From 63cea88c1dbabf0daed8f9f0c8a2a14adb3fd9be Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 11 May 2023 12:43:06 -0400 Subject: [PATCH] enable/disable influxdb in ui --- salt/influxdb/config.sls | 96 +++++++++++++++++ salt/influxdb/defaults.yaml | 3 +- salt/influxdb/disabled.sls | 32 ++++++ salt/influxdb/enabled.sls | 87 ++++++++++++++++ salt/influxdb/init.sls | 166 ++---------------------------- salt/influxdb/map.jinja | 9 +- salt/influxdb/soc_influxdb.yaml | 5 +- salt/influxdb/sostatus.sls | 21 ++++ salt/manager/tools/sbin/so-minion | 12 +++ salt/zeek/disabled.sls | 1 - salt/zeek/enabled.sls | 1 - 11 files changed, 269 insertions(+), 164 deletions(-) create mode 100644 salt/influxdb/config.sls create mode 100644 salt/influxdb/disabled.sls create mode 100644 salt/influxdb/enabled.sls create mode 100644 salt/influxdb/sostatus.sls diff --git a/salt/influxdb/config.sls b/salt/influxdb/config.sls new file mode 100644 index 000000000..54e20b713 --- /dev/null +++ b/salt/influxdb/config.sls @@ -0,0 +1,96 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} +{% from 'influxdb/map.jinja' import INFLUXMERGED %} + +include: + - salt.minion + - ssl + +# Influx DB +influxconfdir: + file.directory: + - name: /opt/so/conf/influxdb + - makedirs: True + +influxlogdir: + file.directory: + - name: /opt/so/log/influxdb + - dir_mode: 755 + - user: 939 + - group: 939 + - makedirs: True + +influxdbdir: + file.directory: + - name: /nsm/influxdb + - makedirs: True + +influxdb_sbin: + file.recurse: + - name: /usr/sbin + - source: salt://influxdb/tools/sbin + - user: 939 + - group: 939 + - file_mode: 755 + +#influxdb_sbin_jinja: +# file.recurse: +# - name: /usr/sbin +# - source: salt://influxdb/tools/sbin_jinja +# - user: 939 +# - group: 939 +# - file_mode: 755 +# - template: jinja + +influxdbconf: + file.managed: + - name: /opt/so/conf/influxdb/config.yaml + - source: salt://influxdb/config.yaml.jinja + - user: 939 + - group: 939 + - template: jinja + - defaults: + INFLUXMERGED: {{ INFLUXMERGED }} + +influxdbbucketsconf: + file.managed: + - name: /opt/so/conf/influxdb/buckets.json + - source: salt://influxdb/buckets.json.jinja + - user: 939 + - group: 939 + - template: jinja + - defaults: + INFLUXMERGED: {{ INFLUXMERGED }} + +influxdb-templates: + file.recurse: + - name: /opt/so/conf/influxdb/templates + - source: salt://influxdb/templates + - user: 939 + - group: 939 + - template: jinja + - clean: True + - defaults: + INFLUXMERGED: {{ INFLUXMERGED }} + +influxdb_curl_config: + file.managed: + - name: /opt/so/conf/influxdb/curl.config + - source: salt://influxdb/curl.config.jinja + - mode: 600 + - template: jinja + - show_changes: False + - makedirs: True + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/influxdb/defaults.yaml b/salt/influxdb/defaults.yaml index 373f6a603..29088fea9 100644 --- a/salt/influxdb/defaults.yaml +++ b/salt/influxdb/defaults.yaml @@ -1,4 +1,5 @@ influxdb: + enabled: False config: assets-path: /ui bolt-path: /var/lib/influxdb2/influxd.bolt @@ -74,4 +75,4 @@ influxdb: shard_duration: 604800 downsample: so_long_term: - resolution: 5m \ No newline at end of file + resolution: 5m diff --git a/salt/influxdb/disabled.sls b/salt/influxdb/disabled.sls new file mode 100644 index 000000000..edf27d7b1 --- /dev/null +++ b/salt/influxdb/disabled.sls @@ -0,0 +1,32 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} + +include: + - influxdb.sostatus + +so-influxdb: + docker_container.absent: + - force: True + +so-influxdb_so-status.disabled: + file.comment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-influxdb$ + +get_influxdb_size: + cron.absent: + - identifier: get_influxdb_size + - user: root + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/influxdb/enabled.sls b/salt/influxdb/enabled.sls new file mode 100644 index 000000000..209406932 --- /dev/null +++ b/salt/influxdb/enabled.sls @@ -0,0 +1,87 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} +{% from 'vars/globals.map.jinja' import GLOBALS %} +{% from 'docker/docker.map.jinja' import DOCKER %} +{% set PASSWORD = salt['pillar.get']('secrets:influx_pass') %} +{% set TOKEN = salt['pillar.get']('influxdb:token') %} + +include: + - influxdb.config + - influxdb.sostatus + +so-influxdb: + docker_container.running: + - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-influxdb:{{ GLOBALS.so_version }} + - hostname: influxdb + - networks: + - sobridge: + - ipv4_address: {{ DOCKER.containers['so-influxdb'].ip }} + - environment: + - INFLUXD_CONFIG_PATH=/conf + - INFLUXDB_HTTP_LOG_ENABLED=false + - DOCKER_INFLUXDB_INIT_MODE=setup + - DOCKER_INFLUXDB_INIT_USERNAME=so + - DOCKER_INFLUXDB_INIT_PASSWORD={{ PASSWORD }} + - DOCKER_INFLUXDB_INIT_ORG=Security Onion + - DOCKER_INFLUXDB_INIT_BUCKET=telegraf/so_short_term + - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ TOKEN }} + - binds: + - /opt/so/log/influxdb/:/log:rw + - /opt/so/conf/influxdb/config.yaml:/conf/config.yaml:ro + - /nsm/influxdb:/var/lib/influxdb2:rw + - /etc/pki/influxdb.crt:/conf/influxdb.crt:ro + - /etc/pki/influxdb.key:/conf/influxdb.key:ro + - port_bindings: + {% for BINDING in DOCKER.containers['so-influxdb'].port_bindings %} + - {{ BINDING }} + {% endfor %} + - watch: + - file: influxdbconf + - require: + - file: influxdbconf + - x509: influxdb_key + - x509: influxdb_crt + +delete_so-influxdb_so-status.disabled: + file.uncomment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-influxdb$ + +influxdb-setup: + cmd.run: + - name: /usr/sbin/so-influxdb-manage setup &>> /opt/so/log/influxdb/setup.log + - require: + - file: influxdbbucketsconf + - file: influxdb_curl_config + - docker_container: so-influxdb + +metrics_link_file: + cmd.run: + - name: so-influxdb-manage dashboardpath "Security Onion Performance" > /opt/so/saltstack/local/salt/influxdb/metrics_link.txt + - require: + - docker_container: so-influxdb + +# Install cron job to determine size of influxdb for telegraf +get_influxdb_size: + cron.present: + - name: 'du -s -k /nsm/influxdb | cut -f1 > /opt/so/log/telegraf/influxdb_size.log 2>&1' + - identifier: get_influxdb_size + - user: root + - minute: '*/1' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 7e10a6798..55f0b9650 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -1,163 +1,13 @@ -{% from 'allowed_states.map.jinja' import allowed_states %} -{% if sls in allowed_states %} -{% from 'docker/docker.map.jinja' import DOCKER %} -{% from 'vars/globals.map.jinja' import GLOBALS %} -{% from 'influxdb/map.jinja' import INFLUXMERGED %} +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. -{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval', 'so-import'] %} -{% set PASSWORD = salt['pillar.get']('secrets:influx_pass') %} -{% set TOKEN = salt['pillar.get']('influxdb:token') %} +{% from 'influxdb/map.jinja' import INFLUXDBMERGED %} include: - - salt.minion - - ssl - -# Influx DB -influxconfdir: - file.directory: - - name: /opt/so/conf/influxdb - - makedirs: True - -influxlogdir: - file.directory: - - name: /opt/so/log/influxdb - - dir_mode: 755 - - user: 939 - - group: 939 - - makedirs: True - -influxdbdir: - file.directory: - - name: /nsm/influxdb - - makedirs: True - -influxdb_sbin: - file.recurse: - - name: /usr/sbin - - source: salt://influxdb/tools/sbin - - user: 939 - - group: 939 - - file_mode: 755 - -#influxdb_sbin_jinja: -# file.recurse: -# - name: /usr/sbin -# - source: salt://influxdb/tools/sbin_jinja -# - user: 939 -# - group: 939 -# - file_mode: 755 -# - template: jinja - -influxdbconf: - file.managed: - - name: /opt/so/conf/influxdb/config.yaml - - source: salt://influxdb/config.yaml.jinja - - user: 939 - - group: 939 - - template: jinja - - defaults: - INFLUXMERGED: {{ INFLUXMERGED }} - -influxdbbucketsconf: - file.managed: - - name: /opt/so/conf/influxdb/buckets.json - - source: salt://influxdb/buckets.json.jinja - - user: 939 - - group: 939 - - template: jinja - - defaults: - INFLUXMERGED: {{ INFLUXMERGED }} - -influxdb-templates: - file.recurse: - - name: /opt/so/conf/influxdb/templates - - source: salt://influxdb/templates - - user: 939 - - group: 939 - - template: jinja - - clean: True - - defaults: - INFLUXMERGED: {{ INFLUXMERGED }} - -influxdb_curl_config: - file.managed: - - name: /opt/so/conf/influxdb/curl.config - - source: salt://influxdb/curl.config.jinja - - mode: 600 - - template: jinja - - show_changes: False - - makedirs: True - -so-influxdb: - docker_container.running: - - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-influxdb:{{ GLOBALS.so_version }} - - hostname: influxdb - - networks: - - sobridge: - - ipv4_address: {{ DOCKER.containers['so-influxdb'].ip }} - - environment: - - INFLUXD_CONFIG_PATH=/conf - - INFLUXDB_HTTP_LOG_ENABLED=false - - DOCKER_INFLUXDB_INIT_MODE=setup - - DOCKER_INFLUXDB_INIT_USERNAME=so - - DOCKER_INFLUXDB_INIT_PASSWORD={{ PASSWORD }} - - DOCKER_INFLUXDB_INIT_ORG=Security Onion - - DOCKER_INFLUXDB_INIT_BUCKET=telegraf/so_short_term - - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ TOKEN }} - - binds: - - /opt/so/log/influxdb/:/log:rw - - /opt/so/conf/influxdb/config.yaml:/conf/config.yaml:ro - - /nsm/influxdb:/var/lib/influxdb2:rw - - /etc/pki/influxdb.crt:/conf/influxdb.crt:ro - - /etc/pki/influxdb.key:/conf/influxdb.key:ro - - port_bindings: - {% for BINDING in DOCKER.containers['so-influxdb'].port_bindings %} - - {{ BINDING }} - {% endfor %} - - watch: - - file: influxdbconf - - require: - - file: influxdbconf - - x509: influxdb_key - - x509: influxdb_crt - -append_so-influxdb_so-status.conf: - file.append: - - name: /opt/so/conf/so-status/so-status.conf - - text: so-influxdb - -influxdb-setup: - cmd.run: - - name: /usr/sbin/so-influxdb-manage setup &>> /opt/so/log/influxdb/setup.log - - require: - - file: influxdbbucketsconf - - file: influxdb_curl_config - - docker_container: so-influxdb - -metrics_link_file: - cmd.run: - - name: so-influxdb-manage dashboardpath "Security Onion Performance" > /opt/so/saltstack/local/salt/influxdb/metrics_link.txt - - require: - - docker_container: so-influxdb - -# Install cron job to determine size of influxdb for telegraf -get_influxdb_size: - cron.present: - - name: 'du -s -k /nsm/influxdb | cut -f1 > /opt/so/log/telegraf/influxdb_size.log 2>&1' - - identifier: get_influxdb_size - - user: root - - minute: '*/1' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' - -{% endif %} - +{% if INFLUXDBMERGED.enabled %} + - influxdb.enabled {% else %} - -{{sls}}_state_not_allowed: - test.fail_without_changes: - - name: {{sls}}_state_not_allowed - + - influxdb.disabled {% endif %} diff --git a/salt/influxdb/map.jinja b/salt/influxdb/map.jinja index ecbdd1306..beb810f05 100644 --- a/salt/influxdb/map.jinja +++ b/salt/influxdb/map.jinja @@ -1,2 +1,7 @@ -{%- import_yaml 'influxdb/defaults.yaml' as INFLUXDEFAULTS %} -{%- set INFLUXMERGED = salt['pillar.get']('influxdb', default=INFLUXDEFAULTS.influxdb, merge=true) %} +{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one + or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at + https://securityonion.net/license; you may not use this file except in compliance with the + Elastic License 2.0. #} + +{% import_yaml 'influxdb/defaults.yaml' as INFLUXDEFAULTS %} +{% set INFLUXMERGED = salt['pillar.get']('influxdb', default=INFLUXDEFAULTS.influxdb, merge=true) %} diff --git a/salt/influxdb/soc_influxdb.yaml b/salt/influxdb/soc_influxdb.yaml index 7f6ceb316..42566a0a8 100644 --- a/salt/influxdb/soc_influxdb.yaml +++ b/salt/influxdb/soc_influxdb.yaml @@ -1,4 +1,7 @@ influxdb: + enabled: + description: You can enable or disable InfluxDB. + helpLink: influxdb.html config: assets-path: description: Path to the InfluxDB user interface assets located inside the so-influxdb container. @@ -352,4 +355,4 @@ influxdb: resolution: description: Amount of time to turn into a single data point. global: True - helpLink: influxdb.html \ No newline at end of file + helpLink: influxdb.html diff --git a/salt/influxdb/sostatus.sls b/salt/influxdb/sostatus.sls new file mode 100644 index 000000000..dd55053c5 --- /dev/null +++ b/salt/influxdb/sostatus.sls @@ -0,0 +1,21 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} + +append_so-influxdb_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-influxdb + - unless: grep -q so-influxdb /opt/so/conf/so-status/so-status.conf + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/manager/tools/sbin/so-minion b/salt/manager/tools/sbin/so-minion index 9b7923403..e8e92bb71 100755 --- a/salt/manager/tools/sbin/so-minion +++ b/salt/manager/tools/sbin/so-minion @@ -281,6 +281,13 @@ function add_telegraf_to_minion() { " " >> $PILLARFILE } +function add_influxdb_to_minion() { + printf '%s\n'\ + "influxdb:"\ + " enabled: True"\ + " " >> $PILLARFILE +} + function create_fleet_policy() { JSON_STRING=$( jq -n \ @@ -332,6 +339,7 @@ function createEVAL() { add_kibana_to_minion add_curator_to_minion add_telegraf_to_minion + add_influxdb_to_minion } function createSTANDALONE() { @@ -345,6 +353,7 @@ function createSTANDALONE() { add_redis_to_minion add_curator_to_minion add_telegraf_to_minion + add_influxdb_to_minion } function createMANAGER() { @@ -356,6 +365,7 @@ function createMANAGER() { add_redis_to_minion add_curator_to_minion add_telegraf_to_minion + add_influxdb_to_minion } function createMANAGERSEARCH() { @@ -367,6 +377,7 @@ function createMANAGERSEARCH() { add_redis_to_minion add_curator_to_minion add_telegraf_to_minion + add_influxdb_to_minion } function createIMPORT() { @@ -374,6 +385,7 @@ function createIMPORT() { add_sensor_to_minion add_kibana_to_minion add_telegraf_to_minion + add_influxdb_to_minion } function createFLEET() { diff --git a/salt/zeek/disabled.sls b/salt/zeek/disabled.sls index 3cc3d88b7..5011331bf 100644 --- a/salt/zeek/disabled.sls +++ b/salt/zeek/disabled.sls @@ -20,7 +20,6 @@ so-zeek_so-status.disabled: zeekpacketlosscron: cron.absent: - - name: /usr/local/bin/packetloss.sh - identifier: zeekpacketlosscron - user: root diff --git a/salt/zeek/enabled.sls b/salt/zeek/enabled.sls index d2fc9fbc3..611402fbc 100644 --- a/salt/zeek/enabled.sls +++ b/salt/zeek/enabled.sls @@ -5,7 +5,6 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls.split('.')[0] in allowed_states %} - {% from 'vars/globals.map.jinja' import GLOBALS %} include: