CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-26 19:03:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

changes for firewall - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/641

Browse Source
This commit is contained in:
m0duspwnens
2020-06-09 09:40:38 -04:00
parent 5f9f86caa5
commit 721f2682ac
13 changed files with 984 additions and 233 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
salt/firewall/assigned_hostgroups.local.map.yaml Normal file
View File

@@ -0,0 +1,21 @@
{% import_yaml 'firewall/portgroups.yaml' as default_portgroups %}
{% set default_portgroups = default_portgroups.firewall.aliases.ports %}
{% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %}
{% set local_portgroups = local_portgroups.firewall.aliases.ports %}
{% set portgroups = salt['defaults.merge'](default_portgroups, local_portgroups, in_place=False) %}
role:
eval:
hostgroups:
helixsensor:
hostgroups:
master:
hostgroups:
mastersearch:
hostgroups:
standalone:
hostgroups:
searchnode:
hostgroups:
fleet:
hostgroups:

288
salt/firewall/assigned_hostgroups.map.yaml Normal file
View File

@@ -0,0 +1,288 @@
{% import_yaml 'firewall/portgroups.yaml' as portgroups %}
{% set portgroups = portgroups.firewall.aliases.ports %}
role:
eval:
hostgroups:
dockernet:
portgroups:
- {{ portgroups.all }}
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.salt_master }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
portgroups:
- {{ portgroups.wazuh_endpoint }}
analyst:
portgroups:
- {{ portgroups.nginx }}
helixsensor:
hostgroups:
dockernet:
portgroups:
- {{ portgroups.all }}
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.salt_master }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
portgroups:
- {{ portgroups.wazuh_endpoint }}
analyst:
portgroups:
- {{ portgroups.nginx }}
master:
hostgroups:
dockernet:
portgroups:
- {{ portgroups.all }}
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.salt_master }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
portgroups:
- {{ portgroups.wazuh_endpoint }}
analyst:
portgroups:
- {{ portgroups.nginx }}
mastersearch:
hostgroups:
dockernet:
portgroups:
- {{ portgroups.all }}
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.salt_master }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
portgroups:
- {{ portgroups.wazuh_endpoint }}
analyst:
portgroups:
- {{ portgroups.nginx }}
standalone:
hostgroups:
dockernet:
portgroups:
- {{ portgroups.all }}
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.fleet_api }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.salt_master }}
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
search_node:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.elasticsearch_node }}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
portgroups:
- {{ portgroups.wazuh_endpoint }}
analyst:
portgroups:
- {{ portgroups.nginx }}
searchnode:
hostgroups:
master:
portgroups:
- {{ portgroups.elasticsearch_node }}
dockernet:
portgroups:
- {{ portgroups.all }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.elasticsearch_node }}
sensor:
hostgroups:
dockernet:
portgroups:
- {{ portgroups.all }}
heavynode:
hostgroups:
self:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
fleet:
hostgroups:
dockernet:
portgroups:
- {{ portgroups.all }}
self:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.mysql }}
- {{ portgroups.osquery_8080 }}
localhost:
portgroups:
- {{ portgroups.mysql }}
- {{ portgroups.osquery_8080 }}
analyst:
portgroups:
- {{ portgroups.fleet_webui }}

48
salt/firewall/hostgroups.local.yaml Normal file
View File

@@ -0,0 +1,48 @@
firewall:
hostgroups:
analyst:
ips:
delete:
insert:
- 10.11.1.1
beats_endpoint:
ips:
delete:
insert:
fleet:
ips:
delete:
insert:
heavy_node:
ips:
delete:
insert:
master:
ips:
delete:
insert:
minion:
ips:
delete:
insert:
node:
ips:
delete:
insert:
osquery_endpoint:
ips:
delete:
insert:
search_node:
ips:
delete:
insert:
sensor:
ips:
delete:
insert:
wazuh_endpoint:
ips:
delete:
insert:

17
salt/firewall/hostgroups.yaml Normal file
View File

@@ -0,0 +1,17 @@
firewall:
hostgroups:
dockernet:
ips:
delete:
insert:
- 172.17.0.0/24
localhost:
ips:
delete:
insert:
- 127.0.0.1
self:
ips:
delete:
insert:
- {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('node:mainint'))))[0] }}

254
salt/firewall/init.sls
View File

@@ -12,8 +12,9 @@
{% set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
{% set FLEET_NODE_IP = salt['pillar.get']('static:fleet_ip') %}
{% import_yaml 'firewall/ports.yml' as firewall_ports %}
{% set firewall_aliases = salt['pillar.get']('firewall:aliases', firewall_ports.firewall.aliases, merge=True) %}
{% from 'firewall/map.jinja' import hostgroups with context %}
{% from 'firewall/map.jinja' import assigned_hostgroups with context %}
{% set role = grains.id.split('_') | last %}
# Quick Fix for Docker being difficult
iptables_fix_docker:
@@ -118,36 +119,6 @@ enable_docker_user_established:
# Rules if you are a Master
{% if grains['role'] in ['so-master', 'so-eval', 'so-helix', 'so-mastersearch', 'so-standalone'] %}
#This should be more granular
iptables_allow_master_docker:
iptables.insert:
- table: filter
- chain: INPUT
- jump: ACCEPT
- source: 172.17.0.0/24
- position: 1
- save: True
{% for alias in ['master', 'minions', 'forward_nodes', 'search_nodes', 'beats_endpoint', 'osquery_endpoint', 'wazuh_endpoint', 'analyst'] %}
{% for ip in firewall_aliases[alias].ips %}
{% for servicename, services in firewall_aliases[alias].ports.items() %}
{% for proto, ports in services.items() %}
{% for port in ports %}
{{alias}}_{{ip}}_{{servicename}}_{{port}}_{{proto}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: {{ proto }}
- source: {{ ip }}
- dport: {{ port }}
- position: 1
- save: True
{% endfor %}
{% endfor %}
{% endfor %}
{% endfor %}
{% endfor %}
# Allow Fleet Node to send its beats traffic
{% if FLEET_NODE %}
@@ -163,218 +134,35 @@ enable_fleetnode_beats_5644_{{FLEET_NODE_IP}}:
- save: True
{% endif %}
{% endif %}
{% endif %}
# All Nodes get the below rules:
{% if 'node' in grains['role'] %}
{% for hostgroup, portgroups in assigned_hostgroups.role[role].hostgroups.items() %}
{% for action in ['insert', 'delete' ] %}
{% if hostgroups[hostgroup].ips[action] %}
{% for ip in hostgroups[hostgroup].ips[action] %}
{% for portgroup in portgroups.portgroups %}
{% for proto, ports in portgroup.items() %}
{% for port in ports %}
iptables_allow_docker:
iptables.insert:
- table: filter
- chain: INPUT
- jump: ACCEPT
- source: 172.17.0.0/24
- position: 1
- save: True
enable_docker_ES_9200:
iptables.insert:
{{action}}_{{hostgroup}}_{{ip}}_{{port}}_{{proto}}:
iptables.{{action}}:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: 172.17.0.0/24
- dport: 9200
- position: 1
- save: True
enable_docker_ES_9300:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: 172.17.0.0/24
- dport: 9300
- position: 1
- save: True
{% for ip in pillar.get('firewall:masterfw') %}
enable_cluster_ES_9300_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- proto: {{ proto }}
- source: {{ ip }}
- dport: 9300
- position: 1
- save: True
{% endfor %}
{% endif %}
# All Sensors get the below rules:
{% if grains['role'] == 'so-sensor' %}
iptables_allow_sensor_docker:
iptables.insert:
- table: filter
- chain: INPUT
- jump: ACCEPT
- source: 172.17.0.0/24
- position: 1
- save: True
{% endif %}
# Rules if you are a Hot Node
# Rules if you are a Warm Node
# All heavy nodes get the below rules:
{% if grains['role'] == 'so-heavynode' %}
# Allow Redis
enable_heavynode_redis_6379_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 6379
- position: 1
- save: True
enable_forwardnode_beats_5044_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 5044
- position: 1
- save: True
enable_forwardnode_beats_5644_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 5644
- position: 1
- save: True
{% endif %}
# Rules if you are a Standalone Fleet node
{% if grains['role'] == 'so-fleet' %}
#This should be more granular
iptables_allow_fleetnode_docker:
iptables.insert:
- table: filter
- chain: INPUT
- jump: ACCEPT
- source: 172.17.0.0/24
- position: 1
- save: True
# Allow Redis
enable_fleetnode_redis_6379_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 6379
- position: 1
- save: True
enable_fleetnode_mysql_3306_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 3306
- position: 1
- save: True
enable_fleet_osquery_8080_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 8080
- position: 1
- save: True
enable_fleetnodetemp_mysql_3306_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: 127.0.0.1
- dport: 3306
- position: 1
- save: True
enable_fleettemp_osquery_8080_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: 127.0.0.1
- dport: 8080
- position: 1
- save: True
# Allow Analysts to access Fleet WebUI
{% for ip in pillar.get('firewall:analyst') %}
enable_fleetnode_fleet_443_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 443
- dport: {{ port }}
- position: 1
- save: True
{% endfor %}
{% endfor %}
{% endfor %}
{% endfor %}
{% endif %}
{% endfor %}
{% endfor %}
# Needed for osquery endpoints to checkin to Fleet API for mgt
{% for ip in pillar.get('firewall:osquery_endpoint') %}
enable_fleetnode_8090_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 8090
- position: 1
- save: True
{% endfor %}
{% endif %}
# Make the input policy send stuff that doesn't match to be logged and dropped
iptables_drop_all_the_things:
iptables.append:

7
salt/firewall/map.jinja Normal file
View File

@@ -0,0 +1,7 @@
{% import_yaml 'firewall/hostgroups.yaml' as default_hostgroups %}
{% import_yaml 'firewall/hostgroups.local.yaml' as local_hostgroups %}
{% set hostgroups = salt['defaults.merge'](default_hostgroups.firewall.hostgroups, local_hostgroups.firewall.hostgroups, in_place=False) %}
{% import_yaml 'firewall/assigned_hostgroups.map.yaml' as default_assigned_hostgroups %}
{% import_yaml 'firewall/assigned_hostgroups.local.map.yaml' as local_assigned_hostgroups %}
{% set assigned_hostgroups = salt['defaults.merge'](local_assigned_hostgroups, default_assigned_hostgroups, merge_lists=True, in_place=False) %}

3
salt/firewall/portgroups.local.yaml Normal file
View File

@@ -0,0 +1,3 @@
firewall:
aliases:
ports:

81
salt/firewall/portgroups.yaml Normal file
View File

@@ -0,0 +1,81 @@
firewall:
aliases:
ports:
all:
tcp:
- '0:65535'
udp:
- '0:65535'
acng:
tcp:
- 3142
beats_5044:
tcp:
- 5044
beats_5644:
tcp:
- 5644
cortex:
tcp:
- 9001
cortex_es_node:
tcp:
- 9500
cortex_es_rest:
tcp:
- 9400
docker_registry:
tcp:
- 5000
elasticsearch_node:
tcp:
- 9300
elasticsearch_rest:
tcp:
- 9200
fleet_api:
tcp:
- 8090
fleet_webui:
tcp:
- 443
influxdb:
tcp:
- 8086
kibana:
tcp:
- 5601
mysql:
tcp:
- 3306
navigator:
tcp:
- 4200
nginx:
tcp:
- 80
- 443
osquery_8080:
tcp:
- 8080
playbook:
tcp:
- 3200
redis:
tcp:
- 6379
salt_master:
tcp:
- 4505
- 4506
sensoroni:
tcp:
- 443
wazuh_minion:
tcp:
- 55000
wazuh_endpoint:
tcp:
- 1514
udp:
- 1514

115
salt/firewall/unneeded_hostgroups.local.yaml Normal file
View File

@@ -0,0 +1,115 @@
{% import_yaml 'firewall/port_groups.yaml' as default_port_groups %}
{% set default_port_groups = default_port_groups.firewall.aliases.ports %}
{% import_yaml 'firewall/port_groups.local.yaml' as local_port_groups %}
{% set local_port_groups = local_port_groups.firewall.aliases.ports %}
{% set port_groups = local_port_groups, default=default_port_groups, merge=True %}
firewall:
aliases:
analyst:
ips:
delete:
allow:
port_groups:
- {{ port_groups.nginx }}
beats_endpoint:
ips:
delete:
allow:
port_groups:
- {{ port_groups.beats_5044 }}
dockernet:
ips:
delete:
allow:
- 172.17.0.0/24
fleet:
ips:
delete:
allow:
port_groups:
- {{ port_groups.mysql }}
- {{ port_groups.redis }}
- {{ port_groups.osquery_8080 }}
heavy_node:
ips:
delete:
allow:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
localhost:
ips:
delete:
allow:
- 127.0.0.1
master:
ips:
delete:
allow:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.osquery_8090 }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
ips:
delete:
allow:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
node:
ips:
delete:
allow:
port_groups:
- {{ port_groups.elasticsearch_node }}
osquery_endpoint:
ips:
delete:
allow:
port_groups:
- {{ port_groups.osquery_8090 }}
search_node:
ips:
delete:
allow:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
self:
ips:
delete:
allow:
- {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('node:mainint'))))[0] }}
sensor:
ips:
delete:
allow:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
wazuh_endpoint:
ips:
delete:
allow:
port_groups:
- {{ port_groups.wazuh_endpoint }}

95
salt/firewall/unneeded_hostgroups.yaml Normal file
View File

@@ -0,0 +1,95 @@
{% import_yaml 'firewall/port_groups.yaml' as port_groups %}
{% set port_groups = port_groups.firewall.aliases.ports %}
firewall:
aliases:
analyst:
ips:
delete:
insert:
port_groups:
- {{ port_groups.nginx }}
beats_endpoint:
ips:
delete:
insert:
port_groups:
- {{ port_groups.beats_5044 }}
fleet:
ips:
delete:
insert:
port_groups:
- {{ port_groups.mysql }}
- {{ port_groups.redis }}
- {{ port_groups.osquery_8080 }}
heavy_node:
ips:
delete:
insert:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
master:
ips:
delete:
insert:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.osquery_8090 }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
ips:
delete:
insert:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
node:
ips:
delete:
insert:
port_groups:
- {{ port_groups.elasticsearch_node }}
osquery_endpoint:
ips:
delete:
insert:
port_groups:
- {{ port_groups.osquery_8090 }}
search_node:
ips:
delete:
insert:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
sensor:
ips:
delete:
insert:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
wazuh_endpoint:
ips:
delete:
insert:
port_groups:
- {{ port_groups.wazuh_endpoint }}

0
salt/firewall/ports.yml → salt/firewall/unneeded_ports.yml
View File

0
salt/firewall/ports.yml.old → salt/firewall/unneeded_ports.yml.old
View File

288
salt/firewall/unneeded_role.map.jinja Normal file
View File

@@ -0,0 +1,288 @@
{% import_yaml 'firewall/port_groups.yaml' as port_groups %}
{% set port_groups = port_groups.firewall.aliases.ports %}
role:
eval:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
master:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.fleet_api }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
sensor:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
search_node:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
beats_endpoint:
port_groups:
- {{ port_groups.beats_5044 }}
osquery_endpoint:
port_groups:
- {{ port_groups.fleet_api }}
wazuh_endpoint:
port_groups:
- {{ port_groups.wazuh_endpoint }}
analyst:
port_groups:
- {{ port_groups.nginx }}
helisensor:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
master:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.fleet_api }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
sensor:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
search_node:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
beats_endpoint:
port_groups:
- {{ port_groups.beats_5044 }}
osquery_endpoint:
port_groups:
- {{ port_groups.fleet_api }}
wazuh_endpoint:
port_groups:
- {{ port_groups.wazuh_endpoint }}
analyst:
port_groups:
- {{ port_groups.nginx }}
master:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
master:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.fleet_api }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
sensor:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
search_node:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
beats_endpoint:
port_groups:
- {{ port_groups.beats_5044 }}
osquery_endpoint:
port_groups:
- {{ port_groups.fleet_api }}
wazuh_endpoint:
port_groups:
- {{ port_groups.wazuh_endpoint }}
analyst:
port_groups:
- {{ port_groups.nginx }}
mastersearch:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
master:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.fleet_api }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
sensor:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
search_node:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
beats_endpoint:
port_groups:
- {{ port_groups.beats_5044 }}
osquery_endpoint:
port_groups:
- {{ port_groups.fleet_api }}
wazuh_endpoint:
port_groups:
- {{ port_groups.wazuh_endpoint }}
analyst:
port_groups:
- {{ port_groups.nginx }}
standalone:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
master:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.fleet_api }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
sensor:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
search_node:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
beats_endpoint:
port_groups:
- {{ port_groups.beats_5044 }}
osquery_endpoint:
port_groups:
- {{ port_groups.fleet_api }}
wazuh_endpoint:
port_groups:
- {{ port_groups.wazuh_endpoint }}
analyst:
port_groups:
- {{ port_groups.nginx }}
searchnode:
hostgroups:
master:
port_groups:
- {{ port_groups.elasticsearch_node }}
dockernet:
port_groups:
- {{ port_groups.all }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.elasticsearch_node }}
sensor:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
heavynode:
hostgroups:
self:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
fleet:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
self:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.mysql }}
- {{ port_groups.osquery_8080 }}
localhost:
port_groups:
- {{ port_groups.mysql }}
- {{ port_groups.osquery_8080 }}
analyst:
port_groups:
- {{ port_groups.fleet_webui }}