From 2888dce48f38dcf21fcbaa5100c8d326edfe0a11 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Dec 2019 14:11:26 -0500 Subject: [PATCH 1/3] fix ssl verify hive_init.sh --- salt/hive/thehive/scripts/hive_init.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/hive/thehive/scripts/hive_init.sh b/salt/hive/thehive/scripts/hive_init.sh index f726ae229..6c5168a66 100755 --- a/salt/hive/thehive/scripts/hive_init.sh +++ b/salt/hive/thehive/scripts/hive_init.sh @@ -16,7 +16,7 @@ hive_init(){ COUNT=0 HIVE_CONNECTED="no" while [[ "$COUNT" -le 240 ]]; do - curl --output /dev/null --silent --head --fail "https://$HIVE_IP:/thehive" + curl --output /dev/null --silent --head --fail -k "https://$HIVE_IP:/thehive" if [ $? -eq 0 ]; then HIVE_CONNECTED="yes" echo "connected!" From 0d541f49498b52858d42d5ad956ef45110237ac0 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 19 Dec 2019 10:49:23 -0500 Subject: [PATCH 2/3] initial commit - so-component-restart scripts --- salt/common/tools/sbin/so-cortex-restart | 20 ++++++++++++++ salt/common/tools/sbin/so-filebeat-restart | 31 ++++++++++++---------- salt/common/tools/sbin/so-playbook-restart | 20 ++++++++++++++ salt/common/tools/sbin/so-soctopus-restart | 20 ++++++++++++++ salt/common/tools/sbin/so-thehive-restart | 20 ++++++++++++++ 5 files changed, 97 insertions(+), 14 deletions(-) create mode 100644 salt/common/tools/sbin/so-cortex-restart create mode 100644 salt/common/tools/sbin/so-playbook-restart create mode 100644 salt/common/tools/sbin/so-soctopus-restart create mode 100644 salt/common/tools/sbin/so-thehive-restart diff --git a/salt/common/tools/sbin/so-cortex-restart b/salt/common/tools/sbin/so-cortex-restart new file mode 100644 index 000000000..aab452475 --- /dev/null +++ b/salt/common/tools/sbin/so-cortex-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart cortex $1 diff --git a/salt/common/tools/sbin/so-filebeat-restart b/salt/common/tools/sbin/so-filebeat-restart index 85faf7499..d9cdeeec8 100644 --- a/salt/common/tools/sbin/so-filebeat-restart +++ b/salt/common/tools/sbin/so-filebeat-restart @@ -1,17 +1,20 @@ #!/bin/bash - -# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -docker stop so-filebeat && sudo docker rm so-filebeat && salt-call state.apply filebeat +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart filebeat $1 diff --git a/salt/common/tools/sbin/so-playbook-restart b/salt/common/tools/sbin/so-playbook-restart new file mode 100644 index 000000000..f05222eae --- /dev/null +++ b/salt/common/tools/sbin/so-playbook-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart playbook $1 diff --git a/salt/common/tools/sbin/so-soctopus-restart b/salt/common/tools/sbin/so-soctopus-restart new file mode 100644 index 000000000..144ddbf3e --- /dev/null +++ b/salt/common/tools/sbin/so-soctopus-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart soctopus $1 diff --git a/salt/common/tools/sbin/so-thehive-restart b/salt/common/tools/sbin/so-thehive-restart new file mode 100644 index 000000000..4b28c0030 --- /dev/null +++ b/salt/common/tools/sbin/so-thehive-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart thehive $1 From 2b20d009e1dc17aa641caf6025cbf539de54d59e Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 19 Dec 2019 15:50:22 -0500 Subject: [PATCH 3/3] Fixed cyberchef container image version error. Cyberchef container image v1.1.4 has not been built yet, revert to 1.1.3 for now --- salt/cyberchef/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/cyberchef/init.sls b/salt/cyberchef/init.sls index 8d33f38d5..aa04d3725 100644 --- a/salt/cyberchef/init.sls +++ b/salt/cyberchef/init.sls @@ -42,7 +42,7 @@ cybercheflog: so-cyberchefimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-cyberchef:HH1.1.4 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-cyberchef:HH1.1.3 so-cyberchef: docker_container.running: