adding so-standalone state logic, add zeek pillar to so-standalone - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/140

2025-12-06 17:22:49 +01:00 · 2020-05-15 10:02:25 -04:00
parent e8244cb2f2
commit 509188092c
6 changed files with 43 additions and 74 deletions
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -2,7 +2,7 @@ base:
  '*':
    - patch.needs_restarting

-  '*_eval or *_helix or *_heavynode or *_sensor':
+  '*_eval or *_helix or *_heavynode or *_sensor or *_standalone':
    - match: compound
    - zeek

--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -14,24 +14,13 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
-{% if grains['role'] == 'so-master' %}

+{% if grains['role'] == ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
  {% set esalert = salt['pillar.get']('master:elastalert', '1') %}
  {% set esip = salt['pillar.get']('master:mainip', '') %}
  {% set esport = salt['pillar.get']('master:es_port', '') %}
-
-
-{% elif grains['role'] in ['so-eval','so-mastersearch'] %}
-
-{% set esalert = salt['pillar.get']('master:elastalert', '1') %}
-{% set esip = salt['pillar.get']('master:mainip', '') %}
-{% set esport = salt['pillar.get']('master:es_port', '') %}
-
-
 {% elif grains['role'] == 'so-node' %}
-
  {% set esalert = salt['pillar.get']('node:elastalert', '0') %}
-
 {% endif %}

 # Elastalert
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -15,27 +15,19 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
+
 {% if FEATURES %}
  {% set FEATURES = "-features" %}
 {% else %}
  {% set FEATURES = '' %}
 {% endif %}

-{% if grains['role'] == 'so-master' %}
-
+{% if grains['role'] == in ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
  {% set esclustername = salt['pillar.get']('master:esclustername', '') %}
  {% set esheap = salt['pillar.get']('master:esheap', '') %}
-
-{% elif grains['role'] in ['so-eval','so-mastersearch'] %}
-
-{% set esclustername = salt['pillar.get']('master:esclustername', '') %}
-{% set esheap = salt['pillar.get']('master:esheap', '') %}
-
 {% elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
-
  {% set esclustername = salt['pillar.get']('node:esclustername', '') %}
  {% set esheap = salt['pillar.get']('node:esheap', '') %}
-
 {% endif %}

 vm.max_map_count:
@@ -149,7 +141,7 @@ so-elasticsearch-pipelines:
      - file: esyml
      - file: so-elasticsearch-pipelines-file

-{% if grains['role'] == 'so-master' or grains['role'] == "so-eval" or grains['role'] == "so-mastersearch" %}
+{% if grains['role'] in ['so-master', 'so-eval', 'so-mastersearch', 'so-standalone'] %}
 so-elasticsearch-templates:
  cmd.run:
    - name: /usr/sbin/so-elasticsearch-templates
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -1,15 +1,16 @@
 # Firewall Magic for the grid
-{%- if grains['role'] in ['so-eval','so-master','so-helix','so-mastersearch'] %}
-{%- set ip = salt['pillar.get']('static:masterip', '') %}
-{%- elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
-{%- set ip = salt['pillar.get']('node:mainip', '') %}
-{%- elif grains['role'] == 'so-sensor' %}
-{%- set ip = salt['pillar.get']('sensor:mainip', '') %}
-{%- elif grains['role'] == 'so-fleet' %}
-{%- set ip = salt['pillar.get']('node:mainip', '') %}
-{%- endif %}
-{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
-{%- set FLEET_NODE_IP = salt['pillar.get']('static:fleet_ip') %}
+{% if grains['role'] in ['so-eval','so-master','so-helix','so-mastersearch', 'so-standalone'] %}
+  {% set ip = salt['pillar.get']('static:masterip', '') %}
+{% elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
+  {% set ip = salt['pillar.get']('node:mainip', '') %}
+{% elif grains['role'] == 'so-sensor' %}
+  {% set ip = salt['pillar.get']('sensor:mainip', '') %}
+{% elif grains['role'] == 'so-fleet' %}
+  {% set ip = salt['pillar.get']('node:mainip', '') %}
+{% endif %}
+
+{% set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
+{% set FLEET_NODE_IP = salt['pillar.get']('static:fleet_ip') %}

 # Quick Fix for Docker being difficult
 iptables_fix_docker:
@@ -136,7 +137,7 @@ enable_wazuh_manager_1514_udp_{{ip}}:
    - save: True

 # Rules if you are a Master
-{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' %}
+{% if grains['role'] in ['so-master', 'so-eval', 'so-helix', 'so-mastersearch', 'so-standalone'] %}
 #This should be more granular
 iptables_allow_master_docker:
  iptables.insert:
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -15,6 +15,7 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set FEATURES = salt['pillar.get']('elastic:features', False) %}
+
 {% if FEATURES %}
  {% set FEATURES = "-features" %}
 {% else %}
@@ -23,35 +24,21 @@

 # Logstash Section - Decide which pillar to use
 {% if grains['role'] == 'so-sensor' %}
-
  {% set lsheap = salt['pillar.get']('sensor:lsheap', '') %}
  {% set lsaccessip = salt['pillar.get']('sensor:lsaccessip', '') %}
-
 {% elif grains['role'] == 'so-node' or grains['role'] == 'so-heavynode' %}
  {% set lsheap = salt['pillar.get']('node:lsheap', '') %}
  {% set nodetype = salt['pillar.get']('node:node_type', 'storage') %}
-
-{% elif grains['role'] == 'so-master' %}
-
+{% elif grains['role'] == ['so-eval','so-mastersearch', 'so-master', 'so-standalone'] %}
  {% set lsheap = salt['pillar.get']('master:lsheap', '') %}
  {% set freq = salt['pillar.get']('master:freq', '0') %}
  {% set dstats = salt['pillar.get']('master:domainstats', '0') %}
  {% set nodetype = salt['grains.get']('role', '')  %}
-
 {% elif grains['role'] == 'so-helix' %}
-
  {% set lsheap = salt['pillar.get']('master:lsheap', '') %}
  {% set freq = salt['pillar.get']('master:freq', '0') %}
  {% set dstats = salt['pillar.get']('master:domainstats', '0') %}
  {% set nodetype = salt['grains.get']('role', '')  %}
-
-{% elif grains['role'] in ['so-eval','so-mastersearch'] %}
-
-{% set lsheap = salt['pillar.get']('master:lsheap', '') %}
-{% set freq = salt['pillar.get']('master:freq', '0') %}
-{% set dstats = salt['pillar.get']('master:domainstats', '0') %}
-{% set nodetype = salt['grains.get']('role', '')  %}
-
 {% endif %}

 {% set PIPELINES = salt['pillar.get']('logstash:pipelines', {}) %}
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -5,7 +5,7 @@
 {% set global_ca_text = [] %}
 {% set global_ca_server = [] %}

-{% if 'master' in grains.id.split('_')|last or 'eval' in grains.id.split('_')|last %}
+{% if grains.id.split('_')|last in ['master', 'eval', 'standalone'] %}
    {% set trusttheca_text =  salt['mine.get'](grains.id, 'x509.get_pem_entries')[grains.id]['/etc/pki/ca.crt']|replace('\n', '') %}
    {% set ca_server = grains.id %}
 {% else %}
@@ -50,7 +50,7 @@ m2cryptopkgs:
        bits: 4096
        backup: True

-{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' %}
+{% if grains['role'] in ['so-master', 'so-eval', 'so-helix', 'so-mastersearch', 'so-standalone'] %}

 # Request a cert and drop it where it needs to go to be distributed
 /etc/pki/filebeat.crt:
@@ -142,7 +142,7 @@ fbcrtlink:
        backup: True

 {% endif %}
-{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-master' or grains['role'] == 'so-node' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' or grains['role'] == 'so-heavynode' or grains['role'] == 'so-fleet' %}
+{% if grains['role'] == in ['so-sensor', 'so-master', 'so-node', 'so-eval', 'so-helix', 'so-mastersearch', 'so-heavynode', 'so-fleet', 'so-standalone' %}

 fbcertdir:
  file.directory: