CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10340 from Security-Onion-Solutions/airgaps

Browse Source 
Fix IDS Tools
This commit is contained in:
Mike Reeves
2023-05-15 16:10:03 -04:00
committed by GitHub
parent bc2d3e43f0 2fe88a1e66
commit 48ce377b02
6 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/docker/defaults.yaml
View File

@@ -73,6 +73,7 @@ docker:
- 80:80 - 80:80
- 443:443 - 443:443
- 8443:8443 - 8443:8443
- 7788:7788
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
'so-playbook': 'so-playbook':

8
salt/firewall/defaults.yaml
View File

@@ -94,6 +94,9 @@ firewall:
tcp: tcp:
- 5601 - 5601
udp: [] udp: []
localrules:
tcp: - 7788
udp: []
mysql: mysql:
tcp: tcp:
- 3306 - 3306
@@ -181,6 +184,7 @@ firewall:
- influxdb - influxdb
- elasticsearch_rest - elasticsearch_rest
- elasticsearch_node - elasticsearch_node
- localrules
sensor: sensor:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -364,6 +368,7 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- localrules
sensor: sensor:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -501,6 +506,7 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- localrules
sensor: sensor:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -648,6 +654,7 @@ firewall:
- elastic_agent_update - elastic_agent_update
- endgame - endgame
- strelka_frontend - strelka_frontend
- localrules
fleet: fleet:
portgroups: portgroups:
- elasticsearch_rest - elasticsearch_rest
@@ -1005,6 +1012,7 @@ firewall:
- elasticsearch_rest - elasticsearch_rest
- elasticsearch_node - elasticsearch_node
- elastic_agent_control - elastic_agent_control
- localrules
sensor: sensor:
portgroups: portgroups:
- beats_5044 - beats_5044

3
salt/firewall/soc_firewall.yaml
View File

@@ -118,6 +118,9 @@ firewall:
kibana: kibana:
tcp: *tcpsettings tcp: *tcpsettings
udp: *udpsettings udp: *udpsettings
localrules:
tcp: *tcpsettings
udp: *udpsettings
mysql: mysql:
tcp: *tcpsettings tcp: *tcpsettings
udp: *udpsettings udp: *udpsettings

2
salt/idstools/etc/rulecat.conf
View File

@@ -4,7 +4,7 @@
{%- if GLOBALS.airgap is sameas true -%} {%- if GLOBALS.airgap is sameas true -%}
--merged=/opt/so/rules/nids/all.rules --merged=/opt/so/rules/nids/all.rules
--local=/opt/so/rules/nids/local.rules --local=/opt/so/rules/nids/local.rules
{%- if GLOBAL.md_engine == "SURICATA" %} {%- if GLOBALS.md_engine == "SURICATA" %}
--local=/opt/so/rules/nids/sorules/extraction.rules --local=/opt/so/rules/nids/sorules/extraction.rules
--local=/opt/so/rules/nids/sorules/filters.rules --local=/opt/so/rules/nids/sorules/filters.rules
{%- endif %} {%- endif %}

10
setup/so-functions
View File

@@ -37,14 +37,8 @@ logCmd() {
airgap_rules() { airgap_rules() {
# Copy the rules for suricata if using Airgap # Copy the rules for suricata if using Airgap
mkdir -p /nsm/repo/rules mkdir -p /nsm/rules
cp -v /root/SecurityOnion/agrules/emerging-all.rules /nsm/repo/rules/ cp -Rv /root/SecurityOnion/agrules/* /nsm/rules/
# Copy over sigma rules
cp -Rv /root/SecurityOnion/agrules/sigma /nsm/repo/rules/
# Don't leave Strelka out
cp -Rv /root/SecurityOnion/agrules/strelka /nsm/repo/rules/
} }
add_admin_user() { add_admin_user() {

1
setup/so-verify
View File

@@ -44,6 +44,7 @@ log_has_errors() {
grep -vE "Exception in callback None" | \ grep -vE "Exception in callback None" | \
grep -vE "deprecation: ERROR" | \ grep -vE "deprecation: ERROR" | \
grep -vE "code: 100" | \ grep -vE "code: 100" | \
grep -vE "/nsm/repo/rules/sigma/rules*" | \
grep -vE "Running scope as unit" &> "$error_log" grep -vE "Running scope as unit" &> "$error_log"
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then