CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-24 08:53:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix nginx merge conflicts

Browse Source
This commit is contained in:
m0duspwnens
2023-05-15 11:40:12 -04:00
parent db47256cdd 9a3c997779
commit 7a4fea7a12
46 changed files with 234 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/elasticfleet/files/integrations/endpoints-initial/osquery.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "osquery_manager",
"version": "1.6.0"
"version": ""
},
"name": "osquery-endpoints",
"namespace": "default",

2
salt/elasticfleet/files/integrations/endpoints-initial/system-endpoints.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "system",
"version": "1.25.2"
"version": ""
},
"name": "system-endpoints",
"namespace": "default",

2
salt/elasticfleet/files/integrations/endpoints-initial/windows-endpoints.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "windows",
"version": "1.19.1"
"version": ""
},
"name": "windows-endpoints",
"namespace": "default",

2
salt/elasticfleet/files/integrations/grid-nodes/elasticsearch-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "elasticsearch",
"version": "1.0.0"
"version": ""
},
"name": "elasticsearch-logs",
"namespace": "default",

2
salt/elasticfleet/files/integrations/grid-nodes/idh-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.1"
"version": ""
},
"name": "idh-logs",
"namespace": "so",

2
salt/elasticfleet/files/integrations/grid-nodes/import-evtx-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.0"
"version": ""
},
"name": "import-evtx-logs",
"namespace": "so",

2
salt/elasticfleet/files/integrations/grid-nodes/import-suricata-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.0"
"version": ""
},
"name": "import-suricata-logs",
"namespace": "so",

2
salt/elasticfleet/files/integrations/grid-nodes/import-zeek-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.0"
"version": ""
},
"name": "import-zeek-logs",
"namespace": "so",

4
salt/elasticfleet/files/integrations/grid-nodes/kratos-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.0"
"version": ""
},
"name": "kratos-logs",
"namespace": "so",
@@ -18,7 +18,7 @@
"/opt/so/log/kratos/kratos.log"
],
"data_stream.dataset": "kratos",
"tags": [],
"tags": ["so-kratos"],
"processors": "- decode_json_fields:\n fields: [\"message\"]\n target: \"\"\n add_error_key: true \n- add_fields:\n target: event\n fields:\n category: iam\n module: kratos",
"custom": "pipeline: kratos"
}

2
salt/elasticfleet/files/integrations/grid-nodes/osquery-grid-nodes.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "osquery_manager",
"version": "1.6.0"
"version": ""
},
"name": "osquery-grid-nodes",
"namespace": "default",

2
salt/elasticfleet/files/integrations/grid-nodes/redis-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "redis",
"version": "1.4.0"
"version": ""
},
"name": "redis-logs",
"namespace": "default",

4
salt/elasticfleet/files/integrations/grid-nodes/soc-auth-sync-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.2"
"version": ""
},
"name": "soc-auth-sync-logs",
"namespace": "so",
@@ -18,7 +18,7 @@
"/opt/so/log/soc/sync.log"
],
"data_stream.dataset": "soc",
"tags": [],
"tags": ["so-soc"],
"processors": "- dissect:\n tokenizer: \"%{event.action}\"\n field: \"message\"\n target_prefix: \"\"\n- add_fields:\n target: event\n fields:\n category: host\n module: soc\n dataset_temp: auth_sync",
"custom": "pipeline: common"
}

4
salt/elasticfleet/files/integrations/grid-nodes/soc-salt-relay-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.2"
"version": ""
},
"name": "soc-salt-relay-logs",
"namespace": "so",
@@ -18,7 +18,7 @@
"/opt/so/log/soc/salt-relay.log"
],
"data_stream.dataset": "soc",
"tags": [],
"tags": ["so-soc"],
"processors": "- dissect:\n tokenizer: \"%{soc.ts} | %{event.action}\"\n field: \"message\"\n target_prefix: \"\"\n- add_fields:\n target: event\n fields:\n category: host\n module: soc\n dataset_temp: salt_relay",
"custom": "pipeline: common"
}

2
salt/elasticfleet/files/integrations/grid-nodes/soc-sensoroni-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.2"
"version": ""
},
"name": "soc-sensoroni-logs",
"namespace": "so",

4
salt/elasticfleet/files/integrations/grid-nodes/soc-server-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.2"
"version": ""
},
"name": "soc-server-logs",
"namespace": "so",
@@ -18,7 +18,7 @@
"/opt/so/log/soc/sensoroni-server.log"
],
"data_stream.dataset": "soc",
"tags": [],
"tags": ["so-soc"],
"processors": "- decode_json_fields:\n fields: [\"message\"]\n target: \"soc\"\n process_array: true\n max_depth: 2\n add_error_key: true \n- add_fields:\n target: event\n fields:\n category: host\n module: soc\n dataset_temp: server\n- rename:\n fields:\n - from: \"soc.fields.sourceIp\"\n to: \"source.ip\"\n - from: \"soc.fields.status\"\n to: \"http.response.status_code\"\n - from: \"soc.fields.method\"\n to: \"http.request.method\"\n - from: \"soc.fields.path\"\n to: \"url.path\"\n - from: \"soc.message\"\n to: \"event.action\"\n - from: \"soc.level\"\n to: \"log.level\"\n ignore_missing: true",
"custom": "pipeline: common"
}

2
salt/elasticfleet/files/integrations/grid-nodes/strelka-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.0"
"version": ""
},
"name": "strelka-logs",
"namespace": "so",

2
salt/elasticfleet/files/integrations/grid-nodes/suricata-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.0"
"version": ""
},
"name": "suricata-logs",
"namespace": "so",

2
salt/elasticfleet/files/integrations/grid-nodes/syslog-tcp-514.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "tcp",
"version": "1.5.0"
"version": ""
},
"name": "syslog-tcp-514",
"namespace": "so",

2
salt/elasticfleet/files/integrations/grid-nodes/syslog-udp-514.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "udp",
"version": "1.5.0"
"version": ""
},
"name": "syslog-udp-514",
"namespace": "so",

2
salt/elasticfleet/files/integrations/grid-nodes/system-grid-nodes.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "system",
"version": "1.25.2"
"version": ""
},
"name": "system-grid-nodes",
"namespace": "default",

2
salt/elasticfleet/files/integrations/grid-nodes/zeek-logs.json
View File

@@ -1,7 +1,7 @@
{
"package": {
"name": "log",
"version": "1.1.0"
"version": ""
},
"name": "zeek-logs",
"namespace": "so",

1
salt/elasticfleet/install_agent_grid.sls
View File

@@ -10,6 +10,7 @@
run_installer:
cmd.script:
- name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux
- cwd: /opt/so
- args: -token={{ GRIDNODETOKEN }}
{% endif %}

35
salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers
View File

@@ -19,37 +19,40 @@ FLEETHOST="{{ GLOBALS.manager_ip }}"
#ENROLLMENTOKEN=$2
TARGETOS=( "linux" "darwin" "windows" )
printf "\n### Get rid of any previous runs\n"
rm -rf /tmp/elastic-agent-workspace
mkdir -p /tmp/elastic-agent-workspace
printf "\n### Creating a temp directory at /nsm/elastic-agent-workspace\n"
rm -rf /nsm/elastic-agent-workspace
mkdir -p /nsm/elastic-agent-workspace
printf "\n### Extract outer tarball and then each individual tarball/zip\n"
tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-{{ GLOBALS.so_version }}.tar.gz -C /tmp/elastic-agent-workspace/
unzip /tmp/elastic-agent-workspace/elastic-agent-*.zip -d /tmp/elastic-agent-workspace/
for archive in /tmp/elastic-agent-workspace/*.tar.gz
printf "\n### Extracting outer tarball and then each individual tarball/zip\n"
tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-{{ GLOBALS.so_version }}.tar.gz -C /nsm/elastic-agent-workspace/
unzip /nsm/elastic-agent-workspace/elastic-agent-*.zip -d /nsm/elastic-agent-workspace/
for archive in /nsm/elastic-agent-workspace/*.tar.gz
do
tar xf "$archive" -C /tmp/elastic-agent-workspace/
tar xf "$archive" -C /nsm/elastic-agent-workspace/
done
printf "\n### Strip out unused components"
find /tmp/elastic-agent-workspace/elastic-agent-*/data/elastic-agent-*/components -regex '.*fleet.*\|.*packet.*\|.*apm*.*\|.*audit.*\|.*heart.*\|.*cloud.*' -delete
printf "\n### Stripping out unused components"
find /nsm/elastic-agent-workspace/elastic-agent-*/data/elastic-agent-*/components -regex '.*fleet.*\|.*packet.*\|.*apm*.*\|.*audit.*\|.*heart.*\|.*cloud.*' -delete
printf "\n### Tar everything up again"
printf "\n### Tarring everything up again"
for OS in "${TARGETOS[@]}"
do
rm -rf /tmp/elastic-agent-workspace/elastic-agent
mv /tmp/elastic-agent-workspace/elastic-agent-*-$OS-x86_64 /tmp/elastic-agent-workspace/elastic-agent
tar -czvf /tmp/elastic-agent-workspace/$OS.tar.gz -C /tmp/elastic-agent-workspace elastic-agent
rm -rf /nsm/elastic-agent-workspace/elastic-agent
mv /nsm/elastic-agent-workspace/elastic-agent-*-$OS-x86_64 /nsm/elastic-agent-workspace/elastic-agent
tar -czvf /nsm/elastic-agent-workspace/$OS.tar.gz -C /nsm/elastic-agent-workspace elastic-agent
done
printf "\n### Generate OS packages using the cleaned up tarballs"
printf "\n### Generating OS packages using the cleaned up tarballs"
for OS in "${TARGETOS[@]}"
do
printf "\n\n### Generating $OS Installer...\n"
docker run -e CGO_ENABLED=0 -e GOOS=$OS \
--mount type=bind,source=/etc/ssl/certs/,target=/workspace/files/cert/ \
--mount type=bind,source=/tmp/elastic-agent-workspace/,target=/workspace/files/elastic-agent/ \
--mount type=bind,source=/nsm/elastic-agent-workspace/,target=/workspace/files/elastic-agent/ \
--mount type=bind,source=/opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/,target=/output/ \
{{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent-builder:{{ GLOBALS.so_version }} go build -ldflags "-X main.fleetHost=$FLEETHOST -X main.enrollmentToken=$ENROLLMENTOKEN" -o /output/so-elastic-agent_$OS
printf "\n### $OS Installer Generated...\n"
done
printf "\n### Cleaning up temp files in /nsm/elastic-agent-workspace"
rm -rf /nsm/elastic-agent-workspace

2
salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup
View File

@@ -12,7 +12,7 @@ printf "\n### Create ES Token ###\n"
ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq -r .value)
### Create Outputs & Fleet URLs ###
printf "\nAdd Manager Elasticsearch Ouput...\n"
printf "\nAdd Manager Elasticsearch Output...\n"
ESCACRT=$(openssl x509 -in /etc/pki/tls/certs/intca.crt)
JSON_STRING=$( jq -n \
--arg ESCACRT "$ESCACRT" \