CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor & cleanup

Browse Source
This commit is contained in:
Josh Brower
2023-11-02 10:20:32 -04:00
parent c230cf4eb7
commit 5388b92865
4 changed files with 49 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/common/tools/sbin/so-common
View File

@@ -551,6 +551,10 @@ set_version() {
fi fi
} }
status () {
printf "\n=========================================================================\n$(date) | $1\n=========================================================================\n"
}
systemctl_func() { systemctl_func() {
local action=$1 local action=$1
local echo_action=$1 local echo_action=$1

11
salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup
View File

@@ -8,8 +8,19 @@
INTCA=/etc/pki/tls/certs/intca.crt INTCA=/etc/pki/tls/certs/intca.crt
. /usr/sbin/so-common
. /usr/sbin/so-elastic-fleet-common . /usr/sbin/so-elastic-fleet-common
# Check to make sure that Kibana API is up & ready
RETURN_CODE=0
wait_for_web_response "http://localhost:5601/api/fleet/settings" "fleet" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
RETURN_CODE=$?
if [[ "$RETURN_CODE" != "0" ]]; then
printf "Kibana API not accessible, exiting Elastic Fleet setup..."
exit 1
fi
printf "\n### Create ES Token ###\n" printf "\n### Create ES Token ###\n"
ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq -r .value) ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq -r .value)

44
salt/manager/tools/sbin_jinja/so-elastic-fleet-reset
View File

@@ -11,30 +11,39 @@
require_manager require_manager
# Inform user we are about to remove Elastic Fleet data # Inform user we are about to remove Elastic Fleet data
echo echo
echo "This script will remove the current Elastic Fleet install & all of its data and rerun Elastic Fleet setup." echo "This script will remove the current Elastic Fleet install & all of its data and rerun Elastic Fleet setup."
echo echo
echo "If you would like to proceed, please type AGREE and hit ENTER." echo "If you would like to proceed, type AGREE and hit ENTER."
echo echo
# Read user input # Read user input
read INPUT read INPUT
if [ "$INPUT" != "AGREE" ] ; then exit 0; fi if [ "${INPUT^^}" != 'AGREE' ]; then exit 0; fi
printf "\nUninstalling all Elastic Agents on all Grid Nodes...\n\n" status "Uninstalling all Elastic Agents on all Grid Nodes..."
salt \* cmd.run "elastic-agent uninstall -f" queue=True salt \* cmd.run "elastic-agent uninstall -f" queue=True
printf "\nStopping Fleet Container...\n" status "Stopping Fleet Container..."
so-elastic-fleet-stop --force so-elastic-fleet-stop --force
printf "\nDeleting Fleet Data from Pillars...\n" status "Deleting Fleet Data from Pillars..."
sed -i -z "s/elasticfleet:.*grid_enrollment_heavy.*'//" /opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls sed -i -z "s/elasticfleet:.*grid_enrollment_heavy.*'//" /opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls
sed -i "/fleet_grid_enrollment_token_general.*/d" /opt/so/saltstack/local/pillar/global/soc_global.sls sed -i "/fleet_grid_enrollment_token_general.*/d" /opt/so/saltstack/local/pillar/global/soc_global.sls
sed -i "/fleet_grid_enrollment_token_heavy.*/d" /opt/so/saltstack/local/pillar/global/soc_global.sls sed -i "/fleet_grid_enrollment_token_heavy.*/d" /opt/so/saltstack/local/pillar/global/soc_global.sls
printf "\n\nDeleting Elastic Fleet data...\n\n" status "Deleting Elastic Fleet data..."
# Check to make sure that Elasticsearch is up & ready
RETURN_CODE=0
wait_for_web_response "https://localhost:9200/_cat/indices/.kibana*" "green open" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
RETURN_CODE=$?
if [[ "$RETURN_CODE" != "0" ]]; then
status "Elasticsearch not accessible, exiting script..."
exit 1
fi
ALIASES=".fleet-servers .fleet-policies-leader .fleet-agents .fleet-artifacts .fleet-enrollment-api-keys .kibana_ingest" ALIASES=".fleet-servers .fleet-policies-leader .fleet-agents .fleet-artifacts .fleet-enrollment-api-keys .kibana_ingest"
for ALIAS in ${ALIASES} for ALIAS in ${ALIASES}
@@ -45,21 +54,28 @@ do
# Delete all resolved indices # Delete all resolved indices
for INDX in ${INDXS} for INDX in ${INDXS}
do do
printf "\nDeleting $INDX \n" status "Deleting $INDX"
curl -K /opt/so/conf/kibana/curl.config -s -k -L -H "Content-Type: application/json" "https://localhost:9200/${INDX}" -XDELETE curl -K /opt/so/conf/kibana/curl.config -s -k -L -H "Content-Type: application/json" "https://localhost:9200/${INDX}" -XDELETE
done done
done done
printf "\n\nRestarting Kibana...\n" status "Restarting Kibana..."
so-kibana-restart --force so-kibana-restart --force
wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "curl -K /opt/so/conf/elasticsearch/curl.config" status "Checking to make sure that Kibana API is up & ready..."
RETURN_CODE=0
wait_for_web_response "http://localhost:5601/api/fleet/settings" "fleet" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
RETURN_CODE=$?
printf "\nStarting Elastic Fleet Setup...\n" if [[ "$RETURN_CODE" != "0" ]]; then
status "Kibana API not accessible, exiting script..."
exit 1
fi
status "Starting Elastic Fleet Setup..."
so-elastic-fleet-setup so-elastic-fleet-setup
status "Re-installing Elastic Agent on all Grid Nodes..."
printf "\nRe-installing Elastic Agent on all Grid Nodes...\n\n"
salt \* state.apply elasticfleet.install_agent_grid queue=True salt \* state.apply elasticfleet.install_agent_grid queue=True
printf "\nElastic Fleet Reset complete....\n" status "Elastic Fleet Reset complete...."

4
setup/so-setup
View File

@@ -769,7 +769,9 @@ if ! [[ -f $install_opt_file ]]; then
logCmd "so-soc-restart" logCmd "so-soc-restart"
title "Setting up Elastic Fleet" title "Setting up Elastic Fleet"
logCmd "salt-call state.apply elasticfleet.config" logCmd "salt-call state.apply elasticfleet.config"
logCmd "so-elastic-fleet-setup" if ! logCmd so-setup-elastic-fleet; then
fail_setup
fi
if [[ ! $is_import ]]; then if [[ ! $is_import ]]; then
title "Setting up Playbook" title "Setting up Playbook"
logCmd "so-playbook-reset" logCmd "so-playbook-reset"