CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #888 from Security-Onion-Solutions/feature/strelka_rules

Browse Source 
Feature/strelka rules
This commit is contained in:
weslambert
2020-06-24 13:28:52 -04:00
committed by GitHub
parent 8bd6c067aa f5bb831edf
commit 83ed21314a
5 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/strelka/init.sls
View File

@@ -15,6 +15,7 @@
{%- set MASTER = grains['master'] %} {%- set MASTER = grains['master'] %}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %} {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
{%- set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') -%}
# Strelka config # Strelka config
strelkaconfdir: strelkaconfdir:
@@ -32,6 +33,9 @@ strelkasync:
- user: 939 - user: 939
- group: 939 - group: 939
- template: jinja - template: jinja
{%- if STRELKA_RULES != 1 %}
- exclude_pat: rules/
{%- endif %}
strelkadatadir: strelkadatadir:
file.directory: file.directory:
@@ -87,7 +91,7 @@ strelka_backend:
- image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:{{ VERSION }} - image: {{ MASTER }}:5000/soshybridhunter/so-strelka-backend:{{ VERSION }}
- binds: - binds:
- /opt/so/conf/strelka/backend/:/etc/strelka/:ro - /opt/so/conf/strelka/backend/:/etc/strelka/:ro
- /opt/so/conf/strelka/backend/yara:/etc/yara/:ro - /opt/so/conf/strelka/rules/:/etc/yara/:ro
- name: so-strelka-backend - name: so-strelka-backend
- command: strelka-backend - command: strelka-backend
- restart_policy: on-failure - restart_policy: on-failure

2
salt/top.sls
View File

@@ -7,7 +7,7 @@
{%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%} {%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%}
{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%} {%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%} {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
{%- set STRELKA = salt['pillar.get']('static:strelka', '0') -%} {%- set STRELKA = salt['pillar.get']('strelka:enabled', '0') -%}
base: base:

4
setup/so-functions
View File

@@ -953,9 +953,11 @@ master_static() {
" fleet_hostname: N/A"\ " fleet_hostname: N/A"\
" fleet_ip: N/A"\ " fleet_ip: N/A"\
" sensoronikey: $SENSORONIKEY"\ " sensoronikey: $SENSORONIKEY"\
" strelka: $STRELKA"\
" wazuh: $WAZUH"\ " wazuh: $WAZUH"\
" masterupdate: $MASTERUPDATES"\ " masterupdate: $MASTERUPDATES"\
"strelka:"\
" enabled: $STRELKA"\
" rules: $STRELKARULES"\
"elastic:"\ "elastic:"\
" features: False" > "$static_pillar" " features: False" > "$static_pillar"

3
setup/so-setup
View File

@@ -255,6 +255,9 @@ fi
if [[ $is_master ]]; then if [[ $is_master ]]; then
whiptail_components_adv_warning whiptail_components_adv_warning
whiptail_enable_components whiptail_enable_components
if [[ $STRELKA == 1 ]]; then
whiptail_strelka_rules
fi
collect_webuser_inputs collect_webuser_inputs
get_redirect get_redirect
fi fi

19
setup/so-whiptail
View File

@@ -1028,6 +1028,25 @@ whiptail_shard_count() {
} }
whiptail_strelka_rules() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno "Do you want to enable the default YARA rules for Strelka?" 8 75
local exitstatus=$?
if [ $exitstatus == 0 ]; then
export STRELKARULES=1
else
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
export STRELKARULES
fi
}
whiptail_suricata_pins() { whiptail_suricata_pins() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return