diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml deleted file mode 100644 index b9a8f7fb2..000000000 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ /dev/null @@ -1,607 +0,0 @@ -{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} -{% import_yaml 'firewall/ports/ports.yaml' as portgroups %} -{% set portgroups = portgroups.firewall.ports %} -{% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', True) %} -{% from 'idh/opencanary_config.map.jinja' import IDH_PORTGROUPS %} - -role: - eval: - chain: - DOCKER-USER: - hostgroups: - eval: - portgroups: - - {{ portgroups.playbook }} - - {{ portgroups.mysql }} - - {{ portgroups.kibana }} - - {{ portgroups.redis }} - - {{ portgroups.influxdb }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - sensors: - portgroups: - - {{ portgroups.beats_5044 }} - - {{ portgroups.beats_5644 }} - searchnodes: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_node }} - heavynodes: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_node }} - self: - portgroups: - - {{ portgroups.syslog}} - beats_endpoint: - portgroups: - - {{ portgroups.beats_5044 }} - beats_endpoint_ssl: - portgroups: - - {{ portgroups.beats_5644 }} - elasticsearch_rest: - portgroups: - - {{ portgroups.elasticsearch_rest }} - elastic_agent_endpoint: - portgroups: - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - strelka_frontend: - portgroups: - - {{ portgroups.strelka_frontend }} - syslog: - portgroups: - - {{ portgroups.syslog }} - analyst: - portgroups: - - {{ portgroups.nginx }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - fleet: - chain: - DOCKER-USER: - hostgroups: - sensors: - portgroups: - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - elastic_agent_endpoint: - portgroups: - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - standalone: - portgroups: - - {{ portgroups.salt_manager }} - sensors: - portgroups: - - {{ portgroups.salt_manager }} - searchnodes: - portgroups: - - {{ portgroups.salt_manager }} - heavynodes: - portgroups: - - {{ portgroups.salt_manager }} - manager: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - {{ portgroups.playbook }} - - {{ portgroups.mysql }} - - {{ portgroups.kibana }} - - {{ portgroups.redis }} - - {{ portgroups.influxdb }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.docker_registry }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - {% if ISAIRGAP is sameas true %} - - {{ portgroups.agrules }} - {% endif %} - sensors: - portgroups: - - {{ portgroups.beats_5044 }} - - {{ portgroups.beats_5644 }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - - {{ portgroups.yum }} - - {{ portgroups.docker_registry }} - - {{ portgroups.influxdb }} - searchnodes: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.beats_5644 }} - - {{ portgroups.yum }} - - {{ portgroups.docker_registry }} - - {{ portgroups.influxdb }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - heavynodes: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.beats_5644 }} - - {{ portgroups.yum }} - - {{ portgroups.docker_registry }} - - {{ portgroups.influxdb }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - self: - portgroups: - - {{ portgroups.syslog}} - syslog: - portgroups: - - {{ portgroups.syslog }} - beats_endpoint: - portgroups: - - {{ portgroups.beats_5044 }} - beats_endpoint_ssl: - portgroups: - - {{ portgroups.beats_5644 }} - elasticsearch_rest: - portgroups: - - {{ portgroups.elasticsearch_rest }} - elastic_agent_endpoint: - portgroups: - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - endgame: - portgroups: - - {{ portgroups.endgame }} - analyst: - portgroups: - - {{ portgroups.nginx }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - sensors: - portgroups: - - {{ portgroups.salt_manager }} - searchnodes: - portgroups: - - {{ portgroups.salt_manager }} - heavynodes: - portgroups: - - {{ portgroups.salt_manager }} - managersearch: - chain: - DOCKER-USER: - hostgroups: - managersearch: - portgroups: - - {{ portgroups.playbook }} - - {{ portgroups.mysql }} - - {{ portgroups.kibana }} - - {{ portgroups.redis }} - - {{ portgroups.influxdb }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.docker_registry }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - sensors: - portgroups: - - {{ portgroups.beats_5044 }} - - {{ portgroups.beats_5644 }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - - {{ portgroups.yum }} - - {{ portgroups.docker_registry }} - - {{ portgroups.influxdb }} - searchnodes: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.yum }} - - {{ portgroups.docker_registry }} - - {{ portgroups.influxdb }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - heavynodes: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.yum }} - - {{ portgroups.docker_registry }} - - {{ portgroups.influxdb }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - self: - portgroups: - - {{ portgroups.syslog}} - beats_endpoint: - portgroups: - - {{ portgroups.beats_5044 }} - beats_endpoint_ssl: - portgroups: - - {{ portgroups.beats_5644 }} - elasticsearch_rest: - portgroups: - - {{ portgroups.elasticsearch_rest }} - elastic_agent_endpoint: - portgroups: - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - endgame: - portgroups: - - {{ portgroups.endgame }} - syslog: - portgroups: - - {{ portgroups.syslog }} - analyst: - portgroups: - - {{ portgroups.nginx }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - sensors: - portgroups: - - {{ portgroups.salt_manager }} - searchnodes: - portgroups: - - {{ portgroups.salt_manager }} - heavynodes: - portgroups: - - {{ portgroups.salt_manager }} - standalone: - chain: - DOCKER-USER: - hostgroups: - localhost: - portgroups: - - {{ portgroups.all }} - standalone: - portgroups: - - {{ portgroups.playbook }} - - {{ portgroups.mysql }} - - {{ portgroups.kibana }} - - {{ portgroups.redis }} - - {{ portgroups.influxdb }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.docker_registry }} - - {{ portgroups.sensoroni }} - - {{ portgroups.yum }} - - {{ portgroups.beats_5044 }} - - {{ portgroups.beats_5644 }} - - {{ portgroups.beats_5056 }} - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - - {{ portgroups.endgame }} - - {{ portgroups.strelka_frontend }} - fleet: - portgroups: - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.docker_registry }} - - {{ portgroups.influxdb }} - - {{ portgroups.sensoroni }} - - {{ portgroups.yum }} - - {{ portgroups.beats_5044 }} - - {{ portgroups.beats_5644 }} - - {{ portgroups.beats_5056 }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - sensors: - portgroups: - - {{ portgroups.docker_registry }} - - {{ portgroups.influxdb }} - - {{ portgroups.sensoroni }} - - {{ portgroups.yum }} - - {{ portgroups.beats_5044 }} - - {{ portgroups.beats_5644 }} - - {{ portgroups.beats_5056 }} - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - searchnodes: - portgroups: - - {{ portgroups.docker_registry }} - - {{ portgroups.influxdb }} - - {{ portgroups.sensoroni }} - - {{ portgroups.yum }} - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - heavynodes: - portgroups: - - {{ portgroups.docker_registry }} - - {{ portgroups.influxdb }} - - {{ portgroups.sensoroni }} - - {{ portgroups.yum }} - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - self: - portgroups: - - {{ portgroups.syslog}} - beats_endpoint: - portgroups: - - {{ portgroups.beats_5044 }} - beats_endpoint_ssl: - portgroups: - - {{ portgroups.beats_5644 }} - elasticsearch_rest: - portgroups: - - {{ portgroups.elasticsearch_rest }} - elastic_agent_endpoint: - portgroups: - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - endgame: - portgroups: - - {{ portgroups.endgame }} - strelka_frontend: - portgroups: - - {{ portgroups.strelka_frontend }} - syslog: - portgroups: - - {{ portgroups.syslog }} - analyst: - portgroups: - - {{ portgroups.nginx }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - fleet: - portgroups: - - {{ portgroups.salt_manager }} - localhost: - portgroups: - - {{ portgroups.all }} - standalone: - portgroups: - - {{ portgroups.salt_manager }} - sensors: - portgroups: - - {{ portgroups.salt_manager }} - searchnodes: - portgroups: - - {{ portgroups.salt_manager }} - heavynodes: - portgroups: - - {{ portgroups.salt_manager }} - searchnode: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.elasticsearch_rest }} - dockernet: - portgroups: - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.elasticsearch_rest }} - elasticsearch_rest: - portgroups: - - {{ portgroups.elasticsearch_rest }} - searchnodes: - portgroups: - - {{ portgroups.elasticsearch_node }} - self: - portgroups: - - {{ portgroups.syslog}} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - sensor: - chain: - DOCKER-USER: - hostgroups: - self: - portgroups: - - {{ portgroups.syslog}} - strelka_frontend: - portgroups: - - {{ portgroups.strelka_frontend }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - heavynode: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.elasticsearch_rest }} - dockernet: - portgroups: - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.elasticsearch_rest }} - elasticsearch_rest: - portgroups: - - {{ portgroups.elasticsearch_rest }} - self: - portgroups: - - {{ portgroups.syslog}} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.elasticsearch_rest }} - strelka_frontend: - portgroups: - - {{ portgroups.strelka_frontend }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - import: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - {{ portgroups.kibana }} - - {{ portgroups.redis }} - - {{ portgroups.influxdb }} - - {{ portgroups.elasticsearch_rest }} - - {{ portgroups.elasticsearch_node }} - - {{ portgroups.elastic_agent_control }} - sensors: - portgroups: - - {{ portgroups.beats_5044 }} - - {{ portgroups.beats_5644 }} - searchnodes: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.elasticsearch_node }} - beats_endpoint: - portgroups: - - {{ portgroups.beats_5044 }} - beats_endpoint_ssl: - portgroups: - - {{ portgroups.beats_5644 }} - elasticsearch_rest: - portgroups: - - {{ portgroups.elasticsearch_rest }} - elastic_agent_endpoint: - portgroups: - - {{ portgroups.elastic_agent_control }} - - {{ portgroups.elastic_agent_data }} - analyst: - portgroups: - - {{ portgroups.nginx }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - receiver: - chain: - DOCKER-USER: - hostgroups: - sensors: - portgroups: - - {{ portgroups.beats_5644 }} - searchnodes: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.beats_5644 }} - self: - portgroups: - - {{ portgroups.redis }} - - {{ portgroups.syslog}} - - {{ portgroups.beats_5644 }} - syslog: - portgroups: - - {{ portgroups.syslog }} - beats_endpoint: - portgroups: - - {{ portgroups.beats_5044 }} - beats_endpoint_ssl: - portgroups: - - {{ portgroups.beats_5644 }} - endgame: - portgroups: - - {{ portgroups.endgame }} - INPUT: - hostgroups: - anywhere: - portgroups: - - {{ portgroups.ssh }} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - idh: - chain: - INPUT: - hostgroups: - anywhere: - portgroups: - {% for service in IDH_PORTGROUPS.keys() %} - {% if service != 'openssh' %} - - {{ IDH_PORTGROUPS[service] }} - {% endif %} - {% endfor %} - dockernet: - portgroups: - - {{ portgroups.all }} - localhost: - portgroups: - - {{ portgroups.all }} - manager: - portgroups: - - {{ IDH_PORTGROUPS.openssh }} - standalone: - portgroups: - - {{ IDH_PORTGROUPS.openssh }} diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml new file mode 100644 index 000000000..0ddf5a7bb --- /dev/null +++ b/salt/firewall/defaults.yaml @@ -0,0 +1,1143 @@ +firewall: + hostgroups: + analyst: [] + anywhere: + - 0.0.0.0/0 + beats_endpoint: [] + beats_endpoint_ssl: [] + dockernet: [] + elastic_agent_endpoint: [] + elasticsearch_rest: [] + endgame: [] + eval: [] + fleet: [] + heavynodes: [] + idh: [] + localhost: + - 127.0.0.1 + manager: [] + receivers: [] + searchnodes: [] + securityonion_desktops: [] + self: [] + sensors: [] + standalone: [] + strelka_frontend: [] + syslog: [] + customhostgroup0: [] + customhostgroup1: [] + customhostgroup2: [] + customhostgroup3: [] + customhostgroup4: [] + customhostgroup5: [] + customhostgroup6: [] + customhostgroup7: [] + customhostgroup8: [] + customhostgroup9: [] + portgroups: + all: + tcp: + - '0:65535' + udp: + - '0:65535' + agrules: + tcp: + - 7788 + udp: [] + beats_5044: + tcp: + - 5044 + udp: [] + beats_5644: + tcp: + - 5644 + udp: [] + beats_5066: + tcp: + - 5066 + udp: [] + beats_5056: + tcp: + - 5056 + udp: [] + docker_registry: + tcp: + - 5000 + udp: [] + elasticsearch_node: + tcp: + - 9300 + udp: [] + elasticsearch_rest: + tcp: + - 9200 + udp: [] + elastic_agent_control: + tcp: + - 8220 + udp: [] + elastic_agent_data: + tcp: + - 5055 + udp: [] + endgame: + tcp: + - 3765 + udp: [] + influxdb: + tcp: + - 8086 + udp: [] + kibana: + tcp: + - 5601 + udp: [] + mysql: + tcp: + - 3306 + udp: [] + nginx: + tcp: + - 80 + - 443 + udp: [] + playbook: + tcp: + - 3000 + udp: [] + redis: + tcp: + - 6379 + - 9696 + salt_manager: + tcp: + - 4505 + - 4506 + udp: [] + sensoroni: + tcp: + - 443 + udp: [] + ssh: + tcp: + - 22 + udp: [] + strelka_frontend: + tcp: + - 57314 + udp: [] + syslog: + tcp: + - 514 + udp: + - 514 + yum: + tcp: + - 443 + udp: [] + customportgroup0: + tcp: [] + udp: [] + customportgroup1: + tcp: [] + udp: [] + customportgroup2: + tcp: [] + udp: [] + customportgroup3: + tcp: [] + udp: [] + customportgroup4: + tcp: [] + udp: [] + customportgroup5: + tcp: [] + udp: [] + customportgroup6: + tcp: [] + udp: [] + customportgroup7: + tcp: [] + udp: [] + customportgroup8: + tcp: [] + udp: [] + customportgroup9: + tcp: [] + udp: [] + role: + eval: + chain: + DOCKER-USER: + hostgroups: + eval: + portgroups: + - playbook + - mysql + - kibana + - redis + - influxdb + - elasticsearch_rest + - elasticsearch_node + sensors: + portgroups: + - beats_5044 + - beats_5644 + searchnodes: + portgroups: + - redis + - elasticsearch_node + heavynodes: + portgroups: + - redis + - elasticsearch_node + self: + portgroups: + - syslog + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + elasticsearch_rest: + portgroups: + - elasticsearch_rest + elastic_agent_endpoint: + portgroups: + - elastic_agent_control + - elastic_agent_data + strelka_frontend: + portgroups: + - strelka_frontend + syslog: + portgroups: + - syslog + analyst: + portgroups: + - nginx + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + fleet: + chain: + DOCKER-USER: + hostgroups: + sensors: + portgroups: + - elastic_agent_control + - elastic_agent_data + elastic_agent_endpoint: + portgroups: + - elastic_agent_control + - elastic_agent_data + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + standalone: + portgroups: + - salt_manager + sensors: + portgroups: + - salt_manager + searchnodes: + portgroups: + - salt_manager + heavynodes: + portgroups: + - salt_manager + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + manager: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - playbook + - mysql + - kibana + - redis + - influxdb + - elasticsearch_rest + - elasticsearch_node + - docker_registry + - elastic_agent_control + - elastic_agent_data + - agrules + sensors: + portgroups: + - beats_5044 + - beats_5644 + - elastic_agent_control + - elastic_agent_data + - yum + - docker_registry + - influxdb + searchnodes: + portgroups: + - redis + - elasticsearch_rest + - elasticsearch_node + - beats_5644 + - yum + - docker_registry + - influxdb + - elastic_agent_control + - elastic_agent_data + heavynodes: + portgroups: + - redis + - elasticsearch_rest + - elasticsearch_node + - beats_5644 + - yum + - docker_registry + - influxdb + - elastic_agent_control + - elastic_agent_data + self: + portgroups: + - syslog + syslog: + portgroups: + - syslog + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + elasticsearch_rest: + portgroups: + - elasticsearch_rest + elastic_agent_endpoint: + portgroups: + - elastic_agent_control + - elastic_agent_data + endgame: + portgroups: + - endgame + analyst: + portgroups: + - nginx + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + sensors: + portgroups: + - salt_manager + searchnodes: + portgroups: + - salt_manager + heavynodes: + portgroups: + - salt_manager + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + managersearch: + chain: + DOCKER-USER: + hostgroups: + managersearch: + portgroups: + - playbook + - mysql + - kibana + - redis + - influxdb + - elasticsearch_rest + - elasticsearch_node + - docker_registry + - elastic_agent_control + - elastic_agent_data + sensors: + portgroups: + - beats_5044 + - beats_5644 + - elastic_agent_control + - elastic_agent_data + - yum + - docker_registry + - influxdb + searchnodes: + portgroups: + - redis + - elasticsearch_rest + - elasticsearch_node + - yum + - docker_registry + - influxdb + - elastic_agent_control + - elastic_agent_data + heavynodes: + portgroups: + - redis + - elasticsearch_rest + - elasticsearch_node + - yum + - docker_registry + - influxdb + - elastic_agent_control + - elastic_agent_data + self: + portgroups: + - syslog + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + elasticsearch_rest: + portgroups: + - elasticsearch_rest + elastic_agent_endpoint: + portgroups: + - elastic_agent_control + - elastic_agent_data + endgame: + portgroups: + - endgame + syslog: + portgroups: + - syslog + analyst: + portgroups: + - nginx + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + sensors: + portgroups: + - salt_manager + searchnodes: + portgroups: + - salt_manager + heavynodes: + portgroups: + - salt_manager + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + standalone: + chain: + DOCKER-USER: + hostgroups: + localhost: + portgroups: + - all + standalone: + portgroups: + - playbook + - mysql + - kibana + - redis + - influxdb + - elasticsearch_rest + - elasticsearch_node + - docker_registry + - sensoroni + - yum + - beats_5044 + - beats_5644 + - beats_5056 + - redis + - elasticsearch_node + - elastic_agent_control + - elastic_agent_data + - endgame + - strelka_frontend + fleet: + portgroups: + - elasticsearch_rest + - docker_registry + - influxdb + - sensoroni + - yum + - beats_5044 + - beats_5644 + - beats_5056 + - elastic_agent_control + - elastic_agent_data + sensors: + portgroups: + - docker_registry + - influxdb + - sensoroni + - yum + - beats_5044 + - beats_5644 + - beats_5056 + - elastic_agent_control + - elastic_agent_data + searchnodes: + portgroups: + - docker_registry + - influxdb + - sensoroni + - yum + - redis + - elasticsearch_rest + - elasticsearch_node + heavynodes: + portgroups: + - docker_registry + - influxdb + - sensoroni + - yum + - redis + - elasticsearch_rest + - elasticsearch_node + self: + portgroups: + - syslog + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + elasticsearch_rest: + portgroups: + - elasticsearch_rest + elastic_agent_endpoint: + portgroups: + - elastic_agent_control + - elastic_agent_data + endgame: + portgroups: + - endgame + strelka_frontend: + portgroups: + - strelka_frontend + syslog: + portgroups: + - syslog + analyst: + portgroups: + - nginx + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + fleet: + portgroups: + - salt_manager + localhost: + portgroups: + - all + standalone: + portgroups: + - salt_manager + sensors: + portgroups: + - salt_manager + searchnodes: + portgroups: + - salt_manager + heavynodes: + portgroups: + - salt_manager + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + searchnode: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - elasticsearch_node + - elasticsearch_rest + dockernet: + portgroups: + - elasticsearch_node + - elasticsearch_rest + elasticsearch_rest: + portgroups: + - elasticsearch_rest + searchnodes: + portgroups: + - elasticsearch_node + self: + portgroups: + - syslog + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + sensor: + chain: + DOCKER-USER: + hostgroups: + self: + portgroups: + - syslog + strelka_frontend: + portgroups: + - strelka_frontend + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + heavynode: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - elasticsearch_node + - elasticsearch_rest + dockernet: + portgroups: + - elasticsearch_node + - elasticsearch_rest + elasticsearch_rest: + portgroups: + - elasticsearch_rest + self: + portgroups: + - syslog + - elasticsearch_node + - elasticsearch_rest + strelka_frontend: + portgroups: + - strelka_frontend + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + import: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - kibana + - redis + - influxdb + - elasticsearch_rest + - elasticsearch_node + - elastic_agent_control + sensors: + portgroups: + - beats_5044 + - beats_5644 + searchnodes: + portgroups: + - redis + - elasticsearch_node + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + elasticsearch_rest: + portgroups: + - elasticsearch_rest + elastic_agent_endpoint: + portgroups: + - elastic_agent_control + - elastic_agent_data + analyst: + portgroups: + - nginx + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + receiver: + chain: + DOCKER-USER: + hostgroups: + sensors: + portgroups: + - beats_5644 + searchnodes: + portgroups: + - redis + - beats_5644 + self: + portgroups: + - redis + - syslog + - beats_5644 + syslog: + portgroups: + - syslog + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + endgame: + portgroups: + - endgame + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + customhostgroup0: + portgroups: [] + customhostgroup1: + portgroups: [] + customhostgroup2: + portgroups: [] + customhostgroup3: + portgroups: [] + customhostgroup4: + portgroups: [] + customhostgroup5: + portgroups: [] + customhostgroup6: + portgroups: [] + customhostgroup7: + portgroups: [] + customhostgroup8: + portgroups: [] + customhostgroup9: + portgroups: [] diff --git a/salt/firewall/hostgroups/analyst b/salt/firewall/hostgroups/analyst deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/analyst_workstations b/salt/firewall/hostgroups/analyst_workstations deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/anywhere b/salt/firewall/hostgroups/anywhere deleted file mode 100644 index b04387011..000000000 --- a/salt/firewall/hostgroups/anywhere +++ /dev/null @@ -1 +0,0 @@ -0.0.0.0/0 diff --git a/salt/firewall/hostgroups/beats_endpoint b/salt/firewall/hostgroups/beats_endpoint deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/beats_endpoint_ssl b/salt/firewall/hostgroups/beats_endpoint_ssl deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/dockernet b/salt/firewall/hostgroups/dockernet deleted file mode 100644 index ccbd6e89c..000000000 --- a/salt/firewall/hostgroups/dockernet +++ /dev/null @@ -1,2 +0,0 @@ -{% from 'docker/docker.map.jinja' import DOCKER -%} -{{ DOCKER.sorange }} diff --git a/salt/firewall/hostgroups/elastic_agent_endpoint b/salt/firewall/hostgroups/elastic_agent_endpoint deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/elasticsearch_rest b/salt/firewall/hostgroups/elasticsearch_rest deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/endgame b/salt/firewall/hostgroups/endgame deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/eval b/salt/firewall/hostgroups/eval deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/fleet b/salt/firewall/hostgroups/fleet deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/heavynodes b/salt/firewall/hostgroups/heavynodes deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/idh b/salt/firewall/hostgroups/idh deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/localhost b/salt/firewall/hostgroups/localhost deleted file mode 100644 index 7b9ad531d..000000000 --- a/salt/firewall/hostgroups/localhost +++ /dev/null @@ -1 +0,0 @@ -127.0.0.1 diff --git a/salt/firewall/hostgroups/manager b/salt/firewall/hostgroups/manager deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/receivers b/salt/firewall/hostgroups/receivers deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/searchnodes b/salt/firewall/hostgroups/searchnodes deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/self b/salt/firewall/hostgroups/self deleted file mode 100644 index 488f25de4..000000000 --- a/salt/firewall/hostgroups/self +++ /dev/null @@ -1,2 +0,0 @@ -{% from 'vars/globals.map.jinja' import GLOBALS -%} -{{ GLOBALS.node_ip }} diff --git a/salt/firewall/hostgroups/sensors b/salt/firewall/hostgroups/sensors deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/standalone b/salt/firewall/hostgroups/standalone deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/strelka_frontend b/salt/firewall/hostgroups/strelka_frontend deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/hostgroups/syslog b/salt/firewall/hostgroups/syslog deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/firewall/iptables.jinja b/salt/firewall/iptables.jinja index ec2a5ae65..6e91a9b93 100644 --- a/salt/firewall/iptables.jinja +++ b/salt/firewall/iptables.jinja @@ -1,7 +1,9 @@ -{% from 'docker/docker.map.jinja' import DOCKER -%} -{% from 'firewall/containers.map.jinja' import NODE_CONTAINERS -%} -{% from 'firewall/map.jinja' import hostgroups with context -%} -{% from 'firewall/map.jinja' import assigned_hostgroups with context -%} +{%- from 'vars/globals.map.jinja' import GLOBALS %} +{%- from 'docker/docker.map.jinja' import DOCKER %} +{%- from 'firewall/map.jinja' import FIREWALL_MERGED %} +{%- set role = GLOBALS.role.split('-')[1] %} +{%- from 'firewall/containers.map.jinja' import NODE_CONTAINERS %} + {%- set PR = [] %} {%- set D1 = [] %} {%- set D2 = [] %} @@ -70,24 +72,18 @@ COMMIT :DOCKER-USER - [0:0] :LOGGING - [0:0] -{%- set count = namespace(value=0) %} -{%- for chain, hg in assigned_hostgroups.chain.items() %} - {%- for hostgroup, portgroups in assigned_hostgroups.chain[chain].hostgroups.items() %} - {%- for action in ['insert', 'delete' ] %} - {%- if hostgroups[hostgroup].ips[action] %} - {%- for ip in hostgroups[hostgroup].ips[action] %} - {%- for portgroup in portgroups.portgroups %} - {%- for proto, ports in portgroup.items() %} - {%- for port in ports %} - {%- set count.value = count.value + 1 %} --A {{chain}} -s {{ip}} -p {{proto}} -m {{proto}} --dport {{port}} -j ACCEPT - {%- endfor %} - {%- endfor %} - {%- endfor %} - {%- endfor %} - {%- endif %} - {%- endfor %} - {%- endfor %} +{%- for chn, hostgroups in FIREWALL_MERGED.role[role].chain.items() %} +{%- for hostgroup, portgroups in hostgroups['hostgroups'].items() %} +{%- for ip in FIREWALL_MERGED.hostgroups[hostgroup] %} +{%- for groupname in portgroups['portgroups'] %} +{%- for proto, ports in FIREWALL_MERGED['portgroups'][groupname].items() %} +{%- for port in ports %} +-A {{chn}} -s {{ip}} -p {{proto}} -m {{proto}} --dport {{port}} -j ACCEPT +{%- endfor %} +{%- endfor %} +{%- endfor %} +{%- endfor %} +{%- endfor %} {%- endfor %} -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT diff --git a/salt/firewall/map.jinja b/salt/firewall/map.jinja index 06586ddf2..7a549d123 100644 --- a/salt/firewall/map.jinja +++ b/salt/firewall/map.jinja @@ -1,62 +1,10 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} -{% set role = grains.id.split('_') | last %} -{% set translated_pillar_assigned_hostgroups = {} %} +{% from 'docker/docker.map.jinja' import DOCKER %} +{% import_yaml 'firewall/defaults.yaml' as FIREWALL_DEFAULT %} -{% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %} -{% set default_portgroups = default_portgroups.firewall.ports %} -{% import_yaml 'firewall/ports/ports.local.yaml' as local_portgroups %} -{% if local_portgroups.firewall.ports %} - {% set local_portgroups = local_portgroups.firewall.ports %} -{% else %} - {% set local_portgroups = {} %} -{% endif %} +{# add our ip to self #} +{% do FIREWALL_DEFAULT.firewall.hostgroups.self.append(GLOBALS.node_ip) %} +{# add dockernet range #} +{% do FIREWALL_DEFAULT.firewall.hostgroups.dockernet.append(DOCKER.sorange) %} -{% set portgroups = salt['defaults.merge'](default_portgroups, local_portgroups, in_place=False) %} -{% set defined_portgroups = portgroups %} - -{% if GLOBALS.role == 'so-idh' %} -{% from 'idh/opencanary_config.map.jinja' import IDH_PORTGROUPS %} -{% do salt['defaults.merge'](defined_portgroups, IDH_PORTGROUPS, in_place=True) %} -{% endif %} - -{% set local_hostgroups = {'firewall': {'hostgroups': {}}} %} - -{% set hostgroup_list = salt['cp.list_master'](prefix='firewall/hostgroups') %} - -{% for hg in hostgroup_list %} -{% import_text hg as hg_ips %} -{% do local_hostgroups.firewall.hostgroups.update({hg.split('/')[2]: {'ips': {'insert': hg_ips.split(), 'delete': []}}}) %} -{% endfor %} - -{% set hostgroups = local_hostgroups.firewall.hostgroups %} - -{# This block translate the portgroups defined in the pillar to what is defined my portgroups.yaml and portgroups.local.yaml #} -{% if salt['pillar.get']('firewall:assigned_hostgroups:chain') %} - {% set translated_pillar_assigned_hostgroups = {'chain': {}} %} - - {% for chain, hg in salt['pillar.get']('firewall:assigned_hostgroups:chain').items() %} - {% for pillar_hostgroup, pillar_portgroups in salt['pillar.get']('firewall:assigned_hostgroups:chain')[chain].hostgroups.items() %} - {% if translated_pillar_assigned_hostgroups.chain[chain] is defined %} - {% do translated_pillar_assigned_hostgroups.chain[chain].hostgroups.update({pillar_hostgroup: {"portgroups": []}}) %} - {% else %} - {% do translated_pillar_assigned_hostgroups.chain.update({chain: {"hostgroups": {pillar_hostgroup: {"portgroups": []}}}}) %} - {% endif %} - {% for pillar_portgroup in pillar_portgroups.portgroups %} - {% set pillar_portgroup = pillar_portgroup.split('.') | last %} - {% do translated_pillar_assigned_hostgroups.chain[chain].hostgroups[pillar_hostgroup].portgroups.append(defined_portgroups[pillar_portgroup]) %} - {% endfor %} - {% endfor %} - {% endfor %} -{% endif %} - -{% import_yaml 'firewall/assigned_hostgroups.map.yaml' as default_assigned_hostgroups %} -{% import_yaml 'firewall/assigned_hostgroups.local.map.yaml' as local_assigned_hostgroups %} -{% if local_assigned_hostgroups.role.get(role, False) %} - {% set assigned_hostgroups = salt['defaults.merge'](local_assigned_hostgroups.role[role], default_assigned_hostgroups.role[role], merge_lists=False, in_place=False) %} -{% else %} - {% set assigned_hostgroups = default_assigned_hostgroups.role[role] %} -{% endif %} - -{% if translated_pillar_assigned_hostgroups %} - {% do salt['defaults.merge'](assigned_hostgroups, translated_pillar_assigned_hostgroups, merge_lists=True, in_place=True) %} -{% endif %} +{% set FIREWALL_MERGED = salt['pillar.get']('firewall', FIREWALL_DEFAULT.firewall, merge=True) %} diff --git a/salt/firewall/ports/ports.yaml b/salt/firewall/ports/ports.yaml deleted file mode 100644 index 79bdf93b4..000000000 --- a/salt/firewall/ports/ports.yaml +++ /dev/null @@ -1,81 +0,0 @@ -firewall: - ports: - all: - tcp: - - '0:65535' - udp: - - '0:65535' - agrules: - tcp: - - 7788 - beats_5044: - tcp: - - 5044 - beats_5644: - tcp: - - 5644 - beats_5066: - tcp: - - 5066 - beats_5056: - tcp: - - 5056 - docker_registry: - tcp: - - 5000 - elasticsearch_node: - tcp: - - 9300 - elasticsearch_rest: - tcp: - - 9200 - elastic_agent_control: - tcp: - - 8220 - elastic_agent_data: - tcp: - - 5055 - endgame: - tcp: - - 3765 - influxdb: - tcp: - - 8086 - kibana: - tcp: - - 5601 - mysql: - tcp: - - 3306 - nginx: - tcp: - - 80 - - 443 - playbook: - tcp: - - 3000 - redis: - tcp: - - 6379 - - 9696 - salt_manager: - tcp: - - 4505 - - 4506 - sensoroni: - tcp: - - 443 - ssh: - tcp: - - 22 - strelka_frontend: - tcp: - - 57314 - syslog: - tcp: - - 514 - udp: - - 514 - yum: - tcp: - - 443 diff --git a/salt/firewall/soc/defaults_soc_firewall.yaml b/salt/firewall/soc/defaults_soc_firewall.yaml deleted file mode 100644 index fd72df523..000000000 --- a/salt/firewall/soc/defaults_soc_firewall.yaml +++ /dev/null @@ -1,136 +0,0 @@ -firewall: - custom_groups: - groups: - description: List of group names to create. - multiline: True - forcedType: "[]string" - global: True - title: Custom Firewall Groups - helpLink: firewall.html#host-groups - hostgroups: - analyst_workstations: - description: List of IP addresses or CIDR blocks to allow analyst workstations. - file: True - global: True - title: Analyst Workstations - helpLink: firewall.html#host-groups - analyst: - description: List of IP addresses or CIDR blocks to allow analyst connections. - file: True - global: True - title: Analyst - helpLink: firewall.html#host-groups - beats_endpoint: - description: List of IP addresses or CIDR blocks of standard beats without encryption. - file: True - global: True - title: Beats Endpoints - helpLink: firewall.html#host-groups - beats_endpoint_ssl: - description: List of IP addresses or CIDR blocks of standard beats with encryption. - file: True - global: True - title: Beats Endpoints SSL - helpLink: firewall.html#host-groups - elastic_agent_endpoint: - description: List of IP addresses or CIDR blocks for Elastic Agent connections. - file: True - global: True - title: Elastic Agents - helpLink: firewall.html#host-groups - elasticsearch_rest: - description: List of IP addresses or CIDR blocks to allow access directly to Elasticsearch. - file: True - global: True - title: Elasticsearch Rest - advanced: True - helpLink: firewall.html#host-groups - endgame: - description: List of IP addresses or CIDR blocks to allow Endgame access. - file: True - global: True - title: Endgame - advanced: True - helpLink: firewall.html#host-groups - strelka_frontend: - description: List of IP addresses or CIDR blocks to allow access to the Strelka front end. - file: True - global: True - title: Strelka Frontend - advanced: True - helpLink: firewall.html#host-groups - syslog: - description: List of IP addresses or CIDR blocks to allow syslog. - file: True - global: True - title: Syslog Endpoint Traffic - helpLink: firewall.html#host-groups - standalone: - description: List of IP addresses or CIDR blocks to allow standalone connections. - file: True - global: True - title: Standalone - advanced: True - helpLink: firewall.html#host-groups - eval: - description: List of IP addresses or CIDR blocks to allow eval connections. - file: True - global: True - title: Eval - advanced: True - helpLink: firewall.html#host-groups - idh: - description: List of IP addresses or CIDR blocks to allow idh connections. - file: True - global: True - title: IDH Nodes - helpLink: firewall.html#host-groups - manager: - description: List of IP addresses or CIDR blocks to allow manager connections. - file: True - global: True - title: Manager - advanced: True - helpLink: firewall.html#host-groups - heavynodes: - description: List of IP addresses or CIDR blocks to allow heavynode connections. - file: True - global: True - title: Heavy Nodes - helpLink: firewall.html#host-groups - searchnodes: - description: List of IP addresses or CIDR blocks to allow searchnode connections. - file: True - global: True - title: Search Nodes - helpLink: firewall.html#host-groups - sensors: - description: List of IP addresses or CIDR blocks to allow Sensor connections. - file: True - global: True - title: Sensors - helpLink: firewall.html#host-groups - receivers: - description: List of IP addresses or CIDR blocks to allow receiver connections. - file: True - global: True - title: Receivers - helpLink: firewall.html#host-groups - portgroups: - portgroups__yaml: - description: Port Groups - file: True - global: True - advanced: True - title: Port Groups - syntax: yaml - helpLink: firewall.html#function - ports: - ports__yaml: - description: Ports in YAML. - file: True - global: True - advanced: True - title: Ports - syntax: yaml - helpLink: firewall.html#port-groups diff --git a/salt/firewall/soc/init.sls b/salt/firewall/soc/init.sls deleted file mode 100644 index bae1a3048..000000000 --- a/salt/firewall/soc/init.sls +++ /dev/null @@ -1,5 +0,0 @@ -soc_firewall_yaml: - file.managed: - - name: /opt/so/saltstack/default/salt/firewall/soc_firewall.yaml - - source: salt://firewall/soc/soc_firewall.yaml.jinja - - template: jinja diff --git a/salt/firewall/soc/soc.map.jinja b/salt/firewall/soc/soc.map.jinja deleted file mode 100644 index 00fc50dd1..000000000 --- a/salt/firewall/soc/soc.map.jinja +++ /dev/null @@ -1,9 +0,0 @@ -{% import_yaml 'firewall/soc/defaults_soc_firewall.yaml' as DEFAULT_SOC_FIREWALL %} -{% set PILLAR_SOC_FIREWALL_GROUPS = salt['pillar.get']('firewall:custom_groups:groups', {}) %} -{% set SOC_FIREWALL = DEFAULT_SOC_FIREWALL %} - -{% for group in PILLAR_SOC_FIREWALL_GROUPS %} -{% set description = 'List of IP addresses or CIDR blocks to allow for ' ~ group ~ ' hostgroup.' %} -{% set title = group[0]|upper ~ group[1:] %} -{% do SOC_FIREWALL.firewall.hostgroups.update({group:{'description': description, 'file': 'True', 'global': 'True', 'title': title, 'helpLink': 'firewall.html#host-groups'}}) %} -{% endfor %} diff --git a/salt/firewall/soc/soc_firewall.yaml.jinja b/salt/firewall/soc/soc_firewall.yaml.jinja deleted file mode 100644 index 0502c0246..000000000 --- a/salt/firewall/soc/soc_firewall.yaml.jinja +++ /dev/null @@ -1,2 +0,0 @@ -{% from 'firewall/soc/soc.map.jinja' import SOC_FIREWALL -%} -{{ SOC_FIREWALL | yaml(False) }} diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml new file mode 100644 index 000000000..582c01bba --- /dev/null +++ b/salt/firewall/soc_firewall.yaml @@ -0,0 +1,902 @@ +firewall: + hostgroups: + analyst: &hostgroupsettings + description: List of IP or CIDR blocks to allow access to this hostgroup. + forcedType: "[]string" + helplink: firewall.html + multiline: True + regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$ + regexFailureMessage: You must enter a valid IP address or CIDR. + anywhere: &hostgroupsettingsadv + description: List of IP or CIDR blocks to allow access to this hostgroup. + forcedType: "[]string" + helplink: firewall.html + multiline: True + advanced: True + regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$ + regexFailureMessage: You must enter a valid IP address or CIDR. + beats_endpoint: *hostgroupsettings + beats_endpoint_ssl: *hostgroupsettings + dockernet: &ROhostgroupsettingsadv + description: List of IP or CIDR blocks to allow access to this hostgroup. + forcedType: "[]string" + helplink: firewall.html + multiline: True + advanced: True + readonly: True + regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$ + regexFailureMessage: You must enter a valid IP address or CIDR. + elastic_agent_endpoint: *hostgroupsettings + elasticsearch_rest: *hostgroupsettingsadv + endgame: *hostgroupsettingsadv + eval: *hostgroupsettings + fleet: *hostgroupsettings + heavynodes: *hostgroupsettings + idh: *hostgroupsettings + localhost: *ROhostgroupsettingsadv + manager: *hostgroupsettings + receivers: *hostgroupsettings + searchnodes: *hostgroupsettings + securityonion_desktops: *hostgroupsettings + self: *ROhostgroupsettingsadv + sensors: *hostgroupsettings + standalone: *hostgroupsettings + strelka_frontend: *hostgroupsettings + syslog: *hostgroupsettings + customhostgroup1: &customhostgroupsettings + description: List of IP or CIDR blocks to allow to this hostgroup. + forcedType: "[]string" + helpLink: firewall.html + advanced: True + multiline: True + regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$ + regexFailureMessage: You must enter a valid IP address or CIDR. + customhostgroup2: *customhostgroupsettings + customhostgroup3: *customhostgroupsettings + customhostgroup4: *customhostgroupsettings + customhostgroup5: *customhostgroupsettings + customhostgroup6: *customhostgroupsettings + customhostgroup7: *customhostgroupsettings + customhostgroup8: *customhostgroupsettings + customhostgroup9: *customhostgroupsettings + customhostgroup0: *customhostgroupsettings + portgroups: + all: + tcp: &tcpsettings + description: List of TCP ports for this port group. + forcedType: "[]string" + helplink: firewall.html + advanced: True + multiline: True + udp: &udpsettings + description: List of UDP ports for this port group. + forcedType: "[]string" + helplink: firewall.html + advanced: True + multiline: True + agrules: + tcp: *tcpsettings + udp: *udpsettings + beats_5044: + tcp: *tcpsettings + udp: *udpsettings + beats_5644: + tcp: *tcpsettings + udp: *udpsettings + beats_5066: + tcp: *tcpsettings + udp: *udpsettings + beats_5056: + tcp: *tcpsettings + udp: *udpsettings + docker_registry: + tcp: *tcpsettings + udp: *udpsettings + elasticsearch_node: + tcp: *tcpsettings + udp: *udpsettings + elasticsearch_rest: + tcp: *tcpsettings + udp: *udpsettings + elastic_agent_control: + tcp: *tcpsettings + udp: *udpsettings + elastic_agent_data: + tcp: *tcpsettings + udp: *udpsettings + endgame: + tcp: *tcpsettings + udp: *udpsettings + influxdb: + tcp: *tcpsettings + udp: *udpsettings + kibana: + tcp: *tcpsettings + udp: *udpsettings + mysql: + tcp: *tcpsettings + udp: *udpsettings + nginx: + tcp: *tcpsettings + udp: *udpsettings + playbook: + tcp: *tcpsettings + udp: *udpsettings + redis: + tcp: *tcpsettings + udp: *udpsettings + salt_manager: + tcp: *tcpsettings + udp: *udpsettings + sensoroni: + tcp: *tcpsettings + udp: *udpsettings + ssh: + tcp: *tcpsettings + udp: *udpsettings + strelka_frontend: + tcp: *tcpsettings + udp: *udpsettings + syslog: + tcp: *tcpsettings + udp: *udpsettings + yum: + tcp: *tcpsettings + udp: *udpsettings + customportgroup0: + tcp: *tcpsettings + udp: *udpsettings + customportgroup1: + tcp: *tcpsettings + udp: *udpsettings + customportgroup2: + tcp: *tcpsettings + udp: *udpsettings + customportgroup3: + tcp: *tcpsettings + udp: *udpsettings + customportgroup4: + tcp: *tcpsettings + udp: *udpsettings + customportgroup5: + tcp: *tcpsettings + udp: *udpsettings + customportgroup6: + tcp: *tcpsettings + udp: *udpsettings + customportgroup7: + tcp: *tcpsettings + udp: *udpsettings + customportgroup8: + tcp: *tcpsettings + udp: *udpsettings + customportgroup9: + tcp: *tcpsettings + udp: *udpsettings + role: + eval: + chain: + DOCKER-USER: + hostgroups: + eval: + portgroups: &portgroupsdocker + description: Portgroups to add access to the docker containers for this role. + advanced: True + multiline: True + helpLink: firewall.html + sensors: + portgroups: *portgroupsdocker + searchnodes: + portgroups: *portgroupsdocker + heavynodes: + portgroups: *portgroupsdocker + self: + portgroups: *portgroupsdocker + beats_endpoint: + portgroups: *portgroupsdocker + beats_endpoint_ssl: + portgroups: *portgroupsdocker + elasticsearch_rest: + portgroups: *portgroupsdocker + elastic_agent_endpoint: + portgroups: *portgroupsdocker + strelka_frontend: + portgroups: *portgroupsdocker + syslog: + portgroups: *portgroupsdocker + analyst: + portgroups: *portgroupsdocker + customhostgroup0: + portgroups: *portgroupsdocker + customhostgroup1: + portgroups: *portgroupsdocker + customhostgroup2: + portgroups: *portgroupsdocker + customhostgroup3: + portgroups: *portgroupsdocker + customhostgroup4: + portgroups: *portgroupsdocker + customhostgroup5: + portgroups: *portgroupsdocker + customhostgroup6: + portgroups: *portgroupsdocker + customhostgroup7: + portgroups: *portgroupsdocker + customhostgroup8: + portgroups: *portgroupsdocker + customhostgroup9: + portgroups: *portgroupsdocker + INPUT: + hostgroups: + anywhere: + portgroups: &portgroupshost + description: Portgroups to add access to the host. + advanced: True + multiline: True + helpLink: firewall.html + dockernet: + portgroups: *portgroupshost + localhost: + portgroups: *portgroupshost + customhostgroup0: + portgroups: *portgroupshost + customhostgroup1: + portgroups: *portgroupshost + customhostgroup2: + portgroups: *portgroupshost + customhostgroup3: + portgroups: *portgroupshost + customhostgroup4: + portgroups: *portgroupshost + customhostgroup5: + portgroups: *portgroupshost + customhostgroup6: + portgroups: *portgroupshost + customhostgroup7: + portgroups: *portgroupshost + customhostgroup8: + portgroups: *portgroupshost + customhostgroup9: + portgroups: *portgroupshost + fleet: + chain: + DOCKER-USER: + hostgroups: + sensors: + portgroups: *portgroupsdocker + elastic_agent_endpoint: + portgroups: *portgroupsdocker + customhostgroup0: + portgroups: *portgroupsdocker + customhostgroup1: + portgroups: *portgroupsdocker + customhostgroup2: + portgroups: *portgroupsdocker + customhostgroup3: + portgroups: *portgroupsdocker + customhostgroup4: + portgroups: *portgroupsdocker + customhostgroup5: + portgroups: *portgroupsdocker + customhostgroup6: + portgroups: *portgroupsdocker + customhostgroup7: + portgroups: *portgroupsdocker + customhostgroup8: + portgroups: *portgroupsdocker + customhostgroup9: + portgroups: *portgroupsdocker + INPUT: + hostgroups: + anywhere: + portgroups: *portgroupshost + dockernet: + portgroups: *portgroupshost + localhost: + portgroups: *portgroupsdocker + standalone: + portgroups: *portgroupshost + sensors: + portgroups: *portgroupshost + searchnodes: + portgroups: *portgroupshost + heavynodes: + portgroups: *portgroupshost + customhostgroup0: + portgroups: *portgroupshost + customhostgroup1: + portgroups: *portgroupshost + customhostgroup2: + portgroups: *portgroupshost + customhostgroup3: + portgroups: *portgroupshost + customhostgroup4: + portgroups: *portgroupshost + customhostgroup5: + portgroups: *portgroupshost + customhostgroup6: + portgroups: *portgroupshost + customhostgroup7: + portgroups: *portgroupshost + customhostgroup8: + portgroups: *portgroupshost + customhostgroup9: + portgroups: *portgroupshost + + manager: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: *portgroupsdocker + sensors: + portgroups: *portgroupsdocker + searchnodes: + portgroups: *portgroupsdocker + heavynodes: + portgroups: *portgroupsdocker + self: + portgroups: *portgroupsdocker + syslog: + portgroups: *portgroupsdocker + beats_endpoint: + portgroups: *portgroupsdocker + beats_endpoint_ssl: + portgroups: *portgroupsdocker + elasticsearch_rest: + portgroups: *portgroupsdocker + elastic_agent_endpoint: + portgroups: *portgroupsdocker + endgame: + portgroups: *portgroupsdocker + analyst: + portgroups: *portgroupsdocker + customhostgroup0: + portgroups: *portgroupsdocker + customhostgroup1: + portgroups: *portgroupsdocker + customhostgroup2: + portgroups: *portgroupsdocker + customhostgroup3: + portgroups: *portgroupsdocker + customhostgroup4: + portgroups: *portgroupsdocker + customhostgroup5: + portgroups: *portgroupsdocker + customhostgroup6: + portgroups: *portgroupsdocker + customhostgroup7: + portgroups: *portgroupsdocker + customhostgroup8: + portgroups: *portgroupsdocker + customhostgroup9: + portgroups: *portgroupsdocker + INPUT: + hostgroups: + anywhere: + portgroups: *portgroupshost + dockernet: + portgroups: *portgroupshost + localhost: + portgroups: *portgroupshost + sensors: + portgroups: *portgroupshost + searchnodes: + portgroups: *portgroupshost + heavynodes: + portgroups: *portgroupshost + customhostgroup0: + portgroups: *portgroupshost + customhostgroup1: + portgroups: *portgroupshost + customhostgroup2: + portgroups: *portgroupshost + customhostgroup3: + portgroups: *portgroupshost + customhostgroup4: + portgroups: *portgroupshost + customhostgroup5: + portgroups: *portgroupshost + customhostgroup6: + portgroups: *portgroupshost + customhostgroup7: + portgroups: *portgroupshost + customhostgroup8: + portgroups: *portgroupshost + customhostgroup9: + portgroups: *portgroupshost + + managersearch: + chain: + DOCKER-USER: + hostgroups: + managersearch: + portgroups: *portgroupsdocker + sensors: + portgroups: *portgroupsdocker + searchnodes: + portgroups: *portgroupsdocker + heavynodes: + portgroups: *portgroupsdocker + self: + portgroups: *portgroupsdocker + beats_endpoint: + portgroups: *portgroupsdocker + beats_endpoint_ssl: + portgroups: *portgroupsdocker + elasticsearch_rest: + portgroups: *portgroupsdocker + elastic_agent_endpoint: + portgroups: *portgroupsdocker + endgame: + portgroups: *portgroupsdocker + syslog: + portgroups: *portgroupsdocker + analyst: + portgroups: *portgroupsdocker + customhostgroup0: + portgroups: *portgroupsdocker + customhostgroup1: + portgroups: *portgroupsdocker + customhostgroup2: + portgroups: *portgroupsdocker + customhostgroup3: + portgroups: *portgroupsdocker + customhostgroup4: + portgroups: *portgroupsdocker + customhostgroup5: + portgroups: *portgroupsdocker + customhostgroup6: + portgroups: *portgroupsdocker + customhostgroup7: + portgroups: *portgroupsdocker + customhostgroup8: + portgroups: *portgroupsdocker + customhostgroup9: + portgroups: *portgroupsdocker + INPUT: + hostgroups: + anywhere: + portgroups: *portgroupshost + dockernet: + portgroups: *portgroupshost + localhost: + portgroups: *portgroupshost + sensors: + portgroups: *portgroupshost + searchnodes: + portgroups: *portgroupshost + heavynodes: + portgroups: *portgroupshost + customhostgroup0: + portgroups: *portgroupshost + customhostgroup1: + portgroups: *portgroupshost + customhostgroup2: + portgroups: *portgroupshost + customhostgroup3: + portgroups: *portgroupshost + customhostgroup4: + portgroups: *portgroupshost + customhostgroup5: + portgroups: *portgroupshost + customhostgroup6: + portgroups: *portgroupshost + customhostgroup7: + portgroups: *portgroupshost + customhostgroup8: + portgroups: *portgroupshost + customhostgroup9: + portgroups: *portgroupshost + + standalone: + chain: + DOCKER-USER: + hostgroups: + localhost: + portgroups: *portgroupsdocker + standalone: + portgroups: *portgroupsdocker + fleet: + portgroups: *portgroupsdocker + sensors: + portgroups: *portgroupsdocker + searchnodes: + portgroups: *portgroupsdocker + heavynodes: + portgroups: *portgroupsdocker + self: + portgroups: *portgroupsdocker + beats_endpoint: + portgroups: *portgroupsdocker + beats_endpoint_ssl: + portgroups: *portgroupsdocker + elasticsearch_rest: + portgroups: *portgroupsdocker + elastic_agent_endpoint: + portgroups: *portgroupsdocker + endgame: + portgroups: *portgroupsdocker + strelka_frontend: + portgroups: *portgroupsdocker + syslog: + portgroups: *portgroupsdocker + analyst: + portgroups: *portgroupsdocker + customhostgroup0: + portgroups: *portgroupsdocker + customhostgroup1: + portgroups: *portgroupsdocker + customhostgroup2: + portgroups: *portgroupsdocker + customhostgroup3: + portgroups: *portgroupsdocker + customhostgroup4: + portgroups: *portgroupsdocker + customhostgroup5: + portgroups: *portgroupsdocker + customhostgroup6: + portgroups: *portgroupsdocker + customhostgroup7: + portgroups: *portgroupsdocker + customhostgroup8: + portgroups: *portgroupsdocker + customhostgroup9: + portgroups: *portgroupsdocker + INPUT: + hostgroups: + anywhere: + portgroups: *portgroupshost + dockernet: + portgroups: *portgroupshost + fleet: + portgroups: *portgroupshost + localhost: + portgroups: *portgroupshost + standalone: + portgroups: *portgroupshost + sensors: + portgroups: *portgroupshost + searchnodes: + portgroups: *portgroupshost + heavynodes: + portgroups: *portgroupshost + customhostgroup0: + portgroups: *portgroupshost + customhostgroup1: + portgroups: *portgroupshost + customhostgroup2: + portgroups: *portgroupshost + customhostgroup3: + portgroups: *portgroupshost + customhostgroup4: + portgroups: *portgroupshost + customhostgroup5: + portgroups: *portgroupshost + customhostgroup6: + portgroups: *portgroupshost + customhostgroup7: + portgroups: *portgroupshost + customhostgroup8: + portgroups: *portgroupshost + customhostgroup9: + portgroups: *portgroupshost + + searchnode: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: *portgroupsdocker + dockernet: + portgroups: *portgroupsdocker + elasticsearch_rest: + portgroups: *portgroupsdocker + searchnodes: + portgroups: *portgroupsdocker + self: + portgroups: *portgroupsdocker + customhostgroup0: + portgroups: *portgroupsdocker + customhostgroup1: + portgroups: *portgroupsdocker + customhostgroup2: + portgroups: *portgroupsdocker + customhostgroup3: + portgroups: *portgroupsdocker + customhostgroup4: + portgroups: *portgroupsdocker + customhostgroup5: + portgroups: *portgroupsdocker + customhostgroup6: + portgroups: *portgroupsdocker + customhostgroup7: + portgroups: *portgroupsdocker + customhostgroup8: + portgroups: *portgroupsdocker + customhostgroup9: + portgroups: *portgroupsdocker + INPUT: + hostgroups: + anywhere: + portgroups: *portgroupshost + dockernet: + portgroups: *portgroupshost + localhost: + portgroups: *portgroupshost + customhostgroup0: + portgroups: *portgroupshost + customhostgroup1: + portgroups: *portgroupshost + customhostgroup2: + portgroups: *portgroupshost + customhostgroup3: + portgroups: *portgroupshost + customhostgroup4: + portgroups: *portgroupshost + customhostgroup5: + portgroups: *portgroupshost + customhostgroup6: + portgroups: *portgroupshost + customhostgroup7: + portgroups: *portgroupshost + customhostgroup8: + portgroups: *portgroupshost + customhostgroup9: + portgroups: *portgroupshost + + sensor: + chain: + DOCKER-USER: + hostgroups: + self: + portgroups: *portgroupsdocker + strelka_frontend: + portgroups: *portgroupsdocker + customhostgroup0: + portgroups: *portgroupsdocker + customhostgroup1: + portgroups: *portgroupsdocker + customhostgroup2: + portgroups: *portgroupsdocker + customhostgroup3: + portgroups: *portgroupsdocker + customhostgroup4: + portgroups: *portgroupsdocker + customhostgroup5: + portgroups: *portgroupsdocker + customhostgroup6: + portgroups: *portgroupsdocker + customhostgroup7: + portgroups: *portgroupsdocker + customhostgroup8: + portgroups: *portgroupsdocker + customhostgroup9: + portgroups: *portgroupsdocker + INPUT: + hostgroups: + anywhere: + portgroups: *portgroupshost + dockernet: + portgroups: *portgroupshost + localhost: + portgroups: *portgroupshost + customhostgroup0: + portgroups: *portgroupshost + customhostgroup1: + portgroups: *portgroupshost + customhostgroup2: + portgroups: *portgroupshost + customhostgroup3: + portgroups: *portgroupshost + customhostgroup4: + portgroups: *portgroupshost + customhostgroup5: + portgroups: *portgroupshost + customhostgroup6: + portgroups: *portgroupshost + customhostgroup7: + portgroups: *portgroupshost + customhostgroup8: + portgroups: *portgroupshost + customhostgroup9: + portgroups: *portgroupshost + + heavynode: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: *portgroupsdocker + dockernet: + portgroups: *portgroupsdocker + elasticsearch_rest: + portgroups: *portgroupsdocker + self: + portgroups: *portgroupsdocker + strelka_frontend: + portgroups: *portgroupsdocker + customhostgroup0: + portgroups: *portgroupsdocker + customhostgroup1: + portgroups: *portgroupsdocker + customhostgroup2: + portgroups: *portgroupsdocker + customhostgroup3: + portgroups: *portgroupsdocker + customhostgroup4: + portgroups: *portgroupsdocker + customhostgroup5: + portgroups: *portgroupsdocker + customhostgroup6: + portgroups: *portgroupsdocker + customhostgroup7: + portgroups: *portgroupsdocker + customhostgroup8: + portgroups: *portgroupsdocker + customhostgroup9: + portgroups: *portgroupsdocker + INPUT: + hostgroups: + anywhere: + portgroups: *portgroupshost + dockernet: + portgroups: *portgroupshost + localhost: + portgroups: *portgroupshost + customhostgroup0: + portgroups: *portgroupshost + customhostgroup1: + portgroups: *portgroupshost + customhostgroup2: + portgroups: *portgroupshost + customhostgroup3: + portgroups: *portgroupshost + customhostgroup4: + portgroups: *portgroupshost + customhostgroup5: + portgroups: *portgroupshost + customhostgroup6: + portgroups: *portgroupshost + customhostgroup7: + portgroups: *portgroupshost + customhostgroup8: + portgroups: *portgroupshost + customhostgroup9: + portgroups: *portgroupshost + + import: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: *portgroupsdocker + sensors: + portgroups: *portgroupsdocker + searchnodes: + portgroups: *portgroupsdocker + beats_endpoint: + portgroups: *portgroupsdocker + beats_endpoint_ssl: + portgroups: *portgroupsdocker + elasticsearch_rest: + portgroups: *portgroupsdocker + elastic_agent_endpoint: + portgroups: *portgroupsdocker + analyst: + portgroups: *portgroupsdocker + customhostgroup0: + portgroups: *portgroupsdocker + customhostgroup1: + portgroups: *portgroupsdocker + customhostgroup2: + portgroups: *portgroupsdocker + customhostgroup3: + portgroups: *portgroupsdocker + customhostgroup4: + portgroups: *portgroupsdocker + customhostgroup5: + portgroups: *portgroupsdocker + customhostgroup6: + portgroups: *portgroupsdocker + customhostgroup7: + portgroups: *portgroupsdocker + customhostgroup8: + portgroups: *portgroupsdocker + customhostgroup9: + portgroups: *portgroupsdocker + INPUT: + hostgroups: + anywhere: + portgroups: *portgroupshost + dockernet: + portgroups: *portgroupshost + localhost: + portgroups: *portgroupshost + customhostgroup0: + portgroups: *portgroupshost + customhostgroup1: + portgroups: *portgroupshost + customhostgroup2: + portgroups: *portgroupshost + customhostgroup3: + portgroups: *portgroupshost + customhostgroup4: + portgroups: *portgroupshost + customhostgroup5: + portgroups: *portgroupshost + customhostgroup6: + portgroups: *portgroupshost + customhostgroup7: + portgroups: *portgroupshost + customhostgroup8: + portgroups: *portgroupshost + customhostgroup9: + portgroups: *portgroupshost + + receiver: + chain: + DOCKER-USER: + hostgroups: + sensors: + portgroups: *portgroupsdocker + searchnodes: + portgroups: *portgroupsdocker + self: + portgroups: *portgroupsdocker + syslog: + portgroups: *portgroupsdocker + beats_endpoint: + portgroups: *portgroupsdocker + beats_endpoint_ssl: + portgroups: *portgroupsdocker + endgame: + portgroups: *portgroupsdocker + customhostgroup0: + portgroups: *portgroupsdocker + customhostgroup1: + portgroups: *portgroupsdocker + customhostgroup2: + portgroups: *portgroupsdocker + customhostgroup3: + portgroups: *portgroupsdocker + customhostgroup4: + portgroups: *portgroupsdocker + customhostgroup5: + portgroups: *portgroupsdocker + customhostgroup6: + portgroups: *portgroupsdocker + customhostgroup7: + portgroups: *portgroupsdocker + customhostgroup8: + portgroups: *portgroupsdocker + customhostgroup9: + portgroups: *portgroupsdocker + INPUT: + hostgroups: + anywhere: + portgroups: *portgroupshost + dockernet: + portgroups: *portgroupshost + localhost: + portgroups: *portgroupshost + customhostgroup0: + portgroups: *portgroupshost + customhostgroup1: + portgroups: *portgroupshost + customhostgroup2: + portgroups: *portgroupshost + customhostgroup3: + portgroups: *portgroupshost + customhostgroup4: + portgroups: *portgroupshost + customhostgroup5: + portgroups: *portgroupshost + customhostgroup6: + portgroups: *portgroupshost + customhostgroup7: + portgroups: *portgroupshost + customhostgroup8: + portgroups: *portgroupshost + customhostgroup9: + portgroups: *portgroupshost