Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into dev

salt/navigator/init.sls

@@ -0,0 +1,22 @@
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+{% set MASTER = salt['grains.get']('master') %}
+
+navigatorconfig:
+  file.managed:
+    - name: /opt/so/conf/navigator/navigator_config.json
+    - source: salt://navigator/files/navigator_config.json
+    - user: 939
+    - group: 939
+    - makedirs: True
+    - template: jinja
+
+so-navigator:
+  docker_container.running:
+    - image: {{ MASTER }}:5000/soshybridhunter/so-navigator:{{ VERSION }}
+    - hostname: navigator
+    - name: so-navigator
+    - binds:
+      - /opt/so/conf/navigator/navigator_config.json:/nav-app/src/assets/config.json:ro
+      - /opt/so/conf/navigator/nav_layer_playbook.json:/nav-app/src/assets/playbook.json:ro
+    - port_bindings:
+      - 0.0.0.0:4200:4200

salt/playbook/init.sls

@@ -1,65 +1,103 @@
 {% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
+{% set MAINIP = salt['pillar.get']('node:mainip') %}
+{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
+{%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook', None) -%}
 
-playbookdb:
-  file.managed:
-    - name: /opt/so/conf/playbook/redmine.db
-    - source: salt://playbook/files/redmine.db
-    - user: 999
-    - group: 999
-    - makedirs: True
-    - replace: False
+{% if salt['mysql.db_exists']('playbook') %}
+  #Playbook database exists - Do nothing
+{% else  %}
 
-playbookwebhook:
-  module.run:
-    - sqlite3.modify:
-      - db: /opt/so/conf/playbook/redmine.db
-      - sql: "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
+{% set PLAYBOOK_DB_COPY = salt['docker.copy_to']('so-mysql','salt://playbook/files/playbook_db_init.sql','/tmp/playbook_db_init.sql',overwrite=True) %}
+{% set PLAYBOOK_DB_CREATE = salt['docker.run']('so-mysql','/bin/bash -c "/usr/bin/mysql -uroot -p' + MYSQLPASS + '  < /tmp/playbook_db_init.sql"') %}
 
-playbookapiendpoints:
-  module.run:
-    - sqlite3.modify:
-      - db: /opt/so/conf/playbook/redmine.db
-      - sql: |- 
-          update settings set value = 
-          "--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
-          project: '1'
-          import_trackers:
-          - '6'
-          convert_url: http://{{MASTERIP}}:7000/playbook/sigmac
-          create_url: http://{{MASTERIP}}:7000/playbook/play"
-          where id  = 46;
-      
-navigatorconfig:
-  file.managed:
-    - name: /opt/so/conf/playbook/navigator_config.json
-    - source: salt://playbook/files/navigator_config.json
-    - user: 939
-    - group: 939
-    - makedirs: True
-    - template: jinja
+{% if PLAYBOOK_DB_COPY and PLAYBOOK_DB_CREATE  %}
+PLAYBOOK_DB_INIT_SUCCESS:
+  test.configurable_test_state:
+    - changes: False
+    - result: True
+    - comment: "Playbook database initialization was successful"
+{% else  %}
+PLAYBOOK_DB_INIT_FAILURE:
+  test.configurable_test_state:
+    - changes: False
+    - result: False
+    - comment: "Playbook database initialization was not successful"
+{% endif %}
+{% endif %}
+
+query_updatwebhooks:
+  mysql_query.run:
+    - database: playbook
+    - query:    "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
+    - connection_host: {{ MAINIP }}
+    - connection_port: 3306
+    - connection_user: root
+    - connection_pass: {{ MYSQLPASS }}
+
+
+query_updatepluginurls:
+  mysql_query.run:
+    - database: playbook
+    - query: |- 
+        update settings set value = 
+        "--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
+        project: '1'
+        convert_url: http://{{MASTERIP}}:7000/playbook/sigmac
+        create_url: http://{{MASTERIP}}:7000/playbook/play"
+        where id  = 43
+    - connection_host: {{ MAINIP }}
+    - connection_port: 3306
+    - connection_user: root
+    - connection_pass: {{ MYSQLPASS }}
+
+playbookdbuser:
+  mysql_user.present:
+    - host: 172.17.0.0/255.255.0.0
+    - password: {{ PLAYBOOKPASS }}
+    - connection_host: {{ MAINIP }}
+    - connection_port: 3306
+    - connection_user: root
+    - connection_pass: {{ MYSQLPASS }}
+
+playbookdbdbpriv:
+  mysql_grants.present:
+    - grant: all privileges
+    - database: playbook.*
+    - user: playbookdbuser
+    - host: 172.17.0.0/255.255.0.0
+    - connection_host: {{ MAINIP }}
+    - connection_port: 3306
+    - connection_user: root
+    - connection_pass: {{ MYSQLPASS }}
+
+{% if PLAYBOOKPASS == None %}
+
+playbook_password_none:
+  test.configurable_test_state:
+    - changes: False
+    - result: False
+    - comment: "Playbook MySQL Password Error - Not Starting Playbook"
+
+{% else %}
 
 so-playbook:
   docker_container.running:
     - image: {{ MASTER }}:5000/soshybridhunter/so-playbook:{{ VERSION }}
     - hostname: playbook
     - name: so-playbook
+    - environment:
+      - REDMINE_DB_MYSQL={{ MASTERIP }}
+      - REDMINE_DB_DATABASE=playbook
+      - REDMINE_DB_USERNAME=playbookdbuser
+      - REDMINE_DB_PASSWORD={{ PLAYBOOKPASS }}
     - binds:
       - /opt/so/conf/playbook/redmine.db:/usr/src/redmine/sqlite/redmine.db:rw
     - port_bindings:
       - 0.0.0.0:3200:3000
 
-so-navigator:
-  docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-navigator:{{ VERSION }}
-    - hostname: navigator
-    - name: so-navigator
-    - binds:
-      - /opt/so/conf/playbook/navigator_config.json:/nav-app/src/assets/config.json:ro
-      - /opt/so/conf/playbook/nav_layer_playbook.json:/nav-app/src/assets/playbook.json:ro
-    - port_bindings:
-      - 0.0.0.0:4200:4200
+{% endif %}
 
 so-playbooksynccron:
   cron.present:
@@ -72,4 +110,4 @@ so-playbookruleupdatecron:
     - name: /usr/sbin/so-playbook-ruleupdate
     - user: root
     - minute: '1'
-    - hour: '6'
+    - hour: '6'

salt/soctopus/files/SOCtopus.conf

@@ -60,7 +60,7 @@ slack_webhook = YOURSLACKWEBHOOK
 
 [playbook]
 playbook_url = https://{{ip}}/playbook
-playbook_key = a4a34538782804adfcb8dfae96262514ad70c37c
+playbook_key = de6639318502476f2fa5aa06f43f51fb389a3d7f
 playbook_verifycert = no
 
 [log]

salt/soctopus/init.sls

@@ -49,8 +49,8 @@ playbookrulessync:
 
 navigatordefaultlayer:
   file.managed:
-    - name: /opt/so/conf/playbook/nav_layer_playbook.json
-    - source: salt://playbook/files/nav_layer_playbook.json
+    - name: /opt/so/conf/navigator/nav_layer_playbook.json
+    - source: salt://navigator/files/nav_layer_playbook.json
     - user: 939
     - group: 939
     - makedirs: True
@@ -63,9 +63,9 @@ so-soctopus:
     - hostname: soctopus
     - name: so-soctopus
     - binds:
-      - /opt/so/conf/soctopus/SOCtopus.conf:/SOCtopus/SOCtopus.conf:ro
+      - /opt/so/conf/soctopus/SOCtopus.conf:/SOCtopus.conf:ro
       - /opt/so/log/soctopus/:/var/log/SOCtopus/:rw
       - /opt/so/rules/elastalert/playbook:/etc/playbook-rules:rw
-      - /opt/so/conf/playbook/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw
+      - /opt/so/conf/navigator/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw
     - port_bindings:
       - 0.0.0.0:7000:7000

salt/strelka/init.sls

@@ -72,7 +72,7 @@ strelka_gatekeeper:
 
 strelka_frontend:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:HH1.2.2
+    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:{{ VERSION }}
     - binds:
       - /opt/so/conf/strelka/frontend/:/etc/strelka/:ro
       - /nsm/strelka/log/:/var/log/strelka/:rw
@@ -84,7 +84,7 @@ strelka_frontend:
 
 strelka_backend:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:HH1.2.2
+    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:{{ VERSION }}
     - binds:
       - /opt/so/conf/strelka/backend/:/etc/strelka/:ro
       - /opt/so/conf/strelka/backend/yara:/etc/yara/:ro
@@ -94,7 +94,7 @@ strelka_backend:
 
 strelka_manager:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:HH1.2.2
+    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:{{ VERSION }}
     - binds:
       - /opt/so/conf/strelka/manager/:/etc/strelka/:ro
     - name: so-strelka-manager
@@ -102,7 +102,7 @@ strelka_manager:
 
 strelka_filestream:
   docker_container.running:
-    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:HH1.2.2
+    - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:{{ VERSION }}
     - binds:
       - /opt/so/conf/strelka/filestream/:/etc/strelka/:ro
       - /nsm/strelka:/nsm/strelka

salt/top.sls

@@ -2,6 +2,7 @@
 {%- set WAZUH = salt['pillar.get']('static:wazuh', '0') -%}
 {%- set THEHIVE = salt['pillar.get']('master:thehive', '0') -%}
 {%- set PLAYBOOK = salt['pillar.get']('master:playbook', '0') -%}
+{%- set NAVIGATOR = salt['pillar.get']('master:navigator', '0') -%}
 {%- set FREQSERVER = salt['pillar.get']('master:freq', '0') -%}
 {%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%}
 {%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
@@ -68,7 +69,7 @@ base:
     - firewall
     - idstools
     - healthcheck
-    {%- if FLEETMASTER or FLEETNODE %}
+    {%- if FLEETMASTER or FLEETNODE or PLAYBOOK != 0 %}
     - mysql
     {%- endif %}
     {%- if WAZUH != 0 %}
@@ -96,9 +97,6 @@ base:
     {%- if THEHIVE != 0 %}
     - hive
     {%- endif %}
-    {%- if PLAYBOOK != 0 %}
-    - playbook
-    {%- endif %}
     {%- if FREQSERVER != 0 %}
     - freqserver
     {%- endif %}
@@ -121,7 +119,7 @@ base:
     - master
     - idstools
     - redis
-    {%- if FLEETMASTER or FLEETNODE %}
+    {%- if FLEETMASTER or FLEETNODE or PLAYBOOK != 0 %}
     - mysql
     {%- endif %}
     {%- if WAZUH != 0 %}
@@ -232,7 +230,7 @@ base:
     - master
     - idstools
     - redis
-    {%- if FLEETMASTER or FLEETNODE %}
+    {%- if FLEETMASTER or FLEETNODE or PLAYBOOK != 0 %}
     - mysql
     {%- endif %}
     {%- if WAZUH != 0 %}

setup/so-functions

@@ -122,6 +122,7 @@ secrets_pillar(){
 	printf '%s\n'\
 		"secrets:"\
 		"  mysql: $MYSQLPASS"\
+		"  playbook: $PLAYBOOKPASS"\
 		"  fleet: $FLEETPASS"\
 		"  fleet_jwt: $FLEETJWT"\
 		"  fleet_enroll-secret: False" > /opt/so/saltstack/pillar/secrets.sls
@@ -686,6 +687,7 @@ docker_seed_registry() {
 			} >> "$setup_log" 2>&1
 		done
 	else
+		cd /nsm/docker-registry/docker
 		tar xvf /nsm/docker-registry/docker/registry.tar >> "$setup_log" 2>&1
 		rm /nsm/docker-registry/docker/registry.tar >> "$setup_log" 2>&1
 	fi
@@ -736,6 +738,7 @@ fleet_pillar() {
 generate_passwords(){
   # Generate Random Passwords for Things
   MYSQLPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
+  PLAYBOOKPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
   FLEETPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom  | fold -w 20 | head -n 1)
   FLEETJWT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom  | fold -w 20 | head -n 1)
   HIVEKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom  | fold -w 20 | head -n 1)
@@ -824,6 +827,7 @@ master_pillar() {
 		"  wazuh: $WAZUH"\
 		"  thehive: $THEHIVE"\
 		"  playbook: $PLAYBOOK"\
+		"  navigator: $NAVIGATOR"\
 		"  strelka: $STRELKA"\
 		""\
 		"kratos:" >> "$pillar_file"

setup/so-setup

@@ -427,6 +427,11 @@ export percentage=0
 		salt-call state.apply -l info playbook >> $setup_log 2>&1
 	fi
 
+	if [[ "$NAVIGATOR" = 1 ]]; then
+		set_progress_str 78 "$(print_salt_state_apply 'navigator')"
+		salt-call state.apply -l info navigator >> $setup_log 2>&1
+	fi
+
 	if [[ $is_master || $is_helix ]]; then
 		set_progress_str 79 "$(print_salt_state_apply 'master')"
 		salt-call state.apply -l info master >> $setup_log 2>&1

setup/so-whiptail

@@ -138,7 +138,7 @@ whiptail_create_admin_user() {
 	[ -n "$TESTING" ] && return
 
 	ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
-	"Please enter a username for your new admin user. The onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
+	"Please enter a username for a new system admin user. The local onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
 
 }
 
@@ -298,6 +298,7 @@ whiptail_enable_components() {
 	WAZUH "Enable Wazuh" ON \
 	THEHIVE "Enable TheHive" ON \
 	PLAYBOOK "Enable Playbook" ON \
+	NAVIGATOR "Enable ATT&CK Navigator" ON \
 	STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus