CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into fix/so-status-import-node

Browse Source
This commit is contained in:
m0duspwnens
2020-12-16 12:02:39 -05:00
parent 96b72d46be 09b5e6d227
commit 81e2b4d572
4 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/common/tools/sbin/so-image-common
View File

@@ -84,11 +84,13 @@ container_list() {
TRUSTED_CONTAINERS=(
"so-filebeat"
"so-idstools"
"so-elasticsearch"
"so-logstash"
"so-nginx"
"so-redis"
"so-steno"
"so-suricata"
"so-soc"
"so-telegraf"
"so-zeek"
)

4
salt/elasticsearch/files/scripts/so-catrust
View File

@@ -18,6 +18,10 @@
{%- set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{%- set MANAGER = salt['grains.get']('master') %}
. /usr/sbin/so-common
# Exit on errors, since all lines must succeed
set -e
# Check to see if we have extracted the ca cert.
if [ ! -f /opt/so/saltstack/local/salt/common/cacerts ]; then
docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} -keystore /etc/pki/ca-trust/extracted/java/cacerts -alias SOSCA -import -file /etc/pki/ca.crt -storepass changeit -noprompt

3
salt/telegraf/init.sls
View File

@@ -48,6 +48,7 @@ so-telegraf:
- HOST_ETC=/host/etc
- HOST_SYS=/host/sys
- HOST_MOUNT_PREFIX=/host
- GODEBUG=x509ignoreCN=0
- network_mode: host
- binds:
- /opt/so/log/telegraf:/var/log/telegraf:rw
@@ -84,4 +85,4 @@ telegraf_state_not_allowed:
test.fail_without_changes:
- name: telegraf_state_not_allowed
{% endif %}
{% endif %}

4
setup/so-functions
View File

@@ -719,7 +719,7 @@ create_local_directories() {
for d in $(find $PILLARSALTDIR/$i -type d); do
suffixdir=${d//$PILLARSALTDIR/}
if [ ! -d "$local_salt_dir/$suffixdir" ]; then
mkdir -v "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1
mkdir -pv "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1
fi
done
chown -R socore:socore "$local_salt_dir/$i"
@@ -1525,7 +1525,7 @@ reinstall_init() {
if command -v docker &> /dev/null; then
# Stop and remove all so-* containers so files can be changed with more safety
if [ $(docker ps -a -q --filter "name=so-") -gt 0 ]; then
if [ $(docker ps -a -q --filter "name=so-" | wc -l) -gt 0 ]; then
docker stop $(docker ps -a -q --filter "name=so-")
docker rm -f $(docker ps -a -q --filter "name=so-")
fi