CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-26 06:22:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into dev

Browse Source
This commit is contained in:
m0duspwnens
2020-05-11 13:50:00 -04:00
parent 0f5ca7b62e b658f7133b
commit 66e48e3294
13 changed files with 3125 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
salt/playbook/files/nav_layer_playbook.json → salt/navigator/files/nav_layer_playbook.json
View File

0
salt/playbook/files/navigator_config.json → salt/navigator/files/navigator_config.json
View File

22
salt/navigator/init.sls Normal file
View File

@@ -0,0 +1,22 @@
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
navigatorconfig:
file.managed:
- name: /opt/so/conf/navigator/navigator_config.json
- source: salt://navigator/files/navigator_config.json
- user: 939
- group: 939
- makedirs: True
- template: jinja
so-navigator:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-navigator:{{ VERSION }}
- hostname: navigator
- name: so-navigator
- binds:
- /opt/so/conf/navigator/navigator_config.json:/nav-app/src/assets/config.json:ro
- /opt/so/conf/navigator/nav_layer_playbook.json:/nav-app/src/assets/playbook.json:ro
- port_bindings:
- 0.0.0.0:4200:4200

1224
salt/playbook/files/playbook-schema.sql Normal file
View File

File diff suppressed because it is too large Load Diff

1771
salt/playbook/files/playbook_db_init.sql Normal file
View File

File diff suppressed because one or more lines are too long

130
salt/playbook/init.sls
View File

@@ -1,65 +1,103 @@
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set MAINIP = salt['pillar.get']('node:mainip') %}
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
{%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook', None) -%}
playbookdb:
file.managed:
- name: /opt/so/conf/playbook/redmine.db
- source: salt://playbook/files/redmine.db
- user: 999
- group: 999
- makedirs: True
- replace: False
{% if salt['mysql.db_exists']('playbook') %}
#Playbook database exists - Do nothing
{% else %}
playbookwebhook:
module.run:
- sqlite3.modify:
- db: /opt/so/conf/playbook/redmine.db
- sql: "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
{% set PLAYBOOK_DB_COPY = salt['docker.copy_to']('so-mysql','salt://playbook/files/playbook_db_init.sql','/tmp/playbook_db_init.sql',overwrite=True) %}
{% set PLAYBOOK_DB_CREATE = salt['docker.run']('so-mysql','/bin/bash -c "/usr/bin/mysql -uroot -p' + MYSQLPASS + ' < /tmp/playbook_db_init.sql"') %}
playbookapiendpoints:
module.run:
- sqlite3.modify:
- db: /opt/so/conf/playbook/redmine.db
- sql: |-
update settings set value =
"--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
project: '1'
import_trackers:
- '6'
convert_url: http://{{MASTERIP}}:7000/playbook/sigmac
create_url: http://{{MASTERIP}}:7000/playbook/play"
where id = 46;
navigatorconfig:
file.managed:
- name: /opt/so/conf/playbook/navigator_config.json
- source: salt://playbook/files/navigator_config.json
- user: 939
- group: 939
- makedirs: True
- template: jinja
{% if PLAYBOOK_DB_COPY and PLAYBOOK_DB_CREATE %}
PLAYBOOK_DB_INIT_SUCCESS:
test.configurable_test_state:
- changes: False
- result: True
- comment: "Playbook database initialization was successful"
{% else %}
PLAYBOOK_DB_INIT_FAILURE:
test.configurable_test_state:
- changes: False
- result: False
- comment: "Playbook database initialization was not successful"
{% endif %}
{% endif %}
query_updatwebhooks:
mysql_query.run:
- database: playbook
- query: "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
query_updatepluginurls:
mysql_query.run:
- database: playbook
- query: |-
update settings set value =
"--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
project: '1'
convert_url: http://{{MASTERIP}}:7000/playbook/sigmac
create_url: http://{{MASTERIP}}:7000/playbook/play"
where id = 43
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
playbookdbuser:
mysql_user.present:
- host: 172.17.0.0/255.255.0.0
- password: {{ PLAYBOOKPASS }}
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
playbookdbdbpriv:
mysql_grants.present:
- grant: all privileges
- database: playbook.*
- user: playbookdbuser
- host: 172.17.0.0/255.255.0.0
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
{% if PLAYBOOKPASS == None %}
playbook_password_none:
test.configurable_test_state:
- changes: False
- result: False
- comment: "Playbook MySQL Password Error - Not Starting Playbook"
{% else %}
so-playbook:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-playbook:{{ VERSION }}
- hostname: playbook
- name: so-playbook
- environment:
- REDMINE_DB_MYSQL={{ MASTERIP }}
- REDMINE_DB_DATABASE=playbook
- REDMINE_DB_USERNAME=playbookdbuser
- REDMINE_DB_PASSWORD={{ PLAYBOOKPASS }}
- binds:
- /opt/so/conf/playbook/redmine.db:/usr/src/redmine/sqlite/redmine.db:rw
- port_bindings:
- 0.0.0.0:3200:3000
so-navigator:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-navigator:{{ VERSION }}
- hostname: navigator
- name: so-navigator
- binds:
- /opt/so/conf/playbook/navigator_config.json:/nav-app/src/assets/config.json:ro
- /opt/so/conf/playbook/nav_layer_playbook.json:/nav-app/src/assets/playbook.json:ro
- port_bindings:
- 0.0.0.0:4200:4200
{% endif %}
so-playbooksynccron:
cron.present:
@@ -72,4 +110,4 @@ so-playbookruleupdatecron:
- name: /usr/sbin/so-playbook-ruleupdate
- user: root
- minute: '1'
- hour: '6'
- hour: '6'

2
salt/soctopus/files/SOCtopus.conf
View File

@@ -60,7 +60,7 @@ slack_webhook = YOURSLACKWEBHOOK
[playbook]
playbook_url = https://{{ip}}/playbook
playbook_key = a4a34538782804adfcb8dfae96262514ad70c37c
playbook_key = de6639318502476f2fa5aa06f43f51fb389a3d7f
playbook_verifycert = no
[log]

8
salt/soctopus/init.sls
View File

@@ -49,8 +49,8 @@ playbookrulessync:
navigatordefaultlayer:
file.managed:
- name: /opt/so/conf/playbook/nav_layer_playbook.json
- source: salt://playbook/files/nav_layer_playbook.json
- name: /opt/so/conf/navigator/nav_layer_playbook.json
- source: salt://navigator/files/nav_layer_playbook.json
- user: 939
- group: 939
- makedirs: True
@@ -63,9 +63,9 @@ so-soctopus:
- hostname: soctopus
- name: so-soctopus
- binds:
- /opt/so/conf/soctopus/SOCtopus.conf:/SOCtopus/SOCtopus.conf:ro
- /opt/so/conf/soctopus/SOCtopus.conf:/SOCtopus.conf:ro
- /opt/so/log/soctopus/:/var/log/SOCtopus/:rw
- /opt/so/rules/elastalert/playbook:/etc/playbook-rules:rw
- /opt/so/conf/playbook/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw
- /opt/so/conf/navigator/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw
- port_bindings:
- 0.0.0.0:7000:7000

8
salt/strelka/init.sls
View File

@@ -72,7 +72,7 @@ strelka_gatekeeper:
strelka_frontend:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:HH1.2.2
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:{{ VERSION }}
- binds:
- /opt/so/conf/strelka/frontend/:/etc/strelka/:ro
- /nsm/strelka/log/:/var/log/strelka/:rw
@@ -84,7 +84,7 @@ strelka_frontend:
strelka_backend:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:HH1.2.2
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:{{ VERSION }}
- binds:
- /opt/so/conf/strelka/backend/:/etc/strelka/:ro
- /opt/so/conf/strelka/backend/yara:/etc/yara/:ro
@@ -94,7 +94,7 @@ strelka_backend:
strelka_manager:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:HH1.2.2
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:{{ VERSION }}
- binds:
- /opt/so/conf/strelka/manager/:/etc/strelka/:ro
- name: so-strelka-manager
@@ -102,7 +102,7 @@ strelka_manager:
strelka_filestream:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:HH1.2.2
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:{{ VERSION }}
- binds:
- /opt/so/conf/strelka/filestream/:/etc/strelka/:ro
- /nsm/strelka:/nsm/strelka

10
salt/top.sls
View File

@@ -2,6 +2,7 @@
{%- set WAZUH = salt['pillar.get']('static:wazuh', '0') -%}
{%- set THEHIVE = salt['pillar.get']('master:thehive', '0') -%}
{%- set PLAYBOOK = salt['pillar.get']('master:playbook', '0') -%}
{%- set NAVIGATOR = salt['pillar.get']('master:navigator', '0') -%}
{%- set FREQSERVER = salt['pillar.get']('master:freq', '0') -%}
{%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%}
{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
@@ -68,7 +69,7 @@ base:
- firewall
- idstools
- healthcheck
{%- if FLEETMASTER or FLEETNODE %}
{%- if FLEETMASTER or FLEETNODE or PLAYBOOK != 0 %}
- mysql
{%- endif %}
{%- if WAZUH != 0 %}
@@ -96,9 +97,6 @@ base:
{%- if THEHIVE != 0 %}
- hive
{%- endif %}
{%- if PLAYBOOK != 0 %}
- playbook
{%- endif %}
{%- if FREQSERVER != 0 %}
- freqserver
{%- endif %}
@@ -121,7 +119,7 @@ base:
- master
- idstools
- redis
{%- if FLEETMASTER or FLEETNODE %}
{%- if FLEETMASTER or FLEETNODE or PLAYBOOK != 0 %}
- mysql
{%- endif %}
{%- if WAZUH != 0 %}
@@ -232,7 +230,7 @@ base:
- master
- idstools
- redis
{%- if FLEETMASTER or FLEETNODE %}
{%- if FLEETMASTER or FLEETNODE or PLAYBOOK != 0 %}
- mysql
{%- endif %}
{%- if WAZUH != 0 %}

4
setup/so-functions
View File

@@ -122,6 +122,7 @@ secrets_pillar(){
printf '%s\n'\
"secrets:"\
" mysql: $MYSQLPASS"\
" playbook: $PLAYBOOKPASS"\
" fleet: $FLEETPASS"\
" fleet_jwt: $FLEETJWT"\
" fleet_enroll-secret: False" > /opt/so/saltstack/pillar/secrets.sls
@@ -686,6 +687,7 @@ docker_seed_registry() {
} >> "$setup_log" 2>&1
done
else
cd /nsm/docker-registry/docker
tar xvf /nsm/docker-registry/docker/registry.tar >> "$setup_log" 2>&1
rm /nsm/docker-registry/docker/registry.tar >> "$setup_log" 2>&1
fi
@@ -736,6 +738,7 @@ fleet_pillar() {
generate_passwords(){
# Generate Random Passwords for Things
MYSQLPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
PLAYBOOKPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
FLEETPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
FLEETJWT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
HIVEKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
@@ -824,6 +827,7 @@ master_pillar() {
" wazuh: $WAZUH"\
" thehive: $THEHIVE"\
" playbook: $PLAYBOOK"\
" navigator: $NAVIGATOR"\
" strelka: $STRELKA"\
""\
"kratos:" >> "$pillar_file"

5
setup/so-setup
View File

@@ -427,6 +427,11 @@ export percentage=0
salt-call state.apply -l info playbook >> $setup_log 2>&1
fi
if [[ "$NAVIGATOR" = 1 ]]; then
set_progress_str 78 "$(print_salt_state_apply 'navigator')"
salt-call state.apply -l info navigator >> $setup_log 2>&1
fi
if [[ $is_master || $is_helix ]]; then
set_progress_str 79 "$(print_salt_state_apply 'master')"
salt-call state.apply -l info master >> $setup_log 2>&1

3
setup/so-whiptail
View File

@@ -138,7 +138,7 @@ whiptail_create_admin_user() {
[ -n "$TESTING" ] && return
ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
"Please enter a username for your new admin user. The onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
"Please enter a username for a new system admin user. The local onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
}
@@ -298,6 +298,7 @@ whiptail_enable_components() {
WAZUH "Enable Wazuh" ON \
THEHIVE "Enable TheHive" ON \
PLAYBOOK "Enable Playbook" ON \
NAVIGATOR "Enable ATT&CK Navigator" ON \
STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus