mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Fleet Module - Added auto install of launcher if osq enabled
This commit is contained in:
Mike Reeves
@@ -11,6 +11,8 @@ MANINT=$6
|
|||||||
ROOTFS=$7
|
ROOTFS=$7
|
||||||
NSM=$8
|
NSM=$8
|
||||||
MONINT=$9
|
MONINT=$9
|
||||||
|
#NODETYPE=$10
|
||||||
|
#HOTNAME=$11
|
||||||
|
|
||||||
echo "Seeing if this host is already in here. If so delete it"
|
echo "Seeing if this host is already in here. If so delete it"
|
||||||
if grep -q $NAME "/opt/so/saltstack/pillar/data/$TYPE.sls"; then
|
if grep -q $NAME "/opt/so/saltstack/pillar/data/$TYPE.sls"; then
|
||||||
@@ -49,3 +51,7 @@ if [ $TYPE == 'evaltab' ]; then
|
|||||||
salt-call state.apply common queue=True
|
salt-call state.apply common queue=True
|
||||||
salt-call state.apply utility queue=True
|
salt-call state.apply utility queue=True
|
||||||
fi
|
fi
|
||||||
|
#if [ $TYPE == 'nodestab' ]; then
|
||||||
|
# echo " nodetype: $NODETYPE" >> /opt/so/saltstack/pillar/data/$TYPE.sls
|
||||||
|
# echo " hotname: $HOTNAME" >> /opt/so/saltstack/pillar/data/$TYPE.sls
|
||||||
|
#fi
|
||||||
|
|||||||
@@ -29,16 +29,21 @@ docker run \
|
|||||||
--mount type=bind,source=/etc/pki/launcher.crt,target=/var/launcher/launcher.crt \
|
--mount type=bind,source=/etc/pki/launcher.crt,target=/var/launcher/launcher.crt \
|
||||||
soshybridhunter/so-fleet-launcher:HH1.0.8 "$esecret" "$1":8080
|
soshybridhunter/so-fleet-launcher:HH1.0.8 "$esecret" "$1":8080
|
||||||
|
|
||||||
|
cp /opt/so/conf/fleet/packages/launcher.* /opt/so/saltstack/salt/launcher/packages/
|
||||||
#Update timestamp on packages webpage
|
#Update timestamp on packages webpage
|
||||||
sed -i "s@.*Generated.*@Generated: $(date '+%m%d%Y')@g" /opt/so/conf/fleet/packages/index.html
|
sed -i "s@.*Generated.*@Generated: $(date '+%m%d%Y')@g" /opt/so/conf/fleet/packages/index.html
|
||||||
sed -i "s@.*Generated.*@Generated: $(date '+%m%d%Y')@g" /opt/so/saltstack/salt/fleet/osquery-packages.html
|
sed -i "s@.*Generated.*@Generated: $(date '+%m%d%Y')@g" /opt/so/saltstack/salt/fleet/osquery-packages.html
|
||||||
|
|
||||||
#Install osquery locally
|
# Enable Fleet on all the other parts of the infrastructure
|
||||||
if cat /etc/os-release | grep -q 'debian'; then
|
sed -i 's/fleetsetup: 0/fleetsetup: 1/g' /opt/so/salt/saltstack/pillar/static.sls
|
||||||
dpkg -i /opt/so/conf/fleet/packages/launcher.deb
|
|
||||||
else
|
|
||||||
rpm -i /opt/so/conf/fleet/packages/launcher.rpm
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
# Install osquery locally
|
||||||
|
#if cat /etc/os-release | grep -q 'debian'; then
|
||||||
|
# dpkg -i /opt/so/conf/fleet/packages/launcher.deb
|
||||||
|
#else
|
||||||
|
# rpm -i /opt/so/conf/fleet/packages/launcher.rpm
|
||||||
|
#fi
|
||||||
|
echo "Installing launcher via salt"
|
||||||
|
salt-call state.apply launcher queue=True > /root/launcher.log
|
||||||
echo "Fleet Setup Complete - Login here: https://$1"
|
echo "Fleet Setup Complete - Login here: https://$1"
|
||||||
echo "Your username is $2 and your password is $initpw"
|
echo "Your username is $2 and your password is $initpw"
|
||||||
|
|||||||
12
salt/launcher/init.sls
Normal file
12
salt/launcher/init.sls
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
{%- set FLEETSETUP = salt['pillar.get']('static:fleetsetup', '0') -%}
|
||||||
|
|
||||||
|
{%- if FLEETSETUP != 0 %}
|
||||||
|
launcherpkg:
|
||||||
|
pkg.installed:
|
||||||
|
- sources:
|
||||||
|
{% if grains['os'] == 'CentOS' %}
|
||||||
|
- launcher: salt://launcher/packages/launcher.rpm
|
||||||
|
{% elif grains['os'] == 'Ubuntu' %}
|
||||||
|
- launcher: salt://launcher/packages/launcher.deb
|
||||||
|
{% endif %}
|
||||||
|
{%- endif %}
|
||||||
1
salt/launcher/packages/info.txt
Normal file
1
salt/launcher/packages/info.txt
Normal file
@@ -0,0 +1 @@
|
|||||||
|
Fleet Packages will be copied to this folder
|
||||||
20
salt/top.sls
20
salt/top.sls
@@ -16,6 +16,9 @@ base:
|
|||||||
{%- endif %}
|
{%- endif %}
|
||||||
- wazuh
|
- wazuh
|
||||||
- filebeat
|
- filebeat
|
||||||
|
{%- if OSQUERY != 0 %}
|
||||||
|
- launcher
|
||||||
|
{%- endif %}
|
||||||
- schedule
|
- schedule
|
||||||
|
|
||||||
'G@role:so-eval':
|
'G@role:so-eval':
|
||||||
@@ -39,6 +42,7 @@ base:
|
|||||||
{%- if OSQUERY != 0 %}
|
{%- if OSQUERY != 0 %}
|
||||||
- fleet
|
- fleet
|
||||||
- redis
|
- redis
|
||||||
|
- launcher
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{%- if WAZUH != 0 %}
|
{%- if WAZUH != 0 %}
|
||||||
- wazuh
|
- wazuh
|
||||||
@@ -75,6 +79,7 @@ base:
|
|||||||
- schedule
|
- schedule
|
||||||
{%- if OSQUERY != 0 %}
|
{%- if OSQUERY != 0 %}
|
||||||
- fleet
|
- fleet
|
||||||
|
- launcher
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
- soctopus
|
- soctopus
|
||||||
{%- if THEHIVE != 0 %}
|
{%- if THEHIVE != 0 %}
|
||||||
@@ -89,6 +94,9 @@ base:
|
|||||||
- common
|
- common
|
||||||
- firewall
|
- firewall
|
||||||
- logstash
|
- logstash
|
||||||
|
{%- if OSQUERY != 0 %}
|
||||||
|
- launcher
|
||||||
|
{%- endif %}
|
||||||
- schedule
|
- schedule
|
||||||
|
|
||||||
'G@role:so-node and I@node:node_type:hot':
|
'G@role:so-node and I@node:node_type:hot':
|
||||||
@@ -98,6 +106,9 @@ base:
|
|||||||
- logstash
|
- logstash
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
- curator
|
- curator
|
||||||
|
{%- if OSQUERY != 0 %}
|
||||||
|
- launcher
|
||||||
|
{%- endif %}
|
||||||
- schedule
|
- schedule
|
||||||
|
|
||||||
'G@role:so-node and I@node:node_type:warm':
|
'G@role:so-node and I@node:node_type:warm':
|
||||||
@@ -105,6 +116,9 @@ base:
|
|||||||
- common
|
- common
|
||||||
- firewall
|
- firewall
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
|
{%- if OSQUERY != 0 %}
|
||||||
|
- launcher
|
||||||
|
{%- endif %}
|
||||||
- schedule
|
- schedule
|
||||||
|
|
||||||
'G@role:so-node and I@node:node_type:storage':
|
'G@role:so-node and I@node:node_type:storage':
|
||||||
@@ -118,6 +132,9 @@ base:
|
|||||||
- curator
|
- curator
|
||||||
- wazuh
|
- wazuh
|
||||||
- filebeat
|
- filebeat
|
||||||
|
{%- if OSQUERY != 0 %}
|
||||||
|
- launcher
|
||||||
|
{%- endif %}
|
||||||
- schedule
|
- schedule
|
||||||
|
|
||||||
'G@role:mastersensor':
|
'G@role:mastersensor':
|
||||||
@@ -125,4 +142,7 @@ base:
|
|||||||
- firewall
|
- firewall
|
||||||
- sensor
|
- sensor
|
||||||
- master
|
- master
|
||||||
|
{%- if OSQUERY != 0 %}
|
||||||
|
- launcher
|
||||||
|
{%- endif %}
|
||||||
- schedule
|
- schedule
|
||||||
|
|||||||
@@ -582,6 +582,7 @@ master_static() {
|
|||||||
echo " hiveuser: hiveadmin" >> /opt/so/saltstack/pillar/static.sls
|
echo " hiveuser: hiveadmin" >> /opt/so/saltstack/pillar/static.sls
|
||||||
echo " hivepassword: hivechangeme" >> /opt/so/saltstack/pillar/static.sls
|
echo " hivepassword: hivechangeme" >> /opt/so/saltstack/pillar/static.sls
|
||||||
echo " hivekey: $HIVEKEY" >> /opt/so/saltstack/pillar/static.sls
|
echo " hivekey: $HIVEKEY" >> /opt/so/saltstack/pillar/static.sls
|
||||||
|
echo " fleetsetup: 0" >> /opt/so/salt/saltstack/pillar/static.sls
|
||||||
if [[ $MASTERUPDATES == 'MASTER' ]]; then
|
if [[ $MASTERUPDATES == 'MASTER' ]]; then
|
||||||
echo " masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls
|
echo " masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls
|
||||||
else
|
else
|
||||||
|
|||||||
Reference in New Issue
Block a user