Merge pull request #636 from Security-Onion-Solutions/feature/firewallupdate

Feature/firewallupdate
2025-12-06 17:22:49 +01:00 · 2020-05-06 09:38:52 -04:00
parent 981801f23c 88df4cc7ae
commit 48ad831f9f
10 changed files with 36 additions and 40 deletions
--- a/pillar/firewall/analyst.sls
+++ b/pillar/firewall/analyst.sls
@@ -1,3 +0,0 @@
-analyst:
-  - 127.0.0.1
-  
--- a/pillar/firewall/beats_endpoint.sls
+++ b/pillar/firewall/beats_endpoint.sls
@@ -1,3 +0,0 @@
-beats_endpoint:
-  - 127.0.0.1
-  
--- a/pillar/firewall/forward_nodes.sls
+++ b/pillar/firewall/forward_nodes.sls
@@ -1,3 +0,0 @@
-forward_nodes:
-  - 127.0.0.1
-  
--- a/pillar/firewall/masterfw.sls
+++ b/pillar/firewall/masterfw.sls
@@ -1,2 +0,0 @@
-masterfw:
-  - 127.0.0.1
--- a/pillar/firewall/minions.sls
+++ b/pillar/firewall/minions.sls
@@ -1,3 +0,0 @@
-minions:
-  - 127.0.0.1
-  
--- a/pillar/firewall/osquery_endpoint.sls
+++ b/pillar/firewall/osquery_endpoint.sls
@@ -1,3 +0,0 @@
-osquery_endpoint:
-  - 127.0.0.1
-  
--- a/pillar/firewall/search_nodes.sls
+++ b/pillar/firewall/search_nodes.sls
@@ -1,2 +0,0 @@
-search_nodes:
-  - 127.0.0.1
--- a/pillar/firewall/wazuh_endpoint.sls
+++ b/pillar/firewall/wazuh_endpoint.sls
@@ -1,2 +0,0 @@
-wazuh_endpoint:
-  - 127.0.0.1
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -705,9 +705,20 @@ fireeye_pillar() {

 }

-# Run a salt command to generate the minion key
-salt_firstcheckin() {
-	salt-call state.show_top >> /dev/null # send output to /dev/null because we don't actually care about the ouput
+# Generate Firewall Templates
+firewall_generate_templates() {
+
+	local firewall_pillar_path=/opt/so/saltstack/pillar/firewall
+	mkdir -p "$firewall_pillar_path"
+
+	for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoints search_nodes wazuh_endpoint
+	do
+	  printf '%s\n'\
+	  "$i:"\
+	  "  - 127.0.0.1"\
+	  "" > "$firewall_pillar_path"/$i.sls
+	  echo "Added $i Template"
+	done
 }

 fleet_pillar() {
@@ -734,10 +745,6 @@ generate_passwords(){
  KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom  | fold -w 20 | head -n 1)
 }

-set_main_ip() {
-	MAINIP=$(ip route get 1 | awk '{print $7;exit}')
-}
-
 get_redirect() {
 	whiptail_set_redirect_info
 	whiptail_set_redirect
@@ -755,15 +762,6 @@ got_root() {
 	fi
 }

-install_cleanup() {
-	echo "Installer removing the following files:"
-	ls -lR "$temp_install_dir"
-
-	# Clean up after ourselves
-	rm -rf "$temp_install_dir"
-
-}
-
 get_minion_type() {
 	local minion_type
 	case "$install_type" in
@@ -780,9 +778,13 @@ get_minion_type() {
 	echo "$minion_type"
 }

-set_base_heapsizes() {
-	es_heapsize
-	ls_heapsize
+install_cleanup() {
+	echo "Installer removing the following files:"
+	ls -lR "$temp_install_dir"
+
+	# Clean up after ourselves
+	rm -rf "$temp_install_dir"
+
 }

 master_pillar() {
@@ -1173,6 +1175,20 @@ salt_checkin() {
 	} >> "$setup_log" 2>&1
 }

+# Run a salt command to generate the minion key
+salt_firstcheckin() {
+	salt-call state.show_top >> /dev/null # send output to /dev/null because we don't actually care about the ouput
+}
+
+set_base_heapsizes() {
+	es_heapsize
+	ls_heapsize
+}
+
+set_main_ip() {
+	MAINIP=$(ip route get 1 | awk '{print $7;exit}')
+}
+
 setup_salt_master_dirs() {
 	# Create salt paster directories
 	mkdir -p /opt/so/saltstack/salt
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -294,6 +294,7 @@ export percentage=0
 		set_progress_str 10 'Configuring Salt master'
 		copy_master_config 2>> "$setup_log"
 		setup_salt_master_dirs 2>> "$setup_log"
+		firewall_generate_templates 2>> "$setup_log"
 		
 		set_progress_str 11 'Updating sudoers file for soremote user'
 		update_sudoers 2>> "$setup_log"