mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-19 23:43:07 +01:00
Merge branch '2.4/dev' of github.com:Security-Onion-Solutions/securityonion into 2.4/dev
This commit is contained in:
Mike Reeves
1
.github/DISCUSSION_TEMPLATE/2-4.yml
vendored
1
.github/DISCUSSION_TEMPLATE/2-4.yml
vendored
@@ -30,6 +30,7 @@ body:
|
|||||||
- 2.4.150
|
- 2.4.150
|
||||||
- 2.4.160
|
- 2.4.160
|
||||||
- 2.4.170
|
- 2.4.170
|
||||||
|
- 2.4.180
|
||||||
- Other (please provide detail below)
|
- Other (please provide detail below)
|
||||||
validations:
|
validations:
|
||||||
required: true
|
required: true
|
||||||
|
|||||||
@@ -9,3 +9,6 @@ fleetartifactdir:
|
|||||||
- user: 947
|
- user: 947
|
||||||
- group: 939
|
- group: 939
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
|
- recurse:
|
||||||
|
- user
|
||||||
|
- group
|
||||||
|
|||||||
@@ -9,6 +9,9 @@
|
|||||||
{% from 'elasticfleet/map.jinja' import ELASTICFLEETMERGED %}
|
{% from 'elasticfleet/map.jinja' import ELASTICFLEETMERGED %}
|
||||||
{% set node_data = salt['pillar.get']('node_data') %}
|
{% set node_data = salt['pillar.get']('node_data') %}
|
||||||
|
|
||||||
|
include:
|
||||||
|
- elasticfleet.artifact_registry
|
||||||
|
|
||||||
# Add EA Group
|
# Add EA Group
|
||||||
elasticfleetgroup:
|
elasticfleetgroup:
|
||||||
group.present:
|
group.present:
|
||||||
|
|||||||
@@ -67,6 +67,8 @@ so-elastic-fleet-auto-configure-artifact-urls:
|
|||||||
elasticagent_syncartifacts:
|
elasticagent_syncartifacts:
|
||||||
file.recurse:
|
file.recurse:
|
||||||
- name: /nsm/elastic-fleet/artifacts/beats
|
- name: /nsm/elastic-fleet/artifacts/beats
|
||||||
|
- user: 947
|
||||||
|
- group: 947
|
||||||
- source: salt://beats
|
- source: salt://beats
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|||||||
@@ -909,6 +909,15 @@ firewall:
|
|||||||
- elastic_agent_control
|
- elastic_agent_control
|
||||||
- elastic_agent_data
|
- elastic_agent_data
|
||||||
- elastic_agent_update
|
- elastic_agent_update
|
||||||
|
hypervisor:
|
||||||
|
portgroups:
|
||||||
|
- yum
|
||||||
|
- docker_registry
|
||||||
|
- influxdb
|
||||||
|
- elastic_agent_control
|
||||||
|
- elastic_agent_data
|
||||||
|
- elastic_agent_update
|
||||||
|
- sensoroni
|
||||||
customhostgroup0:
|
customhostgroup0:
|
||||||
portgroups: []
|
portgroups: []
|
||||||
customhostgroup1:
|
customhostgroup1:
|
||||||
@@ -961,6 +970,9 @@ firewall:
|
|||||||
desktop:
|
desktop:
|
||||||
portgroups:
|
portgroups:
|
||||||
- salt_manager
|
- salt_manager
|
||||||
|
hypervisor:
|
||||||
|
portgroups:
|
||||||
|
- salt_manager
|
||||||
self:
|
self:
|
||||||
portgroups:
|
portgroups:
|
||||||
- syslog
|
- syslog
|
||||||
@@ -1113,6 +1125,15 @@ firewall:
|
|||||||
- elastic_agent_control
|
- elastic_agent_control
|
||||||
- elastic_agent_data
|
- elastic_agent_data
|
||||||
- elastic_agent_update
|
- elastic_agent_update
|
||||||
|
hypervisor:
|
||||||
|
portgroups:
|
||||||
|
- yum
|
||||||
|
- docker_registry
|
||||||
|
- influxdb
|
||||||
|
- elastic_agent_control
|
||||||
|
- elastic_agent_data
|
||||||
|
- elastic_agent_update
|
||||||
|
- sensoroni
|
||||||
customhostgroup0:
|
customhostgroup0:
|
||||||
portgroups: []
|
portgroups: []
|
||||||
customhostgroup1:
|
customhostgroup1:
|
||||||
@@ -1168,6 +1189,9 @@ firewall:
|
|||||||
desktop:
|
desktop:
|
||||||
portgroups:
|
portgroups:
|
||||||
- salt_manager
|
- salt_manager
|
||||||
|
hypervisor:
|
||||||
|
portgroups:
|
||||||
|
- salt_manager
|
||||||
self:
|
self:
|
||||||
portgroups:
|
portgroups:
|
||||||
- syslog
|
- syslog
|
||||||
|
|||||||
@@ -419,6 +419,7 @@ preupgrade_changes() {
|
|||||||
[[ "$INSTALLEDVERSION" == 2.4.141 ]] && up_to_2.4.150
|
[[ "$INSTALLEDVERSION" == 2.4.141 ]] && up_to_2.4.150
|
||||||
[[ "$INSTALLEDVERSION" == 2.4.150 ]] && up_to_2.4.160
|
[[ "$INSTALLEDVERSION" == 2.4.150 ]] && up_to_2.4.160
|
||||||
[[ "$INSTALLEDVERSION" == 2.4.160 ]] && up_to_2.4.170
|
[[ "$INSTALLEDVERSION" == 2.4.160 ]] && up_to_2.4.170
|
||||||
|
[[ "$INSTALLEDVERSION" == 2.4.170 ]] && up_to_2.4.180
|
||||||
true
|
true
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -448,6 +449,7 @@ postupgrade_changes() {
|
|||||||
[[ "$POSTVERSION" == 2.4.141 ]] && post_to_2.4.150
|
[[ "$POSTVERSION" == 2.4.141 ]] && post_to_2.4.150
|
||||||
[[ "$POSTVERSION" == 2.4.150 ]] && post_to_2.4.160
|
[[ "$POSTVERSION" == 2.4.150 ]] && post_to_2.4.160
|
||||||
[[ "$POSTVERSION" == 2.4.160 ]] && post_to_2.4.170
|
[[ "$POSTVERSION" == 2.4.160 ]] && post_to_2.4.170
|
||||||
|
[[ "$POSTVERSION" == 2.4.170 ]] && post_to_2.4.180
|
||||||
true
|
true
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -599,6 +601,11 @@ post_to_2.4.170() {
|
|||||||
POSTVERSION=2.4.170
|
POSTVERSION=2.4.170
|
||||||
}
|
}
|
||||||
|
|
||||||
|
post_to_2.4.180() {
|
||||||
|
echo "Nothing to apply"
|
||||||
|
POSTVERSION=2.4.180
|
||||||
|
}
|
||||||
|
|
||||||
repo_sync() {
|
repo_sync() {
|
||||||
echo "Sync the local repo."
|
echo "Sync the local repo."
|
||||||
su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync."
|
su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync."
|
||||||
@@ -856,6 +863,12 @@ up_to_2.4.170() {
|
|||||||
INSTALLEDVERSION=2.4.170
|
INSTALLEDVERSION=2.4.170
|
||||||
}
|
}
|
||||||
|
|
||||||
|
up_to_2.4.180() {
|
||||||
|
echo "Nothing to do for 2.4.180"
|
||||||
|
|
||||||
|
INSTALLEDVERSION=2.4.180
|
||||||
|
}
|
||||||
|
|
||||||
add_hydra_pillars() {
|
add_hydra_pillars() {
|
||||||
mkdir -p /opt/so/saltstack/local/pillar/hydra
|
mkdir -p /opt/so/saltstack/local/pillar/hydra
|
||||||
touch /opt/so/saltstack/local/pillar/hydra/soc_hydra.sls
|
touch /opt/so/saltstack/local/pillar/hydra/soc_hydra.sls
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
|
|
||||||
# NTP server list
|
# NTP server list
|
||||||
{%- for SERVER in NTPCONFIG.servers %}
|
{%- for SERVER in NTPCONFIG.servers %}
|
||||||
server {{ SERVER }} iburst
|
server {{ SERVER }} iburst maxpoll 10
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
# Config options
|
# Config options
|
||||||
@@ -9,3 +9,5 @@ driftfile /var/lib/chrony/drift
|
|||||||
makestep 1.0 3
|
makestep 1.0 3
|
||||||
rtcsync
|
rtcsync
|
||||||
logdir /var/log/chrony
|
logdir /var/log/chrony
|
||||||
|
port 0
|
||||||
|
cmdport 0
|
||||||
@@ -18,11 +18,19 @@ include:
|
|||||||
|
|
||||||
# This directory needs to exist regardless of whether STENO is enabled or not, in order for
|
# This directory needs to exist regardless of whether STENO is enabled or not, in order for
|
||||||
# Sensoroni to be able to look at old steno PCAP data
|
# Sensoroni to be able to look at old steno PCAP data
|
||||||
|
|
||||||
|
# if stenographer has never run as the pcap engine no 941 user is created, so we use socore as a placeholder.
|
||||||
|
# /nsm/pcap is empty until stenographer is used as pcap engine
|
||||||
|
{% set pcap_id = 941 %}
|
||||||
|
{% set user_list = salt['user.list_users']() %}
|
||||||
|
{% if GLOBALS.pcap_engine == "SURICATA" and 'stenographer' not in user_list %}
|
||||||
|
{% set pcap_id = 939 %}
|
||||||
|
{% endif %}
|
||||||
pcapdir:
|
pcapdir:
|
||||||
file.directory:
|
file.directory:
|
||||||
- name: /nsm/pcap
|
- name: /nsm/pcap
|
||||||
- user: 941
|
- user: {{ pcap_id }}
|
||||||
- group: 941
|
- group: {{ pcap_id }}
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
|
|
||||||
pcapoutdir:
|
pcapoutdir:
|
||||||
|
|||||||
@@ -13,7 +13,11 @@
|
|||||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||||
{% if sls.split('.')[0] in allowed_states and GLOBALS.os == 'OEL' %}
|
{% if sls.split('.')[0] in allowed_states and GLOBALS.os == 'OEL' %}
|
||||||
{% if 'stg' in salt['pillar.get']('features', []) %}
|
{% if 'stg' in salt['pillar.get']('features', []) %}
|
||||||
{% set OSCAP_PROFILE_NAME = 'xccdf_org.ssgproject.content_profile_stig' %}
|
{% if GLOBALS.role != 'so-desktop' %}
|
||||||
|
{% set OSCAP_PROFILE_NAME = 'xccdf_org.ssgproject.content_profile_stig' %}
|
||||||
|
{% else %}
|
||||||
|
{% set OSCAP_PROFILE_NAME = 'xccdf_org.ssgproject.content_profile_stig_gui' %}
|
||||||
|
{% endif %}
|
||||||
{% set OSCAP_PROFILE_LOCATION = '/opt/so/conf/stig/sos-oscap.xml' %}
|
{% set OSCAP_PROFILE_LOCATION = '/opt/so/conf/stig/sos-oscap.xml' %}
|
||||||
{% set OSCAP_OUTPUT_DIR = '/opt/so/log/stig' %}
|
{% set OSCAP_OUTPUT_DIR = '/opt/so/log/stig' %}
|
||||||
oscap_packages:
|
oscap_packages:
|
||||||
@@ -49,7 +53,7 @@ update_stig_profile:
|
|||||||
{% if not salt['file.file_exists'](OSCAP_OUTPUT_DIR ~ '/pre-oscap-report.html') %}
|
{% if not salt['file.file_exists'](OSCAP_OUTPUT_DIR ~ '/pre-oscap-report.html') %}
|
||||||
run_initial_scan:
|
run_initial_scan:
|
||||||
cmd.run:
|
cmd.run:
|
||||||
- name: 'oscap xccdf eval --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/pre-oscap-results.xml --report {{ OSCAP_OUTPUT_DIR }}/pre-oscap-report.html {{ OSCAP_PROFILE_LOCATION }}'
|
- name: 'oscap xccdf eval --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/pre-oscap-results.xml --report {{ OSCAP_OUTPUT_DIR }}/pre-oscap-report.html /usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml'
|
||||||
- success_retcodes:
|
- success_retcodes:
|
||||||
- 2
|
- 2
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
@@ -22,7 +22,8 @@ zeek:
|
|||||||
user.present:
|
user.present:
|
||||||
- uid: 937
|
- uid: 937
|
||||||
- gid: 937
|
- gid: 937
|
||||||
- home: /home/zeek
|
- home: /opt/so/conf/zeek
|
||||||
|
- createhome: False
|
||||||
|
|
||||||
# Create some directories
|
# Create some directories
|
||||||
zeekpolicydir:
|
zeekpolicydir:
|
||||||
|
|||||||
Reference in New Issue
Block a user