From d2a7ef1e64db316c286c258010053029ed912919 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 23 Jan 2020 14:10:01 -0500 Subject: [PATCH 1/4] [fix] Misc script convention changes * Remove sudo from scripts that are already running as sudo * Also remove sudo from several so scripts and add sudo check * Remove .sh extension from user facing scripts * Remove superfluous # characters from so scripts * Rename scripts to follow so-{subject}-{verb} naming convention * Add shebangs where missing --- salt/auth/init.sls | 15 +++++-------- salt/bro/cron/zeek_clean | 1 + salt/common/tools/sbin/so-allow | 2 +- salt/common/tools/sbin/so-bro-restart | 7 +++++-- salt/common/tools/sbin/so-bro-start | 5 ++++- salt/common/tools/sbin/so-bro-stop | 5 ++++- salt/common/tools/sbin/so-checkin | 21 ++++++++++++++++++- salt/common/tools/sbin/so-cortex-restart | 2 +- salt/common/tools/sbin/so-cortex-start | 2 +- salt/common/tools/sbin/so-cortex-stop | 2 +- salt/common/tools/sbin/so-curator-restart | 2 +- salt/common/tools/sbin/so-curator-start | 2 +- salt/common/tools/sbin/so-curator-stop | 2 +- salt/common/tools/sbin/so-elastalert-create | 2 +- salt/common/tools/sbin/so-elastalert-restart | 2 +- salt/common/tools/sbin/so-elastalert-start | 2 +- salt/common/tools/sbin/so-elastalert-stop | 2 +- salt/common/tools/sbin/so-elastalert-test | 2 +- salt/common/tools/sbin/so-elastic-diagnose | 2 +- .../tools/sbin/so-elasticsearch-restart | 2 +- salt/common/tools/sbin/so-elasticsearch-start | 2 +- salt/common/tools/sbin/so-elasticsearch-stop | 2 +- salt/common/tools/sbin/so-filebeat-restart | 2 +- salt/common/tools/sbin/so-filebeat-start | 2 +- salt/common/tools/sbin/so-filebeat-stop | 2 +- salt/common/tools/sbin/so-fleet-restart | 2 +- salt/common/tools/sbin/so-fleet-start | 2 +- salt/common/tools/sbin/so-fleet-stop | 2 +- salt/common/tools/sbin/so-get-parsed | 1 - salt/common/tools/sbin/so-get-unparsed | 1 - salt/common/tools/sbin/so-grafana-restart | 2 +- salt/common/tools/sbin/so-grafana-start | 2 +- salt/common/tools/sbin/so-grafana-stop | 2 +- salt/common/tools/sbin/so-index-list | 18 ++++++++++++++++ salt/common/tools/sbin/so-kibana-restart | 2 +- salt/common/tools/sbin/so-kibana-start | 2 +- salt/common/tools/sbin/so-kibana-stop | 2 +- salt/common/tools/sbin/so-list-index | 1 - salt/common/tools/sbin/so-logstash-get-parsed | 20 ++++++++++++++++++ .../tools/sbin/so-logstash-get-unparsed | 20 ++++++++++++++++++ salt/common/tools/sbin/so-logstash-start | 2 +- salt/common/tools/sbin/so-logstash-stop | 2 +- salt/common/tools/sbin/so-mysql-restart | 2 +- salt/common/tools/sbin/so-mysql-start | 2 +- salt/common/tools/sbin/so-mysql-stop | 2 +- salt/common/tools/sbin/so-playbook-restart | 2 +- salt/common/tools/sbin/so-playbook-ruleupdate | 21 ++++++++++++++++++- salt/common/tools/sbin/so-playbook-start | 2 +- salt/common/tools/sbin/so-playbook-stop | 2 +- salt/common/tools/sbin/so-playbook-sync | 21 ++++++++++++++++++- salt/common/tools/sbin/so-redis-count | 21 ++++++++++++++++++- salt/common/tools/sbin/so-redis-restart | 2 +- salt/common/tools/sbin/so-redis-start | 2 +- salt/common/tools/sbin/so-redis-stop | 2 +- salt/common/tools/sbin/so-restart | 2 +- salt/common/tools/sbin/so-soctopus-restart | 2 +- salt/common/tools/sbin/so-soctopus-start | 2 +- salt/common/tools/sbin/so-soctopus-stop | 2 +- salt/common/tools/sbin/so-start | 2 +- salt/common/tools/sbin/so-stop | 2 +- salt/common/tools/sbin/so-tcpreplay | 2 +- salt/common/tools/sbin/so-tcpreplay-restart | 2 +- salt/common/tools/sbin/so-tcpreplay-start | 2 +- salt/common/tools/sbin/so-thehive-restart | 2 +- salt/common/tools/sbin/so-thehive-start | 2 +- salt/common/tools/sbin/so-thehive-stop | 2 +- salt/common/tools/sbin/so-zeek-restart | 2 +- salt/common/tools/sbin/so-zeek-start | 2 +- salt/common/tools/sbin/so-zeek-stop | 2 +- salt/fleet/so-fleet-setup.sh | 4 +++- ...-docker-download.sh => so-docker-download} | 2 +- salt/utility/bin/crossthestreams.sh | 2 +- salt/utility/bin/eval.sh | 2 +- ...load.sh => 00-so-checksum-offload-disable} | 0 setup/{functions.sh => so-functions} | 18 ++++++++-------- setup/{so-setup.sh => so-setup} | 4 ++-- setup/{whiptail.sh => so-whiptail} | 0 so-setup-network.sh => so-setup-network | 4 +++- updatemaster.sh => updatemaster | 0 79 files changed, 231 insertions(+), 91 deletions(-) delete mode 100644 salt/common/tools/sbin/so-get-parsed delete mode 100644 salt/common/tools/sbin/so-get-unparsed create mode 100644 salt/common/tools/sbin/so-index-list delete mode 100644 salt/common/tools/sbin/so-list-index create mode 100644 salt/common/tools/sbin/so-logstash-get-parsed create mode 100644 salt/common/tools/sbin/so-logstash-get-unparsed rename salt/master/files/registry/scripts/{so-docker-download.sh => so-docker-download} (98%) rename setup/install_scripts/{disable-checksum-offload.sh => 00-so-checksum-offload-disable} (100%) rename setup/{functions.sh => so-functions} (98%) rename setup/{so-setup.sh => so-setup} (99%) rename setup/{whiptail.sh => so-whiptail} (100%) rename so-setup-network.sh => so-setup-network (95%) rename updatemaster.sh => updatemaster (100%) diff --git a/salt/auth/init.sls b/salt/auth/init.sls index bed7d18d5..9718d9bb3 100644 --- a/salt/auth/init.sls +++ b/salt/auth/init.sls @@ -1,3 +1,6 @@ +{% set VERSION = salt['pillar.get']('static:soversion', '1.1.4') %} +{% set MASTER = salt['grains.get']('master') %} + so-auth-api-dir: file.directory: - name: /opt/so/conf/auth/api @@ -5,19 +8,11 @@ so-auth-api-dir: - group: 939 - makedirs: True -so-auth-api-image: - cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-api:HH1.1.4 - -so-auth-ui-image: - cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-ui:HH1.1.4 - so-auth-api: docker_container.running: - require: - so-auth-api-image - - image: docker.io/soshybridhunter/so-auth-api:HH1.1.4 + - image: {{ MASTER }}:5000/soshybridhunter/so-auth-api:HH{{ VERSION }} - hostname: so-auth-api - name: so-auth-api - environment: @@ -31,7 +26,7 @@ so-auth-ui: docker_container.running: - require: - so-auth-ui-image - - image: docker.io/soshybridhunter/so-auth-ui:HH1.1.4 + - image: {{ MASTER }}:5000/soshybridhunter/so-auth-ui:HH{{ VERSION }} - hostname: so-auth-ui - name: so-auth-ui - port_bindings: diff --git a/salt/bro/cron/zeek_clean b/salt/bro/cron/zeek_clean index af47611bc..24bbc218c 100644 --- a/salt/bro/cron/zeek_clean +++ b/salt/bro/cron/zeek_clean @@ -1,4 +1,5 @@ #!/bin/bash + # Delete Zeek Logs based on defined CRIT_DISK_USAGE value # Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow index c6b756cd1..68f3f37ce 100644 --- a/salt/common/tools/sbin/so-allow +++ b/salt/common/tools/sbin/so-allow @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-bro-restart b/salt/common/tools/sbin/so-bro-restart index 8161b7cb3..f71de5b91 100644 --- a/salt/common/tools/sbin/so-bro-restart +++ b/salt/common/tools/sbin/so-bro-restart @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -14,4 +14,7 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . -docker stop so-bro && sudo docker rm so-bro && salt-call state.apply bro + +. /usr/sbin/so-common + +docker stop so-bro && docker rm so-bro && salt-call state.apply bro diff --git a/salt/common/tools/sbin/so-bro-start b/salt/common/tools/sbin/so-bro-start index 87a47febe..3240b86e9 100644 --- a/salt/common/tools/sbin/so-bro-start +++ b/salt/common/tools/sbin/so-bro-start @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -14,4 +14,7 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . + +. /usr/sbin/so-common + docker rm so-bro && salt-call state.apply bro diff --git a/salt/common/tools/sbin/so-bro-stop b/salt/common/tools/sbin/so-bro-stop index 62bc2e1b1..8cfdddc3c 100644 --- a/salt/common/tools/sbin/so-bro-stop +++ b/salt/common/tools/sbin/so-bro-stop @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -14,4 +14,7 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . + +. /usr/sbin/so-common + docker stop so-bro diff --git a/salt/common/tools/sbin/so-checkin b/salt/common/tools/sbin/so-checkin index 8ad0326db..419d0a203 100644 --- a/salt/common/tools/sbin/so-checkin +++ b/salt/common/tools/sbin/so-checkin @@ -1 +1,20 @@ -sudo salt-call state.highstate +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +salt-call state.highstate diff --git a/salt/common/tools/sbin/so-cortex-restart b/salt/common/tools/sbin/so-cortex-restart index aab452475..ef0e3e4fe 100644 --- a/salt/common/tools/sbin/so-cortex-restart +++ b/salt/common/tools/sbin/so-cortex-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-cortex-start b/salt/common/tools/sbin/so-cortex-start index db383e2e8..a08969cab 100644 --- a/salt/common/tools/sbin/so-cortex-start +++ b/salt/common/tools/sbin/so-cortex-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-cortex-stop b/salt/common/tools/sbin/so-cortex-stop index 727b2c7fa..a13d1e2e3 100644 --- a/salt/common/tools/sbin/so-cortex-stop +++ b/salt/common/tools/sbin/so-cortex-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-curator-restart b/salt/common/tools/sbin/so-curator-restart index 043f04b7d..6babd0bba 100644 --- a/salt/common/tools/sbin/so-curator-restart +++ b/salt/common/tools/sbin/so-curator-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-curator-start b/salt/common/tools/sbin/so-curator-start index 676da0d2e..308171f66 100644 --- a/salt/common/tools/sbin/so-curator-start +++ b/salt/common/tools/sbin/so-curator-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-curator-stop b/salt/common/tools/sbin/so-curator-stop index 9aab50c8c..f815868ee 100644 --- a/salt/common/tools/sbin/so-curator-stop +++ b/salt/common/tools/sbin/so-curator-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-elastalert-create b/salt/common/tools/sbin/so-elastalert-create index 2134bc8f9..fbe9527a7 100644 --- a/salt/common/tools/sbin/so-elastalert-create +++ b/salt/common/tools/sbin/so-elastalert-create @@ -1,5 +1,5 @@ #!/bin/bash -# + # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or diff --git a/salt/common/tools/sbin/so-elastalert-restart b/salt/common/tools/sbin/so-elastalert-restart index 46e66ec40..861820037 100644 --- a/salt/common/tools/sbin/so-elastalert-restart +++ b/salt/common/tools/sbin/so-elastalert-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-elastalert-start b/salt/common/tools/sbin/so-elastalert-start index 7101eec15..b731fcf6f 100644 --- a/salt/common/tools/sbin/so-elastalert-start +++ b/salt/common/tools/sbin/so-elastalert-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-elastalert-stop b/salt/common/tools/sbin/so-elastalert-stop index 731312e8c..900c8ec26 100644 --- a/salt/common/tools/sbin/so-elastalert-stop +++ b/salt/common/tools/sbin/so-elastalert-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-elastalert-test b/salt/common/tools/sbin/so-elastalert-test index 575865bd0..e72d928ed 100644 --- a/salt/common/tools/sbin/so-elastalert-test +++ b/salt/common/tools/sbin/so-elastalert-test @@ -1,5 +1,5 @@ #!/bin/bash -# + # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or diff --git a/salt/common/tools/sbin/so-elastic-diagnose b/salt/common/tools/sbin/so-elastic-diagnose index 0a8acc0ae..367a145db 100644 --- a/salt/common/tools/sbin/so-elastic-diagnose +++ b/salt/common/tools/sbin/so-elastic-diagnose @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-elasticsearch-restart b/salt/common/tools/sbin/so-elasticsearch-restart index e13a89ba8..42cf8ec40 100644 --- a/salt/common/tools/sbin/so-elasticsearch-restart +++ b/salt/common/tools/sbin/so-elasticsearch-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-elasticsearch-start b/salt/common/tools/sbin/so-elasticsearch-start index 76a3baac6..7373c354c 100644 --- a/salt/common/tools/sbin/so-elasticsearch-start +++ b/salt/common/tools/sbin/so-elasticsearch-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-elasticsearch-stop b/salt/common/tools/sbin/so-elasticsearch-stop index 9d03a64ae..6ec2acb13 100644 --- a/salt/common/tools/sbin/so-elasticsearch-stop +++ b/salt/common/tools/sbin/so-elasticsearch-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-filebeat-restart b/salt/common/tools/sbin/so-filebeat-restart index d9cdeeec8..04f0a3bea 100644 --- a/salt/common/tools/sbin/so-filebeat-restart +++ b/salt/common/tools/sbin/so-filebeat-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-filebeat-start b/salt/common/tools/sbin/so-filebeat-start index e15c2e5e9..e9f36fcf0 100644 --- a/salt/common/tools/sbin/so-filebeat-start +++ b/salt/common/tools/sbin/so-filebeat-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-filebeat-stop b/salt/common/tools/sbin/so-filebeat-stop index 7a5e2f28e..4b7df4e41 100644 --- a/salt/common/tools/sbin/so-filebeat-stop +++ b/salt/common/tools/sbin/so-filebeat-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-fleet-restart b/salt/common/tools/sbin/so-fleet-restart index 264e9f8a7..2dfbdc3dd 100644 --- a/salt/common/tools/sbin/so-fleet-restart +++ b/salt/common/tools/sbin/so-fleet-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-fleet-start b/salt/common/tools/sbin/so-fleet-start index 06133ef58..d26d01cc9 100644 --- a/salt/common/tools/sbin/so-fleet-start +++ b/salt/common/tools/sbin/so-fleet-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-fleet-stop b/salt/common/tools/sbin/so-fleet-stop index d22df4704..94634633b 100644 --- a/salt/common/tools/sbin/so-fleet-stop +++ b/salt/common/tools/sbin/so-fleet-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-get-parsed b/salt/common/tools/sbin/so-get-parsed deleted file mode 100644 index 5b299e494..000000000 --- a/salt/common/tools/sbin/so-get-parsed +++ /dev/null @@ -1 +0,0 @@ -sudo docker exec -it so-redis redis-cli llen logstash:unparsed diff --git a/salt/common/tools/sbin/so-get-unparsed b/salt/common/tools/sbin/so-get-unparsed deleted file mode 100644 index 5b299e494..000000000 --- a/salt/common/tools/sbin/so-get-unparsed +++ /dev/null @@ -1 +0,0 @@ -sudo docker exec -it so-redis redis-cli llen logstash:unparsed diff --git a/salt/common/tools/sbin/so-grafana-restart b/salt/common/tools/sbin/so-grafana-restart index 52ebbacda..b0af550a4 100644 --- a/salt/common/tools/sbin/so-grafana-restart +++ b/salt/common/tools/sbin/so-grafana-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-grafana-start b/salt/common/tools/sbin/so-grafana-start index 660d1d31b..64b9cb3bf 100644 --- a/salt/common/tools/sbin/so-grafana-start +++ b/salt/common/tools/sbin/so-grafana-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-grafana-stop b/salt/common/tools/sbin/so-grafana-stop index bb0a19545..0f1a70f08 100644 --- a/salt/common/tools/sbin/so-grafana-stop +++ b/salt/common/tools/sbin/so-grafana-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-index-list b/salt/common/tools/sbin/so-index-list new file mode 100644 index 000000000..d241d444d --- /dev/null +++ b/salt/common/tools/sbin/so-index-list @@ -0,0 +1,18 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +curl -X GET "localhost:9200/_cat/indices?v" diff --git a/salt/common/tools/sbin/so-kibana-restart b/salt/common/tools/sbin/so-kibana-restart index 0349348cb..d2c5dbaf9 100644 --- a/salt/common/tools/sbin/so-kibana-restart +++ b/salt/common/tools/sbin/so-kibana-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-kibana-start b/salt/common/tools/sbin/so-kibana-start index edf7ec61f..032b18901 100644 --- a/salt/common/tools/sbin/so-kibana-start +++ b/salt/common/tools/sbin/so-kibana-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-kibana-stop b/salt/common/tools/sbin/so-kibana-stop index 007ee54d4..31a64f3b2 100644 --- a/salt/common/tools/sbin/so-kibana-stop +++ b/salt/common/tools/sbin/so-kibana-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-list-index b/salt/common/tools/sbin/so-list-index deleted file mode 100644 index fda5eeb2e..000000000 --- a/salt/common/tools/sbin/so-list-index +++ /dev/null @@ -1 +0,0 @@ -curl -X GET "localhost:9200/_cat/indices?v" diff --git a/salt/common/tools/sbin/so-logstash-get-parsed b/salt/common/tools/sbin/so-logstash-get-parsed new file mode 100644 index 000000000..5560539c8 --- /dev/null +++ b/salt/common/tools/sbin/so-logstash-get-parsed @@ -0,0 +1,20 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +docker exec -it so-redis redis-cli llen logstash:unparsed diff --git a/salt/common/tools/sbin/so-logstash-get-unparsed b/salt/common/tools/sbin/so-logstash-get-unparsed new file mode 100644 index 000000000..5560539c8 --- /dev/null +++ b/salt/common/tools/sbin/so-logstash-get-unparsed @@ -0,0 +1,20 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +docker exec -it so-redis redis-cli llen logstash:unparsed diff --git a/salt/common/tools/sbin/so-logstash-start b/salt/common/tools/sbin/so-logstash-start index cd2e168f4..82331196f 100644 --- a/salt/common/tools/sbin/so-logstash-start +++ b/salt/common/tools/sbin/so-logstash-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-logstash-stop b/salt/common/tools/sbin/so-logstash-stop index 528216ca3..e95083b01 100644 --- a/salt/common/tools/sbin/so-logstash-stop +++ b/salt/common/tools/sbin/so-logstash-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-mysql-restart b/salt/common/tools/sbin/so-mysql-restart index 1fcb885a4..b29a2e0ae 100644 --- a/salt/common/tools/sbin/so-mysql-restart +++ b/salt/common/tools/sbin/so-mysql-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-mysql-start b/salt/common/tools/sbin/so-mysql-start index 1a02b7658..e056f7a37 100644 --- a/salt/common/tools/sbin/so-mysql-start +++ b/salt/common/tools/sbin/so-mysql-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-mysql-stop b/salt/common/tools/sbin/so-mysql-stop index 998a48ac0..7393a00a1 100644 --- a/salt/common/tools/sbin/so-mysql-stop +++ b/salt/common/tools/sbin/so-mysql-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-playbook-restart b/salt/common/tools/sbin/so-playbook-restart index f05222eae..8a246c0db 100644 --- a/salt/common/tools/sbin/so-playbook-restart +++ b/salt/common/tools/sbin/so-playbook-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-playbook-ruleupdate b/salt/common/tools/sbin/so-playbook-ruleupdate index 6e2d16f5d..b29b63cf5 100644 --- a/salt/common/tools/sbin/so-playbook-ruleupdate +++ b/salt/common/tools/sbin/so-playbook-ruleupdate @@ -1 +1,20 @@ -sudo docker exec so-soctopus python3 playbook_bulk-update.py +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +docker exec so-soctopus python3 playbook_bulk-update.py diff --git a/salt/common/tools/sbin/so-playbook-start b/salt/common/tools/sbin/so-playbook-start index 34ddf18aa..fb5df55f1 100644 --- a/salt/common/tools/sbin/so-playbook-start +++ b/salt/common/tools/sbin/so-playbook-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-playbook-stop b/salt/common/tools/sbin/so-playbook-stop index a1ebd7503..d0a84bab1 100644 --- a/salt/common/tools/sbin/so-playbook-stop +++ b/salt/common/tools/sbin/so-playbook-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-playbook-sync b/salt/common/tools/sbin/so-playbook-sync index 3fc13c199..f4c2c456e 100644 --- a/salt/common/tools/sbin/so-playbook-sync +++ b/salt/common/tools/sbin/so-playbook-sync @@ -1 +1,20 @@ -sudo docker exec so-soctopus python3 playbook_play-sync.py +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +docker exec so-soctopus python3 playbook_play-sync.py diff --git a/salt/common/tools/sbin/so-redis-count b/salt/common/tools/sbin/so-redis-count index 5b299e494..5560539c8 100644 --- a/salt/common/tools/sbin/so-redis-count +++ b/salt/common/tools/sbin/so-redis-count @@ -1 +1,20 @@ -sudo docker exec -it so-redis redis-cli llen logstash:unparsed +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +docker exec -it so-redis redis-cli llen logstash:unparsed diff --git a/salt/common/tools/sbin/so-redis-restart b/salt/common/tools/sbin/so-redis-restart index b1e1293b8..e2ec4c2d2 100644 --- a/salt/common/tools/sbin/so-redis-restart +++ b/salt/common/tools/sbin/so-redis-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-redis-start b/salt/common/tools/sbin/so-redis-start index 3ef2d3c01..f64600b05 100644 --- a/salt/common/tools/sbin/so-redis-start +++ b/salt/common/tools/sbin/so-redis-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-redis-stop b/salt/common/tools/sbin/so-redis-stop index 34577814c..ac3d2d106 100644 --- a/salt/common/tools/sbin/so-redis-stop +++ b/salt/common/tools/sbin/so-redis-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-restart b/salt/common/tools/sbin/so-restart index 968b7233a..94137ddb4 100644 --- a/salt/common/tools/sbin/so-restart +++ b/salt/common/tools/sbin/so-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-soctopus-restart b/salt/common/tools/sbin/so-soctopus-restart index 144ddbf3e..3d8f67893 100644 --- a/salt/common/tools/sbin/so-soctopus-restart +++ b/salt/common/tools/sbin/so-soctopus-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-soctopus-start b/salt/common/tools/sbin/so-soctopus-start index e0d2a2a35..db0a33302 100644 --- a/salt/common/tools/sbin/so-soctopus-start +++ b/salt/common/tools/sbin/so-soctopus-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-soctopus-stop b/salt/common/tools/sbin/so-soctopus-stop index f38eecc08..3747d6e34 100644 --- a/salt/common/tools/sbin/so-soctopus-stop +++ b/salt/common/tools/sbin/so-soctopus-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-start b/salt/common/tools/sbin/so-start index 70b8d6aed..f5e861818 100644 --- a/salt/common/tools/sbin/so-start +++ b/salt/common/tools/sbin/so-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-stop b/salt/common/tools/sbin/so-stop index 108424bb9..64d0a4298 100644 --- a/salt/common/tools/sbin/so-stop +++ b/salt/common/tools/sbin/so-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-tcpreplay b/salt/common/tools/sbin/so-tcpreplay index 69cee2f68..4b861890a 100755 --- a/salt/common/tools/sbin/so-tcpreplay +++ b/salt/common/tools/sbin/so-tcpreplay @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-tcpreplay-restart b/salt/common/tools/sbin/so-tcpreplay-restart index 61e9016d0..1a1ac971b 100755 --- a/salt/common/tools/sbin/so-tcpreplay-restart +++ b/salt/common/tools/sbin/so-tcpreplay-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-tcpreplay-start b/salt/common/tools/sbin/so-tcpreplay-start index e6886b80c..287404b96 100755 --- a/salt/common/tools/sbin/so-tcpreplay-start +++ b/salt/common/tools/sbin/so-tcpreplay-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-thehive-restart b/salt/common/tools/sbin/so-thehive-restart index 4b28c0030..08cd8318e 100644 --- a/salt/common/tools/sbin/so-thehive-restart +++ b/salt/common/tools/sbin/so-thehive-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-thehive-start b/salt/common/tools/sbin/so-thehive-start index 17ec7bfaa..92fe88bb5 100644 --- a/salt/common/tools/sbin/so-thehive-start +++ b/salt/common/tools/sbin/so-thehive-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-thehive-stop b/salt/common/tools/sbin/so-thehive-stop index 6c56e0473..b326f699c 100644 --- a/salt/common/tools/sbin/so-thehive-stop +++ b/salt/common/tools/sbin/so-thehive-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-zeek-restart b/salt/common/tools/sbin/so-zeek-restart index 29c50f27a..fae36d8f9 100644 --- a/salt/common/tools/sbin/so-zeek-restart +++ b/salt/common/tools/sbin/so-zeek-restart @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-zeek-start b/salt/common/tools/sbin/so-zeek-start index ccd475bb6..595fdb24b 100644 --- a/salt/common/tools/sbin/so-zeek-start +++ b/salt/common/tools/sbin/so-zeek-start @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/common/tools/sbin/so-zeek-stop b/salt/common/tools/sbin/so-zeek-stop index 1e39a2c49..1b995e854 100644 --- a/salt/common/tools/sbin/so-zeek-stop +++ b/salt/common/tools/sbin/so-zeek-stop @@ -1,5 +1,5 @@ #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify diff --git a/salt/fleet/so-fleet-setup.sh b/salt/fleet/so-fleet-setup.sh index 32bbddbe7..cd082ff03 100644 --- a/salt/fleet/so-fleet-setup.sh +++ b/salt/fleet/so-fleet-setup.sh @@ -1,3 +1,5 @@ +#!/bin/bash + #so-fleet-setup.sh $MasterIP $FleetEmail if [ ! "$(docker ps -q -f name=so-fleet)" ]; then @@ -16,7 +18,7 @@ docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/o docker exec so-fleet fleetctl apply -f /packs/hh/hhdefault.yml docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/packs/*.yaml; do fleetctl apply -f "$pack"; done' -esecret=$(sudo docker exec so-fleet fleetctl get enroll-secret) +esecret=$(docker exec so-fleet fleetctl get enroll-secret) #Concat fleet.crt & ca.crt - this is required for launcher connectivity cat /etc/pki/fleet.crt /etc/pki/ca.crt > /etc/pki/launcher.crt diff --git a/salt/master/files/registry/scripts/so-docker-download.sh b/salt/master/files/registry/scripts/so-docker-download similarity index 98% rename from salt/master/files/registry/scripts/so-docker-download.sh rename to salt/master/files/registry/scripts/so-docker-download index 33b5065ae..a6c2aa7c5 100644 --- a/salt/master/files/registry/scripts/so-docker-download.sh +++ b/salt/master/files/registry/scripts/so-docker-download @@ -1,7 +1,7 @@ #!/bin/bash MASTER={{ MASTER }} -VERSION="HH1.1.3" +VERSION="HH1.1.4" TRUSTED_CONTAINERS=( \ "so-core:$VERSION" \ "so-cyberchef:$VERSION" \ diff --git a/salt/utility/bin/crossthestreams.sh b/salt/utility/bin/crossthestreams.sh index 197573bcf..f838d041c 100644 --- a/salt/utility/bin/crossthestreams.sh +++ b/salt/utility/bin/crossthestreams.sh @@ -18,7 +18,7 @@ while [[ "$COUNT" -le 30 ]]; do done if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then echo - echo -e "Connection attempt timed out. Unable to connect to ElasticSearch. \nPlease try: \n -checking log(s) in /var/log/elasticsearch/\n -running 'sudo docker ps' \n -running 'sudo so-elastic-restart'" + echo -e "Connection attempt timed out. Unable to connect to ElasticSearch. \nPlease try: \n -checking log(s) in /var/log/elasticsearch/\n -running 'docker ps' \n -running 'sudo so-elastic-restart'" echo exit diff --git a/salt/utility/bin/eval.sh b/salt/utility/bin/eval.sh index 03eceef56..636cc23ae 100644 --- a/salt/utility/bin/eval.sh +++ b/salt/utility/bin/eval.sh @@ -17,7 +17,7 @@ while [[ "$COUNT" -le 30 ]]; do done if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then echo - echo -e "Connection attempt timed out. Unable to connect to ElasticSearch. \nPlease try: \n -checking log(s) in /var/log/elasticsearch/\n -running 'sudo docker ps' \n -running 'sudo so-elastic-restart'" + echo -e "Connection attempt timed out. Unable to connect to ElasticSearch. \nPlease try: \n -checking log(s) in /var/log/elasticsearch/\n -running 'docker ps' \n -running 'sudo so-elastic-restart'" echo exit diff --git a/setup/install_scripts/disable-checksum-offload.sh b/setup/install_scripts/00-so-checksum-offload-disable similarity index 100% rename from setup/install_scripts/disable-checksum-offload.sh rename to setup/install_scripts/00-so-checksum-offload-disable diff --git a/setup/functions.sh b/setup/so-functions similarity index 98% rename from setup/functions.sh rename to setup/so-functions index 3629cda64..abdc869a5 100644 --- a/setup/functions.sh +++ b/setup/so-functions @@ -16,7 +16,7 @@ # along with this program. If not, see . SCRIPTDIR=$(dirname "$0") -source $SCRIPTDIR/whiptail.sh +source $SCRIPTDIR/so-whiptail accept_salt_key_local() { echo "Accept the key locally on the master" >> $SETUPLOG 2>&1 @@ -757,11 +757,11 @@ network_setup() { echo "... Setting ONBOOT for management interface" >> $SETUPLOG 2>&1 nmcli con mod $MAININT connection.autoconnect "yes" >> $SETUPLOG 2>&1 - echo "... Copying disable-checksum-offload.sh" >> $SETUPLOG 2>&1 - cp $SCRIPTDIR/install_scripts/disable-checksum-offload.sh /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh >> $SETUPLOG 2>&1 + echo "... Copying 00-so-checksum-offload-disable" >> $SETUPLOG 2>&1 + cp $SCRIPTDIR/install_scripts/00-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/00-so-checksum-offload-disable >> $SETUPLOG 2>&1 - echo "... Modifying disable-checksum-offload.sh" >> $SETUPLOG 2>&1 - sed -i "s/\$MAININT/${MAININT}/g" /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh >> $SETUPLOG 2>&1 + echo "... Modifying 00-so-checksum-offload-disable" >> $SETUPLOG 2>&1 + sed -i "s/\$MAININT/${MAININT}/g" /etc/NetworkManager/dispatcher.d/00-so-checksum-offload-disable >> $SETUPLOG 2>&1 } node_pillar() { @@ -1107,7 +1107,7 @@ salt_checkin() { service salt-minion restart >> $SETUPLOG 2>&1 sleep 15 echo " Applyng a mine hack " - sudo salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt >> $SETUPLOG 2>&1 + salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt >> $SETUPLOG 2>&1 echo " Applying SSL state " salt-call state.apply ssl >> $SETUPLOG 2>&1 echo "Still Working... Hang in there" @@ -1351,9 +1351,9 @@ update_sudoers() { if ! grep -qE '^socore\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers; then # Update Sudoers so that socore can accept keys without a password - echo "socore ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | sudo tee -a /etc/sudoers - echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | sudo tee -a /etc/sudoers - echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | sudo tee -a /etc/sudoers + echo "socore ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers + echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers + echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers else echo "User socore already granted sudo privileges" fi diff --git a/setup/so-setup.sh b/setup/so-setup similarity index 99% rename from setup/so-setup.sh rename to setup/so-setup index 5e5331d64..be34999b3 100644 --- a/setup/so-setup.sh +++ b/setup/so-setup @@ -17,8 +17,8 @@ # Source the other pieces of the setup SCRIPTDIR=$(dirname "$0") -source $SCRIPTDIR/functions.sh -source $SCRIPTDIR/whiptail.sh +source $SCRIPTDIR/so-functions +source $SCRIPTDIR/so-whiptail # See if this is an ISO install OPTIONS=$1 diff --git a/setup/whiptail.sh b/setup/so-whiptail similarity index 100% rename from setup/whiptail.sh rename to setup/so-whiptail diff --git a/so-setup-network.sh b/so-setup-network similarity index 95% rename from so-setup-network.sh rename to so-setup-network index d12ad6181..a24fc76f5 100644 --- a/so-setup-network.sh +++ b/so-setup-network @@ -15,4 +15,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -cd setup && bash so-setup.sh network +cd setup + +./so-setup network diff --git a/updatemaster.sh b/updatemaster similarity index 100% rename from updatemaster.sh rename to updatemaster From 4a288a0d63f74e26a43e644fcf7ec7f6245d01f6 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 23 Jan 2020 15:06:40 -0500 Subject: [PATCH 2/4] [fix] Further .sh extension removal * Remove more .sh extensions * Edit jinja markup to prevent whitespace trimming --- salt/auth/init.sls | 4 ---- salt/hive/init.sls | 4 ++-- salt/hive/thehive/scripts/{cortex_init.sh => cortex_init} | 2 +- salt/hive/thehive/scripts/{hive_init.sh => hive_init} | 2 +- salt/utility/bin/{crossthestreams.sh => crossthestream} | 4 +++- salt/utility/bin/{eval.sh => eval} | 4 +++- salt/utility/init.sls | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) rename salt/hive/thehive/scripts/{cortex_init.sh => cortex_init} (98%) rename salt/hive/thehive/scripts/{hive_init.sh => hive_init} (97%) rename salt/utility/bin/{crossthestreams.sh => crossthestream} (95%) rename salt/utility/bin/{eval.sh => eval} (93%) diff --git a/salt/auth/init.sls b/salt/auth/init.sls index 9718d9bb3..c59a70ba0 100644 --- a/salt/auth/init.sls +++ b/salt/auth/init.sls @@ -10,8 +10,6 @@ so-auth-api-dir: so-auth-api: docker_container.running: - - require: - - so-auth-api-image - image: {{ MASTER }}:5000/soshybridhunter/so-auth-api:HH{{ VERSION }} - hostname: so-auth-api - name: so-auth-api @@ -24,8 +22,6 @@ so-auth-api: so-auth-ui: docker_container.running: - - require: - - so-auth-ui-image - image: {{ MASTER }}:5000/soshybridhunter/so-auth-ui:HH{{ VERSION }} - hostname: so-auth-ui - name: so-auth-ui diff --git a/salt/hive/init.sls b/salt/hive/init.sls index fca060528..fdabcbb34 100644 --- a/salt/hive/init.sls +++ b/salt/hive/init.sls @@ -98,7 +98,7 @@ so-cortex: cortexscript: cmd.script: - - source: salt://hive/thehive/scripts/cortex_init.sh + - source: salt://hive/thehive/scripts/cortex_init - cwd: /opt/so - template: jinja @@ -119,6 +119,6 @@ so-thehive: hivescript: cmd.script: - - source: salt://hive/thehive/scripts/hive_init.sh + - source: salt://hive/thehive/scripts/hive_init - cwd: /opt/so - template: jinja diff --git a/salt/hive/thehive/scripts/cortex_init.sh b/salt/hive/thehive/scripts/cortex_init similarity index 98% rename from salt/hive/thehive/scripts/cortex_init.sh rename to salt/hive/thehive/scripts/cortex_init index 506b14be5..786039bf1 100644 --- a/salt/hive/thehive/scripts/cortex_init.sh +++ b/salt/hive/thehive/scripts/cortex_init @@ -1,5 +1,5 @@ #!/bin/bash -{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %} +{% set MASTERIP = salt['pillar.get']('static:masterip', '') %} {%- set CORTEXUSER = salt['pillar.get']('static:cortexuser', '') %} {%- set CORTEXPASSWORD = salt['pillar.get']('static:cortexpassword', '') %} {%- set CORTEXKEY = salt['pillar.get']('static:cortexkey', '') %} diff --git a/salt/hive/thehive/scripts/hive_init.sh b/salt/hive/thehive/scripts/hive_init similarity index 97% rename from salt/hive/thehive/scripts/hive_init.sh rename to salt/hive/thehive/scripts/hive_init index 6c5168a66..03b43e74f 100755 --- a/salt/hive/thehive/scripts/hive_init.sh +++ b/salt/hive/thehive/scripts/hive_init @@ -1,5 +1,5 @@ #!/bin/bash -{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %} +{% set MASTERIP = salt['pillar.get']('static:masterip', '') %} {%- set HIVEUSER = salt['pillar.get']('static:hiveuser', '') %} {%- set HIVEPASSWORD = salt['pillar.get']('static:hivepassword', '') %} {%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %} diff --git a/salt/utility/bin/crossthestreams.sh b/salt/utility/bin/crossthestream similarity index 95% rename from salt/utility/bin/crossthestreams.sh rename to salt/utility/bin/crossthestream index f838d041c..c8768230e 100644 --- a/salt/utility/bin/crossthestreams.sh +++ b/salt/utility/bin/crossthestream @@ -1,5 +1,7 @@ -{%- set ES = salt['pillar.get']('master:mainip', '') -%} +#!/bin/bash +{% set ES = salt['pillar.get']('master:mainip', '') %} {%- set MASTER = grains['master'] %} + # Wait for ElasticSearch to come up, so that we can query for version infromation echo -n "Waiting for ElasticSearch..." COUNT=0 diff --git a/salt/utility/bin/eval.sh b/salt/utility/bin/eval similarity index 93% rename from salt/utility/bin/eval.sh rename to salt/utility/bin/eval index 636cc23ae..853693044 100644 --- a/salt/utility/bin/eval.sh +++ b/salt/utility/bin/eval @@ -1,4 +1,6 @@ -{%- set ES = salt['pillar.get']('master:mainip', '') -%} +#!/bin/bash +{% set ES = salt['pillar.get']('master:mainip', '') %} + # Wait for ElasticSearch to come up, so that we can query for version infromation echo -n "Waiting for ElasticSearch..." COUNT=0 diff --git a/salt/utility/init.sls b/salt/utility/init.sls index ca8a8ef72..adbc9e73b 100644 --- a/salt/utility/init.sls +++ b/salt/utility/init.sls @@ -6,7 +6,7 @@ crossclusterson: - shell: /bin/bash - cwd: /opt/so - runas: socore - - source: salt://utility/bin/crossthestreams.sh + - source: salt://utility/bin/crossthestreams - template: jinja {% endif %} @@ -16,6 +16,6 @@ fixsearch: - shell: /bin/bash - cwd: /opt/so - runas: socore - - source: salt://utility/bin/eval.sh + - source: salt://utility/bin/eval - template: jinja {% endif %} From f22e5eb649eda4b7992a2e37f9239cb94fdf3ad7 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 27 Jan 2020 15:18:26 -0500 Subject: [PATCH 3/4] Fix for install error --- salt/wazuh/files/wazuh-manager-whitelist | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/wazuh/files/wazuh-manager-whitelist b/salt/wazuh/files/wazuh-manager-whitelist index 0cf675f5c..b8612f820 100644 --- a/salt/wazuh/files/wazuh-manager-whitelist +++ b/salt/wazuh/files/wazuh-manager-whitelist @@ -1,6 +1,6 @@ {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %} #!/bin/bash -# + # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # # This program is free software: you can redistribute it and/or modify @@ -27,7 +27,7 @@ if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then echo "Added whitelist entry for {{ MASTERIP }} in $WAZUH_MGR_CFG." echo echo "Restarting OSSEC Server..." - /usr/sbin/so-wazuh-restart + # /usr/sbin/so-wazuh-restart fi fi From c1dd26d97efb0c7d53e32d9427896aef3260c719 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 5 Feb 2020 08:12:08 -0500 Subject: [PATCH 4/4] Logstash EVAL pipeline fix - osquery --- .../conf/pipelines/eval/0800_input_eval.conf | 1 + .../eval/templates/9100_output_osquery.conf | 21 +++++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/salt/logstash/conf/pipelines/eval/0800_input_eval.conf b/salt/logstash/conf/pipelines/eval/0800_input_eval.conf index e0f2e132e..d3fd00029 100644 --- a/salt/logstash/conf/pipelines/eval/0800_input_eval.conf +++ b/salt/logstash/conf/pipelines/eval/0800_input_eval.conf @@ -188,6 +188,7 @@ input { file { path => "/osquery/logs/result.log" type => "osquery" + tags => ["osquery"] } file { path => "/strelka/strelka.log" diff --git a/salt/logstash/conf/pipelines/eval/templates/9100_output_osquery.conf b/salt/logstash/conf/pipelines/eval/templates/9100_output_osquery.conf index e95119562..132f0eb66 100644 --- a/salt/logstash/conf/pipelines/eval/templates/9100_output_osquery.conf +++ b/salt/logstash/conf/pipelines/eval/templates/9100_output_osquery.conf @@ -3,11 +3,24 @@ {%- else %} {%- set ES = salt['pillar.get']('node:mainip', '') -%} {%- endif %} -# Author: Josh Brower -# Last Update: 12/29/2018 -# Output to ES for osquery tagged logs +# Author: Security Onion Solutions +# Last Update: 2/3/2020 +# Output to ES for osquery tagged logs - EVAL install +filter { + if "osquery" in [tags] { + mutate { + rename => { "host" => "beat_host" } + remove_tag => ["beat"] + } + json { + source => "message" + target => "osquery" + } + } +} + output { if "osquery" in [tags] { elasticsearch { @@ -16,4 +29,4 @@ output { template => "/logstash-template.json" } } -} \ No newline at end of file +}