CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9691 from Security-Onion-Solutions/2.4/firewall

Browse Source 
2.4/firewall
This commit is contained in:
Josh Patterson
2023-01-31 17:11:57 -05:00
committed by GitHub
parent 056bcd0121 6ec086e24a
commit 77749adc8f
8 changed files with 100 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pillar/logstash/nodes.sls
View File

@@ -2,7 +2,7 @@
{% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %} {% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %}
{% for minionid, ip in salt.saltutil.runner( {% for minionid, ip in salt.saltutil.runner(
'mine.get', 'mine.get',
tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ', tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-searchnode or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ',
fun='network.ip_addrs', fun='network.ip_addrs',
tgt_type='compound') | dictsort() tgt_type='compound') | dictsort()
%} %}

3
pillar/top.sls
View File

@@ -147,6 +147,8 @@ base:
- logstash.soc_logstash - logstash.soc_logstash
- logstash.adv_logstash - logstash.adv_logstash
- elasticsearch.index_templates - elasticsearch.index_templates
- elasticsearch.soc_elasticsearch
- elasticsearch.adv_elasticsearch
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %} {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth - elasticsearch.auth
{% endif %} {% endif %}
@@ -155,7 +157,6 @@ base:
- adv_global - adv_global
- minions.{{ grains.id }} - minions.{{ grains.id }}
- minions.adv_{{ grains.id }} - minions.adv_{{ grains.id }}
- data.nodestab
'*_receiver': '*_receiver':
- logstash - logstash

10
salt/elasticsearch/config.map.jinja
View File

@@ -1,18 +1,18 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %} {% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %}
{% from 'logstash/map.jinja' import REDIS_NODES with context %} {% from 'logstash/map.jinja' import LOGSTASH_NODES with context %}
{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %} {% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
{% if grains.id.split('_') | last in ['manager','managersearch'] %} {% if grains.id.split('_') | last in ['manager','managersearch'] %}
{% if REDIS_NODES | length > 1 %} {% if LOGSTASH_NODES | length > 1 %}
{% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %} {% do ESCONFIG.elasticsearch.config.node.update({'roles': ['master', 'data', 'remote_cluster_client']}) %}
{% if HIGHLANDER %} {% if HIGHLANDER %}
{% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'transform']) %} {% do ESCONFIG.elasticsearch.config.node.roles.extend(['ml', 'transform']) %}
{% endif %} {% endif %}
{% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': [GLOBALS.manager]}}) %} {% do ESCONFIG.elasticsearch.config.update({'discovery': {'seed_hosts': []}}) %}
{% for SN in REDIS_NODES.keys() %} {% for NODE in LOGSTASH_NODES %}
{% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(SN) %} {% do ESCONFIG.elasticsearch.config.discovery.seed_hosts.append(NODE.keys()|first) %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if grains.id.split('_') | last == 'manager' %} {% if grains.id.split('_') | last == 'manager' %}

6
salt/elasticsearch/init.sls
View File

@@ -15,7 +15,7 @@ include:
{% set ROLES = salt['pillar.get']('elasticsearch:roles', {}) %} {% set ROLES = salt['pillar.get']('elasticsearch:roles', {}) %}
{% from 'elasticsearch/config.map.jinja' import ESCONFIG with context %} {% from 'elasticsearch/config.map.jinja' import ESCONFIG with context %}
{% from 'elasticsearch/template.map.jinja' import ES_INDEX_SETTINGS without context %} {% from 'elasticsearch/template.map.jinja' import ES_INDEX_SETTINGS without context %}
{% from 'logstash/map.jinja' import REDIS_NODES with context %} {% from 'logstash/map.jinja' import LOGSTASH_NODES %}
vm.max_map_count: vm.max_map_count:
sysctl.present: sysctl.present:
@@ -293,9 +293,9 @@ so-elasticsearch:
- networks: - networks:
- sosbridge: - sosbridge:
- ipv4_address: {{ DOCKER.containers['so-elasticsearch'].ip }} - ipv4_address: {{ DOCKER.containers['so-elasticsearch'].ip }}
- extra_hosts: {{ REDIS_NODES }} - extra_hosts: {{ LOGSTASH_NODES }}
- environment: - environment:
{% if REDIS_NODES | length == 1 %} {% if LOGSTASH_NODES | length == 1 %}
- discovery.type=single-node - discovery.type=single-node
{% endif %} {% endif %}
- ES_JAVA_OPTS=-Xms{{ GLOBALS.elasticsearch.es_heap }} -Xmx{{ GLOBALS.elasticsearch.es_heap }} -Des.transport.cname_in_publish_address=true -Dlog4j2.formatMsgNoLookups=true - ES_JAVA_OPTS=-Xms{{ GLOBALS.elasticsearch.es_heap }} -Xmx{{ GLOBALS.elasticsearch.es_heap }} -Des.transport.cname_in_publish_address=true -Dlog4j2.formatMsgNoLookups=true

54
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -78,6 +78,9 @@ role:
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.docker_registry }}
- {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }}
{% if ISAIRGAP is sameas true %} {% if ISAIRGAP is sameas true %}
- {{ portgroups.agrules }} - {{ portgroups.agrules }}
{% endif %} {% endif %}
@@ -87,16 +90,31 @@ role:
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.yum }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
searchnodes: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
- {{ portgroups.yum }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
- {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }}
heavynodes: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
- {{ portgroups.yum }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
- {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }}
self: self:
portgroups: portgroups:
- {{ portgroups.syslog}} - {{ portgroups.syslog}}
@@ -133,6 +151,15 @@ role:
localhost: localhost:
portgroups: portgroups:
- {{ portgroups.all }} - {{ portgroups.all }}
sensors:
portgroups:
- {{ portgroups.salt_manager }}
searchnodes:
portgroups:
- {{ portgroups.salt_manager }}
heavynodes:
portgroups:
- {{ portgroups.salt_manager }}
managersearch: managersearch:
chain: chain:
DOCKER-USER: DOCKER-USER:
@@ -146,20 +173,38 @@ role:
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.docker_registry }}
- {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }}
sensors: sensors:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
- {{ portgroups.elastic_agent_control }} - {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }} - {{ portgroups.elastic_agent_data }}
- {{ portgroups.yum }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
searchnodes: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.yum }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
- {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }}
heavynodes: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.yum }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
- {{ portgroups.elastic_agent_control }}
- {{ portgroups.elastic_agent_data }}
self: self:
portgroups: portgroups:
- {{ portgroups.syslog}} - {{ portgroups.syslog}}
@@ -196,6 +241,15 @@ role:
localhost: localhost:
portgroups: portgroups:
- {{ portgroups.all }} - {{ portgroups.all }}
sensors:
portgroups:
- {{ portgroups.salt_manager }}
searchnodes:
portgroups:
- {{ portgroups.salt_manager }}
heavynodes:
portgroups:
- {{ portgroups.salt_manager }}
standalone: standalone:
chain: chain:
DOCKER-USER: DOCKER-USER:

2
salt/grafana/init.sls
View File

@@ -128,6 +128,8 @@ so-grafana:
- networks: - networks:
- sosbridge: - sosbridge:
- ipv4_address: {{ DOCKER.containers['so-grafana'].ip }} - ipv4_address: {{ DOCKER.containers['so-grafana'].ip }}
- extra_hosts:
- {{GLOBALS.influxdb_host}}:{{pillar.node_data[GLOBALS.influxdb_host].ip}}
- binds: - binds:
- /nsm/grafana:/var/lib/grafana:rw - /nsm/grafana:/var/lib/grafana:rw
- /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro - /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro

30
salt/logstash/map.jinja
View File

@@ -1,14 +1,20 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% set REDIS_NODES = [] %} {% set REDIS_NODES = [] %}
{% if GLOBALS.role in ['so-searchnode', 'so-standalone', 'so-managersearch'] %} {% set LOGSTASH_NODES = [] %}
{% set node_data = salt['pillar.get']('logstash:nodes') %} {% set node_data = salt['pillar.get']('logstash:nodes') %}
{% for node_type, node_details in node_data.items() | sort %}
{% if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %} {% for node_type, node_details in node_data.items() | sort %}
{% for hostname in node_data[node_type].keys() %} {% if GLOBALS.role in ['so-searchnode', 'so-standalone', 'so-managersearch'] %}
{% do REDIS_NODES.append({hostname:node_details[hostname].ip}) %} {% if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %}
{% endfor %} {% for hostname in node_data[node_type].keys() %}
{% endif %} {% do REDIS_NODES.append({hostname:node_details[hostname].ip}) %}
{% endfor %} {% endfor %}
{% else %} {% endif %}
{% do REDIS_NODES.append({GLOBALS.hostname:GLOBALS.node_ip}) %} {% else %}
{% endif %} {% do REDIS_NODES.append({GLOBALS.hostname:GLOBALS.node_ip}) %}
{% endif %}
{% for hostname in node_data[node_type].keys() %}
{% do LOGSTASH_NODES.append({hostname:node_details[hostname].ip}) %}
{% endfor %}
{% endfor %}

15
salt/vars/searchnode.map.jinja Normal file
View File

@@ -0,0 +1,15 @@
{% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %}
{% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %}
{% set ROLE_GLOBALS = {} %}
{% set STANDALONE_GLOBALS =
[
ELASTICSEARCH_GLOBALS,
LOGSTASH_GLOBALS
]
%}
{% for sg in STANDALONE_GLOBALS %}
{% do salt['defaults.merge'](ROLE_GLOBALS, sg, merge_lists=False, in_place=True) %}
{% endfor %}