diff --git a/salt/common/init.sls b/salt/common/init.sls index 2feee941c..8723cc3c5 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -111,21 +111,23 @@ elastic_curl_config: {% endif %} {% endif %} -# Sync some Utilities -utilsyncscripts: + +common_sbin: file.recurse: - name: /usr/sbin - - user: root - - group: root + - source: salt://common/tools/sbin + - user: 939 + - group: 939 + - file_mode: 755 + +common_sbin_jinja: + file.recurse: + - name: /usr/sbin + - source: salt://common/tools/sbin_jinja + - user: 939 + - group: 939 - file_mode: 755 - template: jinja - - source: salt://common/tools/sbin - - exclude_pat: - - so-common - - so-firewall - - so-image-common - - soup - - so-status so-status_script: file.managed: diff --git a/salt/common/tools/sbin/so-analyst-install b/salt/common/tools/sbin_jinja/so-analyst-install similarity index 100% rename from salt/common/tools/sbin/so-analyst-install rename to salt/common/tools/sbin_jinja/so-analyst-install diff --git a/salt/common/tools/sbin/so-import-evtx b/salt/common/tools/sbin_jinja/so-import-evtx similarity index 100% rename from salt/common/tools/sbin/so-import-evtx rename to salt/common/tools/sbin_jinja/so-import-evtx diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin_jinja/so-import-pcap similarity index 100% rename from salt/common/tools/sbin/so-import-pcap rename to salt/common/tools/sbin_jinja/so-import-pcap diff --git a/salt/common/tools/sbin/so-raid-status b/salt/common/tools/sbin_jinja/so-raid-status similarity index 100% rename from salt/common/tools/sbin/so-raid-status rename to salt/common/tools/sbin_jinja/so-raid-status diff --git a/salt/curator/init.sls b/salt/curator/init.sls index d1e4276e1..eaa5639ff 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -60,30 +60,21 @@ curconf: - template: jinja - show_changes: False -curclusterclose: - file.managed: - - name: /usr/sbin/so-curator-cluster-close - - source: salt://curator/files/bin/so-curator-cluster-close +curator_sbin: + file.recurse: + - name: /usr/sbin + - source: salt://curator/tools/sbin - user: 934 - group: 939 - - mode: 755 - - template: jinja + - file_mode: 755 -curclusterdelete: - file.managed: - - name: /usr/sbin/so-curator-cluster-delete - - source: salt://curator/files/bin/so-curator-cluster-delete +curator_sbin_jinja: + file.recurse: + - name: /usr/sbin + - source: salt://curator/tools/sbin_jinja - user: 934 - - group: 939 - - mode: 755 - -curclusterdeletedelete: - file.managed: - - name: /usr/sbin/so-curator-cluster-delete-delete - - source: salt://curator/files/bin/so-curator-cluster-delete-delete - - user: 934 - - group: 939 - - mode: 755 + - group: 939 + - file_mode: 755 - template: jinja so-curator: diff --git a/salt/curator/tools/sbin/so-curator-cluster-delete-delete b/salt/curator/tools/sbin_jinja/so-curator-cluster-delete-delete similarity index 100% rename from salt/curator/tools/sbin/so-curator-cluster-delete-delete rename to salt/curator/tools/sbin_jinja/so-curator-cluster-delete-delete diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index b04fe1147..148fe7e1b 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -29,6 +29,23 @@ elastalogdir: - group: 933 - makedirs: True +elastalert_sbin: + file.recurse: + - name: /usr/sbin + - source: salt://elastalert/tools/sbin + - user: 933 + - group: 939 + - file_mode: 755 + +#elastalert_sbin_jinja: +# file.recurse: +# - name: /usr/sbin +# - source: salt://elastalert/tools/sbin_jinja +# - user: 933 +# - group: 939 +# - file_mode: 755 +# - template: jinja + elastarules: file.directory: - name: /opt/so/rules/elastalert diff --git a/salt/elasticfleet/init.sls b/salt/elasticfleet/init.sls index da735ffac..924d2cb3f 100644 --- a/salt/elasticfleet/init.sls +++ b/salt/elasticfleet/init.sls @@ -25,6 +25,21 @@ elastic-agent: - home: /opt/so/conf/elastic-fleet - createhome: False +elasticfleet_sbin: + file.recurse: + - name: /usr/sbin + - source: salt://elasticfleet/tools/sbin + - user: 947 + - group: 939 + +elasticfleet_sbin_jinja: + file.recurse: + - name: /usr/sbin + - source: salt://elasticfleet/tools/sbin_jinja + - user: 947 + - group: 939 + - template: jinja + eaconfdir: file.directory: - name: /opt/so/conf/elastic-fleet diff --git a/salt/elasticfleet/tools/sbin/so-elastic-agent-gen-installers.jinja b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers similarity index 100% rename from salt/elasticfleet/tools/sbin/so-elastic-agent-gen-installers.jinja rename to salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-setup.jinja b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup similarity index 100% rename from salt/elasticfleet/tools/sbin/so-elastic-fleet-setup.jinja rename to salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup diff --git a/salt/elasticsearch/tools/sbin/so-elastic-clear b/salt/elasticsearch/tools/sbin/so-elastic-clear index f491fb62f..3b4f5fc62 100755 --- a/salt/elasticsearch/tools/sbin/so-elastic-clear +++ b/salt/elasticsearch/tools/sbin/so-elastic-clear @@ -5,7 +5,6 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} . /usr/sbin/so-common SKIP=0 @@ -59,7 +58,7 @@ done if [ $SKIP -ne 1 ]; then # List indices echo - curl -K /opt/so/conf/elasticsearch/curl.config -k -L https://{{ NODEIP }}:9200/_cat/indices?v + curl -K /opt/so/conf/elasticsearch/curl.config -k -L https://localhost:9200/_cat/indices?v echo # Inform user we are about to delete all data echo diff --git a/salt/elasticsearch/tools/sbin/so-elastic-restart b/salt/elasticsearch/tools/sbin/so-elastic-restart deleted file mode 100755 index 67988193f..000000000 --- a/salt/elasticsearch/tools/sbin/so-elastic-restart +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - - -{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-import']%} -/usr/sbin/so-restart elasticsearch $1 -{%- endif %} - -{%- if grains['role'] in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%} -/usr/sbin/so-restart kibana $1 -{%- endif %} - -{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} -/usr/sbin/so-restart logstash $1 -{%- endif %} - -{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} -/usr/sbin/so-restart curator $1 -{%- endif %} - -{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} -/usr/sbin/so-restart elastalert $1 -{%- endif %} diff --git a/salt/elasticsearch/tools/sbin/so-elastic-start b/salt/elasticsearch/tools/sbin/so-elastic-start deleted file mode 100755 index fd78d1859..000000000 --- a/salt/elasticsearch/tools/sbin/so-elastic-start +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - - -{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-import']%} -/usr/sbin/so-start elasticsearch $1 -{%- endif %} - -{%- if grains['role'] in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%} -/usr/sbin/so-start kibana $1 -{%- endif %} - -{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} -/usr/sbin/so-start logstash $1 -{%- endif %} - -{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} -/usr/sbin/so-start curator $1 -{%- endif %} - -{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} -/usr/sbin/so-start elastalert $1 -{%- endif %} diff --git a/salt/elasticsearch/tools/sbin/so-elastic-stop b/salt/elasticsearch/tools/sbin/so-elastic-stop deleted file mode 100755 index 88350a8fe..000000000 --- a/salt/elasticsearch/tools/sbin/so-elastic-stop +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - - -{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-import']%} -/usr/sbin/so-stop elasticsearch $1 -{%- endif %} - -{%- if grains['role'] in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%} -/usr/sbin/so-stop kibana $1 -{%- endif %} - -{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} -/usr/sbin/so-stop logstash $1 -{%- endif %} - -{%- if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} -/usr/sbin/so-stop curator $1 -{%- endif %} - -{%- if grains['role'] in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} -/usr/sbin/so-stop elastalert $1 -{%- endif %} diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-component-templates-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-component-templates-list index 976499574..2fccce9cb 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-component-templates-list +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-component-templates-list @@ -5,10 +5,9 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} . /usr/sbin/so-common if [ "$1" == "" ]; then - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_component_template | jq '.component_templates[] |.name'| sort + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_component_template | jq '.component_templates[] |.name'| sort else - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_component_template/$1 | jq + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_component_template/$1 | jq fi diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-lifecycle-status b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-lifecycle-status index 130a7cf16..db72f8078 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-lifecycle-status +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-lifecycle-status @@ -6,10 +6,8 @@ . /usr/sbin/so-common -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - if [ "$1" == "" ]; then - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_all/_ilm/explain | jq . + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_all/_ilm/explain | jq . else - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/$1/_ilm/explain | jq .[] + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/$1/_ilm/explain | jq .[] fi diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-delete b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-delete index 2be9dabb2..ef936b742 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-delete +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-delete @@ -6,6 +6,4 @@ . /usr/sbin/so-common -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - -curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X DELETE https://{{ NODEIP }}:9200/_ilm/policy/$1 +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X DELETE https://localhost:9200/_ilm/policy/$1 diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load copy b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load copy deleted file mode 100755 index 26ce487a7..000000000 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load copy +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -. /usr/sbin/so-common - -{% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %} -{%- set ES_INDEX_SETTINGS = salt['pillar.get']('elasticsearch:index_settings', default=ESCONFIG.elasticsearch.index_settings, merge=True) %} -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - -{%- for index, settings in ES_INDEX_SETTINGS.items() %} - {%- if settings.policy is defined %} -echo -echo "Setting up {{ index }}-logs policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/{{ index }}-logs" -H 'Content-Type: application/json' -d'{ "policy": {{ settings.policy | tojson(true) }} }' -echo - {%- endif %} -{%- endfor %} -echo diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-view b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-view index 426b6938d..f488bab87 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-view +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-view @@ -6,10 +6,9 @@ . /usr/sbin/so-common -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} if [ "$1" == "" ]; then - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ilm/policy | jq . + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_ilm/policy | jq . else - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ilm/policy/$1 | jq .[] + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_ilm/policy/$1 | jq .[] fi diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start index 98dd38e9e..d9c63f8ea 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-start @@ -6,7 +6,6 @@ . /usr/sbin/so-common -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} echo "Starting ILM..." -curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://{{ NODEIP }}:9200/_ilm/start +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://localhost:9200/_ilm/start diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-status b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-status index 8d78adc5b..7ba0201a4 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-status +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-status @@ -1,4 +1,4 @@ -/bin/bash +#!/bin/bash # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at # https://securityonion.net/license; you may not use this file except in compliance with the @@ -6,6 +6,4 @@ . /usr/sbin/so-common -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - -curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ilm/status | jq . +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_ilm/status | jq . diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop index 4868fd86d..034082699 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-stop @@ -6,7 +6,5 @@ . /usr/sbin/so-common -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - echo "Stopping ILM..." -curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://{{ NODEIP }}:9200/_ilm/stop +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://localhost:9200/_ilm/stop diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-index-templates-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-index-templates-list index bea975c93..6df836c1d 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-index-templates-list +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-index-templates-list @@ -5,10 +5,9 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} . /usr/sbin/so-common if [ "$1" == "" ]; then - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_index_template | jq '.index_templates[] |.name'| sort + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_index_template | jq '.index_templates[] |.name'| sort else - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_index_template/$1 | jq + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_index_template/$1 | jq fi diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-indices-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-indices-list index da8ea4cca..57cc5e799 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-indices-list +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-indices-list @@ -5,8 +5,6 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - . /usr/sbin/so-common -curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L "https://{{ NODEIP }}:9200/_cat/indices?pretty&v&s=index" +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L "https://localhost:9200/_cat/indices?pretty&v&s=index" diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-indices-rw b/salt/elasticsearch/tools/sbin/so-elasticsearch-indices-rw index 724dd9dcf..5e6bf71a5 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-indices-rw +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-indices-rw @@ -6,10 +6,8 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. - -IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }} -ESPORT=9200 +. /usr/sbin/so-common echo "Removing read only attributes for indices..." echo -curl -K /opt/so/conf/elasticsearch/curl.config -s -k -XPUT -H "Content-Type: application/json" -L https://$IP:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi; +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -XPUT -H "Content-Type: application/json" -L https://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi; diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-stats b/salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-stats index 952773cda..fd06eeb78 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-stats +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-stats @@ -5,12 +5,10 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - . /usr/sbin/so-common if [ "$1" == "" ]; then - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines" + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines" else - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\"" + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\"" fi diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-view b/salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-view index 32a26b948..8de82f901 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-view +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-pipeline-view @@ -5,12 +5,10 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - . /usr/sbin/so-common if [ "$1" == "" ]; then - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq . + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_ingest/pipeline/* | jq . else - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/$1 | jq .[] + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_ingest/pipeline/$1 | jq .[] fi diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-pipelines-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-pipelines-list index b690d5846..feeecb68b 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-pipelines-list +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-pipelines-list @@ -5,10 +5,9 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} . /usr/sbin/so-common if [ "$1" == "" ]; then - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys' + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_ingest/pipeline/* | jq 'keys' else - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/$1 | jq + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_ingest/pipeline/$1 | jq fi diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-roles-load b/salt/elasticsearch/tools/sbin/so-elasticsearch-roles-load index 17265a7c4..b6b593320 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-roles-load +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-roles-load @@ -7,8 +7,6 @@ . /usr/sbin/so-common default_conf_dir=/opt/so/conf -ELASTICSEARCH_HOST="{{ GLOBALS.node_ip }}" -ELASTICSEARCH_PORT=9200 # Define a default directory to load roles from ELASTICSEARCH_ROLES="$default_conf_dir/elasticsearch/roles/" @@ -18,7 +16,7 @@ echo -n "Waiting for ElasticSearch..." COUNT=0 ELASTICSEARCH_CONNECTED="no" while [[ "$COUNT" -le 240 ]]; do - curl -K /opt/so/conf/elasticsearch/curl.config -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT" + curl -K /opt/so/conf/elasticsearch/curl.config -k --output /dev/null --silent --head --fail -L https://localhost:9200" if [ $? -eq 0 ]; then ELASTICSEARCH_CONNECTED="yes" echo "connected!" diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-shards-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-shards-list index 8865e05ac..cd6410b99 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-shards-list +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-shards-list @@ -5,8 +5,6 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - . /usr/sbin/so-common -curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_cat/shards?pretty +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_cat/shards?pretty diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-template-remove b/salt/elasticsearch/tools/sbin/so-elasticsearch-template-remove index f69495152..7d5ae5b3e 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-template-remove +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-template-remove @@ -5,8 +5,6 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - . /usr/sbin/so-common -curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -XDELETE https://{{ NODEIP }}:9200/_template/$1 +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -XDELETE https://localhost:9200/_template/$1 diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-template-view b/salt/elasticsearch/tools/sbin/so-elasticsearch-template-view index c56127703..cc2678582 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-template-view +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-template-view @@ -5,12 +5,10 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} - . /usr/sbin/so-common if [ "$1" == "" ]; then - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_template/* | jq . + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_template/* | jq . else - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_template/$1 | jq . + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_template/$1 | jq . fi diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-list b/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-list index 7db4fdeff..28f23c6e1 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-list +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-list @@ -5,10 +5,10 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} . /usr/sbin/so-common + if [ "$1" == "" ]; then - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_template/* | jq 'keys' + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_template/* | jq 'keys' else - curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_template/$1 | jq + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://localhost:9200/_template/$1 | jq fi diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load b/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load index 386026f0c..bce8af1ff 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-templates-load @@ -7,9 +7,6 @@ . /usr/sbin/so-common default_conf_dir=/opt/so/conf -ELASTICSEARCH_HOST="{{ GLOBALS.node_ip }}" -ELASTICSEARCH_PORT=9200 -#ELASTICSEARCH_AUTH="" # Define a default directory to load pipelines from ELASTICSEARCH_TEMPLATES="$default_conf_dir/elasticsearch/templates/" diff --git a/salt/elasticsearch/tools/sbin_jinja/so-elastic-restart b/salt/elasticsearch/tools/sbin_jinja/so-elastic-restart new file mode 100755 index 000000000..1b5e9bf03 --- /dev/null +++ b/salt/elasticsearch/tools/sbin_jinja/so-elastic-restart @@ -0,0 +1,32 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + + +{% from 'vars/globals.map.jinja' import GLOBALS %} + +. /usr/sbin/so-common + + +{%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-import']%} +/usr/sbin/so-restart elasticsearch $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%} +/usr/sbin/so-restart kibana $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} +/usr/sbin/so-restart logstash $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} +/usr/sbin/so-restart curator $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} +/usr/sbin/so-restart elastalert $1 +{%- endif %} diff --git a/salt/elasticsearch/tools/sbin_jinja/so-elastic-start b/salt/elasticsearch/tools/sbin_jinja/so-elastic-start new file mode 100755 index 000000000..6be969e9d --- /dev/null +++ b/salt/elasticsearch/tools/sbin_jinja/so-elastic-start @@ -0,0 +1,31 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'vars/globals.map.jinja' import GLOBALS %} + +. /usr/sbin/so-common + + +{%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-import']%} +/usr/sbin/so-start elasticsearch $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%} +/usr/sbin/so-start kibana $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} +/usr/sbin/so-start logstash $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} +/usr/sbin/so-start curator $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} +/usr/sbin/so-start elastalert $1 +{%- endif %} diff --git a/salt/elasticsearch/tools/sbin_jinja/so-elastic-stop b/salt/elasticsearch/tools/sbin_jinja/so-elastic-stop new file mode 100755 index 000000000..b6ea04964 --- /dev/null +++ b/salt/elasticsearch/tools/sbin_jinja/so-elastic-stop @@ -0,0 +1,31 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'vars/globals.map.jinja' import GLOBALS %} + +. /usr/sbin/so-common + + +{%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode', 'so-import']%} +/usr/sbin/so-stop elasticsearch $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone', 'so-import']%} +/usr/sbin/so-stop kibana $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} +/usr/sbin/so-stop logstash $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} +/usr/sbin/so-stop curator $1 +{%- endif %} + +{%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} +/usr/sbin/so-stop elastalert $1 +{%- endif %} diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-cluster-space-used b/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-cluster-space-used similarity index 100% rename from salt/elasticsearch/tools/sbin/so-elasticsearch-cluster-space-used rename to salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-cluster-space-used diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load b/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load similarity index 77% rename from salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load rename to salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load index 26ce487a7..afeddfa01 100755 --- a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load +++ b/salt/elasticsearch/tools/sbin_jinja/so-elasticsearch-ilm-policy-load @@ -8,13 +8,12 @@ {% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %} {%- set ES_INDEX_SETTINGS = salt['pillar.get']('elasticsearch:index_settings', default=ESCONFIG.elasticsearch.index_settings, merge=True) %} -{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} {%- for index, settings in ES_INDEX_SETTINGS.items() %} {%- if settings.policy is defined %} echo echo "Setting up {{ index }}-logs policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/{{ index }}-logs" -H 'Content-Type: application/json' -d'{ "policy": {{ settings.policy | tojson(true) }} }' +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://localhost:9200/_ilm/policy/{{ index }}-logs" -H 'Content-Type: application/json' -d'{ "policy": {{ settings.policy | tojson(true) }} }' echo {%- endif %} {%- endfor %}