CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix formatting

Browse Source
This commit is contained in:
Mike Reeves
2022-04-01 16:50:55 -04:00
parent 07783713e6
commit 5387caf6f4
1 changed files with 106 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

212
setup/so-functions
View File

@@ -49,14 +49,14 @@ airgap_repo() {
rm -rf /etc/yum.repos.d/* rm -rf /etc/yum.repos.d/*
echo "[airgap_repo]" > /etc/yum.repos.d/airgap_repo.repo echo "[airgap_repo]" > /etc/yum.repos.d/airgap_repo.repo
if $is_manager; then if $is_manager; then
echo "baseurl=https://$HOSTNAME/repo" >> /etc/yum.repos.d/airgap_repo.repo echo "baseurl=https://$HOSTNAME/repo" >> /etc/yum.repos.d/airgap_repo.repo
else else
echo "baseurl=https://$MSRV/repo" >> /etc/yum.repos.d/airgap_repo.repo echo "baseurl=https://$MSRV/repo" >> /etc/yum.repos.d/airgap_repo.repo
fi fi
echo "gpgcheck=1" >> /etc/yum.repos.d/airgap_repo.repo echo "gpgcheck=1" >> /etc/yum.repos.d/airgap_repo.repo
echo "sslverify=0" >> /etc/yum.repos.d/airgap_repo.repo echo "sslverify=0" >> /etc/yum.repos.d/airgap_repo.repo
echo "name=Airgap Repo" >> /etc/yum.repos.d/airgap_repo.repo echo "name=Airgap Repo" >> /etc/yum.repos.d/airgap_repo.repo
echo "enabled=1" >> /etc/yum.repos.d/airgap_repo.repo echo "enabled=1" >> /etc/yum.repos.d/airgap_repo.repo
} }
airgap_rules() { airgap_rules() {
@@ -144,11 +144,11 @@ analyst_workstation_pillar() {
# Create the analyst workstation pillar # Create the analyst workstation pillar
printf '%s\n'\ printf '%s\n'\
"host:"\ "host:"\
" mainint: '$MNIC'"\ " mainint: '$MNIC'"\
"workstation:"\ "workstation:"\
" gui:"\ " gui:"\
" enabled: true" >> "$pillar_file"\ " enabled: true" >> "$pillar_file"\
"sensoroni:"\ "sensoroni:"\
" node_description: '${NODE_DESCRIPTION//\'/''}'" > $pillar_file " node_description: '${NODE_DESCRIPTION//\'/''}'" > $pillar_file
} }
@@ -782,7 +782,7 @@ collect_zeek() {
configure_minion() { configure_minion() {
local minion_type=$1 local minion_type=$1
if [[ $is_analyst ]]; then if [[ $is_analyst ]]; then
minion_type=workstation minion_type=workstation
fi fi
echo "Configuring minion type as $minion_type" >> "$setup_log" 2>&1 echo "Configuring minion type as $minion_type" >> "$setup_log" 2>&1
echo "role: so-$minion_type" > /etc/salt/grains echo "role: so-$minion_type" > /etc/salt/grains
@@ -792,9 +792,9 @@ configure_minion() {
echo "id: '$MINION_ID'" > "$minion_config" echo "id: '$MINION_ID'" > "$minion_config"
case "$minion_type" in case "$minion_type" in
'workstation') 'workstation')
echo "master: '$MSRV'" >> "$minion_config" echo "master: '$MSRV'" >> "$minion_config"
;; ;;
'helix') 'helix')
cp -f ../salt/ca/files/signing_policies.conf /etc/salt/minion.d/signing_policies.conf cp -f ../salt/ca/files/signing_policies.conf /etc/salt/minion.d/signing_policies.conf
echo "master: '$HOSTNAME'" >> "$minion_config" echo "master: '$HOSTNAME'" >> "$minion_config"
@@ -1251,15 +1251,15 @@ docker_install() {
;; ;;
esac esac
if [ $OSVER == "bionic" ]; then if [ $OSVER == "bionic" ]; then
service docker stop service docker stop
apt -y purge docker-ce docker-ce-cli docker-ce-rootless-extras apt -y purge docker-ce docker-ce-cli docker-ce-rootless-extras
retry 50 10 "apt-get -y install --allow-downgrades docker-ce=5:20.10.5~3-0~ubuntu-bionic docker-ce-cli=5:20.10.5~3-0~ubuntu-bionic docker-ce-rootless-extras=5:20.10.5~3-0~ubuntu-bionic python3-docker" >> "$setup_log" 2>&1 || exit 1 retry 50 10 "apt-get -y install --allow-downgrades docker-ce=5:20.10.5~3-0~ubuntu-bionic docker-ce-cli=5:20.10.5~3-0~ubuntu-bionic docker-ce-rootless-extras=5:20.10.5~3-0~ubuntu-bionic python3-docker" >> "$setup_log" 2>&1 || exit 1
apt-mark hold docker-ce docker-ce-cli docker-ce-rootless-extras apt-mark hold docker-ce docker-ce-cli docker-ce-rootless-extras
elif [ $OSVER == "focal" ]; then elif [ $OSVER == "focal" ]; then
service docker stop service docker stop
apt -y purge docker-ce docker-ce-cli docker-ce-rootless-extras apt -y purge docker-ce docker-ce-cli docker-ce-rootless-extras
retry 50 10 "apt-get -y install --allow-downgrades docker-ce=5:20.10.8~3-0~ubuntu-focal docker-ce-cli=5:20.10.8~3-0~ubuntu-focal docker-ce-rootless-extras=5:20.10.8~3-0~ubuntu-focal python3-docker" >> "$setup_log" 2>&1 || exit 1 retry 50 10 "apt-get -y install --allow-downgrades docker-ce=5:20.10.8~3-0~ubuntu-focal docker-ce-cli=5:20.10.8~3-0~ubuntu-focal docker-ce-rootless-extras=5:20.10.8~3-0~ubuntu-focal python3-docker" >> "$setup_log" 2>&1 || exit 1
apt-mark hold docker-ce docker-ce-cli docker-ce-rootless-extras apt-mark hold docker-ce docker-ce-cli docker-ce-rootless-extras
fi fi
fi fi
docker_registry docker_registry
@@ -1390,9 +1390,9 @@ es_heapsize() {
# Set heap size to 33% of available memory # Set heap size to 33% of available memory
ES_HEAP_SIZE=$(( total_mem / 3 )) ES_HEAP_SIZE=$(( total_mem / 3 ))
if [ "$ES_HEAP_SIZE" -ge 25001 ] ; then if [ "$ES_HEAP_SIZE" -ge 25001 ] ; then
ES_HEAP_SIZE="25000m" ES_HEAP_SIZE="25000m"
else else
ES_HEAP_SIZE=$ES_HEAP_SIZE"m" ES_HEAP_SIZE=$ES_HEAP_SIZE"m"
fi fi
fi fi
export ES_HEAP_SIZE export ES_HEAP_SIZE
@@ -1750,7 +1750,7 @@ manager_global() {
" managerip: '$MAINIP'" > "$global_pillar" " managerip: '$MAINIP'" > "$global_pillar"
if [[ $HIGHLANDER == 'True' ]]; then if [[ $HIGHLANDER == 'True' ]]; then
printf '%s\n'\ printf '%s\n'\
" highlander: True"\ >> "$global_pillar" " highlander: True"\ >> "$global_pillar"
fi fi
if [[ $is_airgap ]]; then if [[ $is_airgap ]]; then
@@ -1780,14 +1780,14 @@ manager_global() {
" enabled: $STRELKA"\ " enabled: $STRELKA"\
" rules: 1" >> "$global_pillar" " rules: 1" >> "$global_pillar"
if [[ $is_airgap ]]; then if [[ $is_airgap ]]; then
printf '%s\n'\ printf '%s\n'\
" repos:"\ " repos:"\
" - 'https://$HOSTNAME/repo/rules/strelka'" >> "$global_pillar" " - 'https://$HOSTNAME/repo/rules/strelka'" >> "$global_pillar"
else else
printf '%s\n'\ printf '%s\n'\
" repos:"\ " repos:"\
" - 'https://github.com/Neo23x0/signature-base'" >> "$global_pillar" " - 'https://github.com/Neo23x0/signature-base'" >> "$global_pillar"
fi fi
printf '%s\n'\ printf '%s\n'\
"curator:"\ "curator:"\
@@ -1816,101 +1816,101 @@ manager_global() {
" cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\ " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\
" index_settings:"\ " index_settings:"\
" so-beats:"\ " so-beats:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 365"\ " delete: 365"\
" so-endgame:"\ " so-endgame:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 365"\ " delete: 365"\
" so-firewall:"\ " so-firewall:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 365"\ " delete: 365"\
" so-flow:"\ " so-flow:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 365"\ " delete: 365"\
" so-ids:"\ " so-ids:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 365"\ " delete: 365"\
" so-import:"\ " so-import:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 73000"\ " close: 73000"\
" delete: 73001"\ " delete: 73001"\
" so-osquery:"\ " so-osquery:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 365"\ " delete: 365"\
" so-ossec:"\ " so-ossec:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 365"\ " delete: 365"\
" so-strelka:"\ " so-strelka:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 365"\ " delete: 365"\
" so-syslog:"\ " so-syslog:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 30"\ " close: 30"\
" delete: 365"\ " delete: 365"\
" so-zeek:"\ " so-zeek:"\
" index_template:"\ " index_template:"\
" template:"\ " template:"\
" settings:"\ " settings:"\
" index:"\ " index:"\
" number_of_shards: 1"\ " number_of_shards: 1"\
" warm: 7"\ " warm: 7"\
" close: 45"\ " close: 45"\
" delete: 365"\ " delete: 365"\
@@ -2257,28 +2257,28 @@ saltify() {
fi fi
if [[ ! $is_analyst ]]; then if [[ ! $is_analyst ]]; then
case "$install_type" in case "$install_type" in
'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'FLEET' | 'HELIXSENSOR' | 'STANDALONE'| 'IMPORT') 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'FLEET' | 'HELIXSENSOR' | 'STANDALONE'| 'IMPORT')
reserve_group_ids reserve_group_ids
if [[ ! $is_iso ]]; then if [[ ! $is_iso ]]; then
logCmd "yum -y install sqlite curl mariadb-devel" logCmd "yum -y install sqlite curl mariadb-devel"
fi fi
# Download Ubuntu Keys in case manager updates = 1 # Download Ubuntu Keys in case manager updates = 1
logCmd "mkdir -vp /opt/so/gpg" logCmd "mkdir -vp /opt/so/gpg"
if [[ ! $is_airgap ]]; then if [[ ! $is_airgap ]]; then
logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3004.1/SALTSTACK-GPG-KEY.pub" logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3004.1/SALTSTACK-GPG-KEY.pub"
logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg" logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg"
logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH" logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH"
fi fi
set_progress_str 7 'Installing salt-master' set_progress_str 7 'Installing salt-master'
if [[ ! $is_iso ]]; then if [[ ! $is_iso ]]; then
logCmd "yum -y install salt-master-3004.1" logCmd "yum -y install salt-master-3004.1"
fi fi
logCmd "systemctl enable salt-master" logCmd "systemctl enable salt-master"
;; ;;
*) *)
;; ;;
esac esac
fi fi
if [[ ! $is_airgap ]]; then if [[ ! $is_airgap ]]; then
logCmd "yum clean expire-cache" logCmd "yum clean expire-cache"
@@ -2659,8 +2659,8 @@ set_initial_firewall_policy() {
'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost manager "$MAINIP" $default_salt_dir/salt/common/tools/sbin/so-firewall includehost manager "$MAINIP"
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP" $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP" $default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP"
$default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP" $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP"
case "$install_type" in case "$install_type" in
'EVAL') 'EVAL')
$default_salt_dir/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" "$INTERFACE" True $default_salt_dir/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" "$INTERFACE" True
@@ -2676,7 +2676,7 @@ set_initial_firewall_policy() {
'HELIXSENSOR') 'HELIXSENSOR')
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost manager "$MAINIP" $default_salt_dir/salt/common/tools/sbin/so-firewall includehost manager "$MAINIP"
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP" $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
$default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost sensor "$MAINIP" $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost sensor "$MAINIP"
;; ;;
'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET' | 'IDH' | 'RECEIVER') 'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET' | 'IDH' | 'RECEIVER')
$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP" $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
@@ -2719,9 +2719,9 @@ set_initial_firewall_policy() {
# Add some firewall rules for analyst workstations that get added to the grid # Add some firewall rules for analyst workstations that get added to the grid
if [[ $is_analyst ]]; then if [[ $is_analyst ]]; then
$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP" $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost analyst "$MAINIP" $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost analyst "$MAINIP"
fi fi
} }
@@ -2842,8 +2842,8 @@ update_sudoers() {
update_packages() { update_packages() {
if [[ $is_centos ]]; then if [[ $is_centos ]]; then
logCmd "yum repolist" logCmd "yum repolist"
logCmd "yum -y update --exclude=salt*,wazuh*,docker*,containerd*" logCmd "yum -y update --exclude=salt*,wazuh*,docker*,containerd*"
else else
retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1 retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1
retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1 retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1
@@ -2903,7 +2903,7 @@ write_out_idh_services() {
" services:" >> "$pillar_file" " services:" >> "$pillar_file"
for service in ${idh_services[@]}; do for service in ${idh_services[@]}; do
echo " - $service" | tr '[:upper:]' '[:lower:]' >> "$pillar_file" echo " - $service" | tr '[:upper:]' '[:lower:]' >> "$pillar_file"
done done
} }
# Enable Zeek Logs # Enable Zeek Logs