CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Final airgap tweaks

Browse Source
This commit is contained in:
Mike Reeves
2020-09-09 10:54:47 -04:00
parent 7d524a0723
commit 426257443a
6 changed files with 54 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/airgap/init.sls
View File

@@ -9,6 +9,7 @@ airgap.repo:
- humanname: Airgap Repo - humanname: Airgap Repo
- baseurl: https://{{ MANAGER }}/repo - baseurl: https://{{ MANAGER }}/repo
- gpgcheck: 0 - gpgcheck: 0
- sslverify: 0
agbase: agbase:
file.absent: file.absent:
@@ -52,4 +53,8 @@ agtesting:
agssrepo: agssrepo:
file.absent: file.absent:
- name: /etc/yum.repos.d/saltstack.repo - name: /etc/yum.repos.d/saltstack.repo
agwazrepo:
file.absent:
- name: /etc/yum.repos.d/wazuh.repo

2
salt/idstools/localrules/local.rules
View File

@@ -1 +1 @@
# Put your own custom Snort/Suricata rules in /opt/so/saltstack/local/salt/idstools/localrules/local.rules # Put your own custom Snort/Suricata rules in this file! /opt/so/saltstack/local/salt/idstools/localrules/local.rules

17
salt/nginx/etc/nginx.conf.so-eval
View File

@@ -2,6 +2,8 @@
{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %} {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %} {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %} {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
# For more information on configuration, see: # For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/ # * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -180,7 +182,20 @@ http {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy ""; proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
{%- if ISAIRGAP is sameas true %}
location /repo/ {
allow all;
sendfile on;
sendfile_max_chunk 1m;
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
}
{%- endif %}
location /grafana/ { location /grafana/ {
auth_request /auth/sessions/whoami; auth_request /auth/sessions/whoami;

15
salt/nginx/etc/nginx.conf.so-manager
View File

@@ -2,6 +2,8 @@
{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %} {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %} {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %} {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
# For more information on configuration, see: # For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/ # * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -232,6 +234,19 @@ http {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
{%- if ISAIRGAP is sameas true %}
location /repo/ {
allow all;
sendfile on;
sendfile_max_chunk 1m;
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
}
{%- endif %}
{%- if FLEET_NODE %} {%- if FLEET_NODE %}
location /fleet/ { location /fleet/ {
return 301 https://{{ FLEET_IP }}/fleet; return 301 https://{{ FLEET_IP }}/fleet;

15
salt/nginx/etc/nginx.conf.so-managersearch
View File

@@ -2,6 +2,8 @@
{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %} {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %} {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %} {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
# For more information on configuration, see: # For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/ # * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -180,6 +182,19 @@ http {
proxy_set_header Proxy ""; proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
{%- if ISAIRGAP is sameas true %}
location /repo/ {
allow all;
sendfile on;
sendfile_max_chunk 1m;
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
}
{%- endif %}
location /grafana/ { location /grafana/ {
auth_request /auth/sessions/whoami; auth_request /auth/sessions/whoami;

2
salt/nginx/etc/nginx.conf.so-standalone
View File

@@ -2,7 +2,7 @@
{%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %} {%- set FLEET_MANAGER = salt['pillar.get']('global:fleet_manager') %}
{%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %} {%- set FLEET_NODE = salt['pillar.get']('global:fleet_node') %}
{%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %} {%- set FLEET_IP = salt['pillar.get']('global:fleet_ip', None) %}
{%- set ISAIRGAP = salt['pillar.get']('global:airgap') %} {%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
# For more information on configuration, see: # For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/ # * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/