CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

only load default kibana saved_objects during setup

Browse Source
This commit is contained in:
m0duspwnens
2021-10-13 15:19:20 -04:00
parent bb9c6446e4
commit 7832e59629
7 changed files with 51 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/kibana/bin/so-kibana-dashboard-load → salt/kibana/bin/so-kibana-config-load
View File

@@ -2,16 +2,24 @@
# {%- set MANAGER = salt['pillar.get']('global:url_base', '') %} # {%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
. /usr/sbin/so-common . /usr/sbin/so-common
if $1; then
ndjson_template_file=$1
else
ndjson_template_file='/opt/so/conf/kibana/saved_objects.ndjson.template'
fi
ndjson_file=$(echo $ndjson_template | sed -e "s/\.template$//")
# Copy template file # Copy template file
cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_objects.ndjson #cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_objects.ndjson
cp $ndjson_template $ndjson_file
# SOCtopus and Manager # SOCtopus and Manager
sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson if grep -lq 'PLACEHOLDER' $ndjson_file; then
sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" $ndjson_file
fi
wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}" wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}"
SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
# Load saved objects # Load saved objects
{{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@/opt/so/conf/kibana/saved_objects.ndjson >> /opt/so/log/kibana/misc.log {{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@$ndjson_file >> /opt/so/log/kibana/misc.log

1
salt/kibana/files/config_saved_objects.ndjson Normal file
View File

@@ -0,0 +1 @@
{"attributes": {"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"securitySolution:defaultIndex": ["apm-*-transaction*","traces-apm*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","winlogbeat-*","so-*"],"coreMigrationVersion":"7.15.0","id":"7.15.0","migrationVersion":{"config":"7.13.0"},"references":[],"sort":[1633625537804,2310],"type":"config","updated_at":"2021-10-07T16:52:17.804Z","version":"Wzg1NDE3LDVd"}

3
salt/kibana/files/saved_objects.ndjson.jinja → salt/kibana/files/saved_objects.ndjson
View File

File diff suppressed because one or more lines are too long

19
salt/kibana/init.sls
View File

@@ -69,8 +69,8 @@ synckibanacustom:
kibanabin: kibanabin:
file.managed: file.managed:
- name: /usr/sbin/so-kibana-dashboard-load - name: /usr/sbin/so-kibana-config-load
- source: salt://kibana/bin/so-kibana-dashboard-load - source: salt://kibana/bin/so-kibana-config-load
- mode: 755 - mode: 755
- template: jinja - template: jinja
- defaults: - defaults:
@@ -101,21 +101,6 @@ append_so-kibana_so-status.conf:
- name: /opt/so/conf/so-status/so-status.conf - name: /opt/so/conf/so-status/so-status.conf
- text: so-kibana - text: so-kibana
kibanadashtemplate:
file.managed:
- name: /opt/so/conf/kibana/saved_objects.ndjson.template
- source: salt://kibana/files/saved_objects.ndjson.jinja
- user: 932
- group: 939
- template: jinja
- defaults:
SAVED_OBJECTS: {{ SAVED_OBJECTS }}
so-kibana-dashboard-load:
cmd.run:
- name: /usr/sbin/so-kibana-dashboard-load
- cwd: /opt/so
# Keep the setting correct # Keep the setting correct
#KibanaHappy: #KibanaHappy:
# cmd.script: # cmd.script:

17
salt/kibana/so_dashboard_load.sls Normal file
View File

@@ -0,0 +1,17 @@
include:
- kibana
dashboard_saved_objects_template:
file.managed:
- name: /opt/so/conf/kibana/saved_objects.ndjson.template
- source: salt://kibana/files/saved_objects.ndjson
- user: 932
- group: 939
so-kiba-dashboard-load:
cmd.run:
- name: /usr/sbin/so-kibana-config-load /opt/so/conf/kibana/saved_objects.ndjson.template
- cwd: /opt/so
- require:
- sls: kibana
- file: dashboard_saved_objects_template

18
salt/kibana/so_default_load.sls Normal file
View File

@@ -0,0 +1,18 @@
include:
- kibana
- kibana.so_dashboard_load
config_saved_objects:
file.managed:
- name: /opt/so/conf/kibana/config_saved_objects.ndjson
- source: salt://kibana/files/config_saved_objects.ndjson
- user: 932
- group: 939
so-kiba-config-load:
cmd.run:
- name: /usr/sbin/so-kibana-config-load /opt/so/conf/kibana/config_saved_objects.ndjson
- cwd: /opt/so
- require:
- sls: kibana
- file: config_saved_objects

2
setup/so-setup
View File

@@ -811,7 +811,7 @@ echo "1" > /root/accept_changes
salt-call state.apply -l info soc >> $setup_log 2>&1 salt-call state.apply -l info soc >> $setup_log 2>&1
set_progress_str 70 "$(print_salt_state_apply 'kibana')" set_progress_str 70 "$(print_salt_state_apply 'kibana')"
salt-call state.apply -l info kibana >> $setup_log 2>&1 salt-call state.apply -l info kibana.so_default_load >> $setup_log 2>&1
set_progress_str 70 "Setting up default Space in Kibana" set_progress_str 70 "Setting up default Space in Kibana"
so-kibana-space-defaults >> $setup_log 2>&1 so-kibana-space-defaults >> $setup_log 2>&1