https://github.com/Security-Onion-Solutions/securityonion/issues/2040

2025-12-20 16:03:06 +01:00 · 2020-11-24 09:33:38 -05:00
parent bafefb980b
commit 65334d15ea
6 changed files with 59 additions and 44 deletions
--- a/salt/sensoroni/files/sensoroni.json
+++ b/salt/sensoroni/files/sensoroni.json
@@ -0,0 +1,26 @@
+{%- set URLBASE = salt['pillar.get']('global:url_base') %}
+{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%}
+{%- set CHECKININTERVALMS = salt['pillar.get']('sensoroni:sensor_checkin_interval_ms', 10000) -%}
+{%- set STENOENABLED = salt['pillar.get']('steno:enabled', False) %}
+{
+  "logFilename": "/opt/sensoroni/logs/sensoroni.log",
+  "logLevel":"info",
+  "agent": {
+    "pollIntervalMs": {{ CHECKININTERVALMS if CHECKININTERVALMS else 10000 }},
+    "serverUrl": "https://{{ URLBASE }}/sensoroniagents",
+    "verifyCert": false,
+    "modules": {
+      "importer": {},
+      "statickeyauth": {
+        "apiKey": "{{ SENSORONIKEY }}"
+      },
+{%- if STENOENABLED %}      
+      "stenoquery": {
+        "executablePath": "/opt/sensoroni/scripts/stenoquery.sh",
+        "pcapInputPath": "/nsm/pcap",
+        "pcapOutputPath": "/nsm/pcapout"
+      }
+{%- endif %}
+    }
+  }
+}
--- a/salt/sensoroni/init.sls
+++ b/salt/sensoroni/init.sls
@@ -0,0 +1,41 @@
+sensoroniconfdir:
+  file.directory:
+    - name: /opt/so/conf/sensoroni
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+sensoroniagentconf:
+  file.managed:
+    - name: /opt/so/conf/sensoroni/sensoroni.json
+    - source: salt://sensoroni/files/sensoroni.json
+    - user: 939
+    - group: 939
+    - mode: 600
+    - template: jinja
+
+sensoronilog:
+  file.directory:
+    - name: /opt/so/log/sensoroni
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+so-sensoroni:
+  docker_container.running:
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }}
+    - network_mode: host
+    - binds:
+      - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
+      - /nsm/pcap:/nsm/pcap:rw
+      - /nsm/import:/nsm/import:rw
+      - /nsm/pcapout:/nsm/pcapout:rw
+      - /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro
+      - /opt/so/log/sensoroni:/opt/sensoroni/logs:rw
+    - watch:
+      - file: /opt/so/conf/sensoroni/sensoroni.json
+
+append_so-sensoroni_so-status.conf:
+  file.append:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - text: so-sensoroni