diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml deleted file mode 100644 index 3a6dbf18d..000000000 --- a/salt/firewall/defaults.yaml +++ /dev/null @@ -1,113 +0,0 @@ -firewall: - grid: - hosts: - analyst_workstations: [] - analyst: [] - standalone: [] - eval: [] - idh: [] - manager: [] - heavynodes: [] - searchnodes: [] - receivers: [] - - portgroups: - standalone: - - playbook - - mysql - - kibana - - redis - - influxdb - - elasticsearch_rest - - elasticsearch_node - - docker_registry - - yum - - sensoroni - - beats_5044 - - beats_5644 - - elastic_agent_control - - elastic_agent_data - - elasticsearch_rest - - endgame - - strelka_frontend - - syslog - - nginx - analyst_workstation: [] - ports: - all: - tcp: - - '0:65535' - udp: - - '0:65535' - agrules: - tcp: - - 7788 - beats_5044: - tcp: - - 5044 - beats_5644: - tcp: - - 5644 - beats_5066: - tcp: - - 5066 - docker_registry: - tcp: - - 5000 - elasticsearch_node: - tcp: - - 9300 - elasticsearch_rest: - tcp: - - 9200 - elastic_agent_control: - tcp: - - 8220 - elastic_agent_data: - tcp: - - 5055 - endgame: - tcp: - - 3765 - influxdb: - tcp: - - 8086 - kibana: - tcp: - - 5601 - mysql: - tcp: - - 3306 - nginx: - tcp: - - 80 - - 443 - playbook: - tcp: - - 3200 - redis: - tcp: - - 6379 - - 9696 - salt_manager: - tcp: - - 4505 - - 4506 - sensoroni: - tcp: - - 443 - ssh: - tcp: - - 22 - strelka_frontend: - tcp: - - 57314 - syslog: - tcp: - - 514 - udp: - - 514 - yum: - tcp: - - 443 - diff --git a/salt/firewall/hostgroups/analyst b/salt/firewall/hostgroups/analyst new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/hostgroups/analyst_workstations b/salt/firewall/hostgroups/analyst_workstations new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/hostgroups/eval b/salt/firewall/hostgroups/eval new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/hostgroups/heavynodes b/salt/firewall/hostgroups/heavynodes new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/hostgroups/idh b/salt/firewall/hostgroups/idh new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/hostgroups/manager b/salt/firewall/hostgroups/manager new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/hostgroups/receivers b/salt/firewall/hostgroups/receivers new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/hostgroups/searchnodes b/salt/firewall/hostgroups/searchnodes new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/hostgroups/standalone b/salt/firewall/hostgroups/standalone new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/portgroups/analyst b/salt/firewall/portgroups/analyst new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/portgroups/analyst_workstations b/salt/firewall/portgroups/analyst_workstations new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/portgroups/eval b/salt/firewall/portgroups/eval new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/portgroups/heavynodes b/salt/firewall/portgroups/heavynodes new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/portgroups/idh b/salt/firewall/portgroups/idh new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/portgroups/manager b/salt/firewall/portgroups/manager new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/portgroups/receivers b/salt/firewall/portgroups/receivers new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/portgroups/searchnodes b/salt/firewall/portgroups/searchnodes new file mode 100644 index 000000000..e69de29bb diff --git a/salt/firewall/portgroups/standalone b/salt/firewall/portgroups/standalone new file mode 100644 index 000000000..ea8f495f9 --- /dev/null +++ b/salt/firewall/portgroups/standalone @@ -0,0 +1,19 @@ +playbook +mysql +kibana +redis +influxdb +elasticsearch_rest +elasticsearch_node +docker_registry +yum +sensoroni +beats_5044 +beats_5644 +elastic_agent_control +elastic_agent_data +elasticsearch_rest +endgame +strelka_frontend +syslog +nginx \ No newline at end of file diff --git a/salt/firewall/ports/ports.yaml b/salt/firewall/ports/ports.yaml new file mode 100644 index 000000000..d26b373cb --- /dev/null +++ b/salt/firewall/ports/ports.yaml @@ -0,0 +1,78 @@ +firewall: + ports: + all: + tcp: + - '0:65535' + udp: + - '0:65535' + agrules: + tcp: + - 7788 + beats_5044: + tcp: + - 5044 + beats_5644: + tcp: + - 5644 + beats_5066: + tcp: + - 5066 + docker_registry: + tcp: + - 5000 + elasticsearch_node: + tcp: + - 9300 + elasticsearch_rest: + tcp: + - 9200 + elastic_agent_control: + tcp: + - 8220 + elastic_agent_data: + tcp: + - 5055 + endgame: + tcp: + - 3765 + influxdb: + tcp: + - 8086 + kibana: + tcp: + - 5601 + mysql: + tcp: + - 3306 + nginx: + tcp: + - 80 + - 443 + playbook: + tcp: + - 3200 + redis: + tcp: + - 6379 + - 9696 + salt_manager: + tcp: + - 4505 + - 4506 + sensoroni: + tcp: + - 443 + ssh: + tcp: + - 22 + strelka_frontend: + tcp: + - 57314 + syslog: + tcp: + - 514 + udp: + - 514 + yum: + tcp: + - 443 diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml index 68d96676e..7d5c7efbb 100644 --- a/salt/firewall/soc_firewall.yaml +++ b/salt/firewall/soc_firewall.yaml @@ -1,42 +1,86 @@ firewall: - grid: - hosts: - analyst_workstations: - description: List of IP Addresses or CIDR blocks to allow analyst workstations. - global: True - title: Analyst Workstations - analyst: - description: List of IP Addresses or CIDR blocks to allow analyst connections. - global: True - title: Analysts - standalone: - description: List of IP Addresses or CIDR blocks to allow standalone connections. - global: True - title: Standalone - advanced: True - eval: - description: List of IP Addresses or CIDR blocks to allow eval connections. - global: True - title: Eval - advanced: True - idh: - description: List of IP Addresses or CIDR blocks to allow idh connections. - global: True - title: IDH Nodes - manager: - description: List of IP Addresses or CIDR blocks to allow manager connections. - global: True - title: Manager - advanced: True - heavynodes: - description: List of IP Addresses or CIDR blocks to allow heavynode connections. - global: True - title: Heavy Nodes - searchnodes: - description: List of IP Addresses or CIDR blocks to allow searchnode connections. - global: True - title: Searchnodes - receivers: - description: List of IP Addresses or CIDR blocks to allow receiver connections. - global: True - title: Receivers + hostgroups: + analyst_workstations: + description: List of IP Addresses or CIDR blocks to allow analyst workstations. + file: True + title: Analyst Workstations + analyst: + description: List of IP Addresses or CIDR blocks to allow analyst connections. + file: True + title: Analysts + standalone: + description: List of IP Addresses or CIDR blocks to allow standalone connections. + file: True + title: Standalone + advanced: True + eval: + description: List of IP Addresses or CIDR blocks to allow eval connections. + file: True + title: Eval + advanced: True + idh: + description: List of IP Addresses or CIDR blocks to allow idh connections. + file: True + title: IDH Nodes + manager: + description: List of IP Addresses or CIDR blocks to allow manager connections. + file: True + title: Manager + advanced: True + heavynodes: + description: List of IP Addresses or CIDR blocks to allow heavynode connections. + file: True + title: Heavy Nodes + searchnodes: + description: List of IP Addresses or CIDR blocks to allow searchnode connections. + file: True + title: Searchnodes + receivers: + description: List of IP Addresses or CIDR blocks to allow receiver connections. + file: True + title: Receivers + portgroups: + analyst_workstations: + description: List of ports for analyst workstations. + file: True + title: Analyst Workstations + analyst: + description: List of ports for analyst connections. + file: True + title: Analysts + standalone: + description: List of ports for standalone connections. + file: True + title: Standalone + advanced: True + eval: + description: List of ports for eval connections. + file: True + title: Eval + advanced: True + idh: + description: List of ports for idh connections. + file: True + title: IDH Nodes + manager: + description: List of ports for manager connections. + file: True + title: Manager + advanced: True + heavynodes: + description: List of ports for heavynode connections. + file: True + title: Heavy Nodes + searchnodes: + description: List of ports for searchnode connections. + file: True + title: Searchnodes + receivers: + description: List of ports for receiver connections. + file: True + title: Receivers + ports: + ports__yaml: + description: List of ports in YAML used for port groups. + file: True + title: Ports \ No newline at end of file