From 5a0df2719311303b854fe9fe79afb5d21375422f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 12 Aug 2020 10:27:15 -0400 Subject: [PATCH] rename importpcap node to import --- .../assigned_hostgroups.local.map.yaml | 2 +- pillar/top.sls | 4 +- ...{importpcap.map.jinja => import.map.jinja} | 4 +- salt/elasticsearch/init.sls | 2 +- salt/firewall/assigned_hostgroups.map.yaml | 2 +- salt/{importpcap => import}/bond.sls | 0 salt/ssl/init.sls | 6 +-- salt/top.sls | 2 +- setup/so-functions | 28 +++++------ setup/so-setup | 46 +++++++++---------- setup/so-whiptail | 2 +- 11 files changed, 48 insertions(+), 50 deletions(-) rename salt/common/maps/{importpcap.map.jinja => import.map.jinja} (74%) rename salt/{importpcap => import}/bond.sls (100%) diff --git a/files/firewall/assigned_hostgroups.local.map.yaml b/files/firewall/assigned_hostgroups.local.map.yaml index b39d34ae7..50ef751a4 100644 --- a/files/firewall/assigned_hostgroups.local.map.yaml +++ b/files/firewall/assigned_hostgroups.local.map.yaml @@ -13,7 +13,7 @@ role: fleet: heavynode: helixsensor: - importpcap: + import: manager: managersearch: standalone: diff --git a/pillar/top.sls b/pillar/top.sls index 44f56edc5..73d66ef2a 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -2,7 +2,7 @@ base: '*': - patch.needs_restarting - '*_eval or *_helix or *_heavynode or *_sensor or *_standalone or *_importpcap': + '*_eval or *_helix or *_heavynode or *_sensor or *_standalone or *_import': - match: compound - zeek @@ -81,7 +81,7 @@ base: - elasticsearch.search - minions.{{ grains.id }} - '*_importpcap': + '*_import': - zeeklogs - secrets - elasticsearch.eval diff --git a/salt/common/maps/importpcap.map.jinja b/salt/common/maps/import.map.jinja similarity index 74% rename from salt/common/maps/importpcap.map.jinja rename to salt/common/maps/import.map.jinja index f412a030e..adb266809 100644 --- a/salt/common/maps/importpcap.map.jinja +++ b/salt/common/maps/import.map.jinja @@ -7,8 +7,6 @@ 'so-elasticsearch', 'so-kibana', 'so-suricata', - 'so-zeek', - 'so-soctopus', - 'so-sensoroni' + 'so-zeek' ] } %} \ No newline at end of file diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 0f92a5d9c..48c4c99aa 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -23,7 +23,7 @@ {% set FEATURES = '' %} {% endif %} -{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-importpcap'] %} +{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %} {% set esclustername = salt['pillar.get']('manager:esclustername', '') %} {% set esheap = salt['pillar.get']('manager:esheap', '') %} {% set ismanager = True %} diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index fe7e12135..ef9e6fe0c 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -488,7 +488,7 @@ role: localhost: portgroups: - {{ portgroups.all }} - importpcap: + import: chain: DOCKER-USER: hostgroups: diff --git a/salt/importpcap/bond.sls b/salt/import/bond.sls similarity index 100% rename from salt/importpcap/bond.sls rename to salt/import/bond.sls diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index af9495e59..c0b48dd1f 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -7,7 +7,7 @@ {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %} {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %} -{% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'importpcap'] %} +{% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %} {% set trusttheca_text = salt['mine.get'](grains.id, 'x509.get_pem_entries')[grains.id]['/etc/pki/ca.crt']|replace('\n', '') %} {% set ca_server = grains.id %} {% else %} @@ -72,7 +72,7 @@ influxkeyperms: - mode: 640 - group: 939 -{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-importpcap'] %} +{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %} /etc/pki/filebeat.key: x509.private_key_managed: @@ -322,7 +322,7 @@ fleetkeyperms: - group: 939 {% endif %} -{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-importpcap'] %} +{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import'] %} fbcertdir: file.directory: diff --git a/salt/top.sls b/salt/top.sls index 509f6b2c2..a51978b1e 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -387,7 +387,7 @@ base: - fleet.install_package - filebeat - '*_importpcap and G@saltversion:{{saltversion}}': + '*_import and G@saltversion:{{saltversion}}': - match: compound - ca - ssl diff --git a/setup/so-functions b/setup/so-functions index dda15b65e..26d80c98a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -302,7 +302,7 @@ configure_minion() { 'helix') echo "master: $HOSTNAME" >> "$minion_config" ;; - 'manager' | 'eval' | 'managersearch' | 'standalone' | 'importpcap') + 'manager' | 'eval' | 'managersearch' | 'standalone' | 'import') printf '%s\n'\ "master: $HOSTNAME"\ "mysql.host: '$MAINIP'"\ @@ -358,7 +358,7 @@ check_requirements() { req_cores=4 if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi if [[ "$node_type" == 'fleet' ]]; then req_mem=4; fi - elif [[ "$standalone_or_dist" == 'importpcap' ]]; then + elif [[ "$standalone_or_dist" == 'import' ]]; then req_mem=4 req_cores=2 req_nics=1 @@ -366,7 +366,7 @@ check_requirements() { if [[ $setup_type == 'network' ]] ; then if [[ -n $nsm_mount ]]; then - if [[ "$standalone_or_dist" == 'importpcap' ]]; then + if [[ "$standalone_or_dist" == 'import' ]]; then req_storage=50 else req_storage=100 @@ -378,7 +378,7 @@ check_requirements() { whiptail_storage_requirements "/nsm" "${free_space_nsm} GB" "${req_storage} GB" fi else - if [[ "$standalone_or_dist" == 'importpcap' ]]; then + if [[ "$standalone_or_dist" == 'import' ]]; then req_storage=50 else req_storage=200 @@ -417,7 +417,7 @@ copy_salt_master_config() { copy_minion_tmp_files() { case "$install_type" in - 'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORTPCAP') + 'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') echo "Copying pillar and salt files in $temp_install_dir to $local_salt_dir" cp -Rv "$temp_install_dir"/pillar/ $local_salt_dir/ >> "$setup_log" 2>&1 if [ -d "$temp_install_dir"/salt ] ; then @@ -674,7 +674,7 @@ docker_install() { else case "$install_type" in - 'MANAGER' | 'EVAL' | 'STANDALONE' | 'MANAGERSEARCH' | 'IMPORTPCAP') + 'MANAGER' | 'EVAL' | 'STANDALONE' | 'MANAGERSEARCH' | 'IMPORT') apt-get update >> "$setup_log" 2>&1 ;; *) @@ -718,7 +718,7 @@ docker_seed_registry() { local VERSION="$SOVERSION" if ! [ -f /nsm/docker-registry/docker/registry.tar ]; then - if [ "$install_type" == 'IMPORTPCAP' ]; then + if [ "$install_type" == 'IMPORT' ]; then local TRUSTED_CONTAINERS=(\ "so-logstash:$VERSION" \ "so-idstools:$VERSION" \ @@ -746,7 +746,7 @@ docker_seed_registry() { "so-zeek:$VERSION" ) fi - if [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'IMPORTPCAP' ]; then + if [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'IMPORT' ]; then TRUSTED_CONTAINERS=("${TRUSTED_CONTAINERS[@]}" \ "so-acng:$VERSION" \ "so-thehive-cortex:$VERSION" \ @@ -874,7 +874,7 @@ got_root() { get_minion_type() { local minion_type case "$install_type" in - 'EVAL' | 'MANAGERSEARCH' | 'MANAGER' | 'SENSOR' | 'HEAVYNODE' | 'FLEET' | 'STANDALONE' | 'IMPORTPCAP') + 'EVAL' | 'MANAGERSEARCH' | 'MANAGER' | 'SENSOR' | 'HEAVYNODE' | 'FLEET' | 'STANDALONE' | 'IMPORT') minion_type=$(echo "$install_type" | tr '[:upper:]' '[:lower:]') ;; 'HELIXSENSOR') @@ -1246,7 +1246,7 @@ saltify() { set_progress_str 6 'Installing various dependencies' yum -y install wget nmap-ncat >> "$setup_log" 2>&1 case "$install_type" in - 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'FLEET' | 'HELIXSENSOR' | 'STANDALONE'| 'IMPORTPCAP') + 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'FLEET' | 'HELIXSENSOR' | 'STANDALONE'| 'IMPORT') reserve_group_ids >> "$setup_log" 2>&1 yum -y install epel-release >> "$setup_log" 2>&1 yum -y install sqlite argon2 curl mariadb-devel >> "$setup_log" 2>&1 @@ -1317,7 +1317,7 @@ saltify() { 'FLEET') if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$setup_log" 2>&1; else apt-get -y install python-mysqldb >> "$setup_log" 2>&1; fi ;; - 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORTPCAP') # TODO: should this also be HELIXSENSOR? + 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # TODO: should this also be HELIXSENSOR? # Add saltstack repo(s) wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 @@ -1374,7 +1374,7 @@ saltify() { salt_checkin() { case "$install_type" in - 'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORTPCAP') # Fix Mine usage + 'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # Fix Mine usage { echo "Building Certificate Authority"; salt-call state.apply ca; @@ -1538,7 +1538,7 @@ set_hostname() { set_hostname_iso - if [[ ! $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|IMPORTPCAP)$ ]]; then + if [[ ! $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|IMPORT)$ ]]; then if ! getent hosts "$MSRV"; then echo "$MSRVIP $MSRV" >> /etc/hosts fi @@ -1570,7 +1570,7 @@ set_initial_firewall_policy() { $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost minion "$MAINIP" $default_salt_dir/pillar/data/addtotab.sh managertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" ;; - 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORTPCAP') + 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') $default_salt_dir/salt/common/tools/sbin/so-firewall includehost manager "$MAINIP" $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP" $default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP" diff --git a/setup/so-setup b/setup/so-setup index d9a13210c..4a8cf259e 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -163,8 +163,8 @@ elif [ "$install_type" = 'FLEET' ]; then OSQUERY=1 elif [ "$install_type" = 'HELIXSENSOR' ]; then is_helix=true -elif [ "$install_type" = 'IMPORTPCAP' ]; then - is_importpcap=true +elif [ "$install_type" = 'IMPORT' ]; then + is_import=true fi if [[ $is_manager && $is_sensor ]]; then @@ -173,13 +173,13 @@ elif [[ $is_fleet_standalone ]]; then check_requirements "dist" "fleet" elif [[ $is_sensor && ! $is_eval ]]; then check_requirements "dist" "sensor" -elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_importpcap ]]; then +elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then check_requirements "dist" -elif [[ $is_importpcap ]]; then - check_requirements "importpcap" +elif [[ $is_import ]]; then + check_requirements "import" fi -if [[ ! $is_importpcap ]]; then +if [[ ! $is_import ]]; then whiptail_patch_schedule fi @@ -243,7 +243,7 @@ if [[ $is_node ]]; then CURCLOSEDAYS=30 fi -if [[ $is_importpcap ]]; then +if [[ $is_import ]]; then PATCHSCHEDULENAME=auto MTU=1500 RULESETUP=ETOPEN @@ -271,11 +271,11 @@ if [[ $is_helix || $is_sensor ]]; then whiptail_sensor_nics fi -if [[ $is_helix || $is_sensor || $is_importpcap ]]; then +if [[ $is_helix || $is_sensor || $is_import ]]; then calculate_useable_cores fi -if [[ $is_helix || $is_manager || $is_importpcap ]]; then +if [[ $is_helix || $is_manager || $is_import ]]; then whiptail_homenet_manager fi @@ -306,7 +306,7 @@ if [[ $is_manager ]]; then fi fi -if [[ $is_manager || $is_importpcap ]]; then +if [[ $is_manager || $is_import ]]; then collect_webuser_inputs get_redirect fi @@ -368,7 +368,7 @@ else FLEETNODEPASSWD1=$WEBPASSWD1 fi -if [[ $is_manager || $is_importpcap ]]; then whiptail_so_allow; fi +if [[ $is_manager || $is_import ]]; then whiptail_so_allow; fi whiptail_make_changes @@ -392,7 +392,7 @@ fi } >> $setup_log 2>&1 -if [[ $is_manager || $is_importpcap ]]; then +if [[ $is_manager || $is_import ]]; then { generate_passwords; secrets_pillar; @@ -411,7 +411,7 @@ fi host_pillar >> $setup_log 2>&1 -if [[ $is_minion || $is_importpcap ]]; then +if [[ $is_minion || $is_import ]]; then set_updates >> $setup_log 2>&1 copy_ssh_key >> $setup_log 2>&1 fi @@ -434,7 +434,7 @@ fi configure_network_sensor >> $setup_log 2>&1 fi - if [[ $is_sensor || $is_helix || $is_importpcap ]]; then + if [[ $is_sensor || $is_helix || $is_import ]]; then set_progress_str 4 'Generating sensor pillar' sensor_pillar >> $setup_log 2>&1 fi @@ -451,7 +451,7 @@ fi set_progress_str 9 'Initializing Salt minion' configure_minion "$minion_type" >> $setup_log 2>&1 - if [[ $is_manager || $is_helix || $is_importpcap ]]; then + if [[ $is_manager || $is_helix || $is_import ]]; then set_progress_str 10 'Configuring Salt master' { create_local_directories; @@ -496,7 +496,7 @@ fi accept_salt_key_remote >> $setup_log 2>&1 fi - if [[ $is_manager || $is_importpcap ]]; then + if [[ $is_manager || $is_import ]]; then set_progress_str 20 'Accepting Salt key' salt-key -ya "$MINION_ID" >> $setup_log 2>&1 fi @@ -509,15 +509,15 @@ fi salt-call state.apply salt.minion -l info >> $setup_log 2>&1 fi - if [[ $is_importpcap ]]; then + if [[ $is_import ]]; then set_progress_str 22 'Configuring bond interface' - salt-call state.apply importpcap.bond -l info >> $setup_log 2>&1 + salt-call state.apply import.bond -l info >> $setup_log 2>&1 fi set_progress_str 23 'Generating CA and checking in' salt_checkin >> $setup_log 2>&1 - if [[ $is_manager || $is_helix || $is_importpcap ]]; then + if [[ $is_manager || $is_helix || $is_import ]]; then set_progress_str 25 'Configuring firewall' set_initial_firewall_policy >> $setup_log 2>&1 @@ -555,7 +555,7 @@ fi set_progress_str 64 "$(print_salt_state_apply 'nginx')" salt-call state.apply -l info nginx >> $setup_log 2>&1 - if [[ $is_manager || $is_node || $is_importpcap ]]; then + if [[ $is_manager || $is_node || $is_import ]]; then set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')" salt-call state.apply -l info elasticsearch >> $setup_log 2>&1 fi @@ -565,7 +565,7 @@ fi salt-call state.apply -l info pcap >> $setup_log 2>&1 fi - if [[ $is_sensor || $is_importpcap ]]; then + if [[ $is_sensor || $is_import ]]; then set_progress_str 66 "$(print_salt_state_apply 'suricata')" salt-call state.apply -l info suricata >> $setup_log 2>&1 @@ -578,7 +578,7 @@ fi salt-call state.apply -l info curator >> $setup_log 2>&1 fi - if [[ $is_manager || $is_importpcap ]]; then + if [[ $is_manager || $is_import ]]; then set_progress_str 69 "$(print_salt_state_apply 'soc')" salt-call state.apply -l info soc >> $setup_log 2>&1 @@ -644,7 +644,7 @@ fi fi fi - if [[ $is_manager || $is_helix || $is_importpcap ]]; then + if [[ $is_manager || $is_helix || $is_import ]]; then set_progress_str 81 "$(print_salt_state_apply 'utility')" salt-call state.apply -l info utility >> $setup_log 2>&1 fi diff --git a/setup/so-whiptail b/setup/so-whiptail index 264390d30..f84090e4f 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -475,7 +475,7 @@ whiptail_install_type() { "EVAL" "Evaluation mode (not for production) " ON \ "STANDALONE" "Standalone production install " OFF \ "DISTRIBUTED" "Distributed install submenu " OFF \ - "IMPORTPCAP" "Import PCAP mode " OFF \ + "IMPORT" "Standalone to import PCAP or log files " OFF \ 3>&1 1>&2 2>&3 )