From 80b40503fbbd69fba76e60c46f3856dd9631f9cc Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 1 May 2023 17:28:16 -0400 Subject: [PATCH] no more plural roles, update so-firewall-minion --- salt/common/tools/sbin/so-firewall-minion | 54 ++++++++--------- salt/firewall/defaults.yaml | 70 +++++++++++------------ salt/firewall/soc_firewall.yaml | 70 +++++++++++------------ 3 files changed, 97 insertions(+), 97 deletions(-) diff --git a/salt/common/tools/sbin/so-firewall-minion b/salt/common/tools/sbin/so-firewall-minion index 0465f0bbb..610d0fc3a 100755 --- a/salt/common/tools/sbin/so-firewall-minion +++ b/salt/common/tools/sbin/so-firewall-minion @@ -49,34 +49,34 @@ fi case "$ROLE" in 'MANAGER') - so-firewall --role=manager --ip="$IP" + so-firewall includehost manager "$IP" ;; - 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') - so-firewall --role=manager --ip="$IP" - so-firewall --role=sensors --ip="$IP" - so-firewall --apply=true --role=searchnodes --ip="$IP" + 'MANAGERSEARCH') + so-firewall includehost manager "$IP" + so-firewall includehost searchnode "$IP" --apply ;; - 'FLEET' | 'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'IDH' | 'RECEIVER') - case "$ROLE" in - 'FLEET') - so-firewall --apply=true --role=fleet --ip="$IP" - ;; - 'SENSOR') - so-firewall --apply=true --role=sensors --ip="$IP" - ;; - 'SEARCHNODE') - so-firewall --apply=true --role=searchnodes --ip="$IP" - ;; - 'HEAVYNODE') - so-firewall --role=sensors --ip="$IP" - so-firewall --apply=true --role=heavynodes --ip="$IP" - ;; - 'IDH') - so-firewall --apply=true --role=sensors --ip="$IP" - ;; - 'RECEIVER') - so-firewall --apply=true --role=receivers --ip="$IP" - ;; - esac + 'EVAL' | 'STANDALONE' | 'IMPORT') + so-firewall includehost manager "$IP" + so-firewall includehost sensor "$IP" + so-firewall includehost searchnode "$IP" --apply + ;; + 'FLEET') + so-firewall includehost fleet "$IP" --apply + ;; + 'SENSOR') + so-firewall includehost sensor "$IP" --apply + ;; + 'SEARCHNODE') + so-firewall includehost searchnode "$IP" --apply + ;; + 'HEAVYNODE') + so-firewall includehost sensor "$IP" + so-firewall includehost heavynode "$IP" --apply + ;; + 'IDH') + so-firewall includehost sensor "$IP" --apply + ;; + 'RECEIVER') + so-firewall includehost receiver "$IP" --apply ;; esac diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index 0e68add72..fa77aae77 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -11,18 +11,18 @@ firewall: endgame: [] eval: [] fleet: [] - heavynodes: [] + heavynode: [] idh: [] import: [] localhost: - 127.0.0.1 manager: [] managersearch: [] - receivers: [] - searchnodes: [] - securityonion_desktops: [] + receiver: [] + searchnode: [] + securityonion_desktop: [] self: [] - sensors: [] + sensor: [] standalone: [] strelka_frontend: [] syslog: [] @@ -181,15 +181,15 @@ firewall: - influxdb - elasticsearch_rest - elasticsearch_node - sensors: + sensor: portgroups: - beats_5044 - beats_5644 - searchnodes: + searchnode: portgroups: - redis - elasticsearch_node - heavynodes: + heavynode: portgroups: - redis - elasticsearch_node @@ -273,7 +273,7 @@ firewall: chain: DOCKER-USER: hostgroups: - sensors: + sensor: portgroups: - elastic_agent_control - elastic_agent_data @@ -315,13 +315,13 @@ firewall: standalone: portgroups: - salt_manager - sensors: + sensor: portgroups: - salt_manager - searchnodes: + searchnode: portgroups: - salt_manager - heavynodes: + heavynode: portgroups: - salt_manager customhostgroup0: @@ -361,7 +361,7 @@ firewall: - elastic_agent_control - elastic_agent_data - agrules - sensors: + sensor: portgroups: - beats_5044 - beats_5644 @@ -370,7 +370,7 @@ firewall: - yum - docker_registry - influxdb - searchnodes: + searchnode: portgroups: - redis - elasticsearch_rest @@ -381,7 +381,7 @@ firewall: - influxdb - elastic_agent_control - elastic_agent_data - heavynodes: + heavynode: portgroups: - redis - elasticsearch_rest @@ -448,13 +448,13 @@ firewall: localhost: portgroups: - all - sensors: + sensor: portgroups: - salt_manager - searchnodes: + searchnode: portgroups: - salt_manager - heavynodes: + heavynode: portgroups: - salt_manager customhostgroup0: @@ -493,7 +493,7 @@ firewall: - docker_registry - elastic_agent_control - elastic_agent_data - sensors: + sensor: portgroups: - beats_5044 - beats_5644 @@ -502,7 +502,7 @@ firewall: - yum - docker_registry - influxdb - searchnodes: + searchnode: portgroups: - redis - elasticsearch_rest @@ -512,7 +512,7 @@ firewall: - influxdb - elastic_agent_control - elastic_agent_data - heavynodes: + heavynode: portgroups: - redis - elasticsearch_rest @@ -578,13 +578,13 @@ firewall: localhost: portgroups: - all - sensors: + sensor: portgroups: - salt_manager - searchnodes: + searchnode: portgroups: - salt_manager - heavynodes: + heavynode: portgroups: - salt_manager customhostgroup0: @@ -647,7 +647,7 @@ firewall: - beats_5056 - elastic_agent_control - elastic_agent_data - sensors: + sensor: portgroups: - docker_registry - influxdb @@ -658,7 +658,7 @@ firewall: - beats_5056 - elastic_agent_control - elastic_agent_data - searchnodes: + searchnode: portgroups: - docker_registry - influxdb @@ -667,7 +667,7 @@ firewall: - redis - elasticsearch_rest - elasticsearch_node - heavynodes: + heavynode: portgroups: - docker_registry - influxdb @@ -741,13 +741,13 @@ firewall: standalone: portgroups: - salt_manager - sensors: + sensor: portgroups: - salt_manager - searchnodes: + searchnode: portgroups: - salt_manager - heavynodes: + heavynode: portgroups: - salt_manager customhostgroup0: @@ -785,7 +785,7 @@ firewall: elasticsearch_rest: portgroups: - elasticsearch_rest - searchnodes: + searchnode: portgroups: - elasticsearch_node self: @@ -989,11 +989,11 @@ firewall: - elasticsearch_rest - elasticsearch_node - elastic_agent_control - sensors: + sensor: portgroups: - beats_5044 - beats_5644 - searchnodes: + searchnode: portgroups: - redis - elasticsearch_node @@ -1068,10 +1068,10 @@ firewall: chain: DOCKER-USER: hostgroups: - sensors: + sensor: portgroups: - beats_5644 - searchnodes: + searchnode: portgroups: - redis - beats_5644 diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml index 5b76c581e..cbb4b9f15 100644 --- a/salt/firewall/soc_firewall.yaml +++ b/salt/firewall/soc_firewall.yaml @@ -31,17 +31,17 @@ firewall: endgame: *hostgroupsettingsadv eval: *hostgroupsettings fleet: *hostgroupsettings - heavynodes: *hostgroupsettings + heavynode: *hostgroupsettings idh: *hostgroupsettings import: *hostgroupsettings localhost: *ROhostgroupsettingsadv manager: *hostgroupsettings managersearch: *hostgroupsettings - receivers: *hostgroupsettings - searchnodes: *hostgroupsettings - securityonion_desktops: *hostgroupsettings + receiver: *hostgroupsettings + searchnode: *hostgroupsettings + securityonion_desktop: *hostgroupsettings self: *ROhostgroupsettingsadv - sensors: *hostgroupsettings + sensor: *hostgroupsettings standalone: *hostgroupsettings strelka_frontend: *hostgroupsettings syslog: *hostgroupsettings @@ -186,11 +186,11 @@ firewall: advanced: True multiline: True helpLink: firewall.html - sensors: + sensor: portgroups: *portgroupsdocker - searchnodes: + searchnode: portgroups: *portgroupsdocker - heavynodes: + heavynode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker @@ -264,7 +264,7 @@ firewall: chain: DOCKER-USER: hostgroups: - sensors: + sensor: portgroups: *portgroupsdocker elastic_agent_endpoint: portgroups: *portgroupsdocker @@ -298,11 +298,11 @@ firewall: portgroups: *portgroupsdocker standalone: portgroups: *portgroupshost - sensors: + sensor: portgroups: *portgroupshost - searchnodes: + searchnode: portgroups: *portgroupshost - heavynodes: + heavynode: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost @@ -331,11 +331,11 @@ firewall: hostgroups: manager: portgroups: *portgroupsdocker - sensors: + sensor: portgroups: *portgroupsdocker - searchnodes: + searchnode: portgroups: *portgroupsdocker - heavynodes: + heavynode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker @@ -381,11 +381,11 @@ firewall: portgroups: *portgroupshost localhost: portgroups: *portgroupshost - sensors: + sensor: portgroups: *portgroupshost - searchnodes: + searchnode: portgroups: *portgroupshost - heavynodes: + heavynode: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost @@ -414,11 +414,11 @@ firewall: hostgroups: managersearch: portgroups: *portgroupsdocker - sensors: + sensor: portgroups: *portgroupsdocker - searchnodes: + searchnode: portgroups: *portgroupsdocker - heavynodes: + heavynode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker @@ -464,11 +464,11 @@ firewall: portgroups: *portgroupshost localhost: portgroups: *portgroupshost - sensors: + sensor: portgroups: *portgroupshost - searchnodes: + searchnode: portgroups: *portgroupshost - heavynodes: + heavynode: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost @@ -501,11 +501,11 @@ firewall: portgroups: *portgroupsdocker fleet: portgroups: *portgroupsdocker - sensors: + sensor: portgroups: *portgroupsdocker - searchnodes: + searchnode: portgroups: *portgroupsdocker - heavynodes: + heavynode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker @@ -557,11 +557,11 @@ firewall: portgroups: *portgroupshost standalone: portgroups: *portgroupshost - sensors: + sensor: portgroups: *portgroupshost - searchnodes: + searchnode: portgroups: *portgroupshost - heavynodes: + heavynode: portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost @@ -594,7 +594,7 @@ firewall: portgroups: *portgroupsdocker elasticsearch_rest: portgroups: *portgroupsdocker - searchnodes: + searchnode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker @@ -773,9 +773,9 @@ firewall: hostgroups: manager: portgroups: *portgroupsdocker - sensors: + sensor: portgroups: *portgroupsdocker - searchnodes: + searchnode: portgroups: *portgroupsdocker beats_endpoint: portgroups: *portgroupsdocker @@ -840,9 +840,9 @@ firewall: chain: DOCKER-USER: hostgroups: - sensors: + sensor: portgroups: *portgroupsdocker - searchnodes: + searchnode: portgroups: *portgroupsdocker self: portgroups: *portgroupsdocker