From f9b52677d7d17fde79da05f0a3a4fd92fe2df606 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:15:45 -0500 Subject: [PATCH 01/28] Update suriloss.sh --- salt/telegraf/scripts/suriloss.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/suriloss.sh b/salt/telegraf/scripts/suriloss.sh index 48745c161..6a1f8a6c5 100644 --- a/salt/telegraf/scripts/suriloss.sh +++ b/salt/telegraf/scripts/suriloss.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=suriloss +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4) CHECKIT=$(echo $SURILOG | grep -o 'drop' | wc -l) From ea1227de9dde68378d0cf78c706520b3f2d0435f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:16:15 -0500 Subject: [PATCH 02/28] Update checkfiles.sh --- salt/telegraf/scripts/checkfiles.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/checkfiles.sh b/salt/telegraf/scripts/checkfiles.sh index a22735696..0ae56c177 100644 --- a/salt/telegraf/scripts/checkfiles.sh +++ b/salt/telegraf/scripts/checkfiles.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=checkfiles +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + FILES=$(ls -1x /host/nsm/faf/complete/ | wc -l) echo "faffiles files=$FILES" From 711f5ab38f87d634e22400426bca28365c1c3b71 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:16:47 -0500 Subject: [PATCH 03/28] Update helixeps.sh --- salt/telegraf/scripts/helixeps.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/helixeps.sh b/salt/telegraf/scripts/helixeps.sh index eee4f65c3..9cb4b77b7 100644 --- a/salt/telegraf/scripts/helixeps.sh +++ b/salt/telegraf/scripts/helixeps.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=helixeps +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + PREVCOUNTFILE='/tmp/helixevents.txt' EVENTCOUNTCURRENT="$(curl -s localhost:9600/_node/stats | jq '.pipelines.helix.events.out')" From a4d3e109e6c9a50df0f54edb30ddd94c47e13a97 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:17:18 -0500 Subject: [PATCH 04/28] Update influxdbsize.sh --- salt/telegraf/scripts/influxdbsize.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/influxdbsize.sh b/salt/telegraf/scripts/influxdbsize.sh index 7060942ae..140c19b23 100644 --- a/salt/telegraf/scripts/influxdbsize.sh +++ b/salt/telegraf/scripts/influxdbsize.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=influxsize +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + INFLUXSIZE=$(du -s -k /host/nsm/influxdb | awk {'print $1'}) echo "influxsize kbytes=$INFLUXSIZE" From cb46c13054b17a6ddb46e7728a1a76099d46b077 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:22:28 -0500 Subject: [PATCH 05/28] Update oldpcap.sh --- salt/telegraf/scripts/oldpcap.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/oldpcap.sh b/salt/telegraf/scripts/oldpcap.sh index 970c47589..4aee393ac 100644 --- a/salt/telegraf/scripts/oldpcap.sh +++ b/salt/telegraf/scripts/oldpcap.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=oldpcap +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + # Get the data OLDPCAP=$(find /host/nsm/pcap -type f -exec stat -c'%n %Z' {} + | sort | grep -v "\." | head -n 1 | awk {'print $2'}) DATE=$(date +%s) From d3f65ac1a8e431de74815d931d35d3ffce5b9268 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:22:52 -0500 Subject: [PATCH 06/28] Update redis.sh --- salt/telegraf/scripts/redis.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/redis.sh b/salt/telegraf/scripts/redis.sh index a91e1f2dc..a1fe0a5ca 100644 --- a/salt/telegraf/scripts/redis.sh +++ b/salt/telegraf/scripts/redis.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=redis +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + UNPARSED=$(redis-cli llen logstash:unparsed | awk '{print $1}') PARSED=$(redis-cli llen logstash:parsed | awk '{print $1}') From 9548b3df54302bcf3ee2a46444ccde327335bbb2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:23:20 -0500 Subject: [PATCH 07/28] Update stenoloss.sh --- salt/telegraf/scripts/stenoloss.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/telegraf/scripts/stenoloss.sh b/salt/telegraf/scripts/stenoloss.sh index 1b60f0517..83b07e4f6 100644 --- a/salt/telegraf/scripts/stenoloss.sh +++ b/salt/telegraf/scripts/stenoloss.sh @@ -1,5 +1,14 @@ #!/bin/bash +APP=stenoloss +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + # Get the data DROP=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop | awk '{print $14}' | awk -F "=" '{print $2}') From 6ff192278811c17a3e9d4f49e61703a51cfee69c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:42:58 -0500 Subject: [PATCH 08/28] Update zeekcaptureloss.sh --- salt/telegraf/scripts/zeekcaptureloss.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/salt/telegraf/scripts/zeekcaptureloss.sh b/salt/telegraf/scripts/zeekcaptureloss.sh index a2e350212..8b0b97c70 100644 --- a/salt/telegraf/scripts/zeekcaptureloss.sh +++ b/salt/telegraf/scripts/zeekcaptureloss.sh @@ -1,6 +1,15 @@ #!/bin/bash # This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp +APP=zeekloss +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + if [ -d "/host/nsm/zeek/spool/logger" ]; then WORKERS={{ salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) }} ZEEKLOG=/host/nsm/zeek/spool/logger/capture_loss.log @@ -23,4 +32,4 @@ if [ -f "$ZEEKLOG" ]; then fi fi echo "$CURRENTTS" > $LASTCAPTURELOSSLOG -fi \ No newline at end of file +fi From edb0d71e87858c55091e56fb987be399ca0aafe6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:43:28 -0500 Subject: [PATCH 09/28] Update zeekloss.sh --- salt/telegraf/scripts/zeekloss.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/salt/telegraf/scripts/zeekloss.sh b/salt/telegraf/scripts/zeekloss.sh index 579fdf9f2..8c134916c 100644 --- a/salt/telegraf/scripts/zeekloss.sh +++ b/salt/telegraf/scripts/zeekloss.sh @@ -1,5 +1,15 @@ #!/bin/bash # This script returns the packets dropped by Zeek, but it isn't a percentage. $LOSS * 100 would be the percentage + +APP=zeekloss +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2) declare RESULT=($ZEEKLOG) CURRENTDROP=${RESULT[3]} @@ -14,4 +24,4 @@ else TOTAL=$((CURRENTPACKETS - PASTPACKETS)) LOSS=$(echo $DROPPED $TOTAL / p | dc) echo "zeekdrop drop=$LOSS" -fi \ No newline at end of file +fi From 73c17b77ae65abf0ec44710b62d5601258052187 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 11:43:48 -0500 Subject: [PATCH 10/28] Update zeekcaptureloss.sh --- salt/telegraf/scripts/zeekcaptureloss.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/telegraf/scripts/zeekcaptureloss.sh b/salt/telegraf/scripts/zeekcaptureloss.sh index 8b0b97c70..095428140 100644 --- a/salt/telegraf/scripts/zeekcaptureloss.sh +++ b/salt/telegraf/scripts/zeekcaptureloss.sh @@ -1,7 +1,7 @@ #!/bin/bash # This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp -APP=zeekloss +APP=zeekcaploss lf=/tmp/$APP-pidLockFile # create empty lock file if none exists cat /dev/null >> $lf From c0897c7e5a6977f1b86e5e07e77794be03a18f72 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:46:19 -0500 Subject: [PATCH 11/28] Update so-curator-close --- salt/curator/files/bin/so-curator-close | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/salt/curator/files/bin/so-curator-close b/salt/curator/files/bin/so-curator-close index 11324dd31..b03d99e31 100644 --- a/salt/curator/files/bin/so-curator-close +++ b/salt/curator/files/bin/so-curator-close @@ -1,2 +1,12 @@ #!/bin/bash + +APP=closeddelete +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + /usr/sbin/so-curator-closed-delete > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1 From d85c99abf3ec20620644e401994cf8c5c4ec275a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:46:44 -0500 Subject: [PATCH 12/28] Update so-curator-close --- salt/curator/files/bin/so-curator-close | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-close b/salt/curator/files/bin/so-curator-close index b03d99e31..be3ddf77d 100644 --- a/salt/curator/files/bin/so-curator-close +++ b/salt/curator/files/bin/so-curator-close @@ -1,6 +1,6 @@ #!/bin/bash -APP=closeddelete +APP=close lf=/tmp/$APP-pidLockFile # create empty lock file if none exists cat /dev/null >> $lf From e68f90c3b5d51d71561018a1cf94e4964667178b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:48:28 -0500 Subject: [PATCH 13/28] Update so-curator-closed-delete-delete --- salt/curator/files/bin/so-curator-closed-delete-delete | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index 689056dc2..c681c04e9 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -1,6 +1,15 @@ #!/bin/bash +APP=closedeletedelete +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + {%- if grains['role'] in ['so-node', 'so-heavynode'] %} {%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%} {%- set ELASTICSEARCH_PORT = salt['pillar.get']('elasticsearch:es_port', '') -%} From 578250a9946a9153653ad1f24591768dd733c721 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:48:55 -0500 Subject: [PATCH 14/28] Update so-curator-delete --- salt/curator/files/bin/so-curator-delete | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/salt/curator/files/bin/so-curator-delete b/salt/curator/files/bin/so-curator-delete index 166497855..d79555dee 100644 --- a/salt/curator/files/bin/so-curator-delete +++ b/salt/curator/files/bin/so-curator-delete @@ -1,2 +1,12 @@ #!/bin/bash + +APP=delete +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/delete.yml > /dev/null 2>&1 From 2eb3378b62bb5378cb674d665b24d186f2209a22 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:50:59 -0500 Subject: [PATCH 15/28] Update so-curator-closed-delete --- salt/curator/files/bin/so-curator-closed-delete | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete b/salt/curator/files/bin/so-curator-closed-delete index 8f6d0a8ea..c2949a4fc 100755 --- a/salt/curator/files/bin/so-curator-closed-delete +++ b/salt/curator/files/bin/so-curator-closed-delete @@ -34,6 +34,13 @@ #fi # Avoid starting multiple instances -if ! pgrep -f "so-curator-closed-delete-delete" >/dev/null; then - /usr/sbin/so-curator-closed-delete-delete -fi +APP=closeddelete +lf=/tmp/$APP-pidLockFile +# create empty lock file if none exists +cat /dev/null >> $lf +read lastPID < $lf +# if lastPID is not null and a process with that pid exists , exit +[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit +echo $$ > $lf + +/usr/sbin/so-curator-closed-delete-delete From 047ab95e68da6010d55b9e556f3c299a78d41fa9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:52:38 -0500 Subject: [PATCH 16/28] Update so-curator-close --- salt/curator/files/bin/so-curator-close | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/curator/files/bin/so-curator-close b/salt/curator/files/bin/so-curator-close index be3ddf77d..682653ce4 100644 --- a/salt/curator/files/bin/so-curator-close +++ b/salt/curator/files/bin/so-curator-close @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=close lf=/tmp/$APP-pidLockFile From 8320421d426fc76191aff166fee097607d157b0f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:53:05 -0500 Subject: [PATCH 17/28] Update so-curator-closed-delete --- salt/curator/files/bin/so-curator-closed-delete | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete b/salt/curator/files/bin/so-curator-closed-delete index c2949a4fc..714aa5f6f 100755 --- a/salt/curator/files/bin/so-curator-closed-delete +++ b/salt/curator/files/bin/so-curator-closed-delete @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From c11d8367fac5c4ed2c00fd0d7c7fd1f61d1e12e8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:53:36 -0500 Subject: [PATCH 18/28] Update so-curator-closed-delete-delete --- .../files/bin/so-curator-closed-delete-delete | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-closed-delete-delete b/salt/curator/files/bin/so-curator-closed-delete-delete index c681c04e9..ac5a1aba2 100755 --- a/salt/curator/files/bin/so-curator-closed-delete-delete +++ b/salt/curator/files/bin/so-curator-closed-delete-delete @@ -1,5 +1,19 @@ - #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=closedeletedelete lf=/tmp/$APP-pidLockFile From c75536db6d5726754322f10ab786356aef258f53 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:54:04 -0500 Subject: [PATCH 19/28] Update so-curator-delete --- salt/curator/files/bin/so-curator-delete | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/curator/files/bin/so-curator-delete b/salt/curator/files/bin/so-curator-delete index d79555dee..6a85eddb4 100644 --- a/salt/curator/files/bin/so-curator-delete +++ b/salt/curator/files/bin/so-curator-delete @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=delete lf=/tmp/$APP-pidLockFile From c5ddddda2aa6d7f43880c972ff0ffb7b82ed87ca Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:54:31 -0500 Subject: [PATCH 20/28] Update checkfiles.sh --- salt/telegraf/scripts/checkfiles.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/telegraf/scripts/checkfiles.sh b/salt/telegraf/scripts/checkfiles.sh index 0ae56c177..4b6a8493a 100644 --- a/salt/telegraf/scripts/checkfiles.sh +++ b/salt/telegraf/scripts/checkfiles.sh @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=checkfiles lf=/tmp/$APP-pidLockFile From 814aa85dbad049ad44de315d618a6c85bdc96f7c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:54:48 -0500 Subject: [PATCH 21/28] Update helixeps.sh --- salt/telegraf/scripts/helixeps.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/telegraf/scripts/helixeps.sh b/salt/telegraf/scripts/helixeps.sh index 9cb4b77b7..aed559932 100644 --- a/salt/telegraf/scripts/helixeps.sh +++ b/salt/telegraf/scripts/helixeps.sh @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=helixeps lf=/tmp/$APP-pidLockFile From ee0e1ce8d72026bebbbd3c8142eb8821f7e5bed7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:55:08 -0500 Subject: [PATCH 22/28] Update influxdbsize.sh --- salt/telegraf/scripts/influxdbsize.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/telegraf/scripts/influxdbsize.sh b/salt/telegraf/scripts/influxdbsize.sh index 140c19b23..4e74c4cf5 100644 --- a/salt/telegraf/scripts/influxdbsize.sh +++ b/salt/telegraf/scripts/influxdbsize.sh @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=influxsize lf=/tmp/$APP-pidLockFile From c9bfd8a2539ab7aa34785ca42bbdd113343d7b9b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 12:55:28 -0500 Subject: [PATCH 23/28] Update oldpcap.sh --- salt/telegraf/scripts/oldpcap.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/telegraf/scripts/oldpcap.sh b/salt/telegraf/scripts/oldpcap.sh index 4aee393ac..b8d383112 100644 --- a/salt/telegraf/scripts/oldpcap.sh +++ b/salt/telegraf/scripts/oldpcap.sh @@ -1,4 +1,19 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . APP=oldpcap lf=/tmp/$APP-pidLockFile From a6a9f03cb02f12be361bdfdd7243ba6eba4b32c2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 13:08:28 -0500 Subject: [PATCH 24/28] Update redis.sh --- salt/telegraf/scripts/redis.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/salt/telegraf/scripts/redis.sh b/salt/telegraf/scripts/redis.sh index a1fe0a5ca..9f5dbd37f 100644 --- a/salt/telegraf/scripts/redis.sh +++ b/salt/telegraf/scripts/redis.sh @@ -1,4 +1,20 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + APP=redis lf=/tmp/$APP-pidLockFile From 8e88c350d53ba4b99da3122a2318ac5bca3bfbce Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 13:08:43 -0500 Subject: [PATCH 25/28] Update stenoloss.sh --- salt/telegraf/scripts/stenoloss.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/salt/telegraf/scripts/stenoloss.sh b/salt/telegraf/scripts/stenoloss.sh index 83b07e4f6..d078284a4 100644 --- a/salt/telegraf/scripts/stenoloss.sh +++ b/salt/telegraf/scripts/stenoloss.sh @@ -1,4 +1,20 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + APP=stenoloss lf=/tmp/$APP-pidLockFile From 4a80c371674cb8c6304c9953f4ffaabcd0cd3309 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 13:09:08 -0500 Subject: [PATCH 26/28] Update suriloss.sh --- salt/telegraf/scripts/suriloss.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/salt/telegraf/scripts/suriloss.sh b/salt/telegraf/scripts/suriloss.sh index 6a1f8a6c5..cc2cff94c 100644 --- a/salt/telegraf/scripts/suriloss.sh +++ b/salt/telegraf/scripts/suriloss.sh @@ -1,4 +1,20 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + APP=suriloss lf=/tmp/$APP-pidLockFile From a4df3623be69d743ef0a25ab812a1fc582ad13f3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 13:09:31 -0500 Subject: [PATCH 27/28] Update zeekcaptureloss.sh --- salt/telegraf/scripts/zeekcaptureloss.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/salt/telegraf/scripts/zeekcaptureloss.sh b/salt/telegraf/scripts/zeekcaptureloss.sh index 095428140..36962e109 100644 --- a/salt/telegraf/scripts/zeekcaptureloss.sh +++ b/salt/telegraf/scripts/zeekcaptureloss.sh @@ -1,4 +1,21 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + # This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp APP=zeekcaploss From 978ba5b3ad6225dcb6ad0d9d1351f8d18cdfb2b8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Nov 2020 13:09:52 -0500 Subject: [PATCH 28/28] Update zeekloss.sh --- salt/telegraf/scripts/zeekloss.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/salt/telegraf/scripts/zeekloss.sh b/salt/telegraf/scripts/zeekloss.sh index 8c134916c..9a64ef4dd 100644 --- a/salt/telegraf/scripts/zeekloss.sh +++ b/salt/telegraf/scripts/zeekloss.sh @@ -1,4 +1,20 @@ #!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + # This script returns the packets dropped by Zeek, but it isn't a percentage. $LOSS * 100 would be the percentage APP=zeekloss