diff --git a/files/firewall/hostgroups.local.yaml b/files/firewall/hostgroups.local.yaml index b63b90fd1..9d2c4c0c7 100644 --- a/files/firewall/hostgroups.local.yaml +++ b/files/firewall/hostgroups.local.yaml @@ -8,6 +8,10 @@ firewall: ips: delete: insert: + beats_endpoint_ssl: + ips: + delete: + insert: fleet: ips: delete: diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index 1afab8b71..beda399e7 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -30,6 +30,7 @@ role: - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - {{ portgroups.wazuh_api }} + - {{ portgroups.fleet_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -45,6 +46,246 @@ role: beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} + beats_endpoint_ssl: + portgroups: + - {{ portgroups.beats_5644 }} + osquery_endpoint: + portgroups: + - {{ portgroups.fleet_api }} + syslog: + portgroups: + - {{ portgroups.syslog }} + wazuh_agent: + portgroups: + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} + analyst: + portgroups: + - {{ portgroups.nginx }} + INPUT: + hostgroups: + anywhere: + portgroups: + - {{ portgroups.ssh }} + dockernet: + portgroups: + - {{ portgroups.all }} + localhost: + portgroups: + - {{ portgroups.all }} + minion: + portgroups: + - {{ portgroups.salt_master }} + master: + chain: + DOCKER-USER: + hostgroups: + master: + portgroups: + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} + - {{ portgroups.playbook }} + - {{ portgroups.mysql }} + - {{ portgroups.navigator }} + - {{ portgroups.kibana }} + - {{ portgroups.redis }} + - {{ portgroups.influxdb }} + - {{ portgroups.fleet_api }} + - {{ portgroups.cortex }} + - {{ portgroups.elasticsearch_rest }} + - {{ portgroups.elasticsearch_node }} + - {{ portgroups.cortex_es_rest }} + - {{ portgroups.cortex_es_node }} + minion: + portgroups: + - {{ portgroups.acng }} + - {{ portgroups.docker_registry }} + - {{ portgroups.osquery_8080 }} + - {{ portgroups.influxdb }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.fleet_api }} + sensor: + portgroups: + - {{ portgroups.sensoroni }} + - {{ portgroups.beats_5044 }} + - {{ portgroups.beats_5644 }} + search_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.elasticsearch_node }} + self: + portgroups: + - {{ portgroups.syslog}} + syslog: + portgroups: + - {{ portgroups.syslog }} + beats_endpoint: + portgroups: + - {{ portgroups.beats_5044 }} + beats_endpoint_ssl: + portgroups: + - {{ portgroups.beats_5644 }} + osquery_endpoint: + portgroups: + - {{ portgroups.fleet_api }} + wazuh_agent: + portgroups: + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} + analyst: + portgroups: + - {{ portgroups.nginx }} + INPUT: + hostgroups: + anywhere: + portgroups: + - {{ portgroups.ssh }} + dockernet: + portgroups: + - {{ portgroups.all }} + localhost: + portgroups: + - {{ portgroups.all }} + minion: + portgroups: + - {{ portgroups.salt_master }} + mastersearch: + chain: + DOCKER-USER: + hostgroups: + master: + portgroups: + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} + - {{ portgroups.playbook }} + - {{ portgroups.mysql }} + - {{ portgroups.navigator }} + - {{ portgroups.kibana }} + - {{ portgroups.redis }} + - {{ portgroups.influxdb }} + - {{ portgroups.fleet_api }} + - {{ portgroups.cortex }} + - {{ portgroups.elasticsearch_rest }} + - {{ portgroups.elasticsearch_node }} + - {{ portgroups.cortex_es_rest }} + - {{ portgroups.cortex_es_node }} + minion: + portgroups: + - {{ portgroups.acng }} + - {{ portgroups.docker_registry }} + - {{ portgroups.osquery_8080 }} + - {{ portgroups.influxdb }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.fleet_api }} + sensor: + portgroups: + - {{ portgroups.sensoroni }} + - {{ portgroups.beats_5044 }} + - {{ portgroups.beats_5644 }} + search_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.elasticsearch_node }} + self: + portgroups: + - {{ portgroups.syslog}} + beats_endpoint: + portgroups: + - {{ portgroups.beats_5044 }} + beats_endpoint_ssl: + portgroups: + - {{ portgroups.beats_5644 }} + osquery_endpoint: + portgroups: + - {{ portgroups.fleet_api }} + syslog: + portgroups: + - {{ portgroups.syslog }} + wazuh_agent: + portgroups: + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} + analyst: + portgroups: + - {{ portgroups.nginx }} + INPUT: + hostgroups: + anywhere: + portgroups: + - {{ portgroups.ssh }} + dockernet: + portgroups: + - {{ portgroups.all }} + localhost: + portgroups: + - {{ portgroups.all }} + minion: + portgroups: + - {{ portgroups.salt_master }} + standalone: + chain: + DOCKER-USER: + hostgroups: + master: + portgroups: + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} + - {{ portgroups.playbook }} + - {{ portgroups.mysql }} + - {{ portgroups.navigator }} + - {{ portgroups.kibana }} + - {{ portgroups.redis }} + - {{ portgroups.influxdb }} + - {{ portgroups.fleet_api }} + - {{ portgroups.cortex }} + - {{ portgroups.elasticsearch_rest }} + - {{ portgroups.elasticsearch_node }} + - {{ portgroups.cortex_es_rest }} + - {{ portgroups.cortex_es_node }} + minion: + portgroups: + - {{ portgroups.acng }} + - {{ portgroups.docker_registry }} + - {{ portgroups.osquery_8080 }} + - {{ portgroups.influxdb }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.fleet_api }} + sensor: + portgroups: + - {{ portgroups.sensoroni }} + - {{ portgroups.beats_5044 }} + - {{ portgroups.beats_5644 }} + search_node: + portgroups: + - {{ portgroups.redis }} + - {{ portgroups.elasticsearch_node }} + self: + portgroups: + - {{ portgroups.syslog}} + beats_endpoint: + portgroups: + - {{ portgroups.beats_5044 }} + beats_endpoint_ssl: + portgroups: + - {{ portgroups.beats_5644 }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} @@ -141,231 +382,6 @@ role: minion: portgroups: - {{ portgroups.salt_master }} - master: - chain: - DOCKER-USER: - hostgroups: - master: - portgroups: - - {{ portgroups.wazuh_agent }} - - {{ portgroups.wazuh_api }} - - {{ portgroups.wazuh_authd }} - - {{ portgroups.playbook }} - - {{ portgroups.mysql }} - - {{ portgroups.navigator }} - - {{ portgroups.kibana }} - - {{ portgroups.redis }} - - {{ portgroups.influxdb }} - - {{ portgroups.fleet_api }} - - {{ portgroups.cortex }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.cortex_es_rest }} - - {{ portgroups.cortex_es_node }} - minion: - portgroups: - - {{ portgroups.acng }} - - {{ portgroups.docker_registry }} - - {{ portgroups.osquery_8080 }} - - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_api }} - sensor: - portgroups: - - {{ portgroups.sensoroni }} - - {{ portgroups.beats_5044 }} - - {{ portgroups.beats_5644 }} - search_node: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_node }} - self: - portgroups: - - {{ portgroups.syslog}} - syslog: - portgroups: - - {{ portgroups.syslog }} - beats_endpoint: - portgroups: - - {{ portgroups.beats_5044 }} - osquery_endpoint: - portgroups: - - {{ portgroups.fleet_api }} - wazuh_agent: - portgroups: - - {{ portgroups.wazuh_agent }} - wazuh_api: - portgroups: - - {{ portgroups.wazuh_api }} - wazuh_authd: - portgroups: - - {{ portgroups.wazuh_authd }} - analyst: - portgroups: - - {{ portgroups.nginx }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - minion: - portgroups: - - {{ portgroups.salt_master }} - mastersearch: - chain: - DOCKER-USER: - hostgroups: - master: - portgroups: - - {{ portgroups.wazuh_agent }} - - {{ portgroups.wazuh_api }} - - {{ portgroups.wazuh_authd }} - - {{ portgroups.playbook }} - - {{ portgroups.mysql }} - - {{ portgroups.navigator }} - - {{ portgroups.kibana }} - - {{ portgroups.redis }} - - {{ portgroups.influxdb }} - - {{ portgroups.fleet_api }} - - {{ portgroups.cortex }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.cortex_es_rest }} - - {{ portgroups.cortex_es_node }} - minion: - portgroups: - - {{ portgroups.acng }} - - {{ portgroups.docker_registry }} - - {{ portgroups.osquery_8080 }} - - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_api }} - sensor: - portgroups: - - {{ portgroups.sensoroni }} - - {{ portgroups.beats_5044 }} - - {{ portgroups.beats_5644 }} - search_node: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_node }} - self: - portgroups: - - {{ portgroups.syslog}} - beats_endpoint: - portgroups: - - {{ portgroups.beats_5044 }} - osquery_endpoint: - portgroups: - - {{ portgroups.fleet_api }} - syslog: - portgroups: - - {{ portgroups.syslog }} - wazuh_agent: - portgroups: - - {{ portgroups.wazuh_agent }} - wazuh_api: - portgroups: - - {{ portgroups.wazuh_api }} - wazuh_authd: - portgroups: - - {{ portgroups.wazuh_authd }} - analyst: - portgroups: - - {{ portgroups.nginx }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - minion: - portgroups: - - {{ portgroups.salt_master }} - standalone: - chain: - DOCKER-USER: - hostgroups: - master: - portgroups: - - {{ portgroups.wazuh_agent }} - - {{ portgroups.wazuh_api }} - - {{ portgroups.wazuh_authd }} - - {{ portgroups.playbook }} - - {{ portgroups.mysql }} - - {{ portgroups.navigator }} - - {{ portgroups.kibana }} - - {{ portgroups.redis }} - - {{ portgroups.influxdb }} - - {{ portgroups.fleet_api }} - - {{ portgroups.cortex }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.cortex_es_rest }} - - {{ portgroups.cortex_es_node }} - minion: - portgroups: - - {{ portgroups.acng }} - - {{ portgroups.docker_registry }} - - {{ portgroups.osquery_8080 }} - - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_api }} - sensor: - portgroups: - - {{ portgroups.sensoroni }} - - {{ portgroups.beats_5044 }} - - {{ portgroups.beats_5644 }} - search_node: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_node }} - self: - portgroups: - - {{ portgroups.syslog}} - beats_endpoint: - portgroups: - - {{ portgroups.beats_5044 }} - osquery_endpoint: - portgroups: - - {{ portgroups.fleet_api }} - syslog: - portgroups: - - {{ portgroups.syslog }} - wazuh_agent: - portgroups: - - {{ portgroups.wazuh_agent }} - wazuh_api: - portgroups: - - {{ portgroups.wazuh_api }} - wazuh_authd: - portgroups: - - {{ portgroups.wazuh_authd }} - analyst: - portgroups: - - {{ portgroups.nginx }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - minion: - portgroups: - - {{ portgroups.salt_master }} searchnode: chain: DOCKER-USER: @@ -434,6 +450,12 @@ role: analyst: portgroups: - {{ portgroups.fleet_webui }} + minion: + portgroups: + - {{ portgroups.fleet_api }} + osquery_endpoint: + portgroups: + - {{ portgroups.fleet_api}} INPUT: hostgroups: anywhere: diff --git a/setup/so-functions b/setup/so-functions index 72c6395b0..14fcff469 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1461,7 +1461,7 @@ set_initial_firewall_policy() { ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" ;; 'FLEET') - ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost beats_endpoint "$MAINIP" + ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost beats_endpoint_ssl "$MAINIP" ;; esac ;;