CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Initial cut for Artifact Registry

Browse Source
This commit is contained in:
Josh Brower
2023-05-02 14:17:59 -04:00
parent 8459054ff8
commit 544fa824ea
8 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/docker/defaults.yaml
View File

@@ -54,6 +54,7 @@ docker:
port_bindings: port_bindings:
- 80:80 - 80:80
- 443:443 - 443:443
- 8443:8443
'so-playbook': 'so-playbook':
final_octet: 32 final_octet: 32
port_bindings: port_bindings:

11
salt/elasticfleet/artifact_registry.sls Normal file
View File

@@ -0,0 +1,11 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
# this file except in compliance with the Elastic License 2.0.
fleetartifactdir:
file.directory:
- name: /nsm/elastic-fleet/artifacts
- user: 947
- group: 939
- makedirs: True

18
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -46,6 +46,7 @@ role:
portgroups: portgroups:
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
strelka_frontend: strelka_frontend:
portgroups: portgroups:
- {{ portgroups.strelka_frontend }} - {{ portgroups.strelka_frontend }}
@@ -74,10 +75,12 @@ role:
portgroups: portgroups:
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
elastic_agent_endpoint: elastic_agent_endpoint:
portgroups: portgroups:
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
INPUT: INPUT:
hostgroups: hostgroups:
anywhere: anywhere:
@@ -117,6 +120,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
{% if ISAIRGAP is sameas true %} {% if ISAIRGAP is sameas true %}
- {{ portgroups.agrules }} - {{ portgroups.agrules }}
{% endif %} {% endif %}
@@ -126,6 +130,7 @@ role:
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
- {{ portgroups.yum }} - {{ portgroups.yum }}
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
@@ -140,6 +145,7 @@ role:
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
heavynodes: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
@@ -151,6 +157,7 @@ role:
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
self: self:
portgroups: portgroups:
- {{ portgroups.syslog}} - {{ portgroups.syslog}}
@@ -170,6 +177,7 @@ role:
portgroups: portgroups:
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
endgame: endgame:
portgroups: portgroups:
- {{ portgroups.endgame }} - {{ portgroups.endgame }}
@@ -212,12 +220,14 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
sensors: sensors:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
- {{ portgroups.yum }} - {{ portgroups.yum }}
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
@@ -231,6 +241,7 @@ role:
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
heavynodes: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
@@ -241,6 +252,7 @@ role:
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
self: self:
portgroups: portgroups:
- {{ portgroups.syslog}} - {{ portgroups.syslog}}
@@ -257,6 +269,7 @@ role:
portgroups: portgroups:
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
endgame: endgame:
portgroups: portgroups:
- {{ portgroups.endgame }} - {{ portgroups.endgame }}
@@ -312,6 +325,7 @@ role:
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
- {{ portgroups.endgame }} - {{ portgroups.endgame }}
- {{ portgroups.strelka_frontend }} - {{ portgroups.strelka_frontend }}
fleet: fleet:
@@ -326,6 +340,7 @@ role:
- {{ portgroups.beats_5056 }} - {{ portgroups.beats_5056 }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
sensors: sensors:
portgroups: portgroups:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
@@ -337,6 +352,7 @@ role:
- {{ portgroups.beats_5056 }} - {{ portgroups.beats_5056 }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
searchnodes: searchnodes:
portgroups: portgroups:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
@@ -371,6 +387,7 @@ role:
portgroups: portgroups:
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
endgame: endgame:
portgroups: portgroups:
- {{ portgroups.endgame }} - {{ portgroups.endgame }}
@@ -529,6 +546,7 @@ role:
portgroups: portgroups:
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.elastic_agent_update }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}

3
salt/firewall/ports/ports.yaml
View File

@@ -35,6 +35,9 @@ firewall:
elastic_agent_data: elastic_agent_data:
tcp: tcp:
- 5055 - 5055
elastic_agent_update:
tcp:
- 8443
endgame: endgame:
tcp: tcp:
- 3765 - 3765

16
salt/nginx/etc/nginx.conf
View File

@@ -43,6 +43,22 @@ http {
return 307 https://{{ GLOBALS.url_base }}$request_uri; return 307 https://{{ GLOBALS.url_base }}$request_uri;
} }
server {
listen 8443;
server_name {{ GLOBALS.url_base }};
root /opt/socore/html;
location /artifacts/ {
try_files $uri =206;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server { server {
listen 443 ssl http2 default_server; listen 443 ssl http2 default_server;
server_name _; server_name _;

1
salt/nginx/init.sls
View File

@@ -96,6 +96,7 @@ so-nginx:
- /opt/so/tmp/nginx/:/var/lib/nginx:rw - /opt/so/tmp/nginx/:/var/lib/nginx:rw
- /opt/so/tmp/nginx/:/run:rw - /opt/so/tmp/nginx/:/run:rw
- /opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/:/opt/socore/html/packages - /opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/:/opt/socore/html/packages
- /nsm/elastic-fleet/artifacts/:/opt/socore/html/artifacts
{% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import'] %} {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import'] %}
- /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro - /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro
- /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro - /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro

11
setup/so-functions
View File

@@ -962,6 +962,17 @@ detect_os() {
} }
download_elastic_agent_artifacts() {
#TODO - ISO
mkdir -p /nsm/elastic-fleet/artifacts/beats/elastic-agent/
curl --retry 5 --retry-delay 60 https://repo.securityonion.net/file/so-repo/prod/2.4/elasticagent/elastic-agent_SO-$SOVERSION.tar.gz --output /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz
tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/
}
installer_progress_loop() { installer_progress_loop() {
local i=0 local i=0
local msg="${1:-Performing background actions...}" local msg="${1:-Performing background actions...}"

2
setup/so-setup
View File

@@ -605,6 +605,8 @@ if ! [[ -f $install_opt_file ]]; then
gpg_rpm_import gpg_rpm_import
# Create the local repo and point the box to use the local repo # Create the local repo and point the box to use the local repo
securityonion_repo securityonion_repo
# Download Elastic Agent Artifacts
download_elastic_agent_artifacts
# Update existing packages # Update existing packages
update_packages update_packages
# Install salt # Install salt