CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Suricata Salt Module - Add skeleton

Browse Source
This commit is contained in:
Mike Reeves
2018-02-23 14:49:46 -05:00
parent 7032344fc9
commit 48b2ad505a
4 changed files with 54 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/pcap/init.sls
View File

@@ -69,7 +69,8 @@ so-steno:
- image: toosmooth/so-steno:test2 - image: toosmooth/so-steno:test2
- network_mode: host - network_mode: host
- priviledged: true - priviledged: true
- user: 941 - port_bindings:
- 127.0.0.1:1234:1234
- binds: - binds:
- /opt/so/conf/steno/certs:/etc/stenographer/certs:rw - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
- /opt/so/conf/steno/config:/etc/stenographer/config:rw - /opt/so/conf/steno/config:/etc/stenographer/config:rw

5
salt/pulledpork/init.sls
View File

@@ -27,6 +27,11 @@ rulesdir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
ruleslink:
file.symlink:
- name: /opt/so/saltstack/salt/pulledpork/rules
- target: /opt/so/rules/nids
toosmooth/so-pulledpork:test2: toosmooth/so-pulledpork:test2:
docker_image.present docker_image.present

46
salt/suricata/init.sls Normal file
View File

@@ -0,0 +1,46 @@
# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Suricata
ppdir:
file.directory:
- name: /opt/so/pulledpork
- user: 939
- group: 939
rulesdir:
file.directory:
- name: /opt/so/rules/nids
- user: 939
- group: 939
- makedirs: True
ruleslink:
file.symlink:
- name: /opt/so/saltstack/salt/pulledpork/rules
- target: /opt/so/rules/nids
toosmooth/so-pulledpork:test2:
docker_image.present
so-pulledpork:
docker_container.running:
- image: toosmooth/so-pulledpork:test2
- hostname: so-pulledpork
- user: socore
- binds:
- /opt/so/pulledpork/etc:/opt/pulledpork/etc:ro
- /opt/so/rules/nids:/opt/so/rules/nids:rw
- network_mode: so-elastic-net

2
so-setup-network.sh
View File

@@ -223,7 +223,7 @@ if (whiptail --title "Security Onion Setup" --yesno "Are you sure you want to in
# Create the pillar file for the sensor # Create the pillar file for the sensor
touch /tmp/$HOSTNAME.sls touch /tmp/$HOSTNAME.sls
echo "sensor:" > /tmp/$HOSTNAME.sls echo "sensors:" > /tmp/$HOSTNAME.sls
echo " interface: bond0" >> /tmp/$HOSTNAME.sls echo " interface: bond0" >> /tmp/$HOSTNAME.sls
echo " lbprocs: $LBPROCS" >> /tmp/$HOSTNAME.sls echo " lbprocs: $LBPROCS" >> /tmp/$HOSTNAME.sls