CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.4/dev' into kilo

Browse Source
This commit is contained in:
Jason Ertel
2023-02-08 13:49:07 -05:00
parent a1ac1785d3 3b9bdecab8
commit 4c42671a21
11 changed files with 15 additions and 670 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
files/firewall/assigned_hostgroups.local.map.yaml
View File

@@ -1,6 +1,6 @@
{% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %}
{% set default_portgroups = default_portgroups.firewall.ports %}
{% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %}
{% import_yaml 'firewall/ports/ports.local.yaml' as local_portgroups %}
{% if local_portgroups.firewall.ports %}
{% set local_portgroups = local_portgroups.firewall.ports %}
{% else %}

66
files/firewall/hostgroups.local.yaml
View File

@@ -1,66 +0,0 @@
firewall:
hostgroups:
analyst:
ips:
delete:
insert:
beats_endpoint:
ips:
delete:
insert:
beats_endpoint_ssl:
ips:
delete:
insert:
elasticsearch_rest:
ips:
delete:
insert:
elastic_agent_endpoint:
ips:
delete:
insert:
endgame:
ips:
delete:
insert:
fleet:
ips:
delete:
insert:
heavy_node:
ips:
delete:
insert:
idh:
ips:
delete:
insert:
manager:
ips:
delete:
insert:
node:
ips:
delete:
insert:
receiver:
ips:
delete:
insert:
search_node:
ips:
delete:
insert:
sensor:
ips:
delete:
insert:
strelka_frontend:
ips:
delete:
insert:
syslog:
ips:
delete:
insert:

0
files/firewall/portgroups.local.yaml → files/firewall/ports/ports.local.yaml
View File

23
salt/firewall/hostgroups.yaml
View File

@@ -1,23 +0,0 @@
{% from 'docker/docker.map.jinja' import DOCKER %}
firewall:
hostgroups:
anywhere:
ips:
delete:
insert:
- 0.0.0.0/0
dockernet:
ips:
delete:
insert:
- {{ DOCKER.sorange }}
localhost:
ips:
delete:
insert:
- 127.0.0.1
self:
ips:
delete:
insert:
- {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}

1
salt/firewall/hostgroups/anywhere Normal file
View File

@@ -0,0 +1 @@
0.0.0.0/0

2
salt/firewall/hostgroups/dockernet Normal file
View File

@@ -0,0 +1,2 @@
{% from 'docker/docker.map.jinja' import DOCKER -%}
{{ DOCKER.sorange }}

1
salt/firewall/hostgroups/localhost Normal file
View File

@@ -0,0 +1 @@
127.0.0.1

2
salt/firewall/hostgroups/self Normal file
View File

@@ -0,0 +1,2 @@
{% from 'vars/globals.map.jinja' import GLOBALS -%}
{{ GLOBALS.node_ip }}

34
salt/firewall/map.jinja
View File

@@ -3,7 +3,7 @@
{% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %}
{% set default_portgroups = default_portgroups.firewall.ports %}
{% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %}
{% import_yaml 'firewall/ports/ports.local.yaml' as local_portgroups %}
{% if local_portgroups.firewall.ports %}
{% set local_portgroups = local_portgroups.firewall.ports %}
{% else %}
@@ -12,36 +12,16 @@
{% set portgroups = salt['defaults.merge'](default_portgroups, local_portgroups, in_place=False) %}
{% set defined_portgroups = portgroups %}
{% import_yaml 'firewall/hostgroups.yaml' as default_hostgroups %}
{#% import_yaml 'firewall/hostgroups.local.yaml' as local_hostgroups %#}
{% set local_hostgroups = {'firewall': {'hostgroups': {}}} %}
{% set hostgroup_list = [
'analyst',
'analyst_workstations',
'eval',
'heavynodes',
'idh',
'manager',
'managersearch',
'receivers',
'searchnodes',
'sensors',
'standalone',
'beats_endpoint',
'beats_endpoint_ssl',
'elasticsearch_rest',
'elastic_agent_endpoint',
'endgame',
'strelka_frontend',
'syslog'
]
%}
{% set hostgroup_list = salt['cp.list_master'](prefix='firewall/hostgroups') %}
{% for hg in hostgroup_list %}
{% import_text 'firewall/hostgroups/' ~ hg as hg_ips %}
{% do local_hostgroups.firewall.hostgroups.update({hg: {'ips': {'insert': hg_ips.split(), 'delete': []}}}) %}
{% import_text hg as hg_ips %}
{% do local_hostgroups.firewall.hostgroups.update({hg.split('/')[2]: {'ips': {'insert': hg_ips.split(), 'delete': []}}}) %}
{% endfor %}
{% set hostgroups = salt['defaults.merge'](default_hostgroups.firewall.hostgroups, local_hostgroups.firewall.hostgroups, in_place=False) %}
{% set hostgroups = local_hostgroups.firewall.hostgroups %}
{# This block translate the portgroups defined in the pillar to what is defined my portgroups.yaml and portgroups.local.yaml #}
{% if salt['pillar.get']('firewall:assigned_hostgroups:chain') %}

552
salt/firewall/portgroups/portgroups.yaml
View File

@@ -1,552 +0,0 @@
role:
eval:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- playbook
- mysql
- kibana
- redis
- minio
- influxdb
- cortex
- elasticsearch_rest
- elasticsearch_node
- cortex_es_rest
- cortex_es_node
minion:
portgroups:
- acng
- docker_registry
- influxdb
- sensoroni
sensor:
portgroups:
- beats_5044
- beats_5644
search_node:
portgroups:
- redis
- minio
- elasticsearch_node
heavy_node:
portgroups:
- redis
- minio
- elasticsearch_node
self:
portgroups:
- syslog
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
elasticsearch_rest:
portgroups:
- elasticsearch_rest
elastic_agent_endpoint:
portgroups:
- elastic_agent_control
- elastic_agent_data
strelka_frontend:
portgroups:
- strelka_frontend
syslog:
portgroups:
- syslog
analyst:
portgroups:
- nginx
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
minion:
portgroups:
- salt_manager
manager:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- playbook
- mysql
- kibana
- redis
- minio
- influxdb
- cortex
- elasticsearch_rest
- elasticsearch_node
- cortex_es_rest
- cortex_es_node
minion:
portgroups:
- acng
- docker_registry
- influxdb
- sensoroni
- yum
sensor:
portgroups:
- beats_5044
- beats_5644
search_node:
portgroups:
- redis
- minio
- elasticsearch_node
- beats_5644
heavy_node:
portgroups:
- redis
- minio
- elasticsearch_node
- beats_5644
self:
portgroups:
- syslog
syslog:
portgroups:
- syslog
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
elasticsearch_rest:
portgroups:
- elasticsearch_rest
endgame:
portgroups:
- endgame
analyst:
portgroups:
- nginx
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
minion:
portgroups:
- salt_manager
managersearch:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- playbook
- mysql
- kibana
- redis
- minio
- influxdb
- cortex
- elasticsearch_rest
- elasticsearch_node
- cortex_es_rest
- cortex_es_node
minion:
portgroups:
- acng
- docker_registry
- influxdb
- sensoroni
- yum
sensor:
portgroups:
- beats_5044
- beats_5644
search_node:
portgroups:
- redis
- minio
- elasticsearch_node
heavy_node:
portgroups:
- redis
- minio
- elasticsearch_node
self:
portgroups:
- syslog}}
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
elasticsearch_rest:
portgroups:
- elasticsearch_rest
elastic_agent_endpoint:
portgroups:
- elastic_agent_control
- elastic_agent_data
endgame:
portgroups:
- endgame
syslog:
portgroups:
- syslog
analyst:
portgroups:
- nginx
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
minion:
portgroups:
- salt_manager
standalone:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- playbook
- mysql
- kibana
- redis
- minio
- influxdb
- cortex
- elasticsearch_rest
- elasticsearch_node
- cortex_es_rest
- cortex_es_node
minion:
portgroups:
- acng
- docker_registry
- influxdb
- sensoroni
- yum
sensor:
portgroups:
- beats_5044
- beats_5644
search_node:
portgroups:
- redis
- minio
- elasticsearch_node
heavy_node:
portgroups:
- redis
- minio
- elasticsearch_node
self:
portgroups:
- syslog}}
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
elasticsearch_rest:
portgroups:
- elasticsearch_rest
elastic_agent_endpoint:
portgroups:
- elastic_agent_control
- elastic_agent_data
endgame:
portgroups:
- endgame
strelka_frontend:
portgroups:
- strelka_frontend
syslog:
portgroups:
- syslog
analyst:
portgroups:
- nginx
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
minion:
portgroups:
- salt_manager
helixsensor:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- playbook
- mysql
- kibana
- redis
- influxdb
- cortex
- elasticsearch_rest
- elasticsearch_node
- cortex_es_rest
- cortex_es_node
minion:
portgroups:
- acng
- docker_registry
- influxdb
- sensoroni
sensor:
portgroups:
- beats_5044
- beats_5644
search_node:
portgroups:
- redis
- elasticsearch_node
self:
portgroups:
- syslog}}
beats_endpoint:
portgroups:
- beats_5044
analyst:
portgroups:
- nginx
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
minion:
portgroups:
- salt_manager
searchnode:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- elasticsearch_node
- elasticsearch_rest
dockernet:
portgroups:
- elasticsearch_node
- elasticsearch_rest
elasticsearch_rest:
portgroups:
- elasticsearch_rest
search_node:
portgroups:
- elasticsearch_node
self:
portgroups:
- syslog
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
sensor:
chain:
DOCKER-USER:
hostgroups:
self:
portgroups:
- syslog
strelka_frontend:
portgroups:
- strelka_frontend
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
heavynode:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- elasticsearch_node
- elasticsearch_rest
dockernet:
portgroups:
- elasticsearch_node
- elasticsearch_rest
elasticsearch_rest:
portgroups:
- elasticsearch_rest
self:
portgroups:
- syslog
strelka_frontend:
portgroups:
- strelka_frontend
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
import:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- kibana
- redis
- influxdb
- elasticsearch_rest
- elasticsearch_node
minion:
portgroups:
- docker_registry
- sensoroni
sensor:
portgroups:
- beats_5044
- beats_5644
search_node:
portgroups:
- redis
- elasticsearch_node
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
elasticsearch_rest:
portgroups:
- elasticsearch_rest
analyst:
portgroups:
- nginx
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
minion:
portgroups:
- salt_manager
receiver:
chain:
DOCKER-USER:
hostgroups:
sensor:
portgroups:
- beats_5644
search_node:
portgroups:
- redis
- beats_5644
self:
portgroups:
- redis
- syslog
- beats_5644
syslog:
portgroups:
- syslog
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
endgame:
portgroups:
- endgame
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
idh:
chain:
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
manager:
portgroups:
- ssh

2
setup/so-functions
View File

@@ -1181,7 +1181,7 @@ firewall_generate_templates() {
local firewall_pillar_path=$local_salt_dir/salt/firewall
logCmd "mkdir -p $firewall_pillar_path"
logCmd "cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/"
logCmd "cp -r ../files/firewall/* /opt/so/saltstack/local/salt/firewall/"
# i think this can be commented out for 2.4
#for i in analyst beats_endpoint endgame sensors manager managersearch elastic_agent_endpoint searchnodes; do