Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into dev

2025-12-07 17:52:46 +01:00 · 2021-01-13 10:47:13 -05:00
parent cc0697cefa 9b060fb2d1
commit 489f702e47
10 changed files with 56 additions and 46 deletions
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -1,4 +1,4 @@
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -17,8 +17,8 @@

 {% if 'strelka' in top_states %}

-{%- set MANAGER = salt['grains.get']('master') %}
-{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
+{% set MANAGER = salt['grains.get']('master') %}
+{% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %}
@@ -47,7 +47,7 @@ strelkasync:
    - group: 939
    - template: jinja

-{%- if STRELKA_RULES == 1 %}
+{% if STRELKA_RULES == 1 %}

 strelkarules:
  file.recurse:
@@ -56,13 +56,15 @@ strelkarules:
    - user: 939
    - group: 939

+{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %}
 strelkarepos:
  file.managed:
    - name: /opt/so/saltstack/default/salt/strelka/rules/repos.txt
    - source: salt://strelka/rules/repos.txt.jinja
    - template: jinja

-{%- endif %}
+{% endif %}
+{% endif %}

 strelkadatadir:
   file.directory:
--- a/salt/telegraf/scripts/suriloss.sh
+++ b/salt/telegraf/scripts/suriloss.sh
@@ -33,16 +33,16 @@ if [ $CHECKIT == 2 ]; then

  CURRENTDROP=${RESULT[4]}
  PASTDROP=${RESULT[14]}
-  DROPPED=$(($CURRENTDROP - $PASTDROP))
+  DROPPED=$((CURRENTDROP - PASTDROP))
  if [ $DROPPED == 0 ]; then
    LOSS=0
    echo "suridrop drop=0"
  else
    CURRENTPACKETS=${RESULT[9]}
    PASTPACKETS=${RESULT[19]}
-    TOTALCURRENT=$(($CURRENTPACKETS + $CURRENTDROP))
-    TOTALPAST=$(($PASTPACKETS + $PASTDROP))
-    TOTAL=$(($TOTALCURRENT - $TOTALPAST))
+    TOTALCURRENT=$((CURRENTPACKETS + CURRENTDROP))
+    TOTALPAST=$((PASTPACKETS + PASTDROP))
+    TOTAL=$((TOTALCURRENT - TOTALPAST))

    LOSS=$(echo 4 k $DROPPED $TOTAL / p | dc)
    echo "suridrop drop=$LOSS"
--- a/salt/telegraf/scripts/zeekloss.sh
+++ b/salt/telegraf/scripts/zeekloss.sh
@@ -29,15 +29,22 @@ echo $$ > $lf
 ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
 declare RESULT=($ZEEKLOG)
 CURRENTDROP=${RESULT[3]}
-PASTDROP=${RESULT[9]}
-DROPPED=$((CURRENTDROP - PASTDROP))
-if [ $DROPPED == 0 ]; then
+# zeek likely not running if this is true
+if [[ $CURRENTDROP == "rcvd:" ]]; then
+  CURRENTDROP=0
+  PASTDROP=0
+  DROPPED=0
+else
+  PASTDROP=${RESULT[9]}
+  DROPPED=$((CURRENTDROP - PASTDROP))
+fi
+if [[ "$DROPPED" -le 0 ]]; then
  LOSS=0
  echo "zeekdrop drop=0"
 else
  CURRENTPACKETS=${RESULT[5]}
  PASTPACKETS=${RESULT[11]}
  TOTAL=$((CURRENTPACKETS - PASTPACKETS))
-  LOSS=$(echo $DROPPED $TOTAL / p | dc)
+  LOSS=$(echo 4 k $DROPPED $TOTAL / p | dc)
  echo "zeekdrop drop=$LOSS"
 fi
--- a/setup/automation/distributed-ami-forwardnode
+++ b/setup/automation/distributed-ami-forwardnode
@@ -23,8 +23,8 @@ ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 #ALLOW_CIDR=0.0.0.0/0
 #ALLOW_ROLE=a
-BASICZEEK=1
-BASICSURI=1
+BASICZEEK=2
+BASICSURI=2
 # BLOGS=
 BNICS=ens6
 ZEEKVERSION=ZEEK
@@ -70,9 +70,9 @@ PATCHSCHEDULENAME=auto
 SKIP_REBOOT=0
 SOREMOTEPASS1=onionuser
 SOREMOTEPASS2=onionuser
-STRELKA=1
+#STRELKA=1
 #THEHIVE=1
-WAZUH=1
-WEBUSER=onionuser@somewhere.invalid
-WEBPASSWD1=0n10nus3r
-WEBPASSWD2=0n10nus3r
+#WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
--- a/setup/automation/distributed-ami-manager
+++ b/setup/automation/distributed-ami-manager
@@ -23,8 +23,8 @@ ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 ALLOW_CIDR=0.0.0.0/0
 ALLOW_ROLE=a
-BASICZEEK=7
-BASICSURI=7
+BASICZEEK=2
+BASICSURI=2
 # BLOGS=
 BNICS=ens6
 ZEEKVERSION=ZEEK
--- a/setup/automation/distributed-ami-searchnode
+++ b/setup/automation/distributed-ami-searchnode
@@ -22,7 +22,7 @@ ADMINUSER=onionuser
 ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 #ALLOW_CIDR=0.0.0.0/0
-ALLOW_ROLE=a
+#ALLOW_ROLE=a
 #BASICZEEK=7
 #BASICSURI=7
 # BLOGS=
@@ -72,7 +72,7 @@ SOREMOTEPASS1=onionuser
 SOREMOTEPASS2=onionuser
 #STRELKA=1
 #THEHIVE=1
-WAZUH=1
-WEBUSER=onionuser@somewhere.invalid
-WEBPASSWD1=0n10nus3r
-WEBPASSWD2=0n10nus3r
+#WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
--- a/setup/automation/distributed-iso-search
+++ b/setup/automation/distributed-iso-search
@@ -72,7 +72,7 @@ SOREMOTEPASS1=onionuser
 SOREMOTEPASS2=onionuser
 # STRELKA=1
 # THEHIVE=1
-WAZUH=1
-WEBUSER=onionuser@somewhere.invalid
-WEBPASSWD1=0n10nus3r
-WEBPASSWD2=0n10nus3r
+# WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
--- a/setup/automation/distributed-iso-sensor
+++ b/setup/automation/distributed-iso-sensor
@@ -23,8 +23,8 @@ ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 # ALLOW_CIDR=0.0.0.0/0
 # ALLOW_ROLE=a
-BASICZEEK=7
-BASICSURI=7
+BASICZEEK=2
+BASICSURI=2
 # BLOGS=
 BNICS=eth1
 ZEEKVERSION=ZEEK
@@ -70,9 +70,9 @@ PATCHSCHEDULENAME=auto
 # SKIP_REBOOT=
 SOREMOTEPASS1=onionuser
 SOREMOTEPASS2=onionuser
-STRELKA=1
+# STRELKA=1
 # THEHIVE=1
-WAZUH=1
-WEBUSER=onionuser@somewhere.invalid
-WEBPASSWD1=0n10nus3r
-WEBPASSWD2=0n10nus3r
+# WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1982,9 +1982,9 @@ set_ssh_cmds() {
 	local automated=$1

 	if [ $automated == yes ]; then
-		sshcmd='sshpass -p "$SOREMOTEPASS1" ssh -o StrictHostKeyChecking=no'
-		sshcopyidcmd='sshpass -p "$SOREMOTEPASS1" ssh-copy-id -o StrictHostKeyChecking=no'
-		scpcmd='sshpass -p "$SOREMOTEPASS1" scp -o StrictHostKeyChecking=no'
+		sshcmd="sshpass -p $SOREMOTEPASS1 ssh -o StrictHostKeyChecking=no"
+		sshcopyidcmd="sshpass -p $SOREMOTEPASS1 ssh-copy-id -o StrictHostKeyChecking=no"
+		scpcmd="sshpass -p $SOREMOTEPASS1 scp -o StrictHostKeyChecking=no"
 	else
 		sshcmd='ssh'
 		sshcopyidcmd='ssh-copy-id'
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -594,6 +594,8 @@ set_redirect >> $setup_log 2>&1
 	set_progress_str 8 'Initializing Salt minion'
 	configure_minion "$minion_type" >> $setup_log 2>&1

+	update_sudoers_for_testing >> $setup_log 2>&1
+
 	if [[ $is_manager || $is_helix || $is_import ]]; then
 		set_progress_str 9 'Configuring Salt master'
 		{
@@ -606,7 +608,6 @@ set_redirect >> $setup_log 2>&1
 		
 		set_progress_str 10 'Updating sudoers file for soremote user'
 		update_sudoers >> $setup_log 2>&1
-		update_sudoers_for_testing >> $setup_log 2>&1
 		
 		set_progress_str 11 'Generating manager global pillar'
 		#minio_generate_keys
@@ -851,7 +852,7 @@ if [[ -n $SO_ERROR ]]; then
 else 
 	echo "Successfully completed setup! Continuing with post-installation steps" >> $setup_log 2>&1
 	{
-		[ -n "$TESTING" ] && logCmd so-test
+		[[ -n "$TESTING" && $is_sensor ]] && logCmd so-test

 		export percentage=95 # set to last percentage used in previous subshell
 		if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then