diff --git a/pillar/firewall/osquery_endpoint.sls b/pillar/firewall/osquery_endpoint.sls new file mode 100644 index 000000000..cfc6051b8 --- /dev/null +++ b/pillar/firewall/osquery_endpoint.sls @@ -0,0 +1,3 @@ +osquery_endpoint: + - 127.0.0.1 + diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index 47e230779..34e69739f 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -10,7 +10,7 @@ {% elif grains['role'] == 'so-sensor'%} -{%- set ip = salt['pillar.get']('sensor:mainip', '') %} +{%- set ip = salt['pillar.get']('node:mainip', '') %} {% endif %} @@ -347,6 +347,22 @@ enable_standard_beats_5044_{{ip}}: {% endfor %} +# Allow OSQuery Endpoints to send their traffic +{% for ip in pillar.get('osquery_endpoint') %} + +enable_standard_osquery_8080_{{ip}}: + iptables.insert: + - table: filter + - chain: DOCKER-USER + - jump: ACCEPT + - proto: tcp + - source: {{ ip }} + - dport: 8080 + - position: 1 + - save: True + +{% endfor %} + # Allow Analysts {% for ip in pillar.get('analyst') %} diff --git a/salt/wazuh/files/agent/ossec.conf b/salt/wazuh/files/agent/ossec.conf index b4725075b..d85465671 100644 --- a/salt/wazuh/files/agent/ossec.conf +++ b/salt/wazuh/files/agent/ossec.conf @@ -1,8 +1,8 @@ {%- if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %} {%- set ip = salt['pillar.get']('static:masterip', '') %} -{%- elif grains['role'] == 'so-node' } +{%- elif grains['role'] == 'so-node' %} {%- set ip = salt['pillar.get']('node:mainip', '') %} -{%- elif grains['role'] == 'so-sensor' } +{%- elif grains['role'] == 'so-sensor' %} {%- set ip = salt['pillar.get']('sensor:mainip', '') %} {%- endif %}