- endif %}
+
 	{%- if FLEET_NODE %}
 		location /fleet/ {
 			return 301 https://{{ FLEET_IP }}/fleet;

salt/nginx/etc/nginx.conf.so-managersearch

@@ -2,6 +2,8 @@
 {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
+{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
+
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -181,6 +183,19 @@ http {
 			proxy_set_header      X-Forwarded-Proto $scheme;
 		} 
 
+		{%- if ISAIRGAP is sameas true %}
+        location /repo/ {
+            allow all;
+            sendfile on;
+            sendfile_max_chunk 1m;
+            autoindex on;
+            autoindex_exact_size off;
+            autoindex_format html;
+            autoindex_localtime on;
+        }
+
+		{%- endif %}
+		
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /grafana/(.*) /$1 break;

salt/nginx/etc/nginx.conf.so-standalone

@@ -2,7 +2,7 @@
 {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
 {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
 {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
-{%- set ISAIRGAP = salt['pillar.get']('global:airgap') %}
+{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/