CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Kafka init

Browse Source 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
This commit is contained in:
reyesj2
2023-11-29 13:34:25 -05:00
parent c957c6ce14
commit 86dc7cc804
32 changed files with 828 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/firewall/containers.map.jinja
View File

@@ -87,6 +87,11 @@
'so-logstash',
'so-redis',
] %}
{% elif GLOBALS.role == 'so-kafkanode' %}
{% set NODE_CONTAINERS = [
'so-logstash',
'so-kafka',
] %}
{% elif GLOBALS.role == 'so-idh' %}
{% set NODE_CONTAINERS = [

94
salt/firewall/defaults.yaml
View File

@@ -19,6 +19,7 @@ firewall:
manager: []
managersearch: []
receiver: []
kafkanode: []
searchnode: []
self: []
sensor: []
@@ -90,6 +91,11 @@ firewall:
tcp:
- 8086
udp: []
kafka:
tcp:
- 9092
- 9093
udp: []
kibana:
tcp:
- 5601
@@ -441,6 +447,15 @@ firewall:
- elastic_agent_data
- elastic_agent_update
- sensoroni
kafkanode:
portgroups:
- yum
- docker_registry
- influxdb
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
@@ -513,6 +528,9 @@ firewall:
receiver:
portgroups:
- salt_manager
kafkanode:
portgroups:
- salt_manager
desktop:
portgroups:
- salt_manager
@@ -629,6 +647,15 @@ firewall:
- elastic_agent_data
- elastic_agent_update
- sensoroni
kafkanode:
portgroups:
- yum
- docker_registry
- influxdb
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
@@ -1339,6 +1366,73 @@ firewall:
portgroups: []
customhostgroup9:
portgroups: []
kafkanode:
chain:
DOCKER-USER:
hostgroups:
searchnode:
portgroups:
- kafka
kafkanode:
portgroups:
- kafka
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
self:
portgroups:
- syslog
syslog:
portgroups:
- syslog
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
idh:
chain:
DOCKER-USER:

64
salt/firewall/soc_firewall.yaml
View File

@@ -34,6 +34,7 @@ firewall:
heavynode: *hostgroupsettings
idh: *hostgroupsettings
import: *hostgroupsettings
kafkanode: *hostgroupsettings
localhost: *ROhostgroupsettingsadv
manager: *hostgroupsettings
managersearch: *hostgroupsettings
@@ -115,6 +116,9 @@ firewall:
influxdb:
tcp: *tcpsettings
udp: *udpsettings
kafka:
tcp: *tcpsettings
udp: *udpsettings
kibana:
tcp: *tcpsettings
udp: *udpsettings
@@ -363,6 +367,8 @@ firewall:
portgroups: *portgroupsdocker
endgame:
portgroups: *portgroupsdocker
kafkanode:
portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
desktop:
@@ -454,6 +460,8 @@ firewall:
portgroups: *portgroupsdocker
syslog:
portgroups: *portgroupsdocker
kafkanode:
portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
desktop:
@@ -938,6 +946,62 @@ firewall:
portgroups: *portgroupshost
customhostgroup9:
portgroups: *portgroupshost
kafkanode:
chain:
DOCKER-USER:
hostgroups:
searchnode:
portgroups: *portgroupsdocker
kafkanode:
portgroups: *portgroupsdocker
customhostgroup0:
portgroups: *portgroupsdocker
customhostgroup1:
portgroups: *portgroupsdocker
customhostgroup2:
portgroups: *portgroupsdocker
customhostgroup3:
portgroups: *portgroupsdocker
customhostgroup4:
portgroups: *portgroupsdocker
customhostgroup5:
portgroups: *portgroupsdocker
customhostgroup6:
portgroups: *portgroupsdocker
customhostgroup7:
portgroups: *portgroupsdocker
customhostgroup8:
portgroups: *portgroupsdocker
customhostgroup9:
portgroups: *portgroupsdocker
INPUT:
hostgroups:
anywhere:
portgroups: *portgroupshost
dockernet:
portgroups: *portgroupshost
localhost:
portgroups: *portgroupshost
customhostgroup0:
portgroups: *portgroupshost
customhostgroup1:
portgroups: *portgroupshost
customhostgroup2:
portgroups: *portgroupshost
customhostgroup3:
portgroups: *portgroupshost
customhostgroup4:
portgroups: *portgroupshost
customhostgroup5:
portgroups: *portgroupshost
customhostgroup6:
portgroups: *portgroupshost
customhostgroup7:
portgroups: *portgroupshost
customhostgroup8:
portgroups: *portgroupshost
customhostgroup9:
portgroups: *portgroupshost
idh:
chain: