mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
This commit is contained in:
m0duspwnens
@@ -57,7 +57,7 @@
|
|||||||
- Fixed an issue where geoip was not properly parsed.
|
- Fixed an issue where geoip was not properly parsed.
|
||||||
- ATT&CK Navigator is now it's own state.
|
- ATT&CK Navigator is now it's own state.
|
||||||
- Standlone mode is now supported.
|
- Standlone mode is now supported.
|
||||||
- Mastersearch previously used the same Grafana dashboard as a Search node. It now has its own dashboard that incorporates panels from the Master node and Search node dashboards.
|
- Managersearch previously used the same Grafana dashboard as a Search node. It now has its own dashboard that incorporates panels from the Manager node and Search node dashboards.
|
||||||
|
|
||||||
### Known Issues:
|
### Known Issues:
|
||||||
|
|
||||||
|
|||||||
@@ -198,7 +198,7 @@ EOF
|
|||||||
read alertoption
|
read alertoption
|
||||||
|
|
||||||
if [ $alertoption = "1" ] ; then
|
if [ $alertoption = "1" ] ; then
|
||||||
echo "Please enter the email address you want to send the alerts to. Note: Ensure the Master Server is configured for SMTP."
|
echo "Please enter the email address you want to send the alerts to. Note: Ensure the Manager Server is configured for SMTP."
|
||||||
read emailaddress
|
read emailaddress
|
||||||
cat << EOF >> "$rulename.yaml"
|
cat << EOF >> "$rulename.yaml"
|
||||||
# (Required)
|
# (Required)
|
||||||
|
|||||||
@@ -12,7 +12,7 @@
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"description": "This Dashboard provides a general overview of the Master",
|
"description": "This Dashboard provides a general overview of the Manager",
|
||||||
"editable": true,
|
"editable": true,
|
||||||
"gnetId": 2381,
|
"gnetId": 2381,
|
||||||
"graphTooltip": 0,
|
"graphTooltip": 0,
|
||||||
@@ -4162,7 +4162,7 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"timezone": "browser",
|
"timezone": "browser",
|
||||||
"title": "Master Node - {{ SERVERNAME }} Overview",
|
"title": "Manager Node - {{ SERVERNAME }} Overview",
|
||||||
"uid": "{{ UID }}",
|
"uid": "{{ UID }}",
|
||||||
"version": 3
|
"version": 3
|
||||||
}
|
}
|
||||||
@@ -13,7 +13,7 @@
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"description": "This Dashboard provides a general overview of a MasterSearch Node",
|
"description": "This Dashboard provides a general overview of a ManagerSearch Node",
|
||||||
"editable": true,
|
"editable": true,
|
||||||
"gnetId": 2381,
|
"gnetId": 2381,
|
||||||
"graphTooltip": 0,
|
"graphTooltip": 0,
|
||||||
|
|||||||
@@ -3,15 +3,15 @@ apiVersion: 1
|
|||||||
providers:
|
providers:
|
||||||
|
|
||||||
{%- if grains['role'] != 'so-eval' %}
|
{%- if grains['role'] != 'so-eval' %}
|
||||||
- name: 'Master'
|
- name: 'Manager'
|
||||||
folder: 'Master'
|
folder: 'Manager'
|
||||||
type: file
|
type: file
|
||||||
disableDeletion: false
|
disableDeletion: false
|
||||||
editable: true
|
editable: true
|
||||||
options:
|
options:
|
||||||
path: /etc/grafana/grafana_dashboards/manager
|
path: /etc/grafana/grafana_dashboards/manager
|
||||||
- name: 'Master Search'
|
- name: 'Manager Search'
|
||||||
folder: 'Master Search'
|
folder: 'Manager Search'
|
||||||
type: file
|
type: file
|
||||||
disableDeletion: false
|
disableDeletion: false
|
||||||
editable: true
|
editable: true
|
||||||
|
|||||||
@@ -82,7 +82,7 @@ grafanaconf:
|
|||||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||||
dashboard-manager:
|
dashboard-manager:
|
||||||
file.managed:
|
file.managed:
|
||||||
- name: /opt/so/conf/grafana/grafana_dashboards/manager/{{ SN }}-Master.json
|
- name: /opt/so/conf/grafana/grafana_dashboards/manager/{{ SN }}-Manager.json
|
||||||
- user: 939
|
- user: 939
|
||||||
- group: 939
|
- group: 939
|
||||||
- template: jinja
|
- template: jinja
|
||||||
@@ -105,7 +105,7 @@ dashboard-manager:
|
|||||||
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
|
||||||
dashboard-managersearch:
|
dashboard-managersearch:
|
||||||
file.managed:
|
file.managed:
|
||||||
- name: /opt/so/conf/grafana/grafana_dashboards/managersearch/{{ SN }}-MasterSearch.json
|
- name: /opt/so/conf/grafana/grafana_dashboards/managersearch/{{ SN }}-ManagerSearch.json
|
||||||
- user: 939
|
- user: 939
|
||||||
- group: 939
|
- group: 939
|
||||||
- template: jinja
|
- template: jinja
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_o
|
|||||||
sed -i "s/FLEETPLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
|
sed -i "s/FLEETPLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
|
||||||
# {% endif %}
|
# {% endif %}
|
||||||
|
|
||||||
# SOCtopus and Master
|
# SOCtopus and Manager
|
||||||
sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
|
sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
|
||||||
|
|
||||||
# Load saved objects
|
# Load saved objects
|
||||||
|
|||||||
@@ -50,7 +50,7 @@ add_manager_hostfile() {
|
|||||||
echo "Checking if I can resolve manager. If not add to hosts file" >> "$setup_log" 2>&1
|
echo "Checking if I can resolve manager. If not add to hosts file" >> "$setup_log" 2>&1
|
||||||
# Pop up an input to get the IP address
|
# Pop up an input to get the IP address
|
||||||
MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \
|
MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \
|
||||||
"Enter your Master Server IP Address" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
|
"Enter your Manager Server IP Address" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
|
||||||
|
|
||||||
local exitstatus=$?
|
local exitstatus=$?
|
||||||
whiptail_check_exitstatus $exitstatus
|
whiptail_check_exitstatus $exitstatus
|
||||||
|
|||||||
@@ -422,7 +422,7 @@ whiptail_homenet_sensor() {
|
|||||||
[ -n "$TESTING" ] && return
|
[ -n "$TESTING" ] && return
|
||||||
|
|
||||||
# Ask to inherit from manager
|
# Ask to inherit from manager
|
||||||
whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Master?" 8 75
|
whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Manager?" 8 75
|
||||||
|
|
||||||
local exitstatus=$?
|
local exitstatus=$?
|
||||||
|
|
||||||
@@ -462,7 +462,7 @@ whiptail_install_type() {
|
|||||||
"MANAGER" "Start a new grid " ON \
|
"MANAGER" "Start a new grid " ON \
|
||||||
"SENSOR" "Create a forward only sensor " OFF \
|
"SENSOR" "Create a forward only sensor " OFF \
|
||||||
"SEARCHNODE" "Add a search node with parsing " OFF \
|
"SEARCHNODE" "Add a search node with parsing " OFF \
|
||||||
"MANAGERSEARCH" "Master + search node " OFF \
|
"MANAGERSEARCH" "Manager + search node " OFF \
|
||||||
"FLEET" "Dedicated Fleet Osquery Node " OFF \
|
"FLEET" "Dedicated Fleet Osquery Node " OFF \
|
||||||
"HEAVYNODE" "Sensor + Search Node " OFF \
|
"HEAVYNODE" "Sensor + Search Node " OFF \
|
||||||
3>&1 1>&2 2>&3
|
3>&1 1>&2 2>&3
|
||||||
@@ -600,7 +600,7 @@ whiptail_management_server() {
|
|||||||
[ -n "$TESTING" ] && return
|
[ -n "$TESTING" ] && return
|
||||||
|
|
||||||
MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
|
MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
|
||||||
"Enter your Master Server hostname. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
|
"Enter your Manager Server hostname. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
|
||||||
|
|
||||||
local exitstatus=$?
|
local exitstatus=$?
|
||||||
whiptail_check_exitstatus $exitstatus
|
whiptail_check_exitstatus $exitstatus
|
||||||
@@ -611,7 +611,7 @@ whiptail_management_server() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Ask if you want to do advanced setup of the Master
|
# Ask if you want to do advanced setup of the Manager
|
||||||
whiptail_manager_adv() {
|
whiptail_manager_adv() {
|
||||||
|
|
||||||
[ -n "$TESTING" ] && return
|
[ -n "$TESTING" ] && return
|
||||||
@@ -1105,7 +1105,7 @@ whiptail_manager_updates() {
|
|||||||
local update_string
|
local update_string
|
||||||
update_string=$(whiptail --title "Security Onion Setup" --radiolist \
|
update_string=$(whiptail --title "Security Onion Setup" --radiolist \
|
||||||
"How would you like to download OS package updates for your grid?:" 20 75 4 \
|
"How would you like to download OS package updates for your grid?:" 20 75 4 \
|
||||||
"MANAGER" "Master node is proxy for updates." ON \
|
"MANAGER" "Manager node is proxy for updates." ON \
|
||||||
"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
|
"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
|
||||||
local exitstatus=$?
|
local exitstatus=$?
|
||||||
whiptail_check_exitstatus $exitstatus
|
whiptail_check_exitstatus $exitstatus
|
||||||
@@ -1138,7 +1138,7 @@ whiptail_node_updates() {
|
|||||||
|
|
||||||
NODEUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
|
NODEUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
|
||||||
"How would you like to download OS package updates for your grid?:" 20 75 4 \
|
"How would you like to download OS package updates for your grid?:" 20 75 4 \
|
||||||
"MANAGER" "Master node is proxy for updates." ON \
|
"MANAGER" "Manager node is proxy for updates." ON \
|
||||||
"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
|
"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
|
||||||
|
|
||||||
local exitstatus=$?
|
local exitstatus=$?
|
||||||
|
|||||||
Reference in New Issue
Block a user