Merge branch 'master' of https://github.com/TOoSmOotH/securityonion-saltstack

pillar/firewall/osquery_endpoint.sls

@@ -0,0 +1,3 @@
+osquery_endpoint:
+  - 127.0.0.1
+  

salt/firewall/init.sls

@@ -10,7 +10,7 @@
 
 {% elif grains['role'] == 'so-sensor'%}
 
-{%- set ip = salt['pillar.get']('sensor:mainip', '') %}
+{%- set ip = salt['pillar.get']('node:mainip', '') %}
 
 {% endif %}
 
@@ -347,6 +347,22 @@ enable_standard_beats_5044_{{ip}}:
 
 {% endfor %}
 
+# Allow OSQuery Endpoints to send their traffic
+{% for ip in pillar.get('osquery_endpoint')  %}
+
+enable_standard_osquery_8080_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 8080
+    - position: 1
+    - save: True
+
+{% endfor %}
+
 # Allow Analysts
 {% for ip in pillar.get('analyst')  %}
 

salt/wazuh/files/agent/ossec.conf

@@ -1,8 +1,8 @@
 {%- if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
 {%- set ip = salt['pillar.get']('static:masterip', '') %}
-{%- elif grains['role'] == 'so-node' }
+{%- elif grains['role'] == 'so-node' %}
 {%- set ip = salt['pillar.get']('node:mainip', '') %}
-{%- elif grains['role'] == 'so-sensor' }
+{%- elif grains['role'] == 'so-sensor' %}
 {%- set ip = salt['pillar.get']('sensor:mainip', '') %}
 {%- endif %} 
 <!--

salt/wazuh/files/agent/wazuh-register-agent

@@ -1,8 +1,8 @@
 {%- if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
 {%- set ip = salt['pillar.get']('static:masterip', '') %}
-{%- elif grains['role'] == 'so-node' } 
+{%- elif grains['role'] == 'so-node' %} 
 {%- set ip = salt['pillar.get']('node:mainip', '') %}
-{%- elif grains['role'] == 'so-sensor' }
+{%- elif grains['role'] == 'so-sensor' %}
 {%- set ip = salt['pillar.get']('sensor:mainip', '') %}
 {%- endif %}
 #!/bin/bash