mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-08 02:02:50 +01:00
Merge remote-tracking branch 'remotes/origin/dev' into fix/so-status-import-node
This commit is contained in:
m0duspwnens
@@ -84,11 +84,13 @@ container_list() {
|
|||||||
TRUSTED_CONTAINERS=(
|
TRUSTED_CONTAINERS=(
|
||||||
"so-filebeat"
|
"so-filebeat"
|
||||||
"so-idstools"
|
"so-idstools"
|
||||||
|
"so-elasticsearch"
|
||||||
"so-logstash"
|
"so-logstash"
|
||||||
"so-nginx"
|
"so-nginx"
|
||||||
"so-redis"
|
"so-redis"
|
||||||
"so-steno"
|
"so-steno"
|
||||||
"so-suricata"
|
"so-suricata"
|
||||||
|
"so-soc"
|
||||||
"so-telegraf"
|
"so-telegraf"
|
||||||
"so-zeek"
|
"so-zeek"
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -18,6 +18,10 @@
|
|||||||
{%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
{%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||||
{%- set MANAGER = salt['grains.get']('master') %}
|
{%- set MANAGER = salt['grains.get']('master') %}
|
||||||
. /usr/sbin/so-common
|
. /usr/sbin/so-common
|
||||||
|
|
||||||
|
# Exit on errors, since all lines must succeed
|
||||||
|
set -e
|
||||||
|
|
||||||
# Check to see if we have extracted the ca cert.
|
# Check to see if we have extracted the ca cert.
|
||||||
if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then
|
if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then
|
||||||
docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt
|
docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt
|
||||||
|
|||||||
@@ -48,6 +48,7 @@ so-telegraf:
|
|||||||
- HOST_ETC=/host/etc
|
- HOST_ETC=/host/etc
|
||||||
- HOST_SYS=/host/sys
|
- HOST_SYS=/host/sys
|
||||||
- HOST_MOUNT_PREFIX=/host
|
- HOST_MOUNT_PREFIX=/host
|
||||||
|
- GODEBUG=x509ignoreCN=0
|
||||||
- network_mode: host
|
- network_mode: host
|
||||||
- binds:
|
- binds:
|
||||||
- /opt/so/log/telegraf:/var/log/telegraf:rw
|
- /opt/so/log/telegraf:/var/log/telegraf:rw
|
||||||
@@ -84,4 +85,4 @@ telegraf_state_not_allowed:
|
|||||||
test.fail_without_changes:
|
test.fail_without_changes:
|
||||||
- name: telegraf_state_not_allowed
|
- name: telegraf_state_not_allowed
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
@@ -719,7 +719,7 @@ create_local_directories() {
|
|||||||
for d in $(find $PILLARSALTDIR/$i -type d); do
|
for d in $(find $PILLARSALTDIR/$i -type d); do
|
||||||
suffixdir=${d//$PILLARSALTDIR/}
|
suffixdir=${d//$PILLARSALTDIR/}
|
||||||
if [ ! -d "$local_salt_dir/$suffixdir" ]; then
|
if [ ! -d "$local_salt_dir/$suffixdir" ]; then
|
||||||
mkdir -v "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1
|
mkdir -pv "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
chown -R socore:socore "$local_salt_dir/$i"
|
chown -R socore:socore "$local_salt_dir/$i"
|
||||||
@@ -1525,7 +1525,7 @@ reinstall_init() {
|
|||||||
|
|
||||||
if command -v docker &> /dev/null; then
|
if command -v docker &> /dev/null; then
|
||||||
# Stop and remove all so-* containers so files can be changed with more safety
|
# Stop and remove all so-* containers so files can be changed with more safety
|
||||||
if [ $(docker ps -a -q --filter "name=so-") -gt 0 ]; then
|
if [ $(docker ps -a -q --filter "name=so-" | wc -l) -gt 0 ]; then
|
||||||
docker stop $(docker ps -a -q --filter "name=so-")
|
docker stop $(docker ps -a -q --filter "name=so-")
|
||||||
docker rm -f $(docker ps -a -q --filter "name=so-")
|
docker rm -f $(docker ps -a -q --filter "name=so-")
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user