CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 02:32:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

2.4 strelka

Browse Source
This commit is contained in:
m0duspwnens
2023-03-10 17:32:14 -05:00
parent d75866caec
commit 58343e39fa
21 changed files with 706 additions and 604 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
salt/strelka/init.sls
View File

@@ -8,15 +8,10 @@
{% from 'docker/docker.map.jinja' import DOCKER %}
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %}
{% import_yaml 'strelka/defaults.yaml' as strelka_config with context %}
{% set IGNORELIST = salt['pillar.get']('strelka:ignore', strelka_config.strelka.ignore, merge=True, merge_nested_lists=True) %}
{% set ENGINE = salt['pillar.get']('global:mdengine', '') %}
{% if ENGINE == "SURICATA" %}
{% set filecheck_runas = 'suricata' %}
{% else %}
{% set filecheck_runas = 'socore' %}
{% endif %}
{% from 'strelka/map.jinja' import STRELKAMERGED %}
{% from 'strelka/filecheck/map.jinja' import FILECHECKDEFAULTS %}
{% from 'strelka/filecheck/map.jinja' import filecheck_runas %}
# Strelka config
strelkaconfdir:
@@ -33,14 +28,65 @@ strelkarulesdir:
- group: 939
- makedirs: True
# Sync dynamic config to conf dir
strelkasync:
file.recurse:
- name: /opt/so/conf/strelka/
- source: salt://strelka/files
backend_backend_config:
file.managed:
- name: /opt/so/conf/strelka/backend/backend.yaml
- source: salt://strelka/files/backend/backend.yaml.jinja
- template: jinja
- user: 939
- group: 939
- defaults:
BACKENDCONFIG: {{ STRELKAMERGED.config.backend.backend }}
backend_logging_config:
file.managed:
- name: /opt/so/conf/strelka/backend/logging.yaml
- source: salt://strelka/files/backend/logging.yaml.jinja
- template: jinja
- user: 939
- group: 939
- defaults:
LOGGINGCONFIG: {{ STRELKAMERGED.config.backend.logging }}
backend_passwords:
file.managed:
- name: /opt/so/conf/strelka/backend/passwords.dat
- source: salt://strelka/files/backend/passwords.dat.jinja
- template: jinja
- user: 939
- group: 939
- defaults:
PASSWORDS: {{ STRELKAMERGED.config.backend.passwords }}
filestream_config:
file.managed:
- name: /opt/so/conf/strelka/filestream/filestream.yaml
- source: salt://strelka/files/filestream/filestream.yaml.jinja
- template: jinja
- user: 939
- group: 939
- defaults:
FILESTREAMCONFIG: {{ STRELKAMERGED.config.filestream }}
frontend_config:
file.managed:
- name: /opt/so/conf/strelka/frontend/frontend.yaml
- source: salt://strelka/files/frontend/frontend.yaml.jinja
- template: jinja
- user: 939
- group: 939
- defaults:
FRONTENDCONFIG: {{ STRELKAMERGED.config.frontend }}
manager_config:
file.managed:
- name: /opt/so/conf/strelka/manager/manager.yaml
- source: salt://strelka/files/manager/manager.yaml.jinja
- template: jinja
- user: 939
- group: 939
- defaults:
MANAGERCONFIG: {{ STRELKAMERGED.config.manager }}
{% if STRELKA_RULES == 1 %}
@@ -51,16 +97,6 @@ strelkarules:
- user: 939
- group: 939
- clean: True
- exclude_pat:
{% for IGNOREDRULE in IGNORELIST %}
- {{ IGNOREDRULE }}
{% endfor %}
{% for IGNOREDRULE in IGNORELIST %}
remove_rule_{{ IGNOREDRULE }}:
file.absent:
- name: /opt/so/conf/strelka/rules/signature-base/{{ IGNOREDRULE }}
{% endfor %}
{% if grains['role'] in GLOBALS.manager_roles %}
strelkarepos:
@@ -133,8 +169,10 @@ filecheck_history:
filecheck_conf:
file.managed:
- name: /opt/so/conf/strelka/filecheck.yaml
- source: salt://strelka/filecheck/filecheck.yaml
- source: salt://strelka/filecheck/filecheck.yaml.jinja
- template: jinja
- defaults:
FILECHECKCONFIG: {{ FILECHECKDEFAULTS }}
filecheck_script:
file.managed:
@@ -173,7 +211,7 @@ strelka_coordinator:
- ipv4_address: {{ DOCKER.containers['so-strelka-coordinator'].ip }}
- entrypoint: redis-server --save "" --appendonly no
- extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
- {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
- port_bindings:
{% for BINDING in DOCKER.containers['so-strelka-coordinator'].port_bindings %}
- {{ BINDING }}
@@ -193,7 +231,7 @@ strelka_gatekeeper:
- ipv4_address: {{ DOCKER.containers['so-strelka-gatekeeper'].ip }}
- entrypoint: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru
- extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
- {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
- port_bindings:
{% for BINDING in DOCKER.containers['so-strelka-gatekeeper'].port_bindings %}
- {{ BINDING }}
@@ -217,7 +255,7 @@ strelka_frontend:
- ipv4_address: {{ DOCKER.containers['so-strelka-frontend'].ip }}
- command: strelka-frontend
- extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
- {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
- port_bindings:
{% for BINDING in DOCKER.containers['so-strelka-frontend'].port_bindings %}
- {{ BINDING }}
@@ -240,7 +278,7 @@ strelka_backend:
- ipv4_address: {{ DOCKER.containers['so-strelka-backend'].ip }}
- command: strelka-backend
- extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
- {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
- restart_policy: on-failure
append_so-strelka-backend_so-status.conf:
@@ -259,7 +297,7 @@ strelka_manager:
- ipv4_address: {{ DOCKER.containers['so-strelka-manager'].ip }}
- command: strelka-manager
- extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
- {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
append_so-strelka-manager_so-status.conf:
file.append:
@@ -278,7 +316,7 @@ strelka_filestream:
- ipv4_address: {{ DOCKER.containers['so-strelka-filestream'].ip }}
- command: strelka-filestream
- extra_hosts:
- {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
- {{ GLOBALS.hostname }}:{{ GLOBALS.node_ip }}
append_so-strelka-filestream_so-status.conf:
file.append: