CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove hive from more files

Browse Source
This commit is contained in:
Mike Reeves
2022-03-15 08:28:03 -04:00
parent b5b60af16f
commit 81f0aa58b8
5 changed files with 2 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/allowed_states.map.jinja
View File

@@ -1,6 +1,5 @@
{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
{% set WAZUH = salt['pillar.get']('global:wazuh', '0') %}
{% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
{% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
{% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
@@ -273,10 +272,6 @@
{% do allowed_states.append('elastalert') %}
{% endif %}
{% if (THEHIVE != 0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
{% do allowed_states.append('thehive') %}
{% endif %}
{% if (PLAYBOOK !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
{% do allowed_states.append('playbook') %}
{% endif %}

2
salt/common/tools/sbin/so-elasticsearch-indices-rw
View File

@@ -17,9 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
ESPORT=9200
THEHIVEESPORT=9400
echo "Removing read only attributes for indices..."
echo
{{ ELASTICCURL }} -s -k -XPUT -H "Content-Type: application/json" -L https://$IP:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi;
{{ ELASTICCURL }} -XPUT -H "Content-Type: application/json" -L http://$IP:9400/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute. Please ensure Elasticsearch is running.";fi;

3
salt/common/tools/sbin/so-restart
View File

@@ -15,7 +15,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Usage: so-restart filebeat | kibana | playbook | thehive
# Usage: so-restart filebeat | kibana | playbook
. /usr/sbin/so-common
@@ -31,7 +31,6 @@ if [ $# -ge 1 ]; then
fi
case $1 in
"cortex") docker stop so-thehive-cortex so-thehive && docker rm so-thehive-cortex so-thehive && salt-call state.apply hive queue=True;;
"steno") docker stop so-steno && docker rm so-steno && salt-call state.apply pcap queue=True;;
*) docker stop so-$1 ; docker rm so-$1 ; salt-call state.apply $1 queue=True;;
esac

2
salt/common/tools/sbin/so-start
View File

@@ -15,7 +15,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Usage: so-start all | filebeat | kibana | playbook | thehive
# Usage: so-start all | filebeat | kibana | playbook
. /usr/sbin/so-common

6
salt/top.sls
View File

@@ -277,9 +277,6 @@ base:
- utility
- schedule
- soctopus
{%- if THEHIVE != 0 %}
- thehive
{%- endif %}
{%- if PLAYBOOK != 0 %}
- playbook
{%- endif %}
@@ -369,9 +366,6 @@ base:
- fleet.install_package
{%- endif %}
- soctopus
{%- if THEHIVE != 0 %}
- thehive
{%- endif %}
{%- if PLAYBOOK != 0 %}
- playbook
{%- endif %}