CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9162 from Security-Onion-Solutions/config

Browse Source 
Config
This commit is contained in:
Jason Ertel
2022-11-17 11:50:35 -05:00
committed by GitHub
parent c14c8c1306 ed9aa5b73f
commit 5f59ae52d5
5 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/soc/defaults.yaml
View File

@@ -83,7 +83,7 @@ soc:
bucket: telegraf bucket: telegraf
verifyCert: false verifyCert: false
salt: salt:
saltPipe: /opt/sensoroni/salt.pipe saltPipe: /opt/sensoroni/salt/pipe
sostatus: sostatus:
refreshIntervalMs: 30000 refreshIntervalMs: 30000
offlineThresholdMs: 900000 offlineThresholdMs: 900000

3
salt/soc/files/bin/salt-relay.sh
View File

@@ -6,7 +6,8 @@
PIPE_OWNER=${PIPE_OWNER:-socore} PIPE_OWNER=${PIPE_OWNER:-socore}
PIPE_GROUP=${PIPE_GROUP:-socore} PIPE_GROUP=${PIPE_GROUP:-socore}
SOC_PIPE=${SOC_PIPE_REQUEST:-/opt/so/conf/soc/salt.pipe} SOC_PIPE=${SOC_PIPE_REQUEST:-/opt/so/conf/soc/salt/pipe}
PATH=${PATH}:/usr/sbin
function log() { function log() {
echo "$(date) | $1" echo "$(date) | $1"

15
salt/soc/init.sls
View File

@@ -27,6 +27,12 @@ soclogdir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
socsaltdir:
file.directory:
- name: /opt/so/conf/soc/salt
- user: 939
- group: 939
- makedirs: True
socconfig: socconfig:
file.managed: file.managed:
@@ -81,11 +87,8 @@ socusersroles:
- sls: manager.sync_es_users - sls: manager.sync_es_users
salt-relay: salt-relay:
cmd.run: cron.present:
- env: - name: 'ps -ef | grep salt-relay | grep -v grep || /opt/so/saltstack/default/salt/soc/files/bin/salt-relay.sh >> /opt/so/log/soc/salt-relay.log 2>&1 &'
- SOC_PIPE: /opt/sensoroni/salt.pipe
- name: '/opt/so/saltstack/default/salt/soc/files/bin/salt-relay.sh >> /opt/so/log/soc/salt-relay.log 2>&1 &'
- unless: ps -ef | grep salt-relay | grep -v grep
so-soc: so-soc:
docker_container.running: docker_container.running:
@@ -101,7 +104,7 @@ so-soc:
- /opt/so/conf/soc/custom.js:/opt/sensoroni/html/js/custom.js:ro - /opt/so/conf/soc/custom.js:/opt/sensoroni/html/js/custom.js:ro
- /opt/so/conf/soc/custom_roles:/opt/sensoroni/rbac/custom_roles:ro - /opt/so/conf/soc/custom_roles:/opt/sensoroni/rbac/custom_roles:ro
- /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw - /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw
- /opt/so/conf/soc/salt.pipe:/opt/sensoroni/salt.pipe:rw - /opt/so/conf/soc/salt:/opt/sensoroni/salt:rw
- /opt/so/saltstack:/opt/so/saltstack:rw - /opt/so/saltstack:/opt/so/saltstack:rw
{%- if salt['pillar.get']('nodestab', {}) %} {%- if salt['pillar.get']('nodestab', {}) %}
- extra_hosts: - extra_hosts:

4
salt/strelka/filecheck/filecheck
View File

@@ -65,6 +65,8 @@ if __name__ == "__main__":
event_handler =CreatedEventHandler() event_handler =CreatedEventHandler()
observer = Observer() observer = Observer()
logging.info("Starting filecheck")
observer.schedule(event_handler, extract_path, recursive=True) observer.schedule(event_handler, extract_path, recursive=True)
observer.start() observer.start()
try: try:
@@ -73,3 +75,5 @@ if __name__ == "__main__":
except KeyboardInterrupt: except KeyboardInterrupt:
observer.stop() observer.stop()
observer.join() observer.join()
logging.info("Exiting filecheck")

8
salt/strelka/init.sls
View File

@@ -135,11 +135,9 @@ filecheck_script:
- mode: 755 - mode: 755
filecheck_run: filecheck_run:
cmd.run: cron.present:
- name: 'python3 /opt/so/conf/strelka/filecheck' - name: 'ps -ef | grep filecheck | grep -v grep || python3 /opt/so/conf/strelka/filecheck >> /opt/so/log/strelka/filecheck_stdout.log 2>&1 &'
- bg: True - user: socore
- runas: socore
- unless: ps -ef | grep filecheck | grep -v grep
filcheck_history_clean: filcheck_history_clean:
cron.present: cron.present: