From 7ebf93fcb5ac98a1dcb6ac7e847ced75e77c1e99 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 9 Sep 2020 15:53:32 -0400 Subject: [PATCH] IDSTools Overhaul --- salt/common/tools/sbin/soup | 24 ++++++++++++++++++++++-- salt/idstools/init.sls | 2 +- salt/idstools/localrules/local.rules | 1 - setup/so-functions | 12 ++++++++++++ setup/so-setup | 2 ++ 5 files changed, 37 insertions(+), 4 deletions(-) delete mode 100644 salt/idstools/localrules/local.rules diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index d9fadce29..849ba9f09 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -123,7 +123,19 @@ pillar_changes() { # Move baseurl in global.sls if [[ "$INSTALLEDVERSION" =~ rc.1 ]]; then - # Move the static file to global.sls + rc1_to_rc2 + rc2_to_rc3 + fi + + if [[ "$INSTALLEDVERSION" =~ rc.2 ]]; then + rc2_to_rc3 + fi + +} + +rc1_to_rc2() { + + # Move the static file to global.sls echo "Migrating static.sls to global.sls" mv -v /opt/so/saltstack/local/pillar/static.sls /opt/so/saltstack/local/pillar/global.sls >> "$SOUP_LOG" 2>&1 sed -i '1c\global:' /opt/so/saltstack/local/pillar/global.sls >> "$SOUP_LOG" 2>&1 @@ -158,8 +170,16 @@ pillar_changes() { curl -XPUT http://localhost:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"'$NAME'": {"skip_unavailable": "true", "seeds": ["'$EHOSTNAME':9300"]}}}}}' done > "$setup_log" 2>&1 } +airgap_rules() { + # Copy the rules for suricata if using Airgap + mkdir -p /opt/so/rules/nids + cp -v /root/SecurityOnion/agrules/emerging-all.rules /opt/so/rules/nids/ +} + analyze_system() { title "System Characteristics" logCmd "uptime" @@ -630,6 +636,12 @@ create_local_directories() { } +create_local_nids_rules() { + # Create a local.rules file so it doesn't get blasted on updates + mkdir -p /opt/so/saltstack/local/salt/idstools + echo "# Custom Suricata rules go in this file" > /opt/so/saltstack/local/salt/idstools/local.rules +} + create_repo() { # Create the repo for airgap createrepo /nsm/repo diff --git a/setup/so-setup b/setup/so-setup index f771d7d57..d04f4afc5 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -465,6 +465,7 @@ fi if [[ $is_manager && $is_airgap ]]; then info "Creating airgap repo" create_repo >> $setup_log 2>&1 + airgap_rules >> $setup_log 2>&1 fi if [[ $is_minion ]]; then @@ -575,6 +576,7 @@ fi salt-call state.apply -l info manager >> $setup_log 2>&1 set_progress_str 61 "$(print_salt_state_apply 'idstools')" + create_local_nids_rules >> $setup_log 2>&1 salt-call state.apply -l info idstools >> $setup_log 2>&1 set_progress_str 61 "$(print_salt_state_apply 'suricata.manager')"