From fe56e171d4035d22d0893c43e65b5d14045192cf Mon Sep 17 00:00:00 2001
From: dlee35 <dlee35@gmail.com>
Date: Thu, 13 Dec 2018 13:28:37 -0500
Subject: [PATCH 1/2] add firewall rule option for osquery

---
 pillar/firewall/osquery_endpoint.sls |  3 +++
 salt/firewall/init.sls               | 18 +++++++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 pillar/firewall/osquery_endpoint.sls

diff --git a/pillar/firewall/osquery_endpoint.sls b/pillar/firewall/osquery_endpoint.sls
new file mode 100644
index 000000000..cfc6051b8
--- /dev/null
+++ b/pillar/firewall/osquery_endpoint.sls
@@ -0,0 +1,3 @@
+osquery_endpoint:
+  - 127.0.0.1
+  
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 47e230779..34e69739f 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -10,7 +10,7 @@
 
 {% elif grains['role'] == 'so-sensor'%}
 
-{%- set ip = salt['pillar.get']('sensor:mainip', '') %}
+{%- set ip = salt['pillar.get']('node:mainip', '') %}
 
 {% endif %}
 
@@ -347,6 +347,22 @@ enable_standard_beats_5044_{{ip}}:
 
 {% endfor %}
 
+# Allow OSQuery Endpoints to send their traffic
+{% for ip in pillar.get('osquery_endpoint')  %}
+
+enable_standard_osquery_8080_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 8080
+    - position: 1
+    - save: True
+
+{% endfor %}
+
 # Allow Analysts
 {% for ip in pillar.get('analyst')  %}
 

From bd04dc45a3e57b219b8a6c5675dfa6d1737a9b90 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Thu, 13 Dec 2018 18:30:04 +0000
Subject: [PATCH 2/2] Wazuh - Fix Jinja

---
 salt/wazuh/files/agent/ossec.conf           | 4 ++--
 salt/wazuh/files/agent/wazuh-register-agent | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/salt/wazuh/files/agent/ossec.conf b/salt/wazuh/files/agent/ossec.conf
index b4725075b..d85465671 100644
--- a/salt/wazuh/files/agent/ossec.conf
+++ b/salt/wazuh/files/agent/ossec.conf
@@ -1,8 +1,8 @@
 {%- if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
 {%- set ip = salt['pillar.get']('static:masterip', '') %}
-{%- elif grains['role'] == 'so-node' }
+{%- elif grains['role'] == 'so-node' %}
 {%- set ip = salt['pillar.get']('node:mainip', '') %}
-{%- elif grains['role'] == 'so-sensor' }
+{%- elif grains['role'] == 'so-sensor' %}
 {%- set ip = salt['pillar.get']('sensor:mainip', '') %}
 {%- endif %} 
 <!--
diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent
index b9e0290ce..4197a5334 100755
--- a/salt/wazuh/files/agent/wazuh-register-agent
+++ b/salt/wazuh/files/agent/wazuh-register-agent
@@ -1,8 +1,8 @@
 {%- if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
 {%- set ip = salt['pillar.get']('static:masterip', '') %}
-{%- elif grains['role'] == 'so-node' } 
+{%- elif grains['role'] == 'so-node' %} 
 {%- set ip = salt['pillar.get']('node:mainip', '') %}
-{%- elif grains['role'] == 'so-sensor' }
+{%- elif grains['role'] == 'so-sensor' %}
 {%- set ip = salt['pillar.get']('sensor:mainip', '') %}
 {%- endif %}
 #!/bin/bash