CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

add firewall rules for fleet standalone

Browse Source
This commit is contained in:
m0duspwnens
2020-06-15 13:50:37 -04:00
parent dc56c449b7
commit 51e500f521
3 changed files with 252 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
files/firewall/hostgroups.local.yaml
View File

@@ -8,6 +8,10 @@ firewall:
ips: ips:
delete: delete:
insert: insert:
beats_endpoint_ssl:
ips:
delete:
insert:
fleet: fleet:
ips: ips:
delete: delete:

472
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -30,6 +30,7 @@ role:
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_api }} - {{ portgroups.wazuh_api }}
- {{ portgroups.fleet_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -45,6 +46,246 @@ role:
beats_endpoint: beats_endpoint:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
beats_endpoint_ssl:
portgroups:
- {{ portgroups.beats_5644 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
syslog:
portgroups:
- {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
master:
chain:
DOCKER-USER:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.fleet_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
self:
portgroups:
- {{ portgroups.syslog}}
syslog:
portgroups:
- {{ portgroups.syslog }}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
beats_endpoint_ssl:
portgroups:
- {{ portgroups.beats_5644 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
mastersearch:
chain:
DOCKER-USER:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.fleet_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
self:
portgroups:
- {{ portgroups.syslog}}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
beats_endpoint_ssl:
portgroups:
- {{ portgroups.beats_5644 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
syslog:
portgroups:
- {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
standalone:
chain:
DOCKER-USER:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.fleet_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
self:
portgroups:
- {{ portgroups.syslog}}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
beats_endpoint_ssl:
portgroups:
- {{ portgroups.beats_5644 }}
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
@@ -141,231 +382,6 @@ role:
minion: minion:
portgroups: portgroups:
- {{ portgroups.salt_master }} - {{ portgroups.salt_master }}
master:
chain:
DOCKER-USER:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
self:
portgroups:
- {{ portgroups.syslog}}
syslog:
portgroups:
- {{ portgroups.syslog }}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
mastersearch:
chain:
DOCKER-USER:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
self:
portgroups:
- {{ portgroups.syslog}}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
syslog:
portgroups:
- {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
standalone:
chain:
DOCKER-USER:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
self:
portgroups:
- {{ portgroups.syslog}}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
syslog:
portgroups:
- {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
searchnode: searchnode:
chain: chain:
DOCKER-USER: DOCKER-USER:
@@ -434,6 +450,12 @@ role:
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.fleet_webui }} - {{ portgroups.fleet_webui }}
minion:
portgroups:
- {{ portgroups.fleet_api }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api}}
INPUT: INPUT:
hostgroups: hostgroups:
anywhere: anywhere:

2
setup/so-functions
View File

@@ -1461,7 +1461,7 @@ set_initial_firewall_policy() {
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
;; ;;
'FLEET') 'FLEET')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost beats_endpoint "$MAINIP" ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost beats_endpoint_ssl "$MAINIP"
;; ;;
esac esac
;; ;;