From 65334d15ea1cf806b2482ace2d511370053f55a8 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 24 Nov 2020 09:33:38 -0500 Subject: [PATCH] https://github.com/Security-Onion-Solutions/securityonion/issues/2040 --- salt/pcap/init.sls | 42 ------------------- salt/{pcap => sensoroni}/files/sensoroni.json | 5 ++- salt/sensoroni/init.sls | 41 ++++++++++++++++++ salt/top.sls | 1 + setup/so-functions | 13 +++++- setup/so-setup | 1 + 6 files changed, 59 insertions(+), 44 deletions(-) rename salt/{pcap => sensoroni}/files/sensoroni.json (76%) create mode 100644 salt/sensoroni/init.sls diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index 5a13c1231..e98bbecf5 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -45,13 +45,6 @@ stenoconfdir: - group: 939 - makedirs: True -sensoroniconfdir: - file.directory: - - name: /opt/so/conf/sensoroni - - user: 939 - - group: 939 - - makedirs: True - {% if BPF_STENO %} {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', INTERFACE + ' ' + BPF_STENO|join(" "),cwd='/root') %} {% if BPF_CALC['stderr'] == "" %} @@ -77,15 +70,6 @@ stenoconf: - defaults: BPF_COMPILED: "{{ BPF_COMPILED }}" -sensoroniagentconf: - file.managed: - - name: /opt/so/conf/sensoroni/sensoroni.json - - source: salt://pcap/files/sensoroni.json - - user: 939 - - group: 939 - - mode: 600 - - template: jinja - stenoca: file.directory: - name: /opt/so/conf/steno/certs @@ -127,13 +111,6 @@ stenolog: - group: 941 - makedirs: True -sensoronilog: - file.directory: - - name: /opt/so/log/sensoroni - - user: 939 - - group: 939 - - makedirs: True - so-steno: docker_container.{{ STENOOPTIONS.status }}: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }} @@ -170,25 +147,6 @@ so-steno_so-status.disabled: - regex: ^so-steno$ {% endif %} -so-sensoroni: - docker_container.running: - - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }} - - network_mode: host - - binds: - - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw - - /nsm/pcap:/nsm/pcap:rw - - /nsm/import:/nsm/import:rw - - /nsm/pcapout:/nsm/pcapout:rw - - /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro - - /opt/so/log/sensoroni:/opt/sensoroni/logs:rw - - watch: - - file: /opt/so/conf/sensoroni/sensoroni.json - -append_so-sensoroni_so-status.conf: - file.append: - - name: /opt/so/conf/so-status/so-status.conf - - text: so-sensoroni - {% else %} pcap_state_not_allowed: diff --git a/salt/pcap/files/sensoroni.json b/salt/sensoroni/files/sensoroni.json similarity index 76% rename from salt/pcap/files/sensoroni.json rename to salt/sensoroni/files/sensoroni.json index 8a9027bd0..f7c1edc25 100644 --- a/salt/pcap/files/sensoroni.json +++ b/salt/sensoroni/files/sensoroni.json @@ -1,6 +1,7 @@ {%- set URLBASE = salt['pillar.get']('global:url_base') %} {%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%} -{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms', 10000) -%} +{%- set CHECKININTERVALMS = salt['pillar.get']('sensoroni:sensor_checkin_interval_ms', 10000) -%} +{%- set STENOENABLED = salt['pillar.get']('steno:enabled', False) %} { "logFilename": "/opt/sensoroni/logs/sensoroni.log", "logLevel":"info", @@ -13,11 +14,13 @@ "statickeyauth": { "apiKey": "{{ SENSORONIKEY }}" }, +{%- if STENOENABLED %} "stenoquery": { "executablePath": "/opt/sensoroni/scripts/stenoquery.sh", "pcapInputPath": "/nsm/pcap", "pcapOutputPath": "/nsm/pcapout" } +{%- endif %} } } } diff --git a/salt/sensoroni/init.sls b/salt/sensoroni/init.sls new file mode 100644 index 000000000..3268e86fd --- /dev/null +++ b/salt/sensoroni/init.sls @@ -0,0 +1,41 @@ +sensoroniconfdir: + file.directory: + - name: /opt/so/conf/sensoroni + - user: 939 + - group: 939 + - makedirs: True + +sensoroniagentconf: + file.managed: + - name: /opt/so/conf/sensoroni/sensoroni.json + - source: salt://sensoroni/files/sensoroni.json + - user: 939 + - group: 939 + - mode: 600 + - template: jinja + +sensoronilog: + file.directory: + - name: /opt/so/log/sensoroni + - user: 939 + - group: 939 + - makedirs: True + +so-sensoroni: + docker_container.running: + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }} + - network_mode: host + - binds: + - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw + - /nsm/pcap:/nsm/pcap:rw + - /nsm/import:/nsm/import:rw + - /nsm/pcapout:/nsm/pcapout:rw + - /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro + - /opt/so/log/sensoroni:/opt/sensoroni/logs:rw + - watch: + - file: /opt/so/conf/sensoroni/sensoroni.json + +append_so-sensoroni_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-sensoroni \ No newline at end of file diff --git a/salt/top.sls b/salt/top.sls index bbd2a862d..9d41481fe 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -44,6 +44,7 @@ base: - patch.os.schedule - motd - salt.minion-check + - sensoroni - salt.lasthighstate '*_helix and G@saltversion:{{saltversion}}': diff --git a/setup/so-functions b/setup/so-functions index f13a183f2..4ba639fa5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1166,7 +1166,7 @@ manager_global() { " managerupdate: $MANAGERUPDATES"\ " imagerepo: '$IMAGEREPO'"\ " pipeline: 'redis'"\ - "pcap:"\ + "sensoroni:"\ " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ "strelka:"\ " enabled: $STRELKA"\ @@ -1968,6 +1968,17 @@ set_updates() { fi } +steno_pillar() { + + local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls + + # Create the stenographer pillar + printf '%s\n'\ + "steno:"\ + " enabled: True" >> "$pillar_file" + +} + mark_version() { # Drop a file with the current version echo "$SOVERSION" > /etc/soversion diff --git a/setup/so-setup b/setup/so-setup index 22e429ad4..a064de623 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -511,6 +511,7 @@ fi if [[ $is_sensor || $is_helix || $is_import ]]; then set_progress_str 4 'Generating sensor pillar' sensor_pillar >> $setup_log 2>&1 + steno_pillar >> $setup_log fi set_progress_str 5 'Installing Salt and dependencies'