enable/disable each strelka container in ui

2025-12-24 01:43:11 +01:00 · 2023-05-10 15:50:07 -04:00
parent 02e1a29f0c
commit 54c9a3ec71
43 changed files with 1119 additions and 368 deletions
--- a/salt/strelka/filestream/config.sls
+++ b/salt/strelka/filestream/config.sls
@@ -0,0 +1,108 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+{%   from 'strelka/map.jinja' import STRELKAMERGED %}
+{%   from 'strelka/map.jinja' import filecheck_runas %}
+
+include:
+  - strelka.config
+  - strelka.filestream.sostatus
+
+strelkaprocessed:
+   file.directory:
+    - name: /nsm/strelka/processed
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+strelkastaging:
+   file.directory:
+    - name: /nsm/strelka/staging
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+strelkaunprocessed:
+   file.directory:
+    - name: /nsm/strelka/unprocessed
+    - user: 939
+    - group: 939
+    - mode: 775
+    - makedirs: True
+
+filestream_config:
+  file.managed:
+    - name: /opt/so/conf/strelka/filestream/filestream.yaml
+    - source: salt://strelka/filestream/files/filestream.yaml.jinja
+    - template: jinja
+    - user: 939
+    - group: 939
+    - makedirs: True
+    - defaults:
+        FILESTREAMCONFIG: {{ STRELKAMERGED.filestream.config }}
+
+# Filecheck Section
+filecheck_logdir:
+  file.directory:
+    - name: /opt/so/log/strelka
+    - user: 939
+    - group: 939
+    - mode: 775
+    - makedirs: True
+
+filecheck_history:
+  file.directory:
+    - name: /nsm/strelka/history
+    - user: 939
+    - group: 939
+    - mode: 775
+    - makedirs: True
+
+filecheck_conf:
+  file.managed:
+    - name: /opt/so/conf/strelka/filecheck.yaml
+    - source: salt://strelka/filecheck/filecheck.yaml.jinja
+    - template: jinja
+    - defaults:
+        FILECHECKCONFIG: {{ STRELKAMERGED.filecheck }}
+
+filecheck_script:
+  file.managed:
+    - name: /opt/so/conf/strelka/filecheck
+    - source: salt://strelka/filecheck/filecheck
+    - user: 939
+    - group: 939
+    - mode: 755
+
+filecheck_restart:
+  cmd.run:
+    - name: pkill -f "python3 /opt/so/conf/strelka/filecheck"
+    - hide_output: True
+    - success_retcodes: [0,1]
+    - onchanges:
+      - file: filecheck_script
+
+filecheck_run:
+  cron.present:
+    - name: 'ps -ef | grep filecheck | grep -v grep > /dev/null 2>&1 || python3 /opt/so/conf/strelka/filecheck >> /opt/so/log/strelka/filecheck_stdout.log 2>&1 &'
+    - identifier: filecheck_run
+    - user: {{ filecheck_runas }}
+
+filcheck_history_clean:
+  cron.present:
+    - name: '/usr/bin/find /nsm/strelka/history/ -type f -mtime +2 -exec rm {} + > /dev/null 2>&1'
+    - identifier: filecheck_history_clean
+    - minute: '33'
+# End Filecheck Section
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
--- a/salt/strelka/filestream/disabled.sls
+++ b/salt/strelka/filestream/disabled.sls
@@ -0,0 +1,27 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+
+include:
+  - strelka.filestream.sostatus
+  
+so-strelka-filestream:
+  docker_container.absent:
+    - force: True
+
+so-strelka-filestream_so-status.disabled:
+  file.comment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-strelka-filestream$
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
--- a/salt/strelka/filestream/enabled.sls
+++ b/salt/strelka/filestream/enabled.sls
@@ -0,0 +1,38 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+
+include:
+  - strelka.filestream.config
+  - strelka.filestream.sostatus
+
+strelka_filestream:
+  docker_container.running:
+    - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-strelka-filestream:{{ GLOBALS.so_version }}
+    - binds:
+      - /opt/so/conf/strelka/filestream/:/etc/strelka/:ro
+      - /nsm/strelka:/nsm/strelka
+    - name: so-strelka-filestream
+    - networks:
+      - sobridge:
+        - ipv4_address: {{ DOCKER.containers['so-strelka-filestream'].ip }}
+    - command: strelka-filestream
+    - extra_hosts:
+      - {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
+
+delete_so-strelka-filestream_so-status.disabled:
+  file.uncomment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-strelka-filestream$
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
--- a/salt/strelka/filestream/files/filestream.yaml.jinja
+++ b/salt/strelka/filestream/files/filestream.yaml.jinja
@@ -0,0 +1 @@
+{{ FILESTREAMCONFIG | yaml(false) }}
--- a/salt/strelka/filestream/init.sls
+++ b/salt/strelka/filestream/init.sls
@@ -0,0 +1,13 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'strelka/map.jinja' import STRELKAMERGED %}
+
+include:
+{% if STRELKAMERGED.filestream.enabled %}
+  - strelka.filestream.enabled
+{% else %}
+  - strelka.filestream.disabled
+{% endif %}
--- a/salt/strelka/filestream/sostatus.sls
+++ b/salt/strelka/filestream/sostatus.sls
@@ -0,0 +1,21 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+
+append_so-strelka-filestream_so-status.conf:
+  file.append:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - text: so-strelka-filestream
+    - unless: grep -q so-strelka-filestream /opt/so/conf/so-status/so-status.conf
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}