mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
enabled/disable zeek
This commit is contained in:
m0duspwnens
@@ -3,8 +3,6 @@
|
|||||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||||
# Elastic License 2.0.
|
# Elastic License 2.0.
|
||||||
|
|
||||||
|
|
||||||
{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
|
|
||||||
{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
|
{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
|
||||||
{% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %}
|
{% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %}
|
||||||
{% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %}
|
{% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %}
|
||||||
@@ -221,7 +219,7 @@
|
|||||||
{% do allowed_states.append('mysql') %}
|
{% do allowed_states.append('mysql') %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{%- if ZEEKVER != 'SURICATA' and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %}
|
{%- if grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %}
|
||||||
{% do allowed_states.append('zeek') %}
|
{% do allowed_states.append('zeek') %}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
|
|||||||
10
salt/top.sls
10
salt/top.sls
@@ -3,8 +3,6 @@
|
|||||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||||
# Elastic License 2.0.
|
# Elastic License 2.0.
|
||||||
|
|
||||||
|
|
||||||
{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
|
|
||||||
{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
|
{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
|
||||||
{% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %}
|
{% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %}
|
||||||
{% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %}
|
{% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %}
|
||||||
@@ -52,9 +50,7 @@ base:
|
|||||||
- pcap
|
- pcap
|
||||||
- suricata
|
- suricata
|
||||||
- healthcheck
|
- healthcheck
|
||||||
{%- if ZEEKVER != 'SURICATA' %}
|
|
||||||
- zeek
|
- zeek
|
||||||
{%- endif %}
|
|
||||||
{%- if STRELKA %}
|
{%- if STRELKA %}
|
||||||
- strelka
|
- strelka
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
@@ -89,9 +85,7 @@ base:
|
|||||||
{%- endif %}
|
{%- endif %}
|
||||||
- pcap
|
- pcap
|
||||||
- suricata
|
- suricata
|
||||||
{%- if ZEEKVER != 'SURICATA' %}
|
|
||||||
- zeek
|
- zeek
|
||||||
{%- endif %}
|
|
||||||
{%- if STRELKA %}
|
{%- if STRELKA %}
|
||||||
- strelka
|
- strelka
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
@@ -183,9 +177,7 @@ base:
|
|||||||
{%- endif %}
|
{%- endif %}
|
||||||
- pcap
|
- pcap
|
||||||
- suricata
|
- suricata
|
||||||
{%- if ZEEKVER != 'SURICATA' %}
|
|
||||||
- zeek
|
- zeek
|
||||||
{%- endif %}
|
|
||||||
{%- if STRELKA %}
|
{%- if STRELKA %}
|
||||||
- strelka
|
- strelka
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
@@ -278,9 +270,7 @@ base:
|
|||||||
{%- endif %}
|
{%- endif %}
|
||||||
- pcap
|
- pcap
|
||||||
- suricata
|
- suricata
|
||||||
{%- if ZEEKVER != 'SURICATA' %}
|
|
||||||
- zeek
|
- zeek
|
||||||
{%- endif %}
|
|
||||||
- elasticfleet.install_agent_grid
|
- elasticfleet.install_agent_grid
|
||||||
- docker_clean
|
- docker_clean
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,8 @@
|
|||||||
|
{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||||
|
or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||||
|
https://securityonion.net/license; you may not use this file except in compliance with the
|
||||||
|
Elastic License 2.0. #}
|
||||||
|
|
||||||
{% from 'vars/sensor.map.jinja' import ROLE_GLOBALS %}
|
{% from 'vars/sensor.map.jinja' import ROLE_GLOBALS %}
|
||||||
{% import_yaml 'zeek/defaults.yaml' as ZEEKDEFAULTS with context %}
|
{% import_yaml 'zeek/defaults.yaml' as ZEEKDEFAULTS with context %}
|
||||||
{% set ZEEKMERGED = salt['pillar.get']('zeek', ZEEKDEFAULTS.zeek, merge=True) %}
|
{% set ZEEKMERGED = salt['pillar.get']('zeek', ZEEKDEFAULTS.zeek, merge=True) %}
|
||||||
|
|||||||
@@ -8,9 +8,7 @@
|
|||||||
|
|
||||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||||
{% from "zeek/config.map.jinja" import ZEEKMERGED %}
|
{% from "zeek/config.map.jinja" import ZEEKMERGED %}
|
||||||
|
|
||||||
{% from 'bpf/zeek.map.jinja' import ZEEKBPF %}
|
{% from 'bpf/zeek.map.jinja' import ZEEKBPF %}
|
||||||
|
|
||||||
{% set BPF_STATUS = 0 %}
|
{% set BPF_STATUS = 0 %}
|
||||||
|
|
||||||
# Add Zeek group
|
# Add Zeek group
|
||||||
|
|||||||
@@ -1,3 +1,8 @@
|
|||||||
|
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||||
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||||
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||||
|
# Elastic License 2.0.
|
||||||
|
|
||||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||||
{% if sls.split('.')[0] in allowed_states %}
|
{% if sls.split('.')[0] in allowed_states %}
|
||||||
|
|
||||||
|
|||||||
@@ -1,3 +1,8 @@
|
|||||||
|
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||||
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||||
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||||
|
# Elastic License 2.0.
|
||||||
|
|
||||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||||
{% if sls.split('.')[0] in allowed_states %}
|
{% if sls.split('.')[0] in allowed_states %}
|
||||||
|
|
||||||
|
|||||||
@@ -1,8 +1,13 @@
|
|||||||
|
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||||
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||||
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||||
|
# Elastic License 2.0.
|
||||||
|
|
||||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||||
{% from 'zeek/config.map.jinja' import ZEEKMERGED %}
|
{% from 'zeek/config.map.jinja' import ZEEKMERGED %}
|
||||||
|
|
||||||
include:
|
include:
|
||||||
{% if ZEEKMERGED.enabled and GLOBALS.role != 'so-import'%}
|
{% if ZEEKMERGED.enabled and GLOBALS.role != 'so-import' and GLOBALS.md_engine != 'SURICATA' %}
|
||||||
- zeek.enabled
|
- zeek.enabled
|
||||||
{% elif GLOBALS.role == 'so-import' %}
|
{% elif GLOBALS.role == 'so-import' %}
|
||||||
- zeek.config
|
- zeek.config
|
||||||
|
|||||||
@@ -1,3 +1,8 @@
|
|||||||
|
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||||
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||||
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||||
|
# Elastic License 2.0.
|
||||||
|
|
||||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||||
{% if sls.split('.')[0] in allowed_states %}
|
{% if sls.split('.')[0] in allowed_states %}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user