CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Firewall - Add rules for Wazuh Manager

Browse Source
This commit is contained in:
Wes Lambert
2018-12-11 19:44:32 +00:00
parent dd15a6e31a
commit 6cdf1ef857
1 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
salt/firewall/init.sls
View File

@@ -1,5 +1,19 @@
# Firewall Magic for the grid # Firewall Magic for the grid
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
{%- set ip = salt['pillar.get']('static:masterip', '') %}
{% elif grains['role'] == 'so-node'%}
{%- set ip = salt['pillar.get']('node:mainip', '') %}
{% elif grains['role'] == 'so-sensor'%}
{%- set ip = salt['pillar.get']('node:mainip', '') %}
{% endif %}
# Keep localhost in the game # Keep localhost in the game
iptables_allow_localhost: iptables_allow_localhost:
iptables.append: iptables.append:
@@ -86,6 +100,29 @@ enable_docker_user_established:
- match: conntrack - match: conntrack
- ctstate: 'RELATED,ESTABLISHED' - ctstate: 'RELATED,ESTABLISHED'
# Add rule(s) for Wazuh manager
enable_wazuh_manager_1514_tcp_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 1514
- position: 1
- save: True
enable_wazuh_manager_1514_udp_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: udp
- source: {{ ip }}
- dport: 1514
- position: 1
- save: True
# Rules if you are a Master # Rules if you are a Master
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %} {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
#This should be more granular #This should be more granular