diff --git a/salt/common/init.sls b/salt/common/init.sls
index de7048c51..7ed59efa1 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
{%- set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
# Add socore Group
@@ -118,7 +118,7 @@ nginxtmp:
so-core:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-core:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-core:{{ VERSION }}
- hostname: so-core
- user: socore
- binds:
@@ -172,7 +172,7 @@ tgrafconf:
so-telegraf:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-telegraf:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }}
- environment:
- HOST_PROC=/host/proc
- HOST_ETC=/host/etc
@@ -227,7 +227,7 @@ influxdbconf:
so-influxdb:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
- hostname: influxdb
- environment:
- INFLUXDB_HTTP_LOG_ENABLED=false
@@ -385,7 +385,7 @@ dashboard-{{ SN }}:
so-grafana:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-grafana:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
- hostname: grafana
- user: socore
- binds:
diff --git a/salt/common/nginx/nginx.conf.so-master b/salt/common/nginx/nginx.conf.so-master
index 0a0c31d6a..3cac44155 100644
--- a/salt/common/nginx/nginx.conf.so-master
+++ b/salt/common/nginx/nginx.conf.so-master
@@ -88,7 +88,7 @@ http {
# }
location /grafana/ {
- rewrite /grafana/(.*) /$1 break;
+ rewrite /grafana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:3000/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
@@ -100,9 +100,8 @@ http {
}
location /kibana/ {
- auth_basic "Security Onion";
- auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
- rewrite /kibana/(.*) /$1 break;
+ auth_request /so-auth/api/auth/;
+ rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:5601/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
@@ -125,8 +124,7 @@ http {
}
location /navigator/ {
- auth_basic "Security Onion";
- auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
+ auth_request /so-auth/api/auth/;
proxy_pass http://{{ masterip }}:4200/navigator/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
@@ -151,9 +149,8 @@ http {
}
location /fleet/ {
- rewrite /fleet/(.*) /$1 break;
- auth_basic "Security Onion";
- auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
+ rewrite /fleet/(.*) /$1 break;
+ auth_request /so-auth/api/auth/;
proxy_pass https://{{ masterip }}:8080/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
@@ -200,8 +197,7 @@ http {
}
location /sensoroni/ {
- auth_basic "Security Onion";
- auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
+ auth_request /so-auth/api/auth/;
proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
@@ -238,6 +234,26 @@ http {
}
+
+ location /so-auth/loginpage/ {
+ proxy_pass http://{{ masterip }}:4242/;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location /so-auth/api/ {
+ proxy_pass http://{{ masterip }}:5656/;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $host;
+ }
+
+ error_page 401 = @error401;
+
+ location @error401 {
+ add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/";
+ return 302 http://{{ masterip }}/so-auth/loginpage/;
+ }
+
error_page 404 /404.html;
location = /40x.html {
}
diff --git a/salt/common/nginx/nginx.conf.so-mastersearch b/salt/common/nginx/nginx.conf.so-mastersearch
index 265413fa2..6fa080f5b 100644
--- a/salt/common/nginx/nginx.conf.so-mastersearch
+++ b/salt/common/nginx/nginx.conf.so-mastersearch
@@ -88,7 +88,7 @@ http {
# }
location /grafana/ {
- rewrite /grafana/(.*) /$1 break;
+ rewrite /grafana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:3000/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
@@ -100,9 +100,8 @@ http {
}
location /kibana/ {
- auth_basic "Security Onion";
- auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
- rewrite /kibana/(.*) /$1 break;
+ auth_request /so-auth/api/auth/;
+ rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:5601/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
@@ -125,8 +124,7 @@ http {
}
location /navigator/ {
- auth_basic "Security Onion";
- auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
+ auth_request /so-auth/api/auth/;
proxy_pass http://{{ masterip }}:4200/navigator/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
@@ -151,9 +149,8 @@ http {
}
location /fleet/ {
- rewrite /fleet/(.*) /$1 break;
- auth_basic "Security Onion";
- auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
+ rewrite /fleet/(.*) /$1 break;
+ auth_request /so-auth/api/auth/;
proxy_pass https://{{ masterip }}:8080/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
@@ -212,8 +209,7 @@ http {
}
location /sensoroni/ {
- auth_basic "Security Onion";
- auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
+ auth_request /so-auth/api/auth/;
proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
@@ -250,6 +246,26 @@ http {
}
+
+ location /so-auth/loginpage/ {
+ proxy_pass http://{{ masterip }}:4242/;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ location /so-auth/api/ {
+ proxy_pass http://{{ masterip }}:5656/;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $host;
+ }
+
+ error_page 401 = @error401;
+
+ location @error401 {
+ add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/";
+ return 302 http://{{ masterip }}/so-auth/loginpage/;
+ }
+
error_page 404 /404.html;
location = /40x.html {
}
diff --git a/salt/pcap/files/compile_bpf.sh b/salt/common/tools/sbin/so-bpf-compile
similarity index 100%
rename from salt/pcap/files/compile_bpf.sh
rename to salt/common/tools/sbin/so-bpf-compile
diff --git a/salt/common/tools/sbin/so-elastic-clear b/salt/common/tools/sbin/so-elastic-clear
new file mode 100644
index 000000000..79c7e99ad
--- /dev/null
+++ b/salt/common/tools/sbin/so-elastic-clear
@@ -0,0 +1,79 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+. /usr/sbin/so-common
+
+SKIP=0
+#########################################
+# Options
+#########################################
+usage()
+{
+cat < /dev/null 2>&1
+done
+
+/usr/sbin/so-logstash-start
+/usr/sbin/so-filebeat-start
+
diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable
new file mode 100644
index 000000000..a37743960
--- /dev/null
+++ b/salt/common/tools/sbin/so-features-enable
@@ -0,0 +1,42 @@
+#!/bin/bash
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+. /usr/sbin/so-common
+
+VERSION=$(grep soversion /opt/so/saltstack/pillar/static.sls | cut -d':' -f2|sed 's/ //g')
+# Modify static.sls to enable Features
+sed -i 's/features: False/features: True/' /opt/so/saltstack/pillar/static.sls
+SUFFIX="-features"
+TRUSTED_CONTAINERS=( \
+ "so-elasticsearch:$VERSION$SUFFIX" \
+ "so-filebeat:$VERSION$SUFFIX" \
+ "so-kibana:$VERSION$SUFFIX" \
+ "so-logstash:$VERSION$SUFFIX" )
+
+for i in "${TRUSTED_CONTAINERS[@]}"
+do
+ # Pull down the trusted docker image
+ echo "Downloading $i"
+ docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
+ # Tag it with the new registry destination
+ docker tag soshybridhunter/$i $HOSTNAME:5000/soshybridhunter/$i
+ docker push $HOSTNAME:5000/soshybridhunter/$i
+done
+for i in "${TRUSTED_CONTAINERS[@]}"
+do
+ echo "Removing $i locally"
+ docker rmi soshybridhunter/$i
+done
diff --git a/salt/common/tools/sbin/so-nsm-clear b/salt/common/tools/sbin/so-nsm-clear
new file mode 100644
index 000000000..95ded5a4b
--- /dev/null
+++ b/salt/common/tools/sbin/so-nsm-clear
@@ -0,0 +1,76 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+. /usr/sbin/so-common
+
+SKIP=0
+#########################################
+# Options
+#########################################
+usage()
+{
+cat <.
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-restart steno $1
diff --git a/salt/common/tools/sbin/so-pcap-start b/salt/common/tools/sbin/so-pcap-start
new file mode 100644
index 000000000..595fd54bb
--- /dev/null
+++ b/salt/common/tools/sbin/so-pcap-start
@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-start steno $1
diff --git a/salt/common/tools/sbin/so-pcap-stop b/salt/common/tools/sbin/so-pcap-stop
new file mode 100644
index 000000000..d539d2f98
--- /dev/null
+++ b/salt/common/tools/sbin/so-pcap-stop
@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-stop steno $1
diff --git a/salt/common/tools/sbin/so-wazuh-restart b/salt/common/tools/sbin/so-wazuh-restart
index 3183479c4..34e2eee9a 100644
--- a/salt/common/tools/sbin/so-wazuh-restart
+++ b/salt/common/tools/sbin/so-wazuh-restart
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -14,4 +14,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-docker stop so-wazuh && sudo docker rm so-wazuh && salt-call state.apply wazuh
+. /usr/sbin/so-common
+
+/usr/sbin/so-restart wazuh $1
diff --git a/salt/common/tools/sbin/so-wazuh-start b/salt/common/tools/sbin/so-wazuh-start
index dd64354c7..607f59ae7 100644
--- a/salt/common/tools/sbin/so-wazuh-start
+++ b/salt/common/tools/sbin/so-wazuh-start
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -14,4 +14,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-docker stop so-wazuh
+. /usr/sbin/so-common
+
+/usr/sbin/so-start wazuh $1
+
diff --git a/salt/common/tools/sbin/so-wazuh-stop b/salt/common/tools/sbin/so-wazuh-stop
index dd64354c7..399d14567 100644
--- a/salt/common/tools/sbin/so-wazuh-stop
+++ b/salt/common/tools/sbin/so-wazuh-stop
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -14,4 +14,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-docker stop so-wazuh
+. /usr/sbin/so-common
+
+/usr/sbin/so-stop wazuh $1
+
diff --git a/salt/curator/init.sls b/salt/curator/init.sls
index f846ff8ae..e1cd4829a 100644
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %}
# Curator
@@ -116,7 +116,7 @@ curdel:
so-curator:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-curator:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-curator:{{ VERSION }}
- hostname: curator
- name: so-curator
- user: curator
diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 0e93ed885..599043d58 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
{% if grains['role'] == 'so-master' %}
@@ -112,7 +112,7 @@ elastaconf:
so-elastalert:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-elastalert:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-elastalert:{{ VERSION }}
- hostname: elastalert
- name: so-elastalert
- user: elastalert
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 3d60f2925..a2493091a 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -12,8 +12,15 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
+{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
+{% if FEATURES %}
+ {% set FEATURES = "-features" %}
+{% else %}
+ {% set FEATURES = '' %}
+{% endif %}
+
{% if grains['role'] == 'so-master' %}
{% set esclustername = salt['pillar.get']('master:esclustername', '') %}
@@ -102,7 +109,7 @@ eslogdir:
so-elasticsearch:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-elasticsearch:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-elasticsearch:{{ VERSION }}{{ FEATURES }}
- hostname: elasticsearch
- name: so-elasticsearch
- user: elasticsearch
@@ -135,4 +142,4 @@ so-elasticsearch-pipelines-file:
so-elasticsearch-pipelines:
cmd.run:
- - name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines {{ esclustername }}
\ No newline at end of file
+ - name: /opt/so/conf/elasticsearch/so-elasticsearch-pipelines {{ esclustername }}
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 1a59446b3..44cc7c65c 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -12,9 +12,15 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
+{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
+{% if FEATURES %}
+ {% set FEATURES = "-features" %}
+{% else %}
+ {% set FEATURES = '' %}
+{% endif %}
# Filebeat Setup
filebeatetcdir:
@@ -49,7 +55,7 @@ filebeatconfsync:
so-filebeat:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-filebeat:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-filebeat:{{ VERSION }}{{ FEATURES }}
- hostname: so-filebeat
- user: root
- extra_hosts: {{ MASTER }}:{{ MASTERIP }}
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index 85370d20d..a27ad9eb6 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -1,7 +1,7 @@
{%- set MYSQLPASS = salt['pillar.get']('auth:mysql', 'iwonttellyou') %}
{%- set FLEETPASS = salt['pillar.get']('auth:fleet', 'bazinga') -%}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
# Fleet Setup
@@ -63,7 +63,7 @@ fleetdbpriv:
so-fleet:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-fleet:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-fleet:{{ VERSION }}
- hostname: so-fleet
- port_bindings:
- 0.0.0.0:8080:8080
diff --git a/salt/hive/init.sls b/salt/hive/init.sls
index 908a9fd57..4b3b5b919 100644
--- a/salt/hive/init.sls
+++ b/salt/hive/init.sls
@@ -1,5 +1,5 @@
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
hiveconfdir:
file.directory:
@@ -57,7 +57,7 @@ hiveesdata:
so-thehive-es:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-thehive-es:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-thehive-es:{{ VERSION }}
- hostname: so-thehive-es
- name: so-thehive-es
- user: 939
@@ -85,7 +85,7 @@ so-thehive-es:
# Install Cortex
so-cortex:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-thehive-cortex:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-thehive-cortex:{{ VERSION }}
- hostname: so-cortex
- name: so-cortex
- user: 939
@@ -102,7 +102,7 @@ cortexscript:
so-thehive:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-thehive:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-thehive:{{ VERSION }}
- environment:
- ELASTICSEARCH_HOST={{ MASTERIP }}
- hostname: so-thehive
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index c18814243..969215559 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
# IDSTools Setup
idstoolsdir:
@@ -64,7 +64,7 @@ ruleslink:
so-idstools:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-idstools:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-idstools:{{ VERSION }}
- hostname: so-idstools
- user: socore
- binds:
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index 58eb6a32d..d2cf30c1a 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -1,5 +1,11 @@
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
+{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
+{% if FEATURES %}
+ {% set FEATURES = "-features" %}
+{% else %}
+ {% set FEATURES = '' %}
+{% endif %}
# Add ES Group
kibanasearchgroup:
@@ -56,7 +62,7 @@ synckibanacustom:
# Start the kibana docker
so-kibana:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-kibana:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-kibana:{{ VERSION }}{{ FEATURES }}
- hostname: kibana
- user: kibana
- environment:
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index 388019abf..2d94c5354 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -12,8 +12,15 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
+{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
+{% if FEATURES %}
+ {% set FEATURES = "-features" %}
+{% else %}
+ {% set FEATURES = '' %}
+{% endif %}
+
# Logstash Section - Decide which pillar to use
{% if grains['role'] == 'so-sensor' %}
@@ -200,7 +207,7 @@ lslogdir:
so-logstash:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-logstash:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-logstash:{{ VERSION }}{{ FEATURES }}
- hostname: so-logstash
- name: so-logstash
- user: logstash
diff --git a/salt/master/init.sls b/salt/master/init.sls
index e01d19b58..44ae2d75f 100644
--- a/salt/master/init.sls
+++ b/salt/master/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
{% set masterproxy = salt['pillar.get']('static:masterupdate', '0') %}
@@ -59,7 +59,7 @@ acngcopyconf:
# Install the apt-cacher-ng container
so-aptcacherng:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-acng:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-acng:{{ VERSION }}
- hostname: so-acng
- port_bindings:
- 0.0.0.0:3142:3142
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index b964d7d37..ac49953f1 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -1,7 +1,7 @@
{%- set MYSQLPASS = salt['pillar.get']('auth:mysql', 'iwonttellyou') %}
{%- set FLEETPASS = salt['pillar.get']('auth:fleet', 'bazinga') %}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
# MySQL Setup
mysqlpkgs:
@@ -52,7 +52,7 @@ mysqldatadir:
so-mysql:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-mysql:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-mysql:{{ VERSION }}
- hostname: so-mysql
- user: socore
- port_bindings:
diff --git a/salt/pcap/files/config b/salt/pcap/files/config
index 0f06d1c7e..4a612fbf1 100644
--- a/salt/pcap/files/config
+++ b/salt/pcap/files/config
@@ -11,6 +11,6 @@
, "Interface": "{{ interface }}"
, "Port": 1234
, "Host": "127.0.0.1"
- , "Flags": ["-v", "--uid=stenographer", "--gid=stenographer"{{ bpf_compiled }}]
+ , "Flags": ["-v", "--uid=stenographer", "--gid=stenographer"{{ BPF_COMPILED }}]
, "CertPath": "/etc/stenographer/certs"
}
diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index 16d002250..11732ad29 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -12,8 +12,12 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
+{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
+{% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
+{% set BPF_COMPILED = "" %}
+
# PCAP Section
# Create the logstash group
@@ -36,31 +40,18 @@ stenoconfdir:
- group: 939
- makedirs: True
-{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
-{% set bpf_global = salt['pillar.get']('static:steno:bpf', None) %}
-{% set bpf_steno = salt['pillar.get']('steno:bpf', None) %}
-
-{% if bpf_steno != None or bpf_global != None %}
- {% if bpf_steno != None %}
- {% set bpf_calc = salt['cmd.script']('salt://pcap/files/compile_bpf.sh', interface + ' ' + bpf_steno) %}
- {% else %}
- {% set bpf_calc = salt['cmd.script']('salt://pcap/files/compile_bpf.sh', interface + ' ' + bpf_global) %}
- {% endif %}
- {% if bpf_calc['stderr'] == "" %}
- {% set bpf_compiled = bpf_calc['stdout'] %}
+{% if BPF_STENO %}
+ {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', INTERFACE + ' ' + BPF_STENO|join(" ") ) %}
+ {% if BPF_CALC['stderr'] == "" %}
+ {% set BPF_COMPILED = ",\\\"--filter=" + BPF_CALC['stdout'] + "\\\"" %}
{% else %}
- {% set bpf_compiled = None %}
bpfcompilationfailure:
test.configurable_test_state:
- - name: bpfcompfailure
- changes: False
- result: False
- - comment: "BPF Compilation Failed - Discarding specified BPF"
-
+ - comment: "BPF Compilation Failed - Discarding Specified BPF"
{% endif %}
-{% else %}
- {% set bpf_compiled = None %}
{% endif %}
stenoconf:
@@ -72,11 +63,7 @@ stenoconf:
- mode: 644
- template: jinja
- defaults:
- bpf_compiled: ""
-{% if bpf_compiled != None %}
- - context:
- bpf_compiled: ',"--filter={{ bpf_compiled }}"'
-{% endif %}
+ BPF_COMPILED: "{{ BPF_COMPILED }}"
sensoroniagentconf:
file.managed:
@@ -130,7 +117,7 @@ stenolog:
so-steno:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-steno:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-steno:{{ VERSION }}
- network_mode: host
- privileged: True
- port_bindings:
diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index 907e4825c..049c5fab9 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,5 +1,5 @@
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
playbookdb:
@@ -28,7 +28,7 @@ navigatorconfig:
so-playbook:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-playbook:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-playbook:{{ VERSION }}
- hostname: playbook
- name: so-playbook
- binds:
@@ -38,7 +38,7 @@ so-playbook:
so-navigator:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-navigator:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-navigator:{{ VERSION }}
- hostname: navigator
- name: so-navigator
- binds:
diff --git a/salt/redis/init.sls b/salt/redis/init.sls
index 690f2a7c9..2e6bd030c 100644
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
{% set lsaccessip = salt['pillar.get']('master:lsaccessip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
# Redis Setup
@@ -48,7 +48,7 @@ redisconfsync:
so-redis:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-redis:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-redis:{{ VERSION }}
- hostname: so-redis
- user: socore
- port_bindings:
diff --git a/salt/sensoroni/init.sls b/salt/sensoroni/init.sls
index 44f29ef4f..b8d0b4e06 100644
--- a/salt/sensoroni/init.sls
+++ b/salt/sensoroni/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
sensoronidir:
@@ -32,7 +32,7 @@ sensoronisync:
so-sensoroni:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-sensoroni:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-sensoroni:{{ VERSION }}
- hostname: sensoroni
- name: so-sensoroni
- binds:
diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls
index d03ed9f04..8a9506ba5 100644
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
soctopusdir:
@@ -49,7 +49,7 @@ navigatordefaultlayer:
so-soctopus:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-soctopus:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-soctopus:{{ VERSION }}
- hostname: soctopus
- name: so-soctopus
- binds:
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 6f08c2704..65b80c9ae 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -15,8 +15,10 @@
{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set BROVER = salt['pillar.get']('static:broversion', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
+{% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
+
# Suricata
@@ -79,10 +81,34 @@ surithresholding:
- user: 940
- group: 940
- template: jinja
+
+# BPF compilation and configuration
+{% if BPF_NIDS %}
+ {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', interface + ' ' + BPF_NIDS|join(" ") ) %}
+ {% if BPF_CALC['stderr'] != "" %}
+suribpfcompilationfailure:
+ test.configurable_test_state:
+ - changes: False
+ - result: False
+ - comment: "BPF Syntax Error - Discarding Specified BPF"
+ {% endif %}
+{% endif %}
+
+suribpf:
+ file.managed:
+ - name: /opt/so/conf/suricata/bpf
+ - user: 940
+ - group: 940
+ {% if BPF_CALC['stderr'] == "" %}
+ - contents_pillar: nids:bpf
+ {% else %}
+ - contents:
+ - ""
+ {% endif %}
so-suricata:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-suricata:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-suricata:{{ VERSION }}
- privileged: True
- environment:
- INTERFACE={{ interface }}
@@ -91,8 +117,10 @@ so-suricata:
- /opt/so/conf/suricata/threshold.conf:/etc/suricata/threshold.conf:ro
- /opt/so/conf/suricata/rules:/etc/suricata/rules:ro
- /opt/so/log/suricata/:/var/log/suricata/:rw
+ - /opt/so/conf/suricata/bpf:/etc/suricata/bpf:ro
- network_mode: host
- watch:
- file: /opt/so/conf/suricata/suricata.yaml
- file: surithresholding
- file: /opt/so/conf/suricata/rules/
+ - file: /opt/so/conf/suricata/bpf
diff --git a/salt/tcpreplay/init.sls b/salt/tcpreplay/init.sls
index fa320836e..bf80d9a10 100644
--- a/salt/tcpreplay/init.sls
+++ b/salt/tcpreplay/init.sls
@@ -1,11 +1,11 @@
{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' %}
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
so-tcpreplay:
docker_container.running:
- network_mode: "host"
- - image: {{ MASTER }}:5000/soshybridhunter/so-tcpreplay:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-tcpreplay:{{ VERSION }}
- name: so-tcpreplay
- user: root
- interactive: True
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index 9623c29ac..42cf3f4b7 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,5 +1,5 @@
{%- set HOSTNAME = salt['grains.get']('host', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
# Add ossec group
ossecgroup:
@@ -74,7 +74,7 @@ wazuhmgrwhitelist:
so-wazuh:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-wazuh:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-wazuh:{{ VERSION }}
- hostname: {{HOSTNAME}}-wazuh-manager
- name: so-wazuh
- detach: True
diff --git a/salt/zeek/files/local.zeek b/salt/zeek/files/local.zeek
index aed6bb59b..92104dbf0 100644
--- a/salt/zeek/files/local.zeek
+++ b/salt/zeek/files/local.zeek
@@ -118,3 +118,6 @@
# Write logs in JSON
redef LogAscii::use_json = T;
redef LogAscii::json_timestamps = JSON::TS_ISO8601;
+
+# CVE-2020-0601
+@load cve-2020-0601
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 90c07c7ea..e0f1f8c9b 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
# Zeek Salt State
# Add Zeek group
@@ -100,7 +100,7 @@ localzeeksync:
so-zeek:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-zeek:HH{{ VERSION }}
+ - image: {{ MASTER }}:5000/soshybridhunter/so-zeek:{{ VERSION }}
- privileged: True
- binds:
- /nsm/zeek/logs:/nsm/zeek/logs:rw
diff --git a/salt/zeek/policy/cve-2020-0601/COPYING b/salt/zeek/policy/cve-2020-0601/COPYING
new file mode 100644
index 000000000..ab2a4ef38
--- /dev/null
+++ b/salt/zeek/policy/cve-2020-0601/COPYING
@@ -0,0 +1,27 @@
+Copyright (c) 2019, Johanna Amann. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+(1) Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+(2) Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+Note that some files in the distribution may carry their own copyright
+notices.
+
diff --git a/salt/zeek/policy/cve-2020-0601/__load__.zeek b/salt/zeek/policy/cve-2020-0601/__load__.zeek
new file mode 100644
index 000000000..911b1404a
--- /dev/null
+++ b/salt/zeek/policy/cve-2020-0601/__load__.zeek
@@ -0,0 +1 @@
+@load ./cve-2020-0601
diff --git a/salt/zeek/policy/cve-2020-0601/cve-2020-0601.zeek b/salt/zeek/policy/cve-2020-0601/cve-2020-0601.zeek
new file mode 100644
index 000000000..32fa67739
--- /dev/null
+++ b/salt/zeek/policy/cve-2020-0601/cve-2020-0601.zeek
@@ -0,0 +1,41 @@
+module CVE_2020_0601;
+
+export {
+ ## set to yes, to log suspicious certificates.
+ option log_certs = F;
+
+ ## The logging stream identifier.
+ redef enum Log::ID += { LOG };
+
+ ## The record type which contains column fields of the certificate log.
+ type Info: record {
+ ## Timestamp when this record is written.
+ ts: time &log;
+ ## File-id of the cerfificate
+ fuid: string &log;
+ ## Certificate encoded as base64
+ certificate: string &log;
+ };
+
+ redef enum Notice::Type += {
+ ## An ECC certificate with an unknown curve was encountered
+ Unknown_X509_Curve
+ };
+}
+
+event zeek_init()
+ {
+ Log::create_stream(CVE_2020_0601::LOG, [$columns=Info, $path="cve-2020-0601-certs"]);
+ }
+
+event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate)
+ {
+ if ( cert?$key_alg && cert$key_alg == "id-ecPublicKey" && ! cert?$curve )
+ {
+ NOTICE([$note=Unknown_X509_Curve, $f=f, $msg="ECC certificate with unknown curve; potential CVE-2020-0601 exploit attempt"]);
+
+ if ( log_certs )
+ Log::write(CVE_2020_0601::LOG, Info($ts=network_time(), $fuid=f$id, $certificate=encode_base64(x509_get_certificate_string(cert_ref, F))));
+ }
+ }
+
diff --git a/setup/so-functions b/setup/so-functions
index 226a919b0..893d552ee 100644
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -714,7 +714,7 @@ master_static() {
touch /opt/so/saltstack/pillar/static.sls
echo "static:" > /opt/so/saltstack/pillar/static.sls
- echo " soversion: 1.1.4" >> /opt/so/saltstack/pillar/static.sls
+ echo " soversion: HH1.1.4" >> /opt/so/saltstack/pillar/static.sls
echo " hnmaster: $HNMASTER" >> /opt/so/saltstack/pillar/static.sls
echo " ntpserver: $NTPSERVER" >> /opt/so/saltstack/pillar/static.sls
echo " proxy: $PROXY" >> /opt/so/saltstack/pillar/static.sls
@@ -732,6 +732,8 @@ master_static() {
echo " cortexorguserkey: $CORTEXORGUSERKEY" >> /opt/so/saltstack/pillar/static.sls
echo " fleetsetup: 0" >> /opt/so/saltstack/pillar/static.sls
echo " sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls
+ echo "elastic:" >> /opt/so/saltstack/pillar/static.sls
+ echo " features: False" >> /opt/so/saltstack/pillar/static.sls
if [[ $MASTERUPDATES == 'MASTER' ]]; then
echo " masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls
else