CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

IDH - setup tweaks

Browse Source
This commit is contained in:
Josh Brower
2022-02-19 12:28:45 -05:00
parent bf477a1c19
commit 780cd38adf
3 changed files with 47 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
setup/so-functions
View File

@@ -450,11 +450,21 @@ collect_hostname_validate() {
collect_idh_services() { collect_idh_services() {
whiptail_idh_services whiptail_idh_services
if [ $idh_services == "Custom"; ] then case "$idh_services" in
whiptail_idh_services_custom 'Linux Webserver')
fi idh_services=("HTTP" "FTP" "SSH")
;;
echo $idh_services 'MySQL Server')
idh_services=("MYSQL" "SSH")
;;
'MSSQL Server')
idh_services=("MSSQL" "VNC")
;;
'Custom')
whiptail_idh_services_custom
echo $idh_services
;;
esac
} }
collect_int_ip_mask() { collect_int_ip_mask() {
@@ -2839,6 +2849,16 @@ wait_for_salt_minion() {
retry 60 5 "journalctl -u salt-minion.service | grep 'Minion is ready to receive requests'" >> "$setup_log" 2>&1 || exit 1 retry 60 5 "journalctl -u salt-minion.service | grep 'Minion is ready to receive requests'" >> "$setup_log" 2>&1 || exit 1
} }
write_out_idh_services() {
printf '%s\n'\
"idh:"\
" opencanary:"\
" config:" >> "$minion_config"
for service in ${idh_services[@]}; do
echo " - $service" >> "$minion_config"
done
}
# Enable Zeek Logs # Enable Zeek Logs
zeek_logs_enabled() { zeek_logs_enabled() {
echo "Enabling Zeek Logs" >> "$setup_log" 2>&1 echo "Enabling Zeek Logs" >> "$setup_log" 2>&1

9
setup/so-setup
View File

@@ -271,6 +271,10 @@ if [[ $is_manager || $is_import ]]; then
check_elastic_license check_elastic_license
fi fi
if [[ $is_idh ]]; then
collect_idh_services
fi
if ! [[ -f $install_opt_file ]]; then if ! [[ -f $install_opt_file ]]; then
if [[ $is_manager && $is_sensor ]]; then if [[ $is_manager && $is_sensor ]]; then
check_requirements "standalone" check_requirements "standalone"
@@ -914,8 +918,9 @@ echo "1" > /root/accept_changes
fi fi
if [[ "$IDH" = 1 ]]; then if [[ $is_idh ]]; then
collect_idh_services() # Write out services to minion pillar file
write_out_idh_services
set_progress_str 79 "$(print_salt_state_apply 'idh')" set_progress_str 79 "$(print_salt_state_apply 'idh')"
salt-call state.apply -l info idh >> $setup_log 2>&1 salt-call state.apply -l info idh >> $setup_log 2>&1

30
setup/so-whiptail
View File

@@ -723,7 +723,7 @@ whiptail_idh_services() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
idh_services=$(whiptail --title "$whiptail_title" --radiolist \ idh_services=$(whiptail --title "$whiptail_title" --radiolist \
"\nThe IDH node can mimic several services.\n\nChoose one of the common options along with their default ports (TCP) or select the Custom option to build a customized set of services." 20 75 5 \ "\nThe IDH node can mimic many different services.\n\nChoose one of the common options along with their default ports (TCP) or select the Custom option to build a customized set of services." 20 75 5 \
"Linux Webserver" "Apache (80), FTP (21), SSH (22)" ON \ "Linux Webserver" "Apache (80), FTP (21), SSH (22)" ON \
"MySQL Server" "MySQL (3306), SSH (22)" OFF \ "MySQL Server" "MySQL (3306), SSH (22)" OFF \
"MSSQL Server" "Microsoft SQL (1433), VNC (5900)" OFF \ "MSSQL Server" "Microsoft SQL (1433), VNC (5900)" OFF \
@@ -739,20 +739,20 @@ whiptail_idh_services_custom() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
idh_services=$(whiptail --title "$whiptail_title" --checklist \ idh_services=$(whiptail --title "$whiptail_title" --checklist \
"\nThe IDH node can mimic many different services.\n\nChoose one or more of the following services along with their default ports (TCP). Some services have additional configuration options, please consult the documentation for further information." 20 75 6 \ "\nThe IDH node can mimic many different services.\n\nChoose one or more of the following services along with their default ports (TCP). Some services have additional configuration options, please consult the documentation for further information." 25 75 8 \
"FTP " "TCP/21, Additional Configuration Available " OFF \ "FTP" " TCP/21, Additional Configuration Available " OFF \
"Git " "TCP/9418 " OFF \ "Git" " TCP/9418 " OFF \
"HTTP " "TCP/80, Additional Configuration Available " OFF \ "HTTP" " TCP/80, Additional Configuration Available " OFF \
"HTTPPROXY " "TCP/8080, Additional Configuration Available " OFF \ "HTTPPROXY" " TCP/8080, Additional Configuration Available " OFF \
"MSSQL " "TCP/22 " OFF \ "MSSQL" " TCP/22 " OFF \
"MySQL " "TCP/3306, Additional Configuration Available " OFF \ "MySQL" " TCP/3306, Additional Configuration Available " OFF \
"NTP " "TCP/123 " OFF \ "NTP" " TCP/123 " OFF \
"REDIS " "TCP/6379 " OFF \ "REDIS" " TCP/6379 " OFF \
"SNMP " "TCP/161 " OFF \ "SNMP" " TCP/161 " OFF \
"SSH " "TCP/22, Additional Configuration Available " OFF \ "SSH" " TCP/22, Additional Configuration Available " OFF \
"TELNET " "TCP/23, Additional Configuration Available " OFF \ "TELNET" " TCP/23, Additional Configuration Available " OFF \
"TFTP " "TCP/69 " OFF \ "TFTP" " TCP/69 " OFF \
"VNC " "TCP/22 " OFF 3>&1 1>&2 2>&3 ) "VNC" " TCP/22 " OFF 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus