CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

changes for FireEye Helix integration

Browse Source
This commit is contained in:
m0duspwnens
2019-12-09 17:18:12 -05:00
parent 8342dc1447
commit 4874e540da
3 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/firewall/init.sls
View File

@@ -1,5 +1,5 @@
# Firewall Magic for the grid # Firewall Magic for the grid
{%- if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %} {%- if grains['role'] in ['so-eval','so-master','so-helix'] %}
{%- set ip = salt['pillar.get']('static:masterip', '') %} {%- set ip = salt['pillar.get']('static:masterip', '') %}
{%- elif grains['role'] == 'so-node' %} {%- elif grains['role'] == 'so-node' %}
{%- set ip = salt['pillar.get']('node:mainip', '') %} {%- set ip = salt['pillar.get']('node:mainip', '') %}

9
setup/functions.sh
View File

@@ -236,6 +236,9 @@ configure_minion() {
OLDPASS=$(cat /opt/so/saltstack/pillar/auth.sls | grep mysql | awk {'print $2'}) OLDPASS=$(cat /opt/so/saltstack/pillar/auth.sls | grep mysql | awk {'print $2'})
echo "mysql.pass: '$OLDPASS'" >> /etc/salt/minion echo "mysql.pass: '$OLDPASS'" >> /etc/salt/minion
fi fi
elif [ $TYPE == 'helix' ]; then
echo "master: $HOSTNAME" > /etc/salt/minion
echo "id: $MINION_ID" >> /etc/salt/minion
else else
echo "master: $MSRV" > /etc/salt/minion echo "master: $MSRV" > /etc/salt/minion
echo "id: $MINION_ID" >> /etc/salt/minion echo "id: $MINION_ID" >> /etc/salt/minion
@@ -255,7 +258,7 @@ copy_master_config() {
if [ $INSTALLMETHOD == 'iso' ]; then if [ $INSTALLMETHOD == 'iso' ]; then
cp /root/SecurityOnion/files/master /etc/salt/master cp /root/SecurityOnion/files/master /etc/salt/master
else else
cp ../files/master /etc/salt/master cp $SCRIPTDIR/../files/master /etc/salt/master
fi fi
# Restart the service so it picks up the changes -TODO Enable service on CentOS # Restart the service so it picks up the changes -TODO Enable service on CentOS
@@ -1065,8 +1068,8 @@ salt_master_directories() {
cp /root/SecurityOnion/pillar/* /opt/so/saltstack/pillar/ cp /root/SecurityOnion/pillar/* /opt/so/saltstack/pillar/
cp /root/SecurityOnion/salt/* /opt/so/saltstack/salt/ cp /root/SecurityOnion/salt/* /opt/so/saltstack/salt/
else else
cp -R ../pillar/* /opt/so/saltstack/pillar/ cp -R $SCRIPTDIR/../pillar/* /opt/so/saltstack/pillar/
cp -R ../salt/* /opt/so/saltstack/salt/ cp -R $SCRIPTDIR/../salt/* /opt/so/saltstack/salt/
fi fi
chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh

9
setup/so-setup.sh
View File

@@ -35,7 +35,7 @@ MINION_ID=$(echo $HOSTNAME | awk -F. {'print $1'})
TOTAL_MEM=`grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//'` TOTAL_MEM=`grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//'`
NICS=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \"" "Interface" "\"" " OFF"}') NICS=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \"" "Interface" "\"" " OFF"}')
CPUCORES=$(cat /proc/cpuinfo | grep processor | wc -l) CPUCORES=$(cat /proc/cpuinfo | grep processor | wc -l)
LISTCORES=$(cat /proc/cpuinfo | grep processor | awk '{print $3 " \"" "core" "\""}') LSTCORES=$(cat /proc/cpuinfo | grep processor | awk '{print $3 " \"" "core" "\""}')
RANDOMUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) RANDOMUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)
NODE_ES_PORT="9200" NODE_ES_PORT="9200"
SETUPLOG="/root/sosetup.log" SETUPLOG="/root/sosetup.log"
@@ -150,10 +150,12 @@ if (whiptail_you_sure) ; then
esac esac
#################### ####################
## Master ## ## Helix ##
#################### ####################
if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
MASTERUPDATES=OPEN MASTERUPDATES=OPEN
filter_unused_nics
whiptail_bond_nics
whiptail_helix_apikey whiptail_helix_apikey
whiptail_homenet_master whiptail_homenet_master
whiptail_rule_setup whiptail_rule_setup
@@ -245,6 +247,9 @@ if (whiptail_you_sure) ; then
fi fi
####################
## Master ##
####################
if [ $INSTALLTYPE == 'MASTERONLY' ]; then if [ $INSTALLTYPE == 'MASTERONLY' ]; then
# Would you like to do an advanced install? # Would you like to do an advanced install?