CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Elasticsearch defaults file and config.map.jinja to allow for local GeoIP database use when airgap is enabled

Browse Source
This commit is contained in:
Wes Lambert
2022-08-02 14:32:17 +00:00
parent 626a824cd6
commit 839cfcaefa
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/elasticsearch/config.map.jinja
View File

@@ -1,5 +1,6 @@
{% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %} {% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %}
{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %} {% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
{% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
{% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %} {% if not salt['pillar.get']('elasticsearch:auth:enabled', False) %}
{% do ESCONFIG.elasticsearch.config.xpack.security.authc.anonymous.update({'username': 'anonymous_user', 'roles': 'superuser', 'authz_exception': 'true'}) %} {% do ESCONFIG.elasticsearch.config.xpack.security.authc.anonymous.update({'username': 'anonymous_user', 'roles': 'superuser', 'authz_exception': 'true'}) %}
@@ -33,6 +34,10 @@
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if ISAIRGAP %}
{% do ESCONFIG.elasticsearch.config.ingest.geoip.downloader.update({'enabled': false}) %}
{% endif %}
{# merge with the elasticsearch pillar #} {# merge with the elasticsearch pillar #}
{% set ESCONFIG = salt['pillar.get']('elasticsearch:config', default=ESCONFIG.elasticsearch.config, merge=True) %} {% set ESCONFIG = salt['pillar.get']('elasticsearch:config', default=ESCONFIG.elasticsearch.config, merge=True) %}

4
salt/elasticsearch/defaults.yaml
View File

@@ -55,6 +55,10 @@ elasticsearch:
indices: indices:
id_field_data: id_field_data:
enabled: false enabled: false
ingest:
geoip:
downloader:
enabled: true
logger: logger:
org: org:
elasticsearch: elasticsearch: