mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #10274 from Security-Onion-Solutions/ui/firewall
UI/firewall
This commit is contained in:
Josh Patterson
GitHub
@@ -6,6 +6,8 @@ base:
|
||||
- logrotate
|
||||
- docker.soc_docker
|
||||
- docker.adv_docker
|
||||
- firewall.soc_firewall
|
||||
- firewall.adv_firewall
|
||||
- sensoroni.soc_sensoroni
|
||||
- sensoroni.adv_sensoroni
|
||||
- telegraf.soc_telegraf
|
||||
@@ -68,8 +70,6 @@ base:
|
||||
- elasticsearch.adv_elasticsearch
|
||||
- backup.soc_backup
|
||||
- backup.adv_backup
|
||||
- firewall.soc_firewall
|
||||
- firewall.adv_firewall
|
||||
- minions.{{ grains.id }}
|
||||
- minions.adv_{{ grains.id }}
|
||||
|
||||
@@ -108,8 +108,6 @@ base:
|
||||
- influxdb.adv_influxdb
|
||||
- backup.soc_backup
|
||||
- backup.adv_backup
|
||||
- firewall.soc_firewall
|
||||
- firewall.adv_firewall
|
||||
- minions.{{ grains.id }}
|
||||
- minions.adv_{{ grains.id }}
|
||||
|
||||
@@ -145,8 +143,6 @@ base:
|
||||
- soc.soc_soc
|
||||
- backup.soc_backup
|
||||
- backup.adv_backup
|
||||
- firewall.soc_firewall
|
||||
- firewall.adv_firewall
|
||||
- minions.{{ grains.id }}
|
||||
- minions.adv_{{ grains.id }}
|
||||
|
||||
@@ -223,8 +219,6 @@ base:
|
||||
- redis.adv_redis
|
||||
- influxdb.soc_influxdb
|
||||
- influxdb.adv_influxdb
|
||||
- firewall.soc_firewall
|
||||
- firewall.adv_firewall
|
||||
- minions.{{ grains.id }}
|
||||
- minions.adv_{{ grains.id }}
|
||||
|
||||
|
||||
@@ -1,104 +1,147 @@
|
||||
#!/usr/bin/bash
|
||||
#!/usr/bin/env python3
|
||||
|
||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
||||
# Elastic License 2.0.
|
||||
# Copyright 2014-2023 Security Onion Solutions, LLC
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
. /usr/sbin/so-common
|
||||
import os
|
||||
import subprocess
|
||||
import sys
|
||||
import time
|
||||
import yaml
|
||||
|
||||
if [[ $# -lt 1 ]]; then
|
||||
echo "Usage: $0 --role=<ROLE> --ip=<IP ADDRESS> --apply=<true|false>"
|
||||
echo ""
|
||||
echo " Example: so-firewall --role=sensor --ip=192.168.254.100 --apply=true"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
lockFile = "/tmp/so-firewall.lock"
|
||||
hostgroupsFilename = "/opt/so/saltstack/local/pillar/firewall/soc_firewall.sls"
|
||||
defaultsFilename = "/opt/so/saltstack/default/salt/firewall/defaults.yaml"
|
||||
|
||||
for i in "$@"; do
|
||||
case $i in
|
||||
-r=*|--role=*)
|
||||
ROLE="${i#*=}"
|
||||
shift
|
||||
;;
|
||||
-i=*|--ip=*)
|
||||
IP="${i#*=}"
|
||||
shift
|
||||
;;
|
||||
-a=*|--apply*)
|
||||
APPLY="${i#*=}"
|
||||
shift
|
||||
;;
|
||||
-*|--*)
|
||||
echo "Unknown option $i"
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
done
|
||||
def showUsage(options, args):
|
||||
print('Usage: {} [OPTIONS] <COMMAND> [ARGS...]'.format(sys.argv[0]))
|
||||
print(' Options:')
|
||||
print(' --apply - After updating the firewall configuration files, apply the new firewall state')
|
||||
print('')
|
||||
print(' General commands:')
|
||||
print(' help - Prints this usage information.')
|
||||
print(' apply - Apply the firewall state.')
|
||||
print('')
|
||||
print(' Host commands:')
|
||||
print(' includehost - Includes the given IP in the given group. Args: <GROUP_NAME> <IP>')
|
||||
print(' addhostgroup - Adds a new, custom host group. Args: <GROUP_NAME>')
|
||||
print('')
|
||||
print(' Where:')
|
||||
print(' GROUP_NAME - The name of an alias group (Ex: analyst)')
|
||||
print(' IP - Either a single IP address (Ex: 8.8.8.8) or a CIDR block (Ex: 10.23.0.0/16).')
|
||||
sys.exit(1)
|
||||
|
||||
ROLE=${ROLE,,}
|
||||
APPLY=${APPLY,,}
|
||||
def checkApplyOption(options):
|
||||
if "--apply" in options:
|
||||
return apply(None, None)
|
||||
|
||||
function rolecall() {
|
||||
THEROLE=$1
|
||||
THEROLES="analyst analyst_workstations beats_endpoint beats_endpoint_ssl elastic_agent_endpoint elasticsearch_rest endgame eval fleet heavynodes idh manager managersearch receivers searchnodes sensors standalone strelka_frontend syslog"
|
||||
def loadYaml(filename):
|
||||
file = open(filename, "r")
|
||||
content = file.read()
|
||||
return yaml.safe_load(content)
|
||||
|
||||
for AROLE in $THEROLES; do
|
||||
if [ "$AROLE" = "$THEROLE" ]; then
|
||||
def writeYaml(filename, content):
|
||||
file = open(filename, "w")
|
||||
return yaml.dump(content, file)
|
||||
|
||||
def addIp(name, ip):
|
||||
content = loadYaml(hostgroupsFilename)
|
||||
defaults = loadYaml(defaultsFilename)
|
||||
allowedHostgroups = defaults['firewall']['hostgroups']
|
||||
unallowedHostgroups = ['anywhere', 'dockernet', 'localhost', 'self']
|
||||
for hg in unallowedHostgroups:
|
||||
allowedHostgroups.pop(hg)
|
||||
if not content:
|
||||
content = {'firewall': {'hostgroups': {name: []}}}
|
||||
if name in allowedHostgroups:
|
||||
if name not in content['firewall']['hostgroups']:
|
||||
hostgroup = content['firewall']['hostgroups'].update({name: [ip]})
|
||||
else:
|
||||
hostgroup = content['firewall']['hostgroups'][name]
|
||||
else:
|
||||
print('Host group not defined in salt/firewall/defaults.yaml or hostgroup name is unallowed.', file=sys.stderr)
|
||||
return 4
|
||||
ips = hostgroup
|
||||
if ips is None:
|
||||
ips = []
|
||||
hostgroup = ips
|
||||
if ip not in ips:
|
||||
ips.append(ip)
|
||||
else:
|
||||
print('Already exists', file=sys.stderr)
|
||||
return 3
|
||||
writeYaml(hostgroupsFilename, content)
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
return 1
|
||||
|
||||
def includehost(options, args):
|
||||
if len(args) != 2:
|
||||
print('Missing host group name or ip argument', file=sys.stderr)
|
||||
showUsage(options, args)
|
||||
result = addIp(args[0], args[1])
|
||||
code = result
|
||||
if code == 0:
|
||||
code = checkApplyOption(options)
|
||||
return code
|
||||
|
||||
def apply(options, args):
|
||||
proc = subprocess.run(['salt-call', 'state.apply', 'firewall', 'queue=True'])
|
||||
return proc.returncode
|
||||
|
||||
def main():
|
||||
options = []
|
||||
args = sys.argv[1:]
|
||||
for option in args:
|
||||
if option.startswith("--"):
|
||||
options.append(option)
|
||||
args.remove(option)
|
||||
|
||||
if len(args) == 0:
|
||||
showUsage(options, None)
|
||||
|
||||
commands = {
|
||||
"help": showUsage,
|
||||
"includehost": includehost,
|
||||
"apply": apply
|
||||
}
|
||||
|
||||
# Make sure the required options are specified
|
||||
if [ -z "$ROLE" ]; then
|
||||
echo "Please specify a role with --role="
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$IP" ]; then
|
||||
echo "Please specify an IP address with --ip="
|
||||
exit 1
|
||||
fi
|
||||
code=1
|
||||
|
||||
# Are we dealing with a role that this script supports?
|
||||
if rolecall "$ROLE"; then
|
||||
echo "$ROLE is a supported role"
|
||||
else
|
||||
echo "This is not a supported role"
|
||||
exit 1
|
||||
fi
|
||||
try:
|
||||
lockAttempts = 0
|
||||
maxAttempts = 30
|
||||
while lockAttempts < maxAttempts:
|
||||
lockAttempts = lockAttempts + 1
|
||||
try:
|
||||
f = open(lockFile, "x")
|
||||
f.close()
|
||||
break
|
||||
except:
|
||||
time.sleep(2)
|
||||
|
||||
# Are we dealing with an IP?
|
||||
if verify_ip4 "$IP"; then
|
||||
echo "$IP is a valid IP or CIDR"
|
||||
else
|
||||
echo "$IP is not a valid IP or CIDR"
|
||||
exit 1
|
||||
fi
|
||||
if lockAttempts == maxAttempts:
|
||||
print("Lock file (" + lockFile + ") could not be created; proceeding without lock.")
|
||||
|
||||
local_salt_dir=/opt/so/saltstack/local/salt/firewall
|
||||
cmd = commands.get(args[0], showUsage)
|
||||
code = cmd(options, args[1:])
|
||||
finally:
|
||||
try:
|
||||
os.remove(lockFile)
|
||||
except:
|
||||
print("Lock file (" + lockFile + ") already removed")
|
||||
|
||||
# Let's see if the file exists and if it does, let's see if the IP exists.
|
||||
if [ -f "$local_salt_dir/hostgroups/$ROLE" ]; then
|
||||
if grep -q $IP "$local_salt_dir/hostgroups/$ROLE"; then
|
||||
echo "Host already exists"
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
sys.exit(code)
|
||||
|
||||
# If you have reached this part of your quest then let's add the IP
|
||||
echo "Adding $IP to the $ROLE role"
|
||||
echo "$IP" >> $local_salt_dir/hostgroups/$ROLE
|
||||
|
||||
# Check to see if we are applying this right away.
|
||||
if [ "$APPLY" = "true" ]; then
|
||||
echo "Applying the firewall rules"
|
||||
salt-call state.apply firewall queue=True
|
||||
echo "Firewall rules have been applied... Review logs further if there were errors."
|
||||
echo ""
|
||||
else
|
||||
echo "Firewall rules will be applied next salt run"
|
||||
fi
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
||||
@@ -49,34 +49,34 @@ fi
|
||||
case "$ROLE" in
|
||||
|
||||
'MANAGER')
|
||||
so-firewall --role=manager --ip="$IP"
|
||||
so-firewall includehost manager "$IP"
|
||||
;;
|
||||
'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
|
||||
so-firewall --role=manager --ip="$IP"
|
||||
so-firewall --role=sensors --ip="$IP"
|
||||
so-firewall --apply=true --role=searchnodes --ip="$IP"
|
||||
'MANAGERSEARCH')
|
||||
so-firewall includehost manager "$IP"
|
||||
so-firewall includehost searchnode "$IP" --apply
|
||||
;;
|
||||
'EVAL' | 'STANDALONE' | 'IMPORT')
|
||||
so-firewall includehost manager "$IP"
|
||||
so-firewall includehost sensor "$IP"
|
||||
so-firewall includehost searchnode "$IP" --apply
|
||||
;;
|
||||
'FLEET' | 'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'IDH' | 'RECEIVER')
|
||||
case "$ROLE" in
|
||||
'FLEET')
|
||||
so-firewall --apply=true --role=fleet --ip="$IP"
|
||||
so-firewall includehost fleet "$IP" --apply
|
||||
;;
|
||||
'SENSOR')
|
||||
so-firewall --apply=true --role=sensors --ip="$IP"
|
||||
so-firewall includehost sensor "$IP" --apply
|
||||
;;
|
||||
'SEARCHNODE')
|
||||
so-firewall --apply=true --role=searchnodes --ip="$IP"
|
||||
so-firewall includehost searchnode "$IP" --apply
|
||||
;;
|
||||
'HEAVYNODE')
|
||||
so-firewall --role=sensors --ip="$IP"
|
||||
so-firewall --apply=true --role=heavynodes --ip="$IP"
|
||||
so-firewall includehost sensor "$IP"
|
||||
so-firewall includehost heavynode "$IP" --apply
|
||||
;;
|
||||
'IDH')
|
||||
so-firewall --apply=true --role=sensors --ip="$IP"
|
||||
so-firewall includehost sensor "$IP" --apply
|
||||
;;
|
||||
'RECEIVER')
|
||||
so-firewall --apply=true --role=receivers --ip="$IP"
|
||||
;;
|
||||
esac
|
||||
so-firewall includehost receiver "$IP" --apply
|
||||
;;
|
||||
esac
|
||||
|
||||
@@ -1,625 +0,0 @@
|
||||
{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
|
||||
{% import_yaml 'firewall/ports/ports.yaml' as portgroups %}
|
||||
{% set portgroups = portgroups.firewall.ports %}
|
||||
{% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', True) %}
|
||||
{% from 'idh/opencanary_config.map.jinja' import IDH_PORTGROUPS %}
|
||||
|
||||
role:
|
||||
eval:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
eval:
|
||||
portgroups:
|
||||
- {{ portgroups.playbook }}
|
||||
- {{ portgroups.mysql }}
|
||||
- {{ portgroups.kibana }}
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5044 }}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
heavynodes:
|
||||
portgroups:
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
self:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog}}
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5044 }}
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5644 }}
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
elastic_agent_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
strelka_frontend:
|
||||
portgroups:
|
||||
- {{ portgroups.strelka_frontend }}
|
||||
syslog:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog }}
|
||||
analyst:
|
||||
portgroups:
|
||||
- {{ portgroups.nginx }}
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- {{ portgroups.ssh }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
fleet:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
elastic_agent_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- {{ portgroups.ssh }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
standalone:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
heavynodes:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
manager:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ portgroups.playbook }}
|
||||
- {{ portgroups.mysql }}
|
||||
- {{ portgroups.kibana }}
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
{% if ISAIRGAP is sameas true %}
|
||||
- {{ portgroups.agrules }}
|
||||
{% endif %}
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5044 }}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.influxdb }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
heavynodes:
|
||||
portgroups:
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
self:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog}}
|
||||
syslog:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog }}
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5044 }}
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5644 }}
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
elastic_agent_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
endgame:
|
||||
portgroups:
|
||||
- {{ portgroups.endgame }}
|
||||
analyst:
|
||||
portgroups:
|
||||
- {{ portgroups.nginx }}
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- {{ portgroups.ssh }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
heavynodes:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
managersearch:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
managersearch:
|
||||
portgroups:
|
||||
- {{ portgroups.playbook }}
|
||||
- {{ portgroups.mysql }}
|
||||
- {{ portgroups.kibana }}
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5044 }}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.influxdb }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
heavynodes:
|
||||
portgroups:
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
self:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog}}
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5044 }}
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5644 }}
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
elastic_agent_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
endgame:
|
||||
portgroups:
|
||||
- {{ portgroups.endgame }}
|
||||
syslog:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog }}
|
||||
analyst:
|
||||
portgroups:
|
||||
- {{ portgroups.nginx }}
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- {{ portgroups.ssh }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
heavynodes:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
standalone:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
standalone:
|
||||
portgroups:
|
||||
- {{ portgroups.playbook }}
|
||||
- {{ portgroups.mysql }}
|
||||
- {{ portgroups.kibana }}
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.sensoroni }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.beats_5044 }}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
- {{ portgroups.beats_5056 }}
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
- {{ portgroups.endgame }}
|
||||
- {{ portgroups.strelka_frontend }}
|
||||
fleet:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.sensoroni }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.beats_5044 }}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
- {{ portgroups.beats_5056 }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.sensoroni }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.beats_5044 }}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
- {{ portgroups.beats_5056 }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.sensoroni }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
heavynodes:
|
||||
portgroups:
|
||||
- {{ portgroups.docker_registry }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.sensoroni }}
|
||||
- {{ portgroups.yum }}
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
self:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog}}
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5044 }}
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5644 }}
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
elastic_agent_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
endgame:
|
||||
portgroups:
|
||||
- {{ portgroups.endgame }}
|
||||
strelka_frontend:
|
||||
portgroups:
|
||||
- {{ portgroups.strelka_frontend }}
|
||||
syslog:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog }}
|
||||
analyst:
|
||||
portgroups:
|
||||
- {{ portgroups.nginx }}
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- {{ portgroups.ssh }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
fleet:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
standalone:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
heavynodes:
|
||||
portgroups:
|
||||
- {{ portgroups.salt_manager }}
|
||||
searchnode:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
self:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog}}
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- {{ portgroups.ssh }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
sensor:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
self:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog}}
|
||||
strelka_frontend:
|
||||
portgroups:
|
||||
- {{ portgroups.strelka_frontend }}
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- {{ portgroups.ssh }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
heavynode:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
self:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog}}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
strelka_frontend:
|
||||
portgroups:
|
||||
- {{ portgroups.strelka_frontend }}
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- {{ portgroups.ssh }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
import:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ portgroups.kibana }}
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.influxdb }}
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5044 }}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.elasticsearch_node }}
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5044 }}
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5644 }}
|
||||
elasticsearch_rest:
|
||||
portgroups:
|
||||
- {{ portgroups.elasticsearch_rest }}
|
||||
elastic_agent_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.elastic_agent_control }}
|
||||
- {{ portgroups.elastic_agent_data }}
|
||||
- {{ portgroups.elastic_agent_update }}
|
||||
analyst:
|
||||
portgroups:
|
||||
- {{ portgroups.nginx }}
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- {{ portgroups.ssh }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
receiver:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
sensors:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5644 }}
|
||||
searchnodes:
|
||||
portgroups:
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
self:
|
||||
portgroups:
|
||||
- {{ portgroups.redis }}
|
||||
- {{ portgroups.syslog}}
|
||||
- {{ portgroups.beats_5644 }}
|
||||
syslog:
|
||||
portgroups:
|
||||
- {{ portgroups.syslog }}
|
||||
beats_endpoint:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5044 }}
|
||||
beats_endpoint_ssl:
|
||||
portgroups:
|
||||
- {{ portgroups.beats_5644 }}
|
||||
endgame:
|
||||
portgroups:
|
||||
- {{ portgroups.endgame }}
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
- {{ portgroups.ssh }}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
idh:
|
||||
chain:
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups:
|
||||
{% for service in IDH_PORTGROUPS.keys() %}
|
||||
{% if service != 'openssh' %}
|
||||
- {{ IDH_PORTGROUPS[service] }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
dockernet:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
localhost:
|
||||
portgroups:
|
||||
- {{ portgroups.all }}
|
||||
manager:
|
||||
portgroups:
|
||||
- {{ IDH_PORTGROUPS.openssh }}
|
||||
standalone:
|
||||
portgroups:
|
||||
- {{ IDH_PORTGROUPS.openssh }}
|
||||
1225
salt/firewall/defaults.yaml
Normal file
1225
salt/firewall/defaults.yaml
Normal file
File diff suppressed because it is too large
Load Diff
@@ -1 +0,0 @@
|
||||
0.0.0.0/0
|
||||
@@ -1,2 +0,0 @@
|
||||
{% from 'docker/docker.map.jinja' import DOCKER -%}
|
||||
{{ DOCKER.sorange }}
|
||||
@@ -1 +0,0 @@
|
||||
127.0.0.1
|
||||
@@ -1,2 +0,0 @@
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS -%}
|
||||
{{ GLOBALS.node_ip }}
|
||||
@@ -1,7 +1,9 @@
|
||||
{% from 'docker/docker.map.jinja' import DOCKER -%}
|
||||
{% from 'firewall/containers.map.jinja' import NODE_CONTAINERS -%}
|
||||
{% from 'firewall/map.jinja' import hostgroups with context -%}
|
||||
{% from 'firewall/map.jinja' import assigned_hostgroups with context -%}
|
||||
{%- from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
{%- from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{%- from 'firewall/map.jinja' import FIREWALL_MERGED %}
|
||||
{%- set role = GLOBALS.role.split('-')[1] %}
|
||||
{%- from 'firewall/containers.map.jinja' import NODE_CONTAINERS %}
|
||||
|
||||
{%- set PR = [] %}
|
||||
{%- set D1 = [] %}
|
||||
{%- set D2 = [] %}
|
||||
@@ -70,23 +72,17 @@ COMMIT
|
||||
:DOCKER-USER - [0:0]
|
||||
:LOGGING - [0:0]
|
||||
|
||||
{%- set count = namespace(value=0) %}
|
||||
{%- for chain, hg in assigned_hostgroups.chain.items() %}
|
||||
{%- for hostgroup, portgroups in assigned_hostgroups.chain[chain].hostgroups.items() %}
|
||||
{%- for action in ['insert', 'delete' ] %}
|
||||
{%- if hostgroups[hostgroup].ips[action] %}
|
||||
{%- for ip in hostgroups[hostgroup].ips[action] %}
|
||||
{%- for portgroup in portgroups.portgroups %}
|
||||
{%- for proto, ports in portgroup.items() %}
|
||||
{%- for chn, hostgroups in FIREWALL_MERGED.role[role].chain.items() %}
|
||||
{%- for hostgroup, portgroups in hostgroups['hostgroups'].items() %}
|
||||
{%- for ip in FIREWALL_MERGED.hostgroups[hostgroup] %}
|
||||
{%- for groupname in portgroups['portgroups'] %}
|
||||
{%- for proto, ports in FIREWALL_MERGED['portgroups'][groupname].items() %}
|
||||
{%- for port in ports %}
|
||||
{%- set count.value = count.value + 1 %}
|
||||
-A {{chain}} -s {{ip}} -p {{proto}} -m {{proto}} --dport {{port}} -j ACCEPT
|
||||
-A {{chn}} -s {{ip}} -p {{proto}} -m {{proto}} --dport {{port}} -j ACCEPT
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
|
||||
|
||||
@@ -1,62 +1,21 @@
|
||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||
{% set role = grains.id.split('_') | last %}
|
||||
{% set translated_pillar_assigned_hostgroups = {} %}
|
||||
{% from 'docker/docker.map.jinja' import DOCKER %}
|
||||
{% import_yaml 'firewall/defaults.yaml' as FIREWALL_DEFAULT %}
|
||||
|
||||
{% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %}
|
||||
{% set default_portgroups = default_portgroups.firewall.ports %}
|
||||
{% import_yaml 'firewall/ports/ports.local.yaml' as local_portgroups %}
|
||||
{% if local_portgroups.firewall.ports %}
|
||||
{% set local_portgroups = local_portgroups.firewall.ports %}
|
||||
{% else %}
|
||||
{% set local_portgroups = {} %}
|
||||
{% endif %}
|
||||
|
||||
{% set portgroups = salt['defaults.merge'](default_portgroups, local_portgroups, in_place=False) %}
|
||||
{% set defined_portgroups = portgroups %}
|
||||
{# add our ip to self #}
|
||||
{% do FIREWALL_DEFAULT.firewall.hostgroups.self.append(GLOBALS.node_ip) %}
|
||||
{# add dockernet range #}
|
||||
{% do FIREWALL_DEFAULT.firewall.hostgroups.dockernet.append(DOCKER.sorange) %}
|
||||
|
||||
{% if GLOBALS.role == 'so-idh' %}
|
||||
{% from 'idh/opencanary_config.map.jinja' import IDH_PORTGROUPS %}
|
||||
{% do salt['defaults.merge'](defined_portgroups, IDH_PORTGROUPS, in_place=True) %}
|
||||
{% do salt['defaults.merge'](FIREWALL_DEFAULT.firewall.portgroups, IDH_PORTGROUPS, in_place=True) %}
|
||||
{% for pg in IDH_PORTGROUPS.keys() %}
|
||||
{# idh service ports start with _idh. this prevents adding openssh to allow from anywhere #}
|
||||
{% if pg.split('_')[0] == 'idh' %}
|
||||
{% do FIREWALL_DEFAULT.firewall.role.idh.chain.INPUT.hostgroups.anywhere.portgroups.append(pg) %}
|
||||
{% endif %}
|
||||
|
||||
{% set local_hostgroups = {'firewall': {'hostgroups': {}}} %}
|
||||
|
||||
{% set hostgroup_list = salt['cp.list_master'](prefix='firewall/hostgroups') %}
|
||||
|
||||
{% for hg in hostgroup_list %}
|
||||
{% import_text hg as hg_ips %}
|
||||
{% do local_hostgroups.firewall.hostgroups.update({hg.split('/')[2]: {'ips': {'insert': hg_ips.split(), 'delete': []}}}) %}
|
||||
{% endfor %}
|
||||
|
||||
{% set hostgroups = local_hostgroups.firewall.hostgroups %}
|
||||
|
||||
{# This block translate the portgroups defined in the pillar to what is defined my portgroups.yaml and portgroups.local.yaml #}
|
||||
{% if salt['pillar.get']('firewall:assigned_hostgroups:chain') %}
|
||||
{% set translated_pillar_assigned_hostgroups = {'chain': {}} %}
|
||||
|
||||
{% for chain, hg in salt['pillar.get']('firewall:assigned_hostgroups:chain').items() %}
|
||||
{% for pillar_hostgroup, pillar_portgroups in salt['pillar.get']('firewall:assigned_hostgroups:chain')[chain].hostgroups.items() %}
|
||||
{% if translated_pillar_assigned_hostgroups.chain[chain] is defined %}
|
||||
{% do translated_pillar_assigned_hostgroups.chain[chain].hostgroups.update({pillar_hostgroup: {"portgroups": []}}) %}
|
||||
{% else %}
|
||||
{% do translated_pillar_assigned_hostgroups.chain.update({chain: {"hostgroups": {pillar_hostgroup: {"portgroups": []}}}}) %}
|
||||
{% endif %}
|
||||
{% for pillar_portgroup in pillar_portgroups.portgroups %}
|
||||
{% set pillar_portgroup = pillar_portgroup.split('.') | last %}
|
||||
{% do translated_pillar_assigned_hostgroups.chain[chain].hostgroups[pillar_hostgroup].portgroups.append(defined_portgroups[pillar_portgroup]) %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% import_yaml 'firewall/assigned_hostgroups.map.yaml' as default_assigned_hostgroups %}
|
||||
{% import_yaml 'firewall/assigned_hostgroups.local.map.yaml' as local_assigned_hostgroups %}
|
||||
{% if local_assigned_hostgroups.role.get(role, False) %}
|
||||
{% set assigned_hostgroups = salt['defaults.merge'](local_assigned_hostgroups.role[role], default_assigned_hostgroups.role[role], merge_lists=False, in_place=False) %}
|
||||
{% else %}
|
||||
{% set assigned_hostgroups = default_assigned_hostgroups.role[role] %}
|
||||
{% endif %}
|
||||
|
||||
{% if translated_pillar_assigned_hostgroups %}
|
||||
{% do salt['defaults.merge'](assigned_hostgroups, translated_pillar_assigned_hostgroups, merge_lists=True, in_place=True) %}
|
||||
{% endif %}
|
||||
{% set FIREWALL_MERGED = salt['pillar.get']('firewall', FIREWALL_DEFAULT.firewall, merge=True) %}
|
||||
|
||||
@@ -1,84 +0,0 @@
|
||||
firewall:
|
||||
ports:
|
||||
all:
|
||||
tcp:
|
||||
- '0:65535'
|
||||
udp:
|
||||
- '0:65535'
|
||||
agrules:
|
||||
tcp:
|
||||
- 7788
|
||||
beats_5044:
|
||||
tcp:
|
||||
- 5044
|
||||
beats_5644:
|
||||
tcp:
|
||||
- 5644
|
||||
beats_5066:
|
||||
tcp:
|
||||
- 5066
|
||||
beats_5056:
|
||||
tcp:
|
||||
- 5056
|
||||
docker_registry:
|
||||
tcp:
|
||||
- 5000
|
||||
elasticsearch_node:
|
||||
tcp:
|
||||
- 9300
|
||||
elasticsearch_rest:
|
||||
tcp:
|
||||
- 9200
|
||||
elastic_agent_control:
|
||||
tcp:
|
||||
- 8220
|
||||
elastic_agent_data:
|
||||
tcp:
|
||||
- 5055
|
||||
elastic_agent_update:
|
||||
tcp:
|
||||
- 8443
|
||||
endgame:
|
||||
tcp:
|
||||
- 3765
|
||||
influxdb:
|
||||
tcp:
|
||||
- 8086
|
||||
kibana:
|
||||
tcp:
|
||||
- 5601
|
||||
mysql:
|
||||
tcp:
|
||||
- 3306
|
||||
nginx:
|
||||
tcp:
|
||||
- 80
|
||||
- 443
|
||||
playbook:
|
||||
tcp:
|
||||
- 3000
|
||||
redis:
|
||||
tcp:
|
||||
- 6379
|
||||
- 9696
|
||||
salt_manager:
|
||||
tcp:
|
||||
- 4505
|
||||
- 4506
|
||||
sensoroni:
|
||||
tcp:
|
||||
- 443
|
||||
ssh:
|
||||
tcp:
|
||||
- 22
|
||||
strelka_frontend:
|
||||
tcp:
|
||||
- 57314
|
||||
syslog:
|
||||
tcp:
|
||||
- 514
|
||||
udp:
|
||||
- 514
|
||||
yum:
|
||||
tcp:
|
||||
- 443
|
||||
@@ -1,136 +0,0 @@
|
||||
firewall:
|
||||
custom_groups:
|
||||
groups:
|
||||
description: List of group names to create.
|
||||
multiline: True
|
||||
forcedType: "[]string"
|
||||
global: True
|
||||
title: Custom Firewall Groups
|
||||
helpLink: firewall.html#host-groups
|
||||
hostgroups:
|
||||
analyst_workstations:
|
||||
description: List of IP addresses or CIDR blocks to allow analyst workstations.
|
||||
file: True
|
||||
global: True
|
||||
title: Analyst Workstations
|
||||
helpLink: firewall.html#host-groups
|
||||
analyst:
|
||||
description: List of IP addresses or CIDR blocks to allow analyst connections.
|
||||
file: True
|
||||
global: True
|
||||
title: Analyst
|
||||
helpLink: firewall.html#host-groups
|
||||
beats_endpoint:
|
||||
description: List of IP addresses or CIDR blocks of standard beats without encryption.
|
||||
file: True
|
||||
global: True
|
||||
title: Beats Endpoints
|
||||
helpLink: firewall.html#host-groups
|
||||
beats_endpoint_ssl:
|
||||
description: List of IP addresses or CIDR blocks of standard beats with encryption.
|
||||
file: True
|
||||
global: True
|
||||
title: Beats Endpoints SSL
|
||||
helpLink: firewall.html#host-groups
|
||||
elastic_agent_endpoint:
|
||||
description: List of IP addresses or CIDR blocks for Elastic Agent connections.
|
||||
file: True
|
||||
global: True
|
||||
title: Elastic Agents
|
||||
helpLink: firewall.html#host-groups
|
||||
elasticsearch_rest:
|
||||
description: List of IP addresses or CIDR blocks to allow access directly to Elasticsearch.
|
||||
file: True
|
||||
global: True
|
||||
title: Elasticsearch Rest
|
||||
advanced: True
|
||||
helpLink: firewall.html#host-groups
|
||||
endgame:
|
||||
description: List of IP addresses or CIDR blocks to allow Endgame access.
|
||||
file: True
|
||||
global: True
|
||||
title: Endgame
|
||||
advanced: True
|
||||
helpLink: firewall.html#host-groups
|
||||
strelka_frontend:
|
||||
description: List of IP addresses or CIDR blocks to allow access to the Strelka front end.
|
||||
file: True
|
||||
global: True
|
||||
title: Strelka Frontend
|
||||
advanced: True
|
||||
helpLink: firewall.html#host-groups
|
||||
syslog:
|
||||
description: List of IP addresses or CIDR blocks to allow syslog.
|
||||
file: True
|
||||
global: True
|
||||
title: Syslog Endpoint Traffic
|
||||
helpLink: firewall.html#host-groups
|
||||
standalone:
|
||||
description: List of IP addresses or CIDR blocks to allow standalone connections.
|
||||
file: True
|
||||
global: True
|
||||
title: Standalone
|
||||
advanced: True
|
||||
helpLink: firewall.html#host-groups
|
||||
eval:
|
||||
description: List of IP addresses or CIDR blocks to allow eval connections.
|
||||
file: True
|
||||
global: True
|
||||
title: Eval
|
||||
advanced: True
|
||||
helpLink: firewall.html#host-groups
|
||||
idh:
|
||||
description: List of IP addresses or CIDR blocks to allow idh connections.
|
||||
file: True
|
||||
global: True
|
||||
title: IDH Nodes
|
||||
helpLink: firewall.html#host-groups
|
||||
manager:
|
||||
description: List of IP addresses or CIDR blocks to allow manager connections.
|
||||
file: True
|
||||
global: True
|
||||
title: Manager
|
||||
advanced: True
|
||||
helpLink: firewall.html#host-groups
|
||||
heavynodes:
|
||||
description: List of IP addresses or CIDR blocks to allow heavynode connections.
|
||||
file: True
|
||||
global: True
|
||||
title: Heavy Nodes
|
||||
helpLink: firewall.html#host-groups
|
||||
searchnodes:
|
||||
description: List of IP addresses or CIDR blocks to allow searchnode connections.
|
||||
file: True
|
||||
global: True
|
||||
title: Search Nodes
|
||||
helpLink: firewall.html#host-groups
|
||||
sensors:
|
||||
description: List of IP addresses or CIDR blocks to allow Sensor connections.
|
||||
file: True
|
||||
global: True
|
||||
title: Sensors
|
||||
helpLink: firewall.html#host-groups
|
||||
receivers:
|
||||
description: List of IP addresses or CIDR blocks to allow receiver connections.
|
||||
file: True
|
||||
global: True
|
||||
title: Receivers
|
||||
helpLink: firewall.html#host-groups
|
||||
portgroups:
|
||||
portgroups__yaml:
|
||||
description: Port Groups
|
||||
file: True
|
||||
global: True
|
||||
advanced: True
|
||||
title: Port Groups
|
||||
syntax: yaml
|
||||
helpLink: firewall.html#function
|
||||
ports:
|
||||
ports__yaml:
|
||||
description: Ports in YAML.
|
||||
file: True
|
||||
global: True
|
||||
advanced: True
|
||||
title: Ports
|
||||
syntax: yaml
|
||||
helpLink: firewall.html#port-groups
|
||||
@@ -1,5 +0,0 @@
|
||||
soc_firewall_yaml:
|
||||
file.managed:
|
||||
- name: /opt/so/saltstack/default/salt/firewall/soc_firewall.yaml
|
||||
- source: salt://firewall/soc/soc_firewall.yaml.jinja
|
||||
- template: jinja
|
||||
@@ -1,9 +0,0 @@
|
||||
{% import_yaml 'firewall/soc/defaults_soc_firewall.yaml' as DEFAULT_SOC_FIREWALL %}
|
||||
{% set PILLAR_SOC_FIREWALL_GROUPS = salt['pillar.get']('firewall:custom_groups:groups', {}) %}
|
||||
{% set SOC_FIREWALL = DEFAULT_SOC_FIREWALL %}
|
||||
|
||||
{% for group in PILLAR_SOC_FIREWALL_GROUPS %}
|
||||
{% set description = 'List of IP addresses or CIDR blocks to allow for ' ~ group ~ ' hostgroup.' %}
|
||||
{% set title = group[0]|upper ~ group[1:] %}
|
||||
{% do SOC_FIREWALL.firewall.hostgroups.update({group:{'description': description, 'file': 'True', 'global': 'True', 'title': title, 'helpLink': 'firewall.html#host-groups'}}) %}
|
||||
{% endfor %}
|
||||
@@ -1,2 +0,0 @@
|
||||
{% from 'firewall/soc/soc.map.jinja' import SOC_FIREWALL -%}
|
||||
{{ SOC_FIREWALL | yaml(False) }}
|
||||
966
salt/firewall/soc_firewall.yaml
Normal file
966
salt/firewall/soc_firewall.yaml
Normal file
@@ -0,0 +1,966 @@
|
||||
firewall:
|
||||
hostgroups:
|
||||
analyst: &hostgroupsettings
|
||||
description: List of IP or CIDR blocks to allow access to this hostgroup.
|
||||
forcedType: "[]string"
|
||||
helplink: firewall.html
|
||||
multiline: True
|
||||
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
||||
regexFailureMessage: You must enter a valid IP address or CIDR.
|
||||
anywhere: &hostgroupsettingsadv
|
||||
description: List of IP or CIDR blocks to allow access to this hostgroup.
|
||||
forcedType: "[]string"
|
||||
helplink: firewall.html
|
||||
multiline: True
|
||||
advanced: True
|
||||
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
||||
regexFailureMessage: You must enter a valid IP address or CIDR.
|
||||
beats_endpoint: *hostgroupsettings
|
||||
beats_endpoint_ssl: *hostgroupsettings
|
||||
dockernet: &ROhostgroupsettingsadv
|
||||
description: List of IP or CIDR blocks to allow access to this hostgroup.
|
||||
forcedType: "[]string"
|
||||
helplink: firewall.html
|
||||
multiline: True
|
||||
advanced: True
|
||||
readonly: True
|
||||
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
||||
regexFailureMessage: You must enter a valid IP address or CIDR.
|
||||
elastic_agent_endpoint: *hostgroupsettings
|
||||
elasticsearch_rest: *hostgroupsettingsadv
|
||||
endgame: *hostgroupsettingsadv
|
||||
eval: *hostgroupsettings
|
||||
fleet: *hostgroupsettings
|
||||
heavynode: *hostgroupsettings
|
||||
idh: *hostgroupsettings
|
||||
import: *hostgroupsettings
|
||||
localhost: *ROhostgroupsettingsadv
|
||||
manager: *hostgroupsettings
|
||||
managersearch: *hostgroupsettings
|
||||
receiver: *hostgroupsettings
|
||||
searchnode: *hostgroupsettings
|
||||
securityonion_desktop: *hostgroupsettings
|
||||
self: *ROhostgroupsettingsadv
|
||||
sensor: *hostgroupsettings
|
||||
standalone: *hostgroupsettings
|
||||
strelka_frontend: *hostgroupsettings
|
||||
syslog: *hostgroupsettings
|
||||
customhostgroup0: &customhostgroupsettings
|
||||
description: List of IP or CIDR blocks to allow to this hostgroup.
|
||||
forcedType: "[]string"
|
||||
helpLink: firewall.html
|
||||
advanced: True
|
||||
multiline: True
|
||||
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
||||
regexFailureMessage: You must enter a valid IP address or CIDR.
|
||||
customhostgroup1: *customhostgroupsettings
|
||||
customhostgroup2: *customhostgroupsettings
|
||||
customhostgroup3: *customhostgroupsettings
|
||||
customhostgroup4: *customhostgroupsettings
|
||||
customhostgroup5: *customhostgroupsettings
|
||||
customhostgroup6: *customhostgroupsettings
|
||||
customhostgroup7: *customhostgroupsettings
|
||||
customhostgroup8: *customhostgroupsettings
|
||||
customhostgroup9: *customhostgroupsettings
|
||||
portgroups:
|
||||
all:
|
||||
tcp: &tcpsettings
|
||||
description: List of TCP ports for this port group.
|
||||
forcedType: "[]string"
|
||||
helplink: firewall.html
|
||||
advanced: True
|
||||
multiline: True
|
||||
udp: &udpsettings
|
||||
description: List of UDP ports for this port group.
|
||||
forcedType: "[]string"
|
||||
helplink: firewall.html
|
||||
advanced: True
|
||||
multiline: True
|
||||
agrules:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
beats_5044:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
beats_5644:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
beats_5066:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
beats_5056:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
docker_registry:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
elasticsearch_node:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
elasticsearch_rest:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
elastic_agent_control:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
elastic_agent_data:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
elastic_agent_update:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
endgame:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
influxdb:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
kibana:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
mysql:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
nginx:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
playbook:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
redis:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
salt_manager:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
sensoroni:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
ssh:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
strelka_frontend:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
syslog:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
yum:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
customportgroup0:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
customportgroup1:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
customportgroup2:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
customportgroup3:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
customportgroup4:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
customportgroup5:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
customportgroup6:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
customportgroup7:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
customportgroup8:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
customportgroup9:
|
||||
tcp: *tcpsettings
|
||||
udp: *udpsettings
|
||||
role:
|
||||
eval:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
eval:
|
||||
portgroups: &portgroupsdocker
|
||||
description: Portgroups to add access to the docker containers for this role.
|
||||
advanced: True
|
||||
multiline: True
|
||||
helpLink: firewall.html
|
||||
sensor:
|
||||
portgroups: *portgroupsdocker
|
||||
searchnode:
|
||||
portgroups: *portgroupsdocker
|
||||
heavynode:
|
||||
portgroups: *portgroupsdocker
|
||||
self:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint_ssl:
|
||||
portgroups: *portgroupsdocker
|
||||
elasticsearch_rest:
|
||||
portgroups: *portgroupsdocker
|
||||
elastic_agent_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
strelka_frontend:
|
||||
portgroups: *portgroupsdocker
|
||||
syslog:
|
||||
portgroups: *portgroupsdocker
|
||||
analyst:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: &portgroupshost
|
||||
description: Portgroups to add access to the host.
|
||||
advanced: True
|
||||
multiline: True
|
||||
helpLink: firewall.html
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
fleet:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
sensor:
|
||||
portgroups: *portgroupsdocker
|
||||
elastic_agent_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: *portgroupshost
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupsdocker
|
||||
standalone:
|
||||
portgroups: *portgroupshost
|
||||
sensor:
|
||||
portgroups: *portgroupshost
|
||||
searchnode:
|
||||
portgroups: *portgroupshost
|
||||
heavynode:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
|
||||
manager:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups: *portgroupsdocker
|
||||
sensor:
|
||||
portgroups: *portgroupsdocker
|
||||
searchnode:
|
||||
portgroups: *portgroupsdocker
|
||||
heavynode:
|
||||
portgroups: *portgroupsdocker
|
||||
self:
|
||||
portgroups: *portgroupsdocker
|
||||
syslog:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint_ssl:
|
||||
portgroups: *portgroupsdocker
|
||||
elasticsearch_rest:
|
||||
portgroups: *portgroupsdocker
|
||||
elastic_agent_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
endgame:
|
||||
portgroups: *portgroupsdocker
|
||||
analyst:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: *portgroupshost
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupshost
|
||||
sensor:
|
||||
portgroups: *portgroupshost
|
||||
searchnode:
|
||||
portgroups: *portgroupshost
|
||||
heavynode:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
|
||||
managersearch:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
managersearch:
|
||||
portgroups: *portgroupsdocker
|
||||
sensor:
|
||||
portgroups: *portgroupsdocker
|
||||
searchnode:
|
||||
portgroups: *portgroupsdocker
|
||||
heavynode:
|
||||
portgroups: *portgroupsdocker
|
||||
self:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint_ssl:
|
||||
portgroups: *portgroupsdocker
|
||||
elasticsearch_rest:
|
||||
portgroups: *portgroupsdocker
|
||||
elastic_agent_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
endgame:
|
||||
portgroups: *portgroupsdocker
|
||||
syslog:
|
||||
portgroups: *portgroupsdocker
|
||||
analyst:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: *portgroupshost
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupshost
|
||||
sensor:
|
||||
portgroups: *portgroupshost
|
||||
searchnode:
|
||||
portgroups: *portgroupshost
|
||||
heavynode:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
|
||||
standalone:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
localhost:
|
||||
portgroups: *portgroupsdocker
|
||||
standalone:
|
||||
portgroups: *portgroupsdocker
|
||||
fleet:
|
||||
portgroups: *portgroupsdocker
|
||||
sensor:
|
||||
portgroups: *portgroupsdocker
|
||||
searchnode:
|
||||
portgroups: *portgroupsdocker
|
||||
heavynode:
|
||||
portgroups: *portgroupsdocker
|
||||
self:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint_ssl:
|
||||
portgroups: *portgroupsdocker
|
||||
elasticsearch_rest:
|
||||
portgroups: *portgroupsdocker
|
||||
elastic_agent_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
endgame:
|
||||
portgroups: *portgroupsdocker
|
||||
strelka_frontend:
|
||||
portgroups: *portgroupsdocker
|
||||
syslog:
|
||||
portgroups: *portgroupsdocker
|
||||
analyst:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: *portgroupshost
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
fleet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupshost
|
||||
standalone:
|
||||
portgroups: *portgroupshost
|
||||
sensor:
|
||||
portgroups: *portgroupshost
|
||||
searchnode:
|
||||
portgroups: *portgroupshost
|
||||
heavynode:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
|
||||
searchnode:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups: *portgroupsdocker
|
||||
dockernet:
|
||||
portgroups: *portgroupsdocker
|
||||
elasticsearch_rest:
|
||||
portgroups: *portgroupsdocker
|
||||
searchnode:
|
||||
portgroups: *portgroupsdocker
|
||||
self:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: *portgroupshost
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
|
||||
sensor:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
self:
|
||||
portgroups: *portgroupsdocker
|
||||
strelka_frontend:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: *portgroupshost
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
|
||||
heavynode:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups: *portgroupsdocker
|
||||
dockernet:
|
||||
portgroups: *portgroupsdocker
|
||||
elasticsearch_rest:
|
||||
portgroups: *portgroupsdocker
|
||||
self:
|
||||
portgroups: *portgroupsdocker
|
||||
strelka_frontend:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: *portgroupshost
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
|
||||
import:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
manager:
|
||||
portgroups: *portgroupsdocker
|
||||
sensor:
|
||||
portgroups: *portgroupsdocker
|
||||
searchnode:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint_ssl:
|
||||
portgroups: *portgroupsdocker
|
||||
elasticsearch_rest:
|
||||
portgroups: *portgroupsdocker
|
||||
elastic_agent_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
analyst:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: *portgroupshost
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
|
||||
receiver:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
sensor:
|
||||
portgroups: *portgroupsdocker
|
||||
searchnode:
|
||||
portgroups: *portgroupsdocker
|
||||
self:
|
||||
portgroups: *portgroupsdocker
|
||||
syslog:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint:
|
||||
portgroups: *portgroupsdocker
|
||||
beats_endpoint_ssl:
|
||||
portgroups: *portgroupsdocker
|
||||
endgame:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: *portgroupshost
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
|
||||
idh:
|
||||
chain:
|
||||
DOCKER-USER:
|
||||
hostgroups:
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupsdocker
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupsdocker
|
||||
INPUT:
|
||||
hostgroups:
|
||||
anywhere:
|
||||
portgroups: *portgroupshost
|
||||
dockernet:
|
||||
portgroups: *portgroupshost
|
||||
localhost:
|
||||
portgroups: *portgroupshost
|
||||
manager:
|
||||
portgroups: *portgroupshost
|
||||
managersearch:
|
||||
portgroups: *portgroupshost
|
||||
standalone:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup0:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup1:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup2:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup3:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup4:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup5:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup6:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup7:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup8:
|
||||
portgroups: *portgroupshost
|
||||
customhostgroup9:
|
||||
portgroups: *portgroupshost
|
||||
@@ -74,7 +74,6 @@ base:
|
||||
- telegraf
|
||||
- influxdb
|
||||
- soc
|
||||
- firewall.soc
|
||||
- kratos
|
||||
- firewall
|
||||
- idstools
|
||||
@@ -119,7 +118,6 @@ base:
|
||||
- telegraf
|
||||
- influxdb
|
||||
- soc
|
||||
- firewall.soc
|
||||
- kratos
|
||||
- firewall
|
||||
- manager
|
||||
@@ -162,7 +160,6 @@ base:
|
||||
- telegraf
|
||||
- influxdb
|
||||
- soc
|
||||
- firewall.soc
|
||||
- kratos
|
||||
- firewall
|
||||
- idstools
|
||||
@@ -226,7 +223,6 @@ base:
|
||||
- telegraf
|
||||
- influxdb
|
||||
- soc
|
||||
- firewall.soc
|
||||
- kratos
|
||||
- firewall
|
||||
- manager
|
||||
@@ -296,7 +292,6 @@ base:
|
||||
- telegraf
|
||||
- influxdb
|
||||
- soc
|
||||
- firewall.soc
|
||||
- kratos
|
||||
- firewall
|
||||
- idstools
|
||||
|
||||
@@ -2312,18 +2312,18 @@ set_initial_firewall_policy() {
|
||||
|
||||
case "$install_type" in
|
||||
'EVAL' | 'MANAGER' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
|
||||
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=$install_type --ip=$MAINIP --apply=true
|
||||
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost $minion_type $MAINIP --apply
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
set_initial_firewall_access() {
|
||||
if [[ ! -z "$ALLOW_CIDR" ]]; then
|
||||
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=analyst --ip=$ALLOW_CIDR --apply=true
|
||||
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost analyst $ALLOW_CIDR --apply
|
||||
fi
|
||||
if [[ ! -z "$MINION_CIDR" ]]; then
|
||||
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=sensors --ip=$MINION_CIDR --apply=false
|
||||
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=searchnodes --ip=$MINION_CIDR --apply=true
|
||||
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensors $MINION_CIDR
|
||||
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost searchnodes $MINION_CIDR --apply
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
@@ -471,7 +471,7 @@ whiptail_gauge_post_setup() {
|
||||
[ -n "$TESTING" ] && return
|
||||
|
||||
idh_preferences=$(whiptail --title "$whiptail_title" --radiolist \
|
||||
"\nBy default, the IDH services selected in the previous screen will be bound to all interfaces and IP addresses on this system.\n\nIf you would like to prevent IDH services from being published on this system's management IP, you can select the option below." 20 75 5 \
|
||||
"\nBy default, IDH services will be bound to all interfaces and IP addresses on this system.\n\nIf you would like to prevent IDH services from being published on this system's management IP, you can select the option below." 20 75 5 \
|
||||
"$MAINIP" "Disable IDH services on this management IP " OFF 3>&1 1>&2 2>&3 )
|
||||
|
||||
local exitstatus=$?
|
||||
|
||||
Reference in New Issue
Block a user