diff --git a/README.md b/README.md
index 01452a210..1b7661956 100644
--- a/README.md
+++ b/README.md
@@ -31,15 +31,6 @@
- Due to the move to ECS, the current Playbook plays may not alert correctly at this time.
- The osquery MacOS package does not install correctly.
-
-## Version 1.2.1 Beta 1 ISO Download
-
-[HH1.2.1-6.ISO](https://download.securityonion.net/file/Hybrid-Hunter/HH-1.2.1-6.iso)
-
-MD5: D7E66CA8AAC37E70E2A2F7BB12EB3C23
-SHA1: D91D921896F9ADA600EBA0ADAA548D8630B5341F
-SHA256: D69E327597AB429DCE13C1177BCE6C1FAD934E78A09F73D14778C2CAE616557B
-
### Warnings and Disclaimers
- This BETA release is BLEEDING EDGE and TOTALLY UNSUPPORTED!
@@ -55,33 +46,36 @@ SHA256: D69E327597AB429DCE13C1177BCE6C1FAD934E78A09F73D14778C2CAE616557B
Evaluation Mode:
-- ISO or a Single VM running Ubuntu 16.04 or CentOS 7
+- ISO or a Single VM running Ubuntu 18.04 or CentOS 7
- Minimum 12GB of RAM
- Minimum 4 CPU cores
- Minimum 2 NICs
Distributed:
-- 3 VMs running the ISO or Ubuntu 16.04 or CentOS 7 (You can mix and match)
+- 3 VMs running the ISO or Ubuntu 18.04 or CentOS 7 (You can mix and match)
- Minimum 8GB of RAM per VM
- Minimum 4 CPU cores per VM
- Minimum 2 NICs for forward nodes
-### Prerequisites for Network Based Install
+### Installation
-Install git if using a Centos 7 Minimal install:
+For most users, we recommend installing using [our ISO image](https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/ISO).
+
+If instead you would like to try a manual installation (not using our ISO), you can build from CentOS 7 or Ubuntu 18.04.
+
+If using CentOS 7 Minimal, you will need to install git:
```sudo yum -y install git```
-### Installation
-
-Once you resolve those requirements or are using Ubuntu 16.04 do the following:
+Once you have git, then do the following:
```
git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack
cd securityonion-saltstack
sudo bash so-setup-network
```
+
Follow the prompts and reboot if asked to do so.
Then proceed to the [Hybrid Hunter Quick Start Guide](https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Hybrid-Hunter-Quick-Start-Guide).
diff --git a/VERSION b/VERSION
index 6085e9465..23aa83906 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.2.1
+1.2.2
diff --git a/pillar/masters/example.sls b/pillar/masters/example.sls
deleted file mode 100644
index 28c9ed139..000000000
--- a/pillar/masters/example.sls
+++ /dev/null
@@ -1,10 +0,0 @@
-# Example Pillar file for a master
-master:
- esaccessip: 127.0.0.1
- esheap: CHANGEME
- esclustername: {{ grains.host }}
- freq: 0
- domainstats: 0
- lsheap: 1500m
- lsaccessip: 127.0.0.1
- elastalert: 1
\ No newline at end of file
diff --git a/pillar/nodes/example.sls b/pillar/nodes/example.sls
deleted file mode 100644
index 5516e7052..000000000
--- a/pillar/nodes/example.sls
+++ /dev/null
@@ -1,5 +0,0 @@
-# Example Pillar file for a sensor
-node:
- ls_heapsize: CHANGEME
- es_heapsize: CHANGEME
- node_type: CHANGEME
diff --git a/pillar/top.sls b/pillar/top.sls
index b956d0772..cc6863e22 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -1,4 +1,11 @@
base:
+ '*':
+ - patch.needs_restarting
+
+ '*_eval or *_helix or *_heavynode or *_sensor':
+ - match: compound
+ - zeek
+
'*_mastersearch or *_heavynode':
- match: compound
- logstash
@@ -66,7 +73,3 @@ base:
- logstash
- logstash.search
- minions.{{ grains.id }}
-
- '*':
- - patch.needs_restarting
- - docker.config
diff --git a/pillar/zeek/init.sls b/pillar/zeek/init.sls
new file mode 100644
index 000000000..10b92bb03
--- /dev/null
+++ b/pillar/zeek/init.sls
@@ -0,0 +1,55 @@
+zeek:
+ zeekctl:
+ MailTo: root@localhost
+ MailConnectionSummary: 1
+ MinDiskSpace: 5
+ MailHostUpDown: 1
+ LogRotationInterval: 3600
+ LogExpireInterval: 0
+ StatsLogEnable: 1
+ StatsLogExpireInterval: 0
+ StatusCmdShowAll: 0
+ CrashExpireInterval: 0
+ SitePolicyScripts: local.zeek
+ LogDir: /nsm/zeek/logs
+ SpoolDir: /nsm/zeek/spool
+ CfgDir: /opt/zeek/etc
+ CompressLogs: 1
+ local:
+ '@load':
+ - misc/loaded-scripts
+ - tuning/defaults
+ - misc/capture-loss
+ - misc/stats
+ - frameworks/software/vulnerable
+ - frameworks/software/version-changes
+ - protocols/ftp/software
+ - protocols/smtp/software
+ - protocols/ssh/software
+ - protocols/http/software
+ - protocols/dns/detect-external-names
+ - protocols/ftp/detect
+ - protocols/conn/known-hosts
+ - protocols/conn/known-services
+ - protocols/ssl/known-certs
+ - protocols/ssl/validate-certs
+ - protocols/ssl/log-hostcerts-only
+ - protocols/ssh/geo-data
+ - protocols/ssh/detect-bruteforcing
+ - protocols/ssh/interesting-hostnames
+ - protocols/http/detect-sqli
+ - frameworks/files/hash-all-files
+ - frameworks/files/detect-MHR
+ - policy/frameworks/notice/extend-email/hostnames
+ - ja3
+ - hassh
+ - intel
+ - cve-2020-0601
+ - securityonion/bpfconf
+ - securityonion/communityid
+ - securityonion/file-extraction
+ '@load-sigs':
+ - frameworks/signatures/detect-windows-shells
+ redef:
+ - LogAscii::use_json = T;
+ - LogAscii::json_timestamps = JSON::TS_ISO8601;
\ No newline at end of file
diff --git a/salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json b/salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json
deleted file mode 100644
index 8e35246eb..000000000
--- a/salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json
+++ /dev/null
@@ -1,3937 +0,0 @@
-{
- "annotations": {
- "list": [
- {
- "builtIn": 1,
- "datasource": "-- Grafana --",
- "enable": true,
- "hide": true,
- "iconColor": "rgba(0, 211, 255, 1)",
- "name": "Annotations & Alerts",
- "type": "dashboard"
- }
- ]
- },
- "description": "This Dashboard provides a general overview of Sensors",
- "editable": true,
- "gnetId": 2381,
- "graphTooltip": 0,
- "id": 9,
- "iteration": 1543542047346,
- "links": [],
- "panels": [
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": true,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "percent",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": true,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 0,
- "y": 0
- },
- "id": 2,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": true,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_idle"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "* -1 + 100"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- }
- ],
- "thresholds": "60,80,90",
- "title": "{{ SERVERNAME }} - CPU",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": true,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "bytes",
- "gauge": {
- "maxValue": "{{ ROOTFS }}",
- "minValue": 0,
- "show": true,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 4,
- "y": 0
- },
- "id": 12,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": false,
- "lineColor": "rgb(31, 120, 193)",
- "show": false
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "disk",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "used"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "path",
- "operator": "=",
- "value": "/"
- }
- ]
- }
- ],
- "thresholds": "{{ ROOTFS * '.80'|float }},{{ ROOTFS * '.90'|float }}",
- "title": "{{ SERVERNAME }} - Disk Used(/)",
- "transparent": false,
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": true,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "bytes",
- "gauge": {
- "maxValue": "{{ NSMFS }}",
- "minValue": 0,
- "show": true,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 8,
- "y": 0
- },
- "id": 31,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": false,
- "lineColor": "rgb(31, 120, 193)",
- "show": false
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "disk",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "used"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "path",
- "operator": "=",
- "value": "/nsm"
- }
- ]
- }
- ],
- "thresholds": "{{ NSMFS * '.80'|float }},{{ NSMFS * '.90'|float }}",
- "title": "{{ SERVERNAME }} - Disk Used(/nsm)",
- "transparent": false,
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": true,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "percent",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": true,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 12,
- "y": 0
- },
- "id": 20,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": false,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "brodrop",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "drop"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "* 100"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": "5,10",
- "title": "{{ SERVERNAME }} -Zeek Packet Loss",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": true,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "percent",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": true,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 16,
- "y": 0
- },
- "id": 21,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": false,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "suridrop",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "drop"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "* 100"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": "5,10",
- "title": "{{ SERVERNAME }} - Suricata Packet Loss",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": true,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "percent",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": true,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 20,
- "y": 0
- },
- "id": 19,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": false,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "stenodrop",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "drop"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": "5,10",
- "title": "{{ SERVERNAME }} - PCAP Packet Loss",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "aliasColors": {
- "Interrupt": "#70DBED",
- "Nice": "#629E51",
- "SoftIRQ": "#EA6460",
- "System": "#BF1B00",
- "User": "#1F78C1",
- "Wait": "#F2C96D",
- "cpu.mean": "#629E51"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 4,
- "grid": {},
- "gridPos": {
- "h": 6,
- "w": 8,
- "x": 0,
- "y": 5
- },
- "id": 4,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "System",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_system"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- },
- {
- "alias": "User",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_user"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- },
- {
- "alias": "Nice",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "C",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_nice"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- },
- {
- "alias": "Interrupt",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "D",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_irq"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- },
- {
- "alias": "Wait",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "E",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_iowait"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- },
- {
- "alias": "SoftIRQ",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "F",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_softirq"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "cpu",
- "operator": "=",
- "value": "cpu-total"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - CPU Usage",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "percent",
- "label": "Percent(%)",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": true,
- "colors": [
- "rgba(245, 54, 54, 0.9)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(50, 172, 45, 0.97)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "s",
- "gauge": {
- "maxValue": 1209600,
- "minValue": 0,
- "show": true,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 8,
- "y": 5
- },
- "id": 22,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": false,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "pcapage",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "seconds"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": "259200,432000",
- "title": "{{ SERVERNAME }} - PCAP Retention",
- "type": "singlestat",
- "valueFontSize": "70%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current",
- "decimals": 1
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "percent",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 12,
- "y": 5
- },
- "id": 26,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": true,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_percent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- " / {{ CPUS }}"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-zeek"
- }
- ]
- }
- ],
- "thresholds": "",
- "title": "{{ SERVERNAME }} - Zeek CPU Usage",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "percent",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 16,
- "y": 5
- },
- "id": 27,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": true,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_percent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- " / {{ CPUS }}"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-suricata"
- }
- ]
- }
- ],
- "thresholds": "",
- "title": "{{ SERVERNAME }} - Suri CPU Usage",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "percent",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 20,
- "y": 5
- },
- "id": 28,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": true,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_cpu",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage_percent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- " / {{ CPUS }}"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-steno"
- }
- ]
- }
- ],
- "thresholds": "",
- "title": "{{ SERVERNAME }} - Steno CPU Usage",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(245, 54, 54, 0.9)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(50, 172, 45, 0.97)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "bits",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 8,
- "y": 10
- },
- "id": 3,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": false,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "mem",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "active"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": "",
- "title": "{{ SERVERNAME }} - Memory(Used)",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "decbytes",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 12,
- "y": 10
- },
- "id": 23,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": true,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_mem",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-zeek"
- }
- ]
- }
- ],
- "thresholds": "",
- "title": "{{ SERVERNAME }} - Zeek Memory Usage",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "decbytes",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 16,
- "y": 10
- },
- "id": 24,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": true,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_mem",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-suricata"
- }
- ]
- }
- ],
- "thresholds": "",
- "title": "{{ SERVERNAME }} - Suri Memory Usage",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "cacheTimeout": null,
- "colorBackground": false,
- "colorValue": false,
- "colors": [
- "rgba(50, 172, 45, 0.97)",
- "rgba(237, 129, 40, 0.89)",
- "rgba(245, 54, 54, 0.9)"
- ],
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "format": "decbytes",
- "gauge": {
- "maxValue": 100,
- "minValue": 0,
- "show": false,
- "thresholdLabels": false,
- "thresholdMarkers": true
- },
- "gridPos": {
- "h": 5,
- "w": 4,
- "x": 20,
- "y": 10
- },
- "id": 25,
- "interval": null,
- "links": [],
- "mappingType": 1,
- "mappingTypes": [
- {
- "name": "value to text",
- "value": 1
- },
- {
- "name": "range to text",
- "value": 2
- }
- ],
- "maxDataPoints": 100,
- "nullPointMode": "connected",
- "nullText": null,
- "postfix": "",
- "postfixFontSize": "50%",
- "prefix": "",
- "prefixFontSize": "50%",
- "rangeMaps": [
- {
- "from": "null",
- "text": "N/A",
- "to": "null"
- }
- ],
- "sparkline": {
- "fillColor": "rgba(31, 118, 189, 0.18)",
- "full": true,
- "lineColor": "rgb(31, 120, 193)",
- "show": true
- },
- "tableColumn": "",
- "targets": [
- {
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_mem",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "usage"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-steno"
- }
- ]
- }
- ],
- "thresholds": "",
- "title": "{{ SERVERNAME }} - Steno Memory Usage",
- "type": "singlestat",
- "valueFontSize": "80%",
- "valueMaps": [
- {
- "op": "=",
- "text": "N/A",
- "value": "null"
- }
- ],
- "valueName": "current"
- },
- {
- "aliasColors": {
- "Buffered": "#6ED0E0",
- "Cached": "#F9934E",
- "Free": "#629E51",
- "Used": "#58140C"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "decimals": null,
- "editable": true,
- "error": false,
- "fill": 6,
- "grid": {},
- "gridPos": {
- "h": 10,
- "w": 8,
- "x": 0,
- "y": 11
- },
- "id": 5,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "hideEmpty": false,
- "hideZero": false,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 0,
- "links": [],
- "nullPointMode": "connected",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": true,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Used",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "mem",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "used"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Buffered",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "mem",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "buffered"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Cached",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "mem",
- "policy": "default",
- "refId": "C",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "cached"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Free",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "mem",
- "policy": "default",
- "refId": "D",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "free"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Memory",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "individual"
- },
- "transparent": false,
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bytes",
- "label": "Bytes",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "InBound": "#629E51",
- "OutBound": "#5195CE",
- "net.derivative": "#1F78C1"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 8,
- "y": 15
- },
- "id": 18,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "InBound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "bytes_recv"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "interface",
- "operator": "=",
- "value": "{{ MONINT }}"
- }
- ]
- },
- {
- "alias": "OutBound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "bytes_sent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "interface",
- "operator": "=",
- "value": "{{ MONINT }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Monitor Traffic",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bps",
- "label": "Bits/Sec",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "grid": {},
- "gridPos": {
- "h": 6,
- "w": 8,
- "x": 16,
- "y": 15
- },
- "id": 13,
- "legend": {
- "avg": false,
- "current": true,
- "max": false,
- "min": false,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Read",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "diskio",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "read_bytes"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [],
- "type": "difference"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Write",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "diskio",
- "orderByTime": "ASC",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "write_bytes"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [],
- "type": "difference"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Disk I/O",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bytes",
- "label": "",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "1 Minute Average": "#EAB839",
- "15 Minute Average": "#BF1B00",
- "5 Minute Average": "#E0752D"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "grid": {},
- "gridPos": {
- "h": 8,
- "w": 8,
- "x": 0,
- "y": 21
- },
- "id": 6,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "1 Minute Average",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "system",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "load1"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "5 Minute Average",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "system",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "load5"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "15 Minute Average",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "system",
- "policy": "default",
- "refId": "C",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "load15"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Load Average",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "Blocked": "#BF1B00",
- "Running": "#7EB26D"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 7,
- "grid": {},
- "gridPos": {
- "h": 8,
- "w": 8,
- "x": 16,
- "y": 21
- },
- "id": 14,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 0,
- "links": [],
- "nullPointMode": "connected",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": true,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Blocked",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "hide": false,
- "measurement": "processes",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "blocked"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Running",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "processes",
- "policy": "default",
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "running"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- },
- {
- "alias": "Sleep",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "processes",
- "policy": "default",
- "refId": "C",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "sleeping"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Processes",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "InBound": "#629E51",
- "OutBound": "#5195CE",
- "net.derivative": "#1F78C1"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 8,
- "y": 22
- },
- "id": 10,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "InBound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "bytes_recv"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "interface",
- "operator": "=",
- "value": "{{ MANINT }}"
- }
- ]
- },
- {
- "alias": "OutBound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "bytes_sent"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "interface",
- "operator": "=",
- "value": "{{ MANINT }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Management Traffic",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bps",
- "label": "Bits/Sec",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {},
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 0,
- "y": 29
- },
- "id": 15,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "Threads",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "processes",
- "policy": "default",
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "total_threads"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Total Threads",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- },
- {
- "aliasColors": {
- "InBound": "#629E51",
- "OutBound": "#5195CE",
- "net.derivative": "#1F78C1"
- },
- "bars": false,
- "dashLength": 10,
- "dashes": false,
- "datasource": "InfluxDB",
- "editable": true,
- "error": false,
- "fill": 1,
- "grid": {},
- "gridPos": {
- "h": 7,
- "w": 8,
- "x": 8,
- "y": 29
- },
- "id": 29,
- "legend": {
- "alignAsTable": true,
- "avg": true,
- "current": true,
- "max": true,
- "min": true,
- "show": true,
- "total": false,
- "values": true
- },
- "lines": true,
- "linewidth": 2,
- "links": [],
- "nullPointMode": "connected",
- "percentage": false,
- "pointradius": 5,
- "points": false,
- "renderer": "flot",
- "seriesOverrides": [],
- "spaceLength": 10,
- "stack": false,
- "steppedLine": false,
- "targets": [
- {
- "alias": "InBound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_recv\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "A",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "rx_bytes"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-filebeat"
- }
- ]
- },
- {
- "alias": "OutBound",
- "dsType": "influxdb",
- "groupBy": [
- {
- "params": [
- "$Interval"
- ],
- "type": "time"
- },
- {
- "params": [
- "null"
- ],
- "type": "fill"
- }
- ],
- "measurement": "docker_container_net",
- "orderByTime": "ASC",
- "policy": "default",
- "query": "SELECT 8 * derivative(mean(\"bytes_sent\"),1s) FROM \"net\" WHERE \"host\" = 'JumpHost' AND \"interface\" = 'eth0' AND $timeFilter GROUP BY time($interval) fill(null)",
- "rawQuery": false,
- "refId": "B",
- "resultFormat": "time_series",
- "select": [
- [
- {
- "params": [
- "tx_bytes"
- ],
- "type": "field"
- },
- {
- "params": [],
- "type": "mean"
- },
- {
- "params": [
- "1s"
- ],
- "type": "derivative"
- },
- {
- "params": [
- "*8"
- ],
- "type": "math"
- }
- ]
- ],
- "tags": [
- {
- "key": "host",
- "operator": "=",
- "value": "{{ SERVERNAME }}"
- },
- {
- "condition": "AND",
- "key": "container_name",
- "operator": "=",
- "value": "so-filebeat"
- }
- ]
- }
- ],
- "thresholds": [],
- "timeFrom": null,
- "timeRegions": [],
- "timeShift": null,
- "title": "{{ SERVERNAME }} - Filebeat Traffic",
- "tooltip": {
- "msResolution": true,
- "shared": true,
- "sort": 0,
- "value_type": "cumulative"
- },
- "type": "graph",
- "xaxis": {
- "buckets": null,
- "mode": "time",
- "name": null,
- "show": true,
- "values": []
- },
- "yaxes": [
- {
- "format": "bps",
- "label": "Bits/Sec",
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- },
- {
- "format": "short",
- "label": null,
- "logBase": 1,
- "max": null,
- "min": null,
- "show": true
- }
- ],
- "yaxis": {
- "align": false,
- "alignLevel": null
- }
- }
- ],
- "refresh": false,
- "schemaVersion": 16,
- "style": "dark",
- "tags": [],
- "templating": {
- "list": [
- {
- "auto": true,
- "auto_count": 30,
- "auto_min": "10s",
- "current": {
- "text": "10s",
- "value": "10s"
- },
- "hide": 0,
- "label": null,
- "name": "Interval",
- "options": [
- {
- "selected": false,
- "text": "auto",
- "value": "$__auto_interval_Interval"
- },
- {
- "selected": true,
- "text": "10s",
- "value": "10s"
- },
- {
- "selected": false,
- "text": "1m",
- "value": "1m"
- },
- {
- "selected": false,
- "text": "10m",
- "value": "10m"
- },
- {
- "selected": false,
- "text": "30m",
- "value": "30m"
- },
- {
- "selected": false,
- "text": "1h",
- "value": "1h"
- },
- {
- "selected": false,
- "text": "6h",
- "value": "6h"
- },
- {
- "selected": false,
- "text": "12h",
- "value": "12h"
- },
- {
- "selected": false,
- "text": "1d",
- "value": "1d"
- },
- {
- "selected": false,
- "text": "7d",
- "value": "7d"
- },
- {
- "selected": false,
- "text": "14d",
- "value": "14d"
- },
- {
- "selected": false,
- "text": "30d",
- "value": "30d"
- }
- ],
- "query": "10s, 1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
- "refresh": 2,
- "skipUrlSync": false,
- "type": "interval"
- }
- ]
- },
- "time": {
- "from": "now-30m",
- "to": "now"
- },
- "timepicker": {
- "refresh_intervals": [
- "5s",
- "10s",
- "30s",
- "1m",
- "5m",
- "15m",
- "30m",
- "1h",
- "2h",
- "1d"
- ],
- "time_options": [
- "5m",
- "15m",
- "1h",
- "6h",
- "12h",
- "24h",
- "2d",
- "7d",
- "30d"
- ]
- },
- "timezone": "browser",
- "title": "Forward Node - {{ SERVERNAME }} Overview",
- "uid": "{{ UID }}",
- "version": 12
-}
diff --git a/salt/common/init.sls b/salt/common/init.sls
index df3e1bcc3..e9f5c2dd8 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -1,8 +1,3 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
-{% set MASTER = salt['grains.get']('master') %}
-{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
-{% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
-{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
# Add socore Group
socoregroup:
group.present:
@@ -18,34 +13,15 @@ socore:
- createhome: True
- shell: /bin/bash
-# Create a state directory
-
-statedir:
- file.directory:
- - name: /opt/so/state
- - user: 939
- - group: 939
- - makedirs: True
-
-salttmp:
- file.directory:
- - name: /opt/so/tmp
- - user: 939
- - group: 939
- - makedirs: True
# Install packages needed for the sensor
-
sensorpkgs:
pkg.installed:
- skip_suggestions: False
- pkgs:
- - docker-ce
- wget
- jq
{% if grains['os'] != 'CentOS' %}
- - python-docker
- - python-m2crypto
- apache2-utils
{% else %}
- net-tools
@@ -64,7 +40,6 @@ alwaysupdated:
- skip_suggestions: True
# Set time to UTC
-
Etc/UTC:
timezone.system
@@ -76,340 +51,4 @@ utilsyncscripts:
- group: 0
- file_mode: 755
- template: jinja
- - source: salt://common/tools/sbin
-
-# Make sure Docker is running!
-docker:
- service.running:
- - enable: True
-
-# Drop the correct nginx config based on role
-
-nginxconfdir:
- file.directory:
- - name: /opt/so/conf/nginx
- - user: 939
- - group: 939
- - makedirs: True
-
-nginxconf:
- file.managed:
- - name: /opt/so/conf/nginx/nginx.conf
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/nginx/nginx.conf.{{ grains.role }}
-
-nginxlogdir:
- file.directory:
- - name: /opt/so/log/nginx/
- - user: 939
- - group: 939
- - makedirs: True
-
-nginxtmp:
- file.directory:
- - name: /opt/so/tmp/nginx/tmp
- - user: 939
- - group: 939
- - makedirs: True
-
-so-core:
- docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-core:{{ VERSION }}
- - hostname: so-core
- - user: socore
- - binds:
- - /opt/so:/opt/so:rw
- - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- - /opt/so/log/nginx/:/var/log/nginx:rw
- - /opt/so/tmp/nginx/:/var/lib/nginx:rw
- - /opt/so/tmp/nginx/:/run:rw
- - /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
- - /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
- - /opt/so/conf/fleet/packages:/opt/socore/html/packages
- - cap_add: NET_BIND_SERVICE
- - port_bindings:
- - 80:80
- - 443:443
- {%- if FLEETMASTER or FLEETNODE %}
- - 8090:8090
- {%- endif %}
- - watch:
- - file: /opt/so/conf/nginx/nginx.conf
-
-# Add Telegraf to monitor all the things.
-tgraflogdir:
- file.directory:
- - name: /opt/so/log/telegraf
- - makedirs: True
-
-tgrafetcdir:
- file.directory:
- - name: /opt/so/conf/telegraf/etc
- - makedirs: True
-
-tgrafetsdir:
- file.directory:
- - name: /opt/so/conf/telegraf/scripts
- - makedirs: True
-
-tgrafsyncscripts:
- file.recurse:
- - name: /opt/so/conf/telegraf/scripts
- - user: 939
- - group: 939
- - file_mode: 755
- - template: jinja
- - source: salt://common/telegraf/scripts
-
-tgrafconf:
- file.managed:
- - name: /opt/so/conf/telegraf/etc/telegraf.conf
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/telegraf/etc/telegraf.conf
-
-so-telegraf:
- docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }}
- - environment:
- - HOST_PROC=/host/proc
- - HOST_ETC=/host/etc
- - HOST_SYS=/host/sys
- - HOST_MOUNT_PREFIX=/host
- - network_mode: host
- - port_bindings:
- - 127.0.0.1:8094:8094
- - binds:
- - /opt/so/log/telegraf:/var/log/telegraf:rw
- - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro
- - /var/run/utmp:/var/run/utmp:ro
- - /var/run/docker.sock:/var/run/docker.sock:ro
- - /:/host/root:ro
- - /sys:/host/sys:ro
- - /proc:/host/proc:ro
- - /nsm:/host/nsm:ro
- - /etc:/host/etc:ro
- {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-mastersearch' %}
- - /etc/pki/ca.crt:/etc/telegraf/ca.crt:ro
- {% else %}
- - /etc/ssl/certs/intca.crt:/etc/telegraf/ca.crt:ro
- {% endif %}
- - /etc/pki/influxdb.crt:/etc/telegraf/telegraf.crt:ro
- - /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
- - /opt/so/conf/telegraf/scripts:/scripts:ro
- - /opt/so/log/stenographer:/var/log/stenographer:ro
- - /opt/so/log/suricata:/var/log/suricata:ro
- - watch:
- - /opt/so/conf/telegraf/etc/telegraf.conf
- - /opt/so/conf/telegraf/scripts
-
-# If its a master or eval lets install the back end for now
-{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
-
-# Influx DB
-influxconfdir:
- file.directory:
- - name: /opt/so/conf/influxdb/etc
- - makedirs: True
-
-influxdbdir:
- file.directory:
- - name: /nsm/influxdb
- - makedirs: True
-
-influxdbconf:
- file.managed:
- - name: /opt/so/conf/influxdb/etc/influxdb.conf
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/influxdb/etc/influxdb.conf
-
-so-influxdb:
- docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
- - hostname: influxdb
- - environment:
- - INFLUXDB_HTTP_LOG_ENABLED=false
- - binds:
- - /opt/so/conf/influxdb/etc/influxdb.conf:/etc/influxdb/influxdb.conf:ro
- - /nsm/influxdb:/var/lib/influxdb:rw
- - /etc/pki/influxdb.crt:/etc/ssl/influxdb.crt:ro
- - /etc/pki/influxdb.key:/etc/ssl/influxdb.key:ro
- - port_bindings:
- - 0.0.0.0:8086:8086
- - watch:
- - file: /opt/so/conf/influxdb/etc/influxdb.conf
-
-# Grafana all the things
-grafanadir:
- file.directory:
- - name: /nsm/grafana
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanaconfdir:
- file.directory:
- - name: /opt/so/conf/grafana/etc
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanadashdir:
- file.directory:
- - name: /opt/so/conf/grafana/grafana_dashboards
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanadashmdir:
- file.directory:
- - name: /opt/so/conf/grafana/grafana_dashboards/master
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanadashevaldir:
- file.directory:
- - name: /opt/so/conf/grafana/grafana_dashboards/eval
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanadashfndir:
- file.directory:
- - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanadashsndir:
- file.directory:
- - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes
- - user: 939
- - group: 939
- - makedirs: True
-
-grafanaconf:
- file.recurse:
- - name: /opt/so/conf/grafana/etc
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/grafana/etc
-
-{% if salt['pillar.get']('mastertab', False) %}
-{% for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
-{% set NODETYPE = SN.split('_')|last %}
-{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
-dashboard-master:
- file.managed:
- - name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/grafana/grafana_dashboards/master/master.json
- - defaults:
- SERVERNAME: {{ SN }}
- MANINT: {{ SNDATA.manint }}
- MONINT: {{ SNDATA.manint }}
- CPUS: {{ SNDATA.totalcpus }}
- UID: {{ SNDATA.guid }}
- ROOTFS: {{ SNDATA.rootfs }}
- NSMFS: {{ SNDATA.nsmfs }}
-
-{% endfor %}
-{% endif %}
-
-{% if salt['pillar.get']('sensorstab', False) %}
-{% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
-{% set NODETYPE = SN.split('_')|last %}
-{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
-dashboard-{{ SN }}:
- file.managed:
- - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/grafana/grafana_dashboards/sensor_nodes/sensor.json
- - defaults:
- SERVERNAME: {{ SN }}
- MONINT: {{ SNDATA.monint }}
- MANINT: {{ SNDATA.manint }}
- CPUS: {{ SNDATA.totalcpus }}
- UID: {{ SNDATA.guid }}
- ROOTFS: {{ SNDATA.rootfs }}
- NSMFS: {{ SNDATA.nsmfs }}
-
-{% endfor %}
-{% endif %}
-
-{% if salt['pillar.get']('nodestab', False) %}
-{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
-{% set NODETYPE = SN.split('_')|last %}
-{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
-dashboardsearch-{{ SN }}:
- file.managed:
- - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/grafana/grafana_dashboards/search_nodes/searchnode.json
- - defaults:
- SERVERNAME: {{ SN }}
- MANINT: {{ SNDATA.manint }}
- MONINT: {{ SNDATA.manint }}
- CPUS: {{ SNDATA.totalcpus }}
- UID: {{ SNDATA.guid }}
- ROOTFS: {{ SNDATA.rootfs }}
- NSMFS: {{ SNDATA.nsmfs }}
-
-{% endfor %}
-{% endif %}
-
-{% if salt['pillar.get']('evaltab', False) %}
-{% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
-{% set NODETYPE = SN.split('_')|last %}
-{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
-dashboard-{{ SN }}:
- file.managed:
- - name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json
- - user: 939
- - group: 939
- - template: jinja
- - source: salt://common/grafana/grafana_dashboards/eval/eval.json
- - defaults:
- SERVERNAME: {{ SN }}
- MANINT: {{ SNDATA.manint }}
- MONINT: {{ SNDATA.monint }}
- CPUS: {{ SNDATA.totalcpus }}
- UID: {{ SNDATA.guid }}
- ROOTFS: {{ SNDATA.rootfs }}
- NSMFS: {{ SNDATA.nsmfs }}
-
-{% endfor %}
-{% endif %}
-
-so-grafana:
- docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
- - hostname: grafana
- - user: socore
- - binds:
- - /nsm/grafana:/var/lib/grafana:rw
- - /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro
- - /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw
- - /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw
- - /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw
- - environment:
- - GF_SECURITY_ADMIN_PASSWORD=augusta
- - port_bindings:
- - 0.0.0.0:3000:3000
- - watch:
- - file: /opt/so/conf/grafana/*
-
-{% endif %}
+ - source: salt://common/tools/sbin
\ No newline at end of file
diff --git a/salt/common/maps/broversion.map.jinja b/salt/common/maps/broversion.map.jinja
new file mode 100644
index 000000000..9a06b52ed
--- /dev/null
+++ b/salt/common/maps/broversion.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+ 'containers': [
+ 'so-zeek'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/domainstats.map.jinja b/salt/common/maps/domainstats.map.jinja
new file mode 100644
index 000000000..221dcde03
--- /dev/null
+++ b/salt/common/maps/domainstats.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+ 'containers': [
+ 'so-domainstats'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/eval.map.jinja b/salt/common/maps/eval.map.jinja
new file mode 100644
index 000000000..56f2116b9
--- /dev/null
+++ b/salt/common/maps/eval.map.jinja
@@ -0,0 +1,18 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-dockerregistry',
+ 'so-soc',
+ 'so-kratos',
+ 'so-idstools',
+ 'so-elasticsearch',
+ 'so-kibana',
+ 'so-steno',
+ 'so-suricata',
+ 'so-zeek',
+ 'so-curator',
+ 'so-elastalert',
+ 'so-soctopus'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/fleet.map.jinja b/salt/common/maps/fleet.map.jinja
new file mode 100644
index 000000000..c55223125
--- /dev/null
+++ b/salt/common/maps/fleet.map.jinja
@@ -0,0 +1,10 @@
+{% set docker = {
+ 'containers': [
+ 'so-mysql',
+ 'so-fleet',
+ 'so-redis',
+ 'so-filebeat',
+ 'so-nginx',
+ 'so-telegraf'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/fleet_master.map.jinja b/salt/common/maps/fleet_master.map.jinja
new file mode 100644
index 000000000..91850846c
--- /dev/null
+++ b/salt/common/maps/fleet_master.map.jinja
@@ -0,0 +1,7 @@
+{% set docker = {
+ 'containers': [
+ 'so-mysql',
+ 'so-fleet',
+ 'so-redis'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/freq.map.jinja b/salt/common/maps/freq.map.jinja
new file mode 100644
index 000000000..d3f692484
--- /dev/null
+++ b/salt/common/maps/freq.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+ 'containers': [
+ 'so-freqserver'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/grafana.map.jinja b/salt/common/maps/grafana.map.jinja
new file mode 100644
index 000000000..1118a50fe
--- /dev/null
+++ b/salt/common/maps/grafana.map.jinja
@@ -0,0 +1,6 @@
+{% set docker = {
+ 'containers': [
+ 'so-influxdb',
+ 'so-grafana'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/heavynode.map.jinja b/salt/common/maps/heavynode.map.jinja
new file mode 100644
index 000000000..2b8257a6a
--- /dev/null
+++ b/salt/common/maps/heavynode.map.jinja
@@ -0,0 +1,14 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-redis',
+ 'so-logstash',
+ 'so-elasticsearch',
+ 'so-curator',
+ 'so-steno',
+ 'so-suricata',
+ 'so-wazuh',
+ 'so-filebeat
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/helixsensor.map.jinja b/salt/common/maps/helixsensor.map.jinja
new file mode 100644
index 000000000..84866de3a
--- /dev/null
+++ b/salt/common/maps/helixsensor.map.jinja
@@ -0,0 +1,12 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-idstools',
+ 'so-steno',
+ 'so-zeek',
+ 'so-redis',
+ 'so-logstash',
+ 'so-filebeat
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/hotnode.map.jinja b/salt/common/maps/hotnode.map.jinja
new file mode 100644
index 000000000..bc9d58360
--- /dev/null
+++ b/salt/common/maps/hotnode.map.jinja
@@ -0,0 +1,9 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-logstash',
+ 'so-elasticsearch',
+ 'so-curator',
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/master.map.jinja b/salt/common/maps/master.map.jinja
new file mode 100644
index 000000000..84918c39f
--- /dev/null
+++ b/salt/common/maps/master.map.jinja
@@ -0,0 +1,18 @@
+{% set docker = {
+ 'containers': [
+ 'so-dockerregistry',
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-soc',
+ 'so-kratos',
+ 'so-acng',
+ 'so-idstools',
+ 'so-redis',
+ 'so-elasticsearch',
+ 'so-logstash',
+ 'so-kibana',
+ 'so-elastalert',
+ 'so-filebeat',
+ 'so-soctopus'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/mastersearch.map.jinja b/salt/common/maps/mastersearch.map.jinja
new file mode 100644
index 000000000..9c2e6eff7
--- /dev/null
+++ b/salt/common/maps/mastersearch.map.jinja
@@ -0,0 +1,18 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-soc',
+ 'so-kratos',
+ 'so-acng',
+ 'so-idstools',
+ 'so-redis',
+ 'so-logstash',
+ 'so-elasticsearch',
+ 'so-curator',
+ 'so-kibana',
+ 'so-elastalert',
+ 'so-filebeat',
+ 'so-soctopus'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/playbook.map.jinja b/salt/common/maps/playbook.map.jinja
new file mode 100644
index 000000000..064262119
--- /dev/null
+++ b/salt/common/maps/playbook.map.jinja
@@ -0,0 +1,6 @@
+{% set docker = {
+ 'containers': [
+ 'so-playbook',
+ 'so-navigator'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/searchnode.map.jinja b/salt/common/maps/searchnode.map.jinja
new file mode 100644
index 000000000..b46652742
--- /dev/null
+++ b/salt/common/maps/searchnode.map.jinja
@@ -0,0 +1,10 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-logstash',
+ 'so-elasticsearch',
+ 'so-curator',
+ 'so-filebeat'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/sensor.map.jinja b/salt/common/maps/sensor.map.jinja
new file mode 100644
index 000000000..e77352692
--- /dev/null
+++ b/salt/common/maps/sensor.map.jinja
@@ -0,0 +1,9 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-steno',
+ 'so-suricata',
+ 'so-filebeat'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/so-status.map.jinja b/salt/common/maps/so-status.map.jinja
new file mode 100644
index 000000000..39672410c
--- /dev/null
+++ b/salt/common/maps/so-status.map.jinja
@@ -0,0 +1,61 @@
+{% set role = grains.id.split('_') | last %}
+{% from 'common/maps/'~ role ~'.map.jinja' import docker with context %}
+
+# Check if the service is enabled and append it's required containers
+# to the list predefined by the role / minion id affix
+{% macro append_containers(pillar_name, k, compare )%}
+ {% if salt['pillar.get'](pillar_name~':'~k, {}) != compare %}
+ {% from 'common/maps/'~k~'.map.jinja' import docker as d with context %}
+ {% for li in d['containers'] %}
+ {{ docker['containers'].append(li) }}
+ {% endfor %}
+ {% endif %}
+{% endmacro %}
+
+{% set docker = salt['grains.filter_by']({
+ '*_'~role: {
+ 'containers': docker['containers']
+ }
+},grain='id', merge=salt['pillar.get']('docker')) %}
+
+{% if role == 'eval' %}
+ {{ append_containers('master', 'grafana', 0) }}
+ {{ append_containers('static', 'fleet_master', 0) }}
+ {{ append_containers('master', 'wazuh', 0) }}
+ {{ append_containers('master', 'thehive', 0) }}
+ {{ append_containers('master', 'playbook', 0) }}
+ {{ append_containers('master', 'freq', 0) }}
+ {{ append_containers('master', 'domainstats', 0) }}
+{% endif %}
+
+{% if role == 'heavynode' %}
+ {{ append_containers('static', 'broversion', 'SURICATA') }}
+{% endif %}
+
+{% if role == 'mastersearch' %}
+ {{ append_containers('master', 'grafana', 0) }}
+ {{ append_containers('static', 'fleet_master', 0) }}
+ {{ append_containers('master', 'wazuh', 0) }}
+ {{ append_containers('master', 'thehive', 0) }}
+ {{ append_containers('master', 'playbook', 0) }}
+ {{ append_containers('master', 'freq', 0) }}
+ {{ append_containers('master', 'domainstats', 0) }}
+{% endif %}
+
+{% if role == 'master' %}
+ {{ append_containers('master', 'grafana', 0) }}
+ {{ append_containers('static', 'fleet_master', 0) }}
+ {{ append_containers('master', 'wazuh', 0) }}
+ {{ append_containers('master', 'thehive', 0) }}
+ {{ append_containers('master', 'playbook', 0) }}
+ {{ append_containers('master', 'freq', 0) }}
+ {{ append_containers('master', 'domainstats', 0) }}
+{% endif %}
+
+{% if role == 'searchnode' %}
+ {{ append_containers('master', 'wazuh', 0) }}
+{% endif %}
+
+{% if role == 'sensor' %}
+ {{ append_containers('static', 'broversion', 'SURICATA') }}
+{% endif %}
\ No newline at end of file
diff --git a/salt/common/maps/thehive.map.jinja b/salt/common/maps/thehive.map.jinja
new file mode 100644
index 000000000..e4ca7d2a2
--- /dev/null
+++ b/salt/common/maps/thehive.map.jinja
@@ -0,0 +1,7 @@
+{% set docker = {
+ 'containers': [
+ 'so-thehive',
+ 'so-thehive-es',
+ 'so-cortex'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/warmnode.map.jinja b/salt/common/maps/warmnode.map.jinja
new file mode 100644
index 000000000..08cf2dbb8
--- /dev/null
+++ b/salt/common/maps/warmnode.map.jinja
@@ -0,0 +1,7 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-elasticsearch'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/wazuh.map.jinja b/salt/common/maps/wazuh.map.jinja
new file mode 100644
index 000000000..5217a79ee
--- /dev/null
+++ b/salt/common/maps/wazuh.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+ 'containers': [
+ 'so-wazuh'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-elastic-download b/salt/common/tools/sbin/so-elastic-download
index 9e2c56719..216f51410 100755
--- a/salt/common/tools/sbin/so-elastic-download
+++ b/salt/common/tools/sbin/so-elastic-download
@@ -2,7 +2,7 @@
MASTER=MASTER
VERSION="HH1.1.4"
TRUSTED_CONTAINERS=( \
-"so-core:$VERSION" \
+"so-nginx:$VERSION" \
"so-thehive-cortex:$VERSION" \
"so-curator:$VERSION" \
"so-domainstats:$VERSION" \
diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status
index a9f5d501a..29c029623 100755
--- a/salt/common/tools/sbin/so-status
+++ b/salt/common/tools/sbin/so-status
@@ -14,35 +14,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-
-# {%- set pillar_suffix = ':containers' -%}
-# {%- if (salt['grains.get']('role') == 'so-mastersearch') -%}
-# {%- set pillar_val = 'master_search' -%}
-# {%- elif (salt['grains.get']('role') == 'so-master') -%}
-# {%- set pillar_val = 'master' -%}
-# {%- elif (salt['grains.get']('role') == 'so-heavynode') -%}
-# {%- set pillar_val = 'heavy_node' -%}
-# {%- elif (salt['grains.get']('role') == 'so-sensor') -%}
-# {%- set pillar_val = 'sensor' -%}
-# {%- elif (salt['grains.get']('role') == 'so-eval') -%}
-# {%- set pillar_val = 'eval' -%}
-# {%- elif (salt['grains.get']('role') == 'so-fleet') -%}
-# {%- set pillar_val = 'fleet' -%}
-# {%- elif (salt['grains.get']('role') == 'so-helix') -%}
-# {%- set pillar_val = 'helix' -%}
-# {%- elif (salt['grains.get']('role') == 'so-node') -%}
-# {%- if (salt['pillar.get']('node:node_type') == 'parser') -%}
-# {%- set pillar_val = 'parser_node' -%}
-# {%- elif (salt['pillar.get']('node:node_type') == 'hot') -%}
-# {%- set pillar_val = 'hot_node' -%}
-# {%- elif (salt['pillar.get']('node:node_type') == 'warm') -%}
-# {%- set pillar_val = 'warm_node' -%}
-# {%- elif (salt['pillar.get']('node:node_type') == 'search') -%}
-# {%- set pillar_val = 'search_node' -%}
-# {%- endif -%}
-# {%- endif -%}
-# {%- set pillar_name = pillar_val ~ pillar_suffix -%}
-# {%- set container_list = salt['pillar.get'](pillar_name) %}
+{%- from 'common/maps/so-status.map.jinja' import docker with context %}
+{%- set container_list = docker['containers'] %}
if ! [ "$(id -u)" = 0 ]; then
echo "This command must be run as root"
@@ -98,14 +71,15 @@ compare_lists() {
# {% endraw %}
create_expected_container_list() {
- # {% for item in container_list%}
+ {% for item in container_list%}
expected_container_list+=("{{ item }}")
- # {% endfor %}
+ {% endfor %}
}
populate_container_lists() {
+ systemctl is-active --quiet docker
- if systemctl is-active --quiet docker; then
+ if [[ $? = 0 ]]; then
mapfile -t docker_raw_list < <(curl -s --unix-socket /var/run/docker.sock http:/v1.40/containers/json?all=1 \
| jq -c '.[] | { Name: .Names[0], State: .State }' \
| tr -d '/{"}')
diff --git a/salt/curator/init.sls b/salt/curator/init.sls
index 7912dfffa..b97f7090d 100644
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% if grains['role'] == 'so-node' or grains['role'] == 'so-eval' %}
# Curator
diff --git a/salt/docker/init.sls b/salt/docker/init.sls
new file mode 100644
index 000000000..3021552ab
--- /dev/null
+++ b/salt/docker/init.sls
@@ -0,0 +1,8 @@
+installdocker:
+ pkg.installed:
+ - name: docker-ce
+
+# Make sure Docker is running!
+docker:
+ service.running:
+ - enable: True
\ No newline at end of file
diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 9d6e0f001..0952689e2 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% if grains['role'] == 'so-master' %}
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index f0127a651..35676ed6d 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
{% if FEATURES %}
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 3dd90338f..409594b2d 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -11,7 +11,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set MASTERIP = salt['pillar.get']('static:masterip', '') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
diff --git a/salt/fleet/files/scripts/so-fleet-setup b/salt/fleet/files/scripts/so-fleet-setup
index 3489ea86f..6b49dee03 100644
--- a/salt/fleet/files/scripts/so-fleet-setup
+++ b/salt/fleet/files/scripts/so-fleet-setup
@@ -41,7 +41,7 @@ sleep 120
echo "Installing launcher via salt..."
salt-call state.apply fleet.install_package queue=True >> /root/fleet-setup.log
salt-call state.apply filebeat queue=True >> /root/fleet-setup.log
-docker stop so-core
+docker stop so-nginx
salt-call state.apply common queue=True >> /root/fleet-setup.log
echo "Fleet Setup Complete - Login here: https://{{ MAIN_HOSTNAME }}"
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index 5fadf8184..66720b85a 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -1,7 +1,7 @@
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
{%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
{%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set MAINIP = salt['pillar.get']('node:mainip') %}
{% set FLEETARCH = salt['grains.get']('role') %}
@@ -21,9 +21,6 @@
# hostname: {{ grains.host }}
#{% endif %}
-include:
- - mysql
-
# Fleet Setup
fleetcdir:
file.directory:
@@ -89,9 +86,6 @@ fleetdb:
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
- - require:
- - sls: mysql
- - cmd: so-mysql
fleetdbuser:
mysql_user.present:
@@ -101,8 +95,6 @@ fleetdbuser:
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
- - require:
- - fleetdb
fleetdbpriv:
mysql_grants.present:
@@ -114,9 +106,8 @@ fleetdbpriv:
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
- - require:
- - fleetdb
-
+
+
{% if FLEETPASS == None or FLEETJWT == None %}
fleet_password_none:
diff --git a/salt/common/grafana/grafana_dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json
similarity index 100%
rename from salt/common/grafana/grafana_dashboards/eval/eval.json
rename to salt/grafana/dashboards/eval/eval.json
diff --git a/salt/common/grafana/grafana_dashboards/master/master.json b/salt/grafana/dashboards/master/master.json
similarity index 100%
rename from salt/common/grafana/grafana_dashboards/master/master.json
rename to salt/grafana/dashboards/master/master.json
diff --git a/salt/common/grafana/grafana_dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json
similarity index 100%
rename from salt/common/grafana/grafana_dashboards/search_nodes/searchnode.json
rename to salt/grafana/dashboards/search_nodes/searchnode.json
diff --git a/salt/common/grafana/grafana_dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json
similarity index 99%
rename from salt/common/grafana/grafana_dashboards/sensor_nodes/sensor.json
rename to salt/grafana/dashboards/sensor_nodes/sensor.json
index ddccc1664..95e6eb7cb 100644
--- a/salt/common/grafana/grafana_dashboards/sensor_nodes/sensor.json
+++ b/salt/grafana/dashboards/sensor_nodes/sensor.json
@@ -447,6 +447,13 @@
]
}
],
+<<<<<<<< HEAD:salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json
+ "thresholds": "5,10",
+ "title": "{{ SERVERNAME }} -Zeek Packet Loss",
+ "type": "singlestat",
+ "valueFontSize": "80%",
+ "valueMaps": [
+========
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
@@ -474,6 +481,7 @@
"min": null,
"show": true
},
+>>>>>>>> dev:salt/grafana/dashboards/sensor_nodes/sensor.json
{
"format": "short",
"label": null,
@@ -2060,6 +2068,8 @@
}
},
{
+<<<<<<<< HEAD:salt/common/grafana/grafana_dashboards/forward_nodes/sensor.json
+========
"aliasColors": {},
"bars": false,
"cacheTimeout": null,
@@ -2193,6 +2203,7 @@
}
},
{
+>>>>>>>> dev:salt/grafana/dashboards/sensor_nodes/sensor.json
"aliasColors": {
"Buffered": "#6ED0E0",
"Cached": "#F9934E",
diff --git a/salt/common/grafana/etc/dashboards/dashboard.yml b/salt/grafana/etc/dashboards/dashboard.yml
similarity index 100%
rename from salt/common/grafana/etc/dashboards/dashboard.yml
rename to salt/grafana/etc/dashboards/dashboard.yml
diff --git a/salt/common/grafana/etc/datasources/influxdb.yaml b/salt/grafana/etc/datasources/influxdb.yaml
similarity index 100%
rename from salt/common/grafana/etc/datasources/influxdb.yaml
rename to salt/grafana/etc/datasources/influxdb.yaml
diff --git a/salt/common/grafana/etc/grafana.ini b/salt/grafana/etc/grafana.ini
similarity index 100%
rename from salt/common/grafana/etc/grafana.ini
rename to salt/grafana/etc/grafana.ini
diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls
new file mode 100644
index 000000000..deaabf4e5
--- /dev/null
+++ b/salt/grafana/init.sls
@@ -0,0 +1,175 @@
+{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
+{% set MASTER = salt['grains.get']('master') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+
+{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
+
+# Grafana all the things
+grafanadir:
+ file.directory:
+ - name: /nsm/grafana
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanaconfdir:
+ file.directory:
+ - name: /opt/so/conf/grafana/etc
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanadashdir:
+ file.directory:
+ - name: /opt/so/conf/grafana/grafana_dashboards
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanadashmdir:
+ file.directory:
+ - name: /opt/so/conf/grafana/grafana_dashboards/master
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanadashevaldir:
+ file.directory:
+ - name: /opt/so/conf/grafana/grafana_dashboards/eval
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanadashfndir:
+ file.directory:
+ - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanadashsndir:
+ file.directory:
+ - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+grafanaconf:
+ file.recurse:
+ - name: /opt/so/conf/grafana/etc
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://grafana/etc
+
+{% if salt['pillar.get']('mastertab', False) %}
+{% for SN, SNDATA in salt['pillar.get']('mastertab', {}).items() %}
+{% set NODETYPE = SN.split('_')|last %}
+{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
+dashboard-master:
+ file.managed:
+ - name: /opt/so/conf/grafana/grafana_dashboards/master/{{ SN }}-Master.json
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://grafana/dashboards/master/master.json
+ - defaults:
+ SERVERNAME: {{ SN }}
+ MANINT: {{ SNDATA.manint }}
+ MONINT: {{ SNDATA.manint }}
+ CPUS: {{ SNDATA.totalcpus }}
+ UID: {{ SNDATA.guid }}
+ ROOTFS: {{ SNDATA.rootfs }}
+ NSMFS: {{ SNDATA.nsmfs }}
+
+{% endfor %}
+{% endif %}
+
+{% if salt['pillar.get']('sensorstab', False) %}
+{% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
+{% set NODETYPE = SN.split('_')|last %}
+{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
+dashboard-{{ SN }}:
+ file.managed:
+ - name: /opt/so/conf/grafana/grafana_dashboards/sensor_nodes/{{ SN }}-Sensor.json
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://grafana/dashboards/sensor_nodes/sensor.json
+ - defaults:
+ SERVERNAME: {{ SN }}
+ MONINT: {{ SNDATA.monint }}
+ MANINT: {{ SNDATA.manint }}
+ CPUS: {{ SNDATA.totalcpus }}
+ UID: {{ SNDATA.guid }}
+ ROOTFS: {{ SNDATA.rootfs }}
+ NSMFS: {{ SNDATA.nsmfs }}
+
+{% endfor %}
+{% endif %}
+
+{% if salt['pillar.get']('nodestab', False) %}
+{% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
+{% set NODETYPE = SN.split('_')|last %}
+{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
+dashboardsearch-{{ SN }}:
+ file.managed:
+ - name: /opt/so/conf/grafana/grafana_dashboards/search_nodes/{{ SN }}-Node.json
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://grafana/dashboards/search_nodes/searchnode.json
+ - defaults:
+ SERVERNAME: {{ SN }}
+ MANINT: {{ SNDATA.manint }}
+ MONINT: {{ SNDATA.manint }}
+ CPUS: {{ SNDATA.totalcpus }}
+ UID: {{ SNDATA.guid }}
+ ROOTFS: {{ SNDATA.rootfs }}
+ NSMFS: {{ SNDATA.nsmfs }}
+
+{% endfor %}
+{% endif %}
+
+{% if salt['pillar.get']('evaltab', False) %}
+{% for SN, SNDATA in salt['pillar.get']('evaltab', {}).items() %}
+{% set NODETYPE = SN.split('_')|last %}
+{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
+dashboard-{{ SN }}:
+ file.managed:
+ - name: /opt/so/conf/grafana/grafana_dashboards/eval/{{ SN }}-Node.json
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://grafana/dashboards/eval/eval.json
+ - defaults:
+ SERVERNAME: {{ SN }}
+ MANINT: {{ SNDATA.manint }}
+ MONINT: {{ SNDATA.monint }}
+ CPUS: {{ SNDATA.totalcpus }}
+ UID: {{ SNDATA.guid }}
+ ROOTFS: {{ SNDATA.rootfs }}
+ NSMFS: {{ SNDATA.nsmfs }}
+
+{% endfor %}
+{% endif %}
+
+so-grafana:
+ docker_container.running:
+ - image: {{ MASTER }}:5000/soshybridhunter/so-grafana:{{ VERSION }}
+ - hostname: grafana
+ - user: socore
+ - binds:
+ - /nsm/grafana:/var/lib/grafana:rw
+ - /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro
+ - /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw
+ - /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw
+ - /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw
+ - environment:
+ - GF_SECURITY_ADMIN_PASSWORD=augusta
+ - port_bindings:
+ - 0.0.0.0:3000:3000
+ - watch:
+ - file: /opt/so/conf/grafana/*
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/hive/init.sls b/salt/hive/init.sls
index 179ac5e1a..2be2f7480 100644
--- a/salt/hive/init.sls
+++ b/salt/hive/init.sls
@@ -1,5 +1,5 @@
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
hiveconfdir:
file.directory:
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index f7ffacd6b..eba5cfd26 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
# IDSTools Setup
idstoolsdir:
diff --git a/salt/common/influxdb/etc/influxdb.conf b/salt/influxdb/etc/influxdb.conf
similarity index 100%
rename from salt/common/influxdb/etc/influxdb.conf
rename to salt/influxdb/etc/influxdb.conf
diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls
new file mode 100644
index 000000000..49470cfc9
--- /dev/null
+++ b/salt/influxdb/init.sls
@@ -0,0 +1,43 @@
+{% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
+{% set MASTER = salt['grains.get']('master') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+
+
+{% if grains['role'] in ['so-master', 'so-mastersearch', 'so-eval'] and GRAFANA == 1 %}
+
+# Influx DB
+influxconfdir:
+ file.directory:
+ - name: /opt/so/conf/influxdb/etc
+ - makedirs: True
+
+influxdbdir:
+ file.directory:
+ - name: /nsm/influxdb
+ - makedirs: True
+
+influxdbconf:
+ file.managed:
+ - name: /opt/so/conf/influxdb/etc/influxdb.conf
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://influxdb/etc/influxdb.conf
+
+so-influxdb:
+ docker_container.running:
+ - image: {{ MASTER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }}
+ - hostname: influxdb
+ - environment:
+ - INFLUXDB_HTTP_LOG_ENABLED=false
+ - binds:
+ - /opt/so/conf/influxdb/etc/influxdb.conf:/etc/influxdb/influxdb.conf:ro
+ - /nsm/influxdb:/var/lib/influxdb:rw
+ - /etc/pki/influxdb.crt:/etc/ssl/influxdb.crt:ro
+ - /etc/pki/influxdb.key:/etc/ssl/influxdb.key:ro
+ - port_bindings:
+ - 0.0.0.0:8086:8086
+ - watch:
+ - file: influxdbconf
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load
index 566e8cfc0..ad75374ea 100644
--- a/salt/kibana/bin/so-kibana-config-load
+++ b/salt/kibana/bin/so-kibana-config-load
@@ -1,6 +1,7 @@
#!/bin/bash
{%- set MASTER = salt['pillar.get']('static:masterip', '') %}
+{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
{%- set FLEET = salt['pillar.get']('static:fleet_ip', '') %}
{%- set KRATOS = salt['pillar.get']('kratos:redirect', '') %}
@@ -28,8 +29,10 @@ cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_o
# SOCtopus and Master
sed -i "s/PLACEHOLDER/{{ MASTER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
+{% if FLEET_NODE %}
# Fleet IP
sed -i "s/FLEETPLACEHOLDER/{{ FLEET }}/g" /opt/so/conf/kibana/saved_objects.ndjson
+{% endif %}
# Kratos redirect
sed -i "s/PCAPPLACEHOLDER/{{ KRATOS }}/g" /opt/so/conf/kibana/saved_objects.ndjson
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index 0f0fa987e..975ec800e 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
{% if FEATURES %}
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index 6488828e0..7b7ffe60b 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
{% if FEATURES %}
diff --git a/salt/master/files/registry/scripts/so-docker-download b/salt/master/files/registry/scripts/so-docker-download
index f6ca8f4e1..2670acf26 100644
--- a/salt/master/files/registry/scripts/so-docker-download
+++ b/salt/master/files/registry/scripts/so-docker-download
@@ -1,9 +1,9 @@
#!/bin/bash
MASTER={{ MASTER }}
-VERSION="HH1.2.1"
+VERSION="HH1.2.2"
TRUSTED_CONTAINERS=( \
-"so-core:$VERSION" \
+"so-nginx:$VERSION" \
"so-cyberchef:$VERSION" \
"so-acng:$VERSION" \
"so-soc:$VERSION" \
diff --git a/salt/master/init.sls b/salt/master/init.sls
index 7752311f8..4dab12a68 100644
--- a/salt/master/init.sls
+++ b/salt/master/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set masterproxy = salt['pillar.get']('static:masterupdate', '0') %}
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index 32528ed91..894bebaea 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -1,6 +1,6 @@
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set MAINIP = salt['pillar.get']('node:mainip') %}
{% set FLEETARCH = salt['grains.get']('role') %}
@@ -57,6 +57,7 @@ mysqldatadir:
- user: 939
- group: 939
- makedirs: True
+
{% if MYSQLPASS == None %}
mysql_password_none:
@@ -84,9 +85,4 @@ so-mysql:
- /opt/so/log/mysql:/var/log/mysql:rw
- watch:
- /opt/so/conf/mysql/etc
- cmd.run:
- - name: until nc -z {{ MASTERIP }} 3306; do sleep 1; done
- - timeout: 360
- - onchanges:
- - docker_container: so-mysql
{% endif %}
\ No newline at end of file
diff --git a/salt/common/nginx/index.html b/salt/nginx/etc/index.html
similarity index 100%
rename from salt/common/nginx/index.html
rename to salt/nginx/etc/index.html
diff --git a/salt/common/nginx/nginx.conf.so-eval b/salt/nginx/etc/nginx.conf.so-eval
similarity index 98%
rename from salt/common/nginx/nginx.conf.so-eval
rename to salt/nginx/etc/nginx.conf.so-eval
index e2615808f..61d91ba20 100644
--- a/salt/common/nginx/nginx.conf.so-eval
+++ b/salt/nginx/etc/nginx.conf.so-eval
@@ -299,12 +299,12 @@ http {
return 302 /auth/self-service/browser/flows/login;
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /usr/share/nginx/html/40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-fleet b/salt/nginx/etc/nginx.conf.so-fleet
similarity index 95%
rename from salt/common/nginx/nginx.conf.so-fleet
rename to salt/nginx/etc/nginx.conf.so-fleet
index a97b85e78..28372f448 100644
--- a/salt/common/nginx/nginx.conf.so-fleet
+++ b/salt/nginx/etc/nginx.conf.so-fleet
@@ -86,12 +86,12 @@ http {
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-heavynode b/salt/nginx/etc/nginx.conf.so-heavynode
similarity index 94%
rename from salt/common/nginx/nginx.conf.so-heavynode
rename to salt/nginx/etc/nginx.conf.so-heavynode
index 39688f3df..f3fc913de 100644
--- a/salt/common/nginx/nginx.conf.so-heavynode
+++ b/salt/nginx/etc/nginx.conf.so-heavynode
@@ -77,12 +77,12 @@ http {
# location / {
# }
#
-# error_page 404 /404.html;
-# location = /40x.html {
-# }
+# #error_page 404 /404.html;
+# # location = /40x.html {
+# #}
#
# error_page 500 502 503 504 /50x.html;
-# location = /50x.html {
+# location = /usr/share/nginx/html/50x.html {
# }
# }
diff --git a/salt/common/nginx/nginx.conf.so-helix b/salt/nginx/etc/nginx.conf.so-helix
similarity index 94%
rename from salt/common/nginx/nginx.conf.so-helix
rename to salt/nginx/etc/nginx.conf.so-helix
index 39688f3df..e5a68c09d 100644
--- a/salt/common/nginx/nginx.conf.so-helix
+++ b/salt/nginx/etc/nginx.conf.so-helix
@@ -47,12 +47,12 @@ http {
location / {
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-master b/salt/nginx/etc/nginx.conf.so-master
similarity index 98%
rename from salt/common/nginx/nginx.conf.so-master
rename to salt/nginx/etc/nginx.conf.so-master
index e2615808f..46e910a17 100644
--- a/salt/common/nginx/nginx.conf.so-master
+++ b/salt/nginx/etc/nginx.conf.so-master
@@ -299,12 +299,12 @@ http {
return 302 /auth/self-service/browser/flows/login;
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-mastersearch b/salt/nginx/etc/nginx.conf.so-mastersearch
similarity index 98%
rename from salt/common/nginx/nginx.conf.so-mastersearch
rename to salt/nginx/etc/nginx.conf.so-mastersearch
index e2615808f..46e910a17 100644
--- a/salt/common/nginx/nginx.conf.so-mastersearch
+++ b/salt/nginx/etc/nginx.conf.so-mastersearch
@@ -299,12 +299,12 @@ http {
return 302 /auth/self-service/browser/flows/login;
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-node b/salt/nginx/etc/nginx.conf.so-node
similarity index 94%
rename from salt/common/nginx/nginx.conf.so-node
rename to salt/nginx/etc/nginx.conf.so-node
index 39688f3df..e5a68c09d 100644
--- a/salt/common/nginx/nginx.conf.so-node
+++ b/salt/nginx/etc/nginx.conf.so-node
@@ -47,12 +47,12 @@ http {
location / {
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/common/nginx/nginx.conf.so-sensor b/salt/nginx/etc/nginx.conf.so-sensor
similarity index 94%
rename from salt/common/nginx/nginx.conf.so-sensor
rename to salt/nginx/etc/nginx.conf.so-sensor
index 39688f3df..e5a68c09d 100644
--- a/salt/common/nginx/nginx.conf.so-sensor
+++ b/salt/nginx/etc/nginx.conf.so-sensor
@@ -47,12 +47,12 @@ http {
location / {
}
- error_page 404 /404.html;
- location = /40x.html {
- }
+ #error_page 404 /404.html;
+ # location = /40x.html {
+ #}
error_page 500 502 503 504 /50x.html;
- location = /50x.html {
+ location = /usr/share/nginx/html/50x.html {
}
}
diff --git a/salt/nginx/html/favicon-16x16.png b/salt/nginx/html/favicon-16x16.png
new file mode 100644
index 000000000..a0a818d20
Binary files /dev/null and b/salt/nginx/html/favicon-16x16.png differ
diff --git a/salt/nginx/html/favicon-32x32.png b/salt/nginx/html/favicon-32x32.png
new file mode 100644
index 000000000..b1b38d711
Binary files /dev/null and b/salt/nginx/html/favicon-32x32.png differ
diff --git a/salt/nginx/html/favicon.ico b/salt/nginx/html/favicon.ico
new file mode 100644
index 000000000..41e85a108
Binary files /dev/null and b/salt/nginx/html/favicon.ico differ
diff --git a/salt/nginx/html/index.html b/salt/nginx/html/index.html
new file mode 100644
index 000000000..70d1ddfb0
--- /dev/null
+++ b/salt/nginx/html/index.html
@@ -0,0 +1,13 @@
+
+
+
+Security Onion - Hybrid Hunter
+
+
+
+
+
+
+Security Onion
+
+
diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls
new file mode 100644
index 000000000..296774a02
--- /dev/null
+++ b/salt/nginx/init.sls
@@ -0,0 +1,64 @@
+{% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
+{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
+{% set MASTER = salt['grains.get']('master') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+
+# Drop the correct nginx config based on role
+nginxconfdir:
+ file.directory:
+ - name: /opt/so/conf/nginx/html
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+nginxhtml:
+ file.recurse:
+ - name: /opt/so/conf/nginx/html
+ - source: salt://nginx/html/
+ - user: 939
+ - group: 939
+
+nginxconf:
+ file.managed:
+ - name: /opt/so/conf/nginx/nginx.conf
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://nginx/etc/nginx.conf.{{ grains.role }}
+
+nginxlogdir:
+ file.directory:
+ - name: /opt/so/log/nginx/
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+nginxtmp:
+ file.directory:
+ - name: /opt/so/tmp/nginx/tmp
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+so-nginx:
+ docker_container.running:
+ - image: {{ MASTER }}:5000/soshybridhunter/so-nginx:{{ VERSION }}
+ - hostname: so-nginx
+ - binds:
+ - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+ - /opt/so/log/nginx/:/var/log/nginx:rw
+ - /opt/so/tmp/nginx/:/var/lib/nginx:rw
+ - /opt/so/tmp/nginx/:/run:rw
+ - /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
+ - /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
+ - /opt/so/conf/fleet/packages:/opt/socore/html/packages
+ - cap_add: NET_BIND_SERVICE
+ - port_bindings:
+ - 80:80
+ - 443:443
+ {%- if FLEETMASTER or FLEETNODE %}
+ - 8090:8090
+ {%- endif %}
+ - watch:
+ - file: nginxconf
+ - file: nginxconfdir
diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls
index af58ab866..cb1068d30 100644
--- a/salt/nodered/init.sls
+++ b/salt/nodered/init.sls
@@ -61,7 +61,7 @@ noderedlog:
so-nodered:
docker_container.running:
- - image: soshybridhunter/so-nodered:HH1.2.1
+ - image: soshybridhunter/so-nodered:HH1.2.2
- interactive: True
- binds:
- /opt/so/conf/nodered/:/data:rw
diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index 8f4f7d59a..93203ca5b 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -12,7 +12,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index cb9c56d32..aed297eca 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,5 +1,5 @@
{% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
playbookdb:
diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls
index fb2a71dec..215d69942 100644
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -55,7 +55,7 @@ def run():
# Run Docker container that will build the packages
gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=/opt/so/saltstack/salt/fleet/packages,target=/output", \
- "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.1", \
+ "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.2", \
f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')
# Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
diff --git a/salt/redis/init.sls b/salt/redis/init.sls
index c22838d7a..3b2f662f3 100644
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
{% set lsaccessip = salt['pillar.get']('master:lsaccessip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
# Redis Setup
diff --git a/salt/salt/init.sls b/salt/salt/init.sls
index 32aaaa47e..22ecddfb3 100644
--- a/salt/salt/init.sls
+++ b/salt/salt/init.sls
@@ -1,3 +1,28 @@
+# Create a state directory
+
+statedir:
+ file.directory:
+ - name: /opt/so/state
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+salttmp:
+ file.directory:
+ - name: /opt/so/tmp
+ - user: 939
+ - group: 939
+ - makedirs: True
+
+{% if grains['os'] != 'CentOS' %}
+saltpymodules:
+ pkg.installed:
+ - pkgs:
+ - python-docker
+ - python-m2crypto
+ {% endif %}
+
+
salt_minion_service:
service.running:
- name: salt-minion
diff --git a/salt/sensoroni/init.sls b/salt/sensoroni/init.sls
index 174687926..441394df6 100644
--- a/salt/sensoroni/init.sls
+++ b/salt/sensoroni/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
sensoronidir:
diff --git a/salt/soc/files/kratos/kratos.yaml b/salt/soc/files/kratos/kratos.yaml
index 032027d96..2e21ecdfb 100644
--- a/salt/soc/files/kratos/kratos.yaml
+++ b/salt/soc/files/kratos/kratos.yaml
@@ -6,6 +6,13 @@ selfservice:
password:
enabled: true
+ settings:
+ privileged_session_max_age: 1m
+ after:
+ profile:
+ hooks:
+ - hook: verify
+
verify:
return_to: https://{{ WEBACCESS }}/
@@ -14,29 +21,14 @@ selfservice:
login:
request_lifespan: 10m
- after:
- password:
- -
- job: session
- -
- job: redirect
- config:
- default_redirect_url: https://{{ WEBACCESS }}/
- allow_user_defined_redirect: true
registration:
request_lifespan: 10m
after:
password:
- -
- job: verify
- -
- job: session
- -
- job: redirect
- config:
- default_redirect_url: https://{{ WEBACCESS }}/
- allow_user_defined_redirect: true
+ hooks:
+ - hook: session
+ - hook: verify
log:
level: debug
@@ -58,7 +50,7 @@ urls:
public: https://{{ WEBACCESS }}/auth/
admin: https://{{ WEBACCESS }}/kratos/
default_return_to: https://{{ WEBACCESS }}/
- whitelisted_return_to_domains:
+ whitelisted_return_to_urls:
- http://127.0.0.1
hashers:
diff --git a/salt/soc/init.sls b/salt/soc/init.sls
index bf133c36f..cc2c9dfd6 100644
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
socdir:
diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls
index 8ed4a514f..a4eb27f78 100644
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -1,4 +1,4 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
soctopusdir:
diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls
index b9efef638..662144ca7 100644
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -14,7 +14,7 @@
# along with this program. If not, see .
{%- set MASTER = grains['master'] %}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
# Strelka config
strelkaconfdir:
@@ -72,7 +72,7 @@ strelka_gatekeeper:
strelka_frontend:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:HH1.2.1
+ - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-frontend:HH1.2.2
- binds:
- /opt/so/conf/strelka/frontend/:/etc/strelka/:ro
- /nsm/strelka/log/:/var/log/strelka/:rw
@@ -84,7 +84,7 @@ strelka_frontend:
strelka_backend:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:HH1.2.1
+ - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:HH1.2.2
- binds:
- /opt/so/conf/strelka/backend/:/etc/strelka/:ro
- /opt/so/conf/strelka/backend/yara:/etc/yara/:ro
@@ -94,7 +94,7 @@ strelka_backend:
strelka_manager:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:HH1.2.1
+ - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-manager:HH1.2.2
- binds:
- /opt/so/conf/strelka/manager/:/etc/strelka/:ro
- name: so-strelka-manager
@@ -102,7 +102,7 @@ strelka_manager:
strelka_filestream:
docker_container.running:
- - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:HH1.2.1
+ - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-filestream:HH1.2.2
- binds:
- /opt/so/conf/strelka/filestream/:/etc/strelka/:ro
- /nsm/strelka:/nsm/strelka
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index f0b0f37c4..39f419ad0 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -15,7 +15,7 @@
{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set BROVER = salt['pillar.get']('static:broversion', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
{% set BPF_STATUS = 0 %}
diff --git a/salt/tcpreplay/init.sls b/salt/tcpreplay/init.sls
index d2e76aa8d..5a054bf5d 100644
--- a/salt/tcpreplay/init.sls
+++ b/salt/tcpreplay/init.sls
@@ -1,5 +1,5 @@
{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
so-tcpreplay:
diff --git a/salt/common/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf
similarity index 100%
rename from salt/common/telegraf/etc/telegraf.conf
rename to salt/telegraf/etc/telegraf.conf
diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
new file mode 100644
index 000000000..834f77bf1
--- /dev/null
+++ b/salt/telegraf/init.sls
@@ -0,0 +1,70 @@
+{% set MASTER = salt['grains.get']('master') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
+
+# Add Telegraf to monitor all the things.
+tgraflogdir:
+ file.directory:
+ - name: /opt/so/log/telegraf
+ - makedirs: True
+
+tgrafetcdir:
+ file.directory:
+ - name: /opt/so/conf/telegraf/etc
+ - makedirs: True
+
+tgrafetsdir:
+ file.directory:
+ - name: /opt/so/conf/telegraf/scripts
+ - makedirs: True
+
+tgrafsyncscripts:
+ file.recurse:
+ - name: /opt/so/conf/telegraf/scripts
+ - user: 939
+ - group: 939
+ - file_mode: 755
+ - template: jinja
+ - source: salt://telegraf/scripts
+
+tgrafconf:
+ file.managed:
+ - name: /opt/so/conf/telegraf/etc/telegraf.conf
+ - user: 939
+ - group: 939
+ - template: jinja
+ - source: salt://telegraf/etc/telegraf.conf
+
+so-telegraf:
+ docker_container.running:
+ - image: {{ MASTER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }}
+ - environment:
+ - HOST_PROC=/host/proc
+ - HOST_ETC=/host/etc
+ - HOST_SYS=/host/sys
+ - HOST_MOUNT_PREFIX=/host
+ - network_mode: host
+ - port_bindings:
+ - 127.0.0.1:8094:8094
+ - binds:
+ - /opt/so/log/telegraf:/var/log/telegraf:rw
+ - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro
+ - /var/run/utmp:/var/run/utmp:ro
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - /:/host/root:ro
+ - /sys:/host/sys:ro
+ - /proc:/host/proc:ro
+ - /nsm:/host/nsm:ro
+ - /etc:/host/etc:ro
+ {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-mastersearch' %}
+ - /etc/pki/ca.crt:/etc/telegraf/ca.crt:ro
+ {% else %}
+ - /etc/ssl/certs/intca.crt:/etc/telegraf/ca.crt:ro
+ {% endif %}
+ - /etc/pki/influxdb.crt:/etc/telegraf/telegraf.crt:ro
+ - /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
+ - /opt/so/conf/telegraf/scripts:/scripts:ro
+ - /opt/so/log/stenographer:/var/log/stenographer:ro
+ - /opt/so/log/suricata:/var/log/suricata:ro
+ - watch:
+ - file: tgrafconf
+ - file: tgrafsyncscripts
\ No newline at end of file
diff --git a/salt/common/telegraf/scripts/broloss.sh b/salt/telegraf/scripts/broloss.sh
similarity index 100%
rename from salt/common/telegraf/scripts/broloss.sh
rename to salt/telegraf/scripts/broloss.sh
diff --git a/salt/common/telegraf/scripts/checkfiles.sh b/salt/telegraf/scripts/checkfiles.sh
similarity index 100%
rename from salt/common/telegraf/scripts/checkfiles.sh
rename to salt/telegraf/scripts/checkfiles.sh
diff --git a/salt/common/telegraf/scripts/helixeps.sh b/salt/telegraf/scripts/helixeps.sh
similarity index 100%
rename from salt/common/telegraf/scripts/helixeps.sh
rename to salt/telegraf/scripts/helixeps.sh
diff --git a/salt/common/telegraf/scripts/influxdbsize.sh b/salt/telegraf/scripts/influxdbsize.sh
similarity index 100%
rename from salt/common/telegraf/scripts/influxdbsize.sh
rename to salt/telegraf/scripts/influxdbsize.sh
diff --git a/salt/common/telegraf/scripts/oldpcap.sh b/salt/telegraf/scripts/oldpcap.sh
similarity index 100%
rename from salt/common/telegraf/scripts/oldpcap.sh
rename to salt/telegraf/scripts/oldpcap.sh
diff --git a/salt/common/telegraf/scripts/redis.sh b/salt/telegraf/scripts/redis.sh
similarity index 100%
rename from salt/common/telegraf/scripts/redis.sh
rename to salt/telegraf/scripts/redis.sh
diff --git a/salt/common/telegraf/scripts/stenoloss.sh b/salt/telegraf/scripts/stenoloss.sh
similarity index 100%
rename from salt/common/telegraf/scripts/stenoloss.sh
rename to salt/telegraf/scripts/stenoloss.sh
diff --git a/salt/common/telegraf/scripts/suriloss.sh b/salt/telegraf/scripts/suriloss.sh
similarity index 100%
rename from salt/common/telegraf/scripts/suriloss.sh
rename to salt/telegraf/scripts/suriloss.sh
diff --git a/salt/top.sls b/salt/top.sls
index a03c2e1e2..6af94e26a 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -11,15 +11,17 @@
base:
'*':
+ - salt
+ - docker
- patch.os.schedule
- motd
- - salt
'*_helix':
- ca
- ssl
- registry
- common
+ - telegraf
- firewall
- idstools
- pcap
@@ -34,6 +36,7 @@ base:
- ca
- ssl
- common
+ - telegraf
- firewall
- pcap
- suricata
@@ -57,6 +60,10 @@ base:
- registry
- master
- common
+ - nginx
+ - telegraf
+ - influxdb
+ - grafana
- soc
- firewall
- idstools
@@ -105,6 +112,10 @@ base:
- ssl
- registry
- common
+ - nginx
+ - telegraf
+ - influxdb
+ - grafana
- soc
- firewall
- master
@@ -179,6 +190,7 @@ base:
- ca
- ssl
- common
+ - telegraf
- firewall
{%- if WAZUH != 0 %}
- wazuh
@@ -194,6 +206,10 @@ base:
'*_mastersensor':
- common
+ - nginx
+ - telegraf
+ - influxdb
+ - grafana
- firewall
- sensor
- master
@@ -207,6 +223,10 @@ base:
- ssl
- registry
- common
+ - nginx
+ - telegraf
+ - influxdb
+ - grafana
- soc
- firewall
- master
@@ -248,6 +268,7 @@ base:
- ca
- ssl
- common
+ - telegraf
- firewall
- redis
{%- if WAZUH != 0 %}
@@ -272,6 +293,8 @@ base:
- ca
- ssl
- common
+ - nginx
+ - telegraf
- firewall
- mysql
- redis
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index 83c7cbc9a..52c37c791 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,5 +1,5 @@
{%- set HOSTNAME = salt['grains.get']('host', '') %}
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
# Add ossec group
ossecgroup:
diff --git a/salt/zeek/defaults.yml b/salt/zeek/defaults.yml
deleted file mode 100644
index 07393abeb..000000000
--- a/salt/zeek/defaults.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-zeek:
- zeekctl:
- MailTo: root@localhost
- MailConnectionSummary: 1
- MinDiskSpace: 5
- MailHostUpDown: 1
- LogRotationInterval: 3600
- LogExpireInterval: 0
- StatsLogEnable: 1
- StatsLogExpireInterval: 0
- StatusCmdShowAll: 0
- CrashExpireInterval: 0
- SitePolicyScripts: local.zeek
- LogDir: /nsm/zeek/logs
- SpoolDir: /nsm/zeek/spool
- CfgDir: /opt/zeek/etc
- CompressLogs: 1
diff --git a/salt/zeek/files/local.zeek b/salt/zeek/files/local.zeek
deleted file mode 100644
index f32052328..000000000
--- a/salt/zeek/files/local.zeek
+++ /dev/null
@@ -1,132 +0,0 @@
-##! Local site policy. Customize as appropriate.
-##!
-##! This file will not be overwritten when upgrading or reinstalling!
-
-# This script logs which scripts were loaded during each run.
-@load misc/loaded-scripts
-
-# Apply the default tuning scripts for common tuning settings.
-@load tuning/defaults
-
-# Estimate and log capture loss.
-@load misc/capture-loss
-
-# Enable logging of memory, packet and lag statistics.
-@load misc/stats
-
-# Load the scan detection script. It's disabled by default because
-# it often causes performance issues.
-#@load misc/scan
-
-# Detect traceroute being run on the network. This could possibly cause
-# performance trouble when there are a lot of traceroutes on your network.
-# Enable cautiously.
-#@load misc/detect-traceroute
-
-# Generate notices when vulnerable versions of software are discovered.
-# The default is to only monitor software found in the address space defined
-# as "local". Refer to the software framework's documentation for more
-# information.
-@load frameworks/software/vulnerable
-
-# Detect software changing (e.g. attacker installing hacked SSHD).
-@load frameworks/software/version-changes
-
-# This adds signatures to detect cleartext forward and reverse windows shells.
-@load-sigs frameworks/signatures/detect-windows-shells
-
-# Load all of the scripts that detect software in various protocols.
-@load protocols/ftp/software
-@load protocols/smtp/software
-@load protocols/ssh/software
-@load protocols/http/software
-# The detect-webapps script could possibly cause performance trouble when
-# running on live traffic. Enable it cautiously.
-#@load protocols/http/detect-webapps
-
-# This script detects DNS results pointing toward your Site::local_nets
-# where the name is not part of your local DNS zone and is being hosted
-# externally. Requires that the Site::local_zones variable is defined.
-@load protocols/dns/detect-external-names
-
-# Script to detect various activity in FTP sessions.
-@load protocols/ftp/detect
-
-# Scripts that do asset tracking.
-@load protocols/conn/known-hosts
-@load protocols/conn/known-services
-@load protocols/ssl/known-certs
-
-# This script enables SSL/TLS certificate validation.
-@load protocols/ssl/validate-certs
-
-# This script prevents the logging of SSL CA certificates in x509.log
-@load protocols/ssl/log-hostcerts-only
-
-# Uncomment the following line to check each SSL certificate hash against the ICSI
-# certificate notary service; see http://notary.icsi.berkeley.edu .
-# @load protocols/ssl/notary
-
-# If you have GeoIP support built in, do some geographic detections and
-# logging for SSH traffic.
-@load protocols/ssh/geo-data
-# Detect hosts doing SSH bruteforce attacks.
-@load protocols/ssh/detect-bruteforcing
-# Detect logins using "interesting" hostnames.
-@load protocols/ssh/interesting-hostnames
-
-# Detect SQL injection attacks.
-@load protocols/http/detect-sqli
-
-#### Network File Handling ####
-
-# Enable MD5 and SHA1 hashing for all files.
-@load frameworks/files/hash-all-files
-
-# Detect SHA1 sums in Team Cymru's Malware Hash Registry.
-@load frameworks/files/detect-MHR
-
-# Extend email alerting to include hostnames
-@load policy/frameworks/notice/extend-email/hostnames
-
-# Uncomment the following line to enable detection of the heartbleed attack. Enabling
-# this might impact performance a bit.
-# @load policy/protocols/ssl/heartbleed
-
-# Uncomment the following line to enable logging of connection VLANs. Enabling
-# this adds two VLAN fields to the conn.log file.
-# @load policy/protocols/conn/vlan-logging
-
-# Uncomment the following line to enable logging of link-layer addresses. Enabling
-# this adds the link-layer address for each connection endpoint to the conn.log file.
-# @load policy/protocols/conn/mac-logging
-
-# JA3 - SSL Detection Goodness
-@load ja3
-
-# HASSH
-@load hassh
-
-# You can load your own intel into:
-# /opt/so/saltstack/bro/policy/intel/ on the master
-@load intel
-
-# Load a custom Bro policy
-# /opt/so/saltstack/bro/policy/custom/ on the master
-#@load custom/somebropolicy.bro
-
-# Write logs in JSON
-redef LogAscii::use_json = T;
-redef LogAscii::json_timestamps = JSON::TS_ISO8601;
-
-# CVE-2020-0601
-@load cve-2020-0601
-
-# BPF Configuration
-@load securityonion/bpfconf
-
-# Community ID
-@load securityonion/communityid
-
-# Extracted files
-@load securityonion/file-extraction
\ No newline at end of file
diff --git a/salt/zeek/files/local.zeek.jinja b/salt/zeek/files/local.zeek.jinja
new file mode 100644
index 000000000..61f5df7d8
--- /dev/null
+++ b/salt/zeek/files/local.zeek.jinja
@@ -0,0 +1,11 @@
+##! Local site policy.
+
+{%- set ALLOWEDOPTIONS = [ '@load', '@load-sigs', 'redef' ] %}
+
+{%- for k, v in LOCAL.items() %}
+ {%- if k|lower in ALLOWEDOPTIONS %}
+ {%- for li in v|sort %}
+{{ k }} {{ li }}
+ {%- endfor %}
+ {%- endif %}
+{%- endfor %}
\ No newline at end of file
diff --git a/salt/zeek/files/zeekctl.cfg.jinja b/salt/zeek/files/zeekctl.cfg.jinja
index 5da5ab824..6d28d4dbd 100644
--- a/salt/zeek/files/zeekctl.cfg.jinja
+++ b/salt/zeek/files/zeekctl.cfg.jinja
@@ -2,8 +2,8 @@
{%- set ALLOWEDOPTIONS = ['commtimeout','commandtimeout','compresscmd','compressextension','compresslogs','compresslogsinflight','controltopic','crashexpireinterval','croncmd','debug','env_vars','havenfs','keeplogs','logdir','logexpireinterval','logrotationinterval','mailalarmsinterval','mailalarmsto','mailarchivelogfail','mailconnectionsummary','mailfrom','mailhostupdown','mailreceivingpackets','mailreplyto','mailsubjectprefix','mailto','makearchivename','memlimit','mindiskspace','pfringclusterid','pfringclustertype','pfringfirstappinstance','prefixes','savetraces','sendmail','sitepluginpath','sitepolicypath','sitepolicyscripts','statslogenable','statslogexpireinterval','statuscmdshowall','stoptimeout','stopwait','timefmt','timemachinehost','timemachineport','zeekargs','zeekport','bindir','capstatspath','cfgdir','debuglog','defaultstoredir','helperdir','libdir','libdir64','libdirinternal','localnetscfg','lockfile','logexpireminutes','nodecfg','os','pcapbufsize','pcapsnaplen','plugindir','pluginzeekdir','policydir','policydirsiteinstall','policydirsiteinstallauto','postprocdir','scriptsdir','spooldir','standalone','statefile','staticdir','statsdir','statslog','time','tmpdir','tmpexecdir','tracesummary','version','zeek','zeekbase'] %}
-{%- for option in ZEEKCTL %}
+{%- for option in ZEEKCTL|sort %}
{%- if option|lower in ALLOWEDOPTIONS %}
{{ option }} = {{ ZEEKCTL[option] }}
{%- endif %}
-{%- endfor %}
+{%- endfor %}
\ No newline at end of file
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 16085fc3c..246b43c90 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,11 +1,10 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
+{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{% set MASTER = salt['grains.get']('master') %}
{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
{% set BPF_STATUS = 0 %}
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
-{% import_yaml 'zeek/defaults.yml' as ZEEKDEFAULTS %}
-{% set ZEEK = salt['pillar.get']('zeek', default=ZEEKDEFAULTS.zeek, merge=True) %}
+{% set ZEEK = salt['pillar.get']('zeek', {}) %}
# Zeek Salt State
@@ -144,13 +143,16 @@ zeekbpf:
- "ip or not ip"
{% endif %}
+
localzeeksync:
file.managed:
- name: /opt/so/conf/zeek/local.zeek
- - source: salt://zeek/files/local.zeek
+ - source: salt://zeek/files/local.zeek.jinja
- user: 937
- group: 939
- template: jinja
+ - defaults:
+ LOCAL: {{ ZEEK.local | tojson }}
so-zeek:
docker_container.running:
diff --git a/setup/so-variables b/setup/so-variables
index d05fd24e2..5f68b6b0e 100644
--- a/setup/so-variables
+++ b/setup/so-variables
@@ -32,5 +32,5 @@ export percentage_str='Getting started'
export DEBIAN_FRONTEND=noninteractive
-export so_version=1.2.1
+export so_version=1.2.2
diff --git a/upgrade/so-update-functions b/upgrade/so-update-functions
index 4f0e48f66..5666fc2d6 100644
--- a/upgrade/so-update-functions
+++ b/upgrade/so-update-functions
@@ -17,7 +17,7 @@
# Set the new SO Version
-UPDATEVERSION=1.2.1
+UPDATEVERSION=1.2.2
BUILD=HH
#Determine the current install version
@@ -35,7 +35,6 @@ HOSTNAME=$(hostname)
if [ $MASTERCHECK != 'so-helix' ]; then
TRUSTED_CONTAINERS=( \
"so-acng:$BUILD$UPDATEVERSION" \
- "so-core:$BUILD$UPDATEVERSION" \
"so-thehive-cortex:$BUILD$UPDATEVERSION" \
"so-curator:$BUILD$UPDATEVERSION" \
"so-domainstats:$BUILD$UPDATEVERSION" \
@@ -53,6 +52,7 @@ if [ $MASTERCHECK != 'so-helix' ]; then
"so-logstash:$BUILD$UPDATEVERSION" \
"so-mysql:$BUILD$UPDATEVERSION" \
"so-navigator:$BUILD$UPDATEVERSION" \
+ "so-nginx:$BUILD$UPDATEVERSION" \
"so-playbook:$BUILD$UPDATEVERSION" \
"so-redis:$BUILD$UPDATEVERSION" \
"so-soc:$BUILD$UPDATEVERSION" \
@@ -67,10 +67,10 @@ if [ $MASTERCHECK != 'so-helix' ]; then
"so-zeek:$BUILD$UPDATEVERSION" )
else
TRUSTED_CONTAINERS=( \
- "so-core:$BUILD$UPDATEVERSION" \
"so-filebeat:$BUILD$UPDATEVERSION" \
"so-idstools:$BUILD$UPDATEVERSION" \
"so-logstash:$BUILD$UPDATEVERSION" \
+ "so-nginx:$BUILD$UPDATEVERSION" \
"so-redis:$BUILD$UPDATEVERSION" \
"so-steno:$BUILD$UPDATEVERSION" \
"so-suricata:$BUILD$UPDATEVERSION" \
@@ -156,12 +156,12 @@ salt_highstate() {
update_held_packages() {
if [ $OS == "centos" ]
- SALTVER=2019.2.3
+ SALTVER=2019.2.4
DOCKERVER=
yum -y --disableexcludes=all update salt-$SALTVER
yum -y --disableexcludes=all update docker-ce-$DOCKERVER
else
- SALTVER=2019.2.3+ds-1
+ SALTVER=2019.2.4+ds-1
DOCKERVER=5:19.03.8~3-0~ubuntu-xenial
fi