mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
This commit is contained in:
m0duspwnens
@@ -45,13 +45,6 @@ stenoconfdir:
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
sensoroniconfdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/sensoroni
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
{% if BPF_STENO %}
|
||||
{% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', INTERFACE + ' ' + BPF_STENO|join(" "),cwd='/root') %}
|
||||
{% if BPF_CALC['stderr'] == "" %}
|
||||
@@ -77,15 +70,6 @@ stenoconf:
|
||||
- defaults:
|
||||
BPF_COMPILED: "{{ BPF_COMPILED }}"
|
||||
|
||||
sensoroniagentconf:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/sensoroni/sensoroni.json
|
||||
- source: salt://pcap/files/sensoroni.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- mode: 600
|
||||
- template: jinja
|
||||
|
||||
stenoca:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/steno/certs
|
||||
@@ -127,13 +111,6 @@ stenolog:
|
||||
- group: 941
|
||||
- makedirs: True
|
||||
|
||||
sensoronilog:
|
||||
file.directory:
|
||||
- name: /opt/so/log/sensoroni
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
so-steno:
|
||||
docker_container.{{ STENOOPTIONS.status }}:
|
||||
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }}
|
||||
@@ -170,25 +147,6 @@ so-steno_so-status.disabled:
|
||||
- regex: ^so-steno$
|
||||
{% endif %}
|
||||
|
||||
so-sensoroni:
|
||||
docker_container.running:
|
||||
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }}
|
||||
- network_mode: host
|
||||
- binds:
|
||||
- /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
|
||||
- /nsm/pcap:/nsm/pcap:rw
|
||||
- /nsm/import:/nsm/import:rw
|
||||
- /nsm/pcapout:/nsm/pcapout:rw
|
||||
- /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro
|
||||
- /opt/so/log/sensoroni:/opt/sensoroni/logs:rw
|
||||
- watch:
|
||||
- file: /opt/so/conf/sensoroni/sensoroni.json
|
||||
|
||||
append_so-sensoroni_so-status.conf:
|
||||
file.append:
|
||||
- name: /opt/so/conf/so-status/so-status.conf
|
||||
- text: so-sensoroni
|
||||
|
||||
{% else %}
|
||||
|
||||
pcap_state_not_allowed:
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
{%- set URLBASE = salt['pillar.get']('global:url_base') %}
|
||||
{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%}
|
||||
{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms', 10000) -%}
|
||||
{%- set CHECKININTERVALMS = salt['pillar.get']('sensoroni:sensor_checkin_interval_ms', 10000) -%}
|
||||
{%- set STENOENABLED = salt['pillar.get']('steno:enabled', False) %}
|
||||
{
|
||||
"logFilename": "/opt/sensoroni/logs/sensoroni.log",
|
||||
"logLevel":"info",
|
||||
@@ -13,11 +14,13 @@
|
||||
"statickeyauth": {
|
||||
"apiKey": "{{ SENSORONIKEY }}"
|
||||
},
|
||||
{%- if STENOENABLED %}
|
||||
"stenoquery": {
|
||||
"executablePath": "/opt/sensoroni/scripts/stenoquery.sh",
|
||||
"pcapInputPath": "/nsm/pcap",
|
||||
"pcapOutputPath": "/nsm/pcapout"
|
||||
}
|
||||
{%- endif %}
|
||||
}
|
||||
}
|
||||
}
|
||||
41
salt/sensoroni/init.sls
Normal file
41
salt/sensoroni/init.sls
Normal file
@@ -0,0 +1,41 @@
|
||||
sensoroniconfdir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/sensoroni
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
sensoroniagentconf:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/sensoroni/sensoroni.json
|
||||
- source: salt://sensoroni/files/sensoroni.json
|
||||
- user: 939
|
||||
- group: 939
|
||||
- mode: 600
|
||||
- template: jinja
|
||||
|
||||
sensoronilog:
|
||||
file.directory:
|
||||
- name: /opt/so/log/sensoroni
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
so-sensoroni:
|
||||
docker_container.running:
|
||||
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }}
|
||||
- network_mode: host
|
||||
- binds:
|
||||
- /opt/so/conf/steno/certs:/etc/stenographer/certs:rw
|
||||
- /nsm/pcap:/nsm/pcap:rw
|
||||
- /nsm/import:/nsm/import:rw
|
||||
- /nsm/pcapout:/nsm/pcapout:rw
|
||||
- /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro
|
||||
- /opt/so/log/sensoroni:/opt/sensoroni/logs:rw
|
||||
- watch:
|
||||
- file: /opt/so/conf/sensoroni/sensoroni.json
|
||||
|
||||
append_so-sensoroni_so-status.conf:
|
||||
file.append:
|
||||
- name: /opt/so/conf/so-status/so-status.conf
|
||||
- text: so-sensoroni
|
||||
@@ -44,6 +44,7 @@ base:
|
||||
- patch.os.schedule
|
||||
- motd
|
||||
- salt.minion-check
|
||||
- sensoroni
|
||||
- salt.lasthighstate
|
||||
|
||||
'*_helix and G@saltversion:{{saltversion}}':
|
||||
|
||||
@@ -1166,7 +1166,7 @@ manager_global() {
|
||||
" managerupdate: $MANAGERUPDATES"\
|
||||
" imagerepo: '$IMAGEREPO'"\
|
||||
" pipeline: 'redis'"\
|
||||
"pcap:"\
|
||||
"sensoroni:"\
|
||||
" sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\
|
||||
"strelka:"\
|
||||
" enabled: $STRELKA"\
|
||||
@@ -1968,6 +1968,17 @@ set_updates() {
|
||||
fi
|
||||
}
|
||||
|
||||
steno_pillar() {
|
||||
|
||||
local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
|
||||
|
||||
# Create the stenographer pillar
|
||||
printf '%s\n'\
|
||||
"steno:"\
|
||||
" enabled: True" >> "$pillar_file"
|
||||
|
||||
}
|
||||
|
||||
mark_version() {
|
||||
# Drop a file with the current version
|
||||
echo "$SOVERSION" > /etc/soversion
|
||||
|
||||
@@ -511,6 +511,7 @@ fi
|
||||
if [[ $is_sensor || $is_helix || $is_import ]]; then
|
||||
set_progress_str 4 'Generating sensor pillar'
|
||||
sensor_pillar >> $setup_log 2>&1
|
||||
steno_pillar >> $setup_log
|
||||
fi
|
||||
|
||||
set_progress_str 5 'Installing Salt and dependencies'
|
||||
|
||||
Reference in New Issue
Block a user