Add Firewall Logic

2025-12-06 17:22:49 +01:00 · 2020-09-09 21:16:40 -04:00
parent 45b11b2321
commit 5d4e8925a3
6 changed files with 35 additions and 8 deletions
--- a/pillar/firewall/ports.sls
+++ b/pillar/firewall/ports.sls
@@ -26,6 +26,7 @@ firewall:
        - 4200
        - 5601
        - 6379
+        - 7788
        - 8086
        - 8090
        - 9001
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -1,3 +1,4 @@
+{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
 {% import_yaml 'firewall/portgroups.yaml' as portgroups %}
 {% set portgroups = portgroups.firewall.aliases.ports %}

@@ -109,6 +110,9 @@ role:
              - {{ portgroups.elasticsearch_node }}
              - {{ portgroups.cortex_es_rest }}
              - {{ portgroups.cortex_es_node }}
+              {% if ISAIRGAP is sameas true %}
+              - {{ portgroups.agrules }}
+              {% endif %}
          minion:
            portgroups:
              - {{ portgroups.acng }}
@@ -117,7 +121,9 @@ role:
              - {{ portgroups.influxdb }}
              - {{ portgroups.wazuh_api }}
              - {{ portgroups.fleet_api }}
+              {% if ISAIRGAP is sameas true %}
              - {{ portgroups.yum }}
+              {% endif %}
          sensor:
            portgroups:
              - {{ portgroups.sensoroni }}
--- a/salt/firewall/portgroups.yaml
+++ b/salt/firewall/portgroups.yaml
@@ -9,6 +9,9 @@ firewall:
      acng:
        tcp:
          - 3142
+      agrules:
+        tcp:
+          - 7788
      beats_5044:
        tcp:
          - 5044
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -2,10 +2,11 @@
 {%- set RULESET = salt['pillar.get']('idstools:config:ruleset') -%}
 {%- set OINKCODE = salt['pillar.get']('idstools:config:oinkcode', '' ) -%}
 {%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') -%}
-{% if ISAIRGAP is sameas true %}
+{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') -%}
+{%- if ISAIRGAP is sameas true -%}
 --merged=/opt/so/rules/nids/all.rules
 --local=/opt/so/rules/nids/local.rules
--local=/opt/so/rules/nids/emerging-all.rules
+--url=http://{{ MANAGERIP }}/repo/rules/emerging-all.rules
 --disable=/opt/so/idstools/etc/disable.conf
 --enable=/opt/so/idstools/etc/enable.conf
 --modify=/opt/so/idstools/etc/modify.conf
@@ -24,8 +25,8 @@
 --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }}
  {%- endif -%}
 {%- endif -%}
-{%- if URLS != None %}
-{%- for URL in URLS %}
+{%- if URLS != None -%}
+{%- for URL in URLS -%}
 --url={{ URL }}
-{%- endfor %}
-{%- endif %}
+{%- endfor -%}
+{%- endif -%}
--- a/salt/nginx/etc/nginx.conf.so-manager
+++ b/salt/nginx/etc/nginx.conf.so-manager
@@ -67,6 +67,22 @@ http {
 			server_name _;
 			return 301 https://$host$request_uri;
 	}
+	{%- if ISAIRGAP is sameas true %}
+	server {
+		    listen 7788;
+			server_name _;
+			root /opt/socore/html/repo
+			location /rules/ {
+                allow all;
+                sendfile on;
+                sendfile_max_chunk 1m;
+                autoindex on;
+                autoindex_exact_size off;
+                autoindex_format html;
+                autoindex_localtime on;
+			}
+	}
+	{%- endif %}

 {% if FLEET_MANAGER %}
 	server {
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -48,8 +48,8 @@ logCmd() {

 airgap_rules() {
 	# Copy the rules for suricata if using Airgap
-	mkdir -p /opt/so/rules/nids
-	cp -v /root/SecurityOnion/agrules/emerging-all.rules /opt/so/rules/nids/
+	mkdir -p /nsm/repo/rules
+	cp -v /root/SecurityOnion/agrules/emerging-all.rules /nsm/repo/rules/
 }

 analyze_system() {