From 21c7f940d7152b4c2b6d2e5eebaa82183cfccd09 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 13 Sep 2022 11:48:25 -0400 Subject: [PATCH 1/2] Update copyrights --- .../tools/sbin/so-elasticsearch-indices-list | 19 +++++-------------- .../sbin/so-elasticsearch-pipeline-stats | 19 +++++-------------- .../tools/sbin/so-elasticsearch-pipeline-view | 19 +++++-------------- salt/common/tools/sbin/so-elasticsearch-query | 19 +++++-------------- .../tools/sbin/so-elasticsearch-shards-list | 19 +++++-------------- .../sbin/so-elasticsearch-template-remove | 19 +++++-------------- .../tools/sbin/so-elasticsearch-template-view | 19 +++++-------------- salt/common/tools/sbin/so-logstash-events | 19 +++++-------------- .../tools/sbin/so-logstash-pipeline-stats | 19 +++++-------------- salt/common/tools/sbin/so-tcpreplay | 18 ++++-------------- salt/common/tools/sbin/so-tcpreplay-start | 18 ++++-------------- salt/common/tools/sbin/so-test | 18 ++++-------------- salt/filebeat/init.sls | 17 ++++------------- salt/idh/init.sls | 18 ++++-------------- salt/soc/files/soc/custom.js | 14 +++++--------- salt/strelka/init.sls | 19 +++++-------------- 16 files changed, 75 insertions(+), 218 deletions(-) diff --git a/salt/common/tools/sbin/so-elasticsearch-indices-list b/salt/common/tools/sbin/so-elasticsearch-indices-list index a71f127eb..7267ec1b5 100755 --- a/salt/common/tools/sbin/so-elasticsearch-indices-list +++ b/salt/common/tools/sbin/so-elasticsearch-indices-list @@ -1,19 +1,10 @@ #!/bin/bash # -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + {%- set NODEIP = salt['pillar.get']('host:mainip', '') -%} . /usr/sbin/so-common diff --git a/salt/common/tools/sbin/so-elasticsearch-pipeline-stats b/salt/common/tools/sbin/so-elasticsearch-pipeline-stats index 8f541d2ee..82590d142 100755 --- a/salt/common/tools/sbin/so-elasticsearch-pipeline-stats +++ b/salt/common/tools/sbin/so-elasticsearch-pipeline-stats @@ -1,19 +1,10 @@ #!/bin/bash # -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + {%- set NODEIP = salt['pillar.get']('host:mainip', '') -%} . /usr/sbin/so-common diff --git a/salt/common/tools/sbin/so-elasticsearch-pipeline-view b/salt/common/tools/sbin/so-elasticsearch-pipeline-view index 03e3c2a6a..535556f2c 100755 --- a/salt/common/tools/sbin/so-elasticsearch-pipeline-view +++ b/salt/common/tools/sbin/so-elasticsearch-pipeline-view @@ -1,19 +1,10 @@ #!/bin/bash # -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + {%- set NODEIP = salt['pillar.get']('host:mainip', '') -%} . /usr/sbin/so-common diff --git a/salt/common/tools/sbin/so-elasticsearch-query b/salt/common/tools/sbin/so-elasticsearch-query index e5d1f58e6..f616f24fb 100755 --- a/salt/common/tools/sbin/so-elasticsearch-query +++ b/salt/common/tools/sbin/so-elasticsearch-query @@ -1,19 +1,10 @@ #!/bin/bash # -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + . /usr/sbin/so-common if [[ $# -lt 1 ]]; then diff --git a/salt/common/tools/sbin/so-elasticsearch-shards-list b/salt/common/tools/sbin/so-elasticsearch-shards-list index 378888873..192d2c6f0 100755 --- a/salt/common/tools/sbin/so-elasticsearch-shards-list +++ b/salt/common/tools/sbin/so-elasticsearch-shards-list @@ -1,19 +1,10 @@ #!/bin/bash # -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + {%- set NODEIP = salt['pillar.get']('host:mainip', '') -%} . /usr/sbin/so-common diff --git a/salt/common/tools/sbin/so-elasticsearch-template-remove b/salt/common/tools/sbin/so-elasticsearch-template-remove index d69b82fc4..5028cbb07 100755 --- a/salt/common/tools/sbin/so-elasticsearch-template-remove +++ b/salt/common/tools/sbin/so-elasticsearch-template-remove @@ -1,19 +1,10 @@ #!/bin/bash # -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + {%- set NODEIP = salt['pillar.get']('host:mainip', '') -%} . /usr/sbin/so-common diff --git a/salt/common/tools/sbin/so-elasticsearch-template-view b/salt/common/tools/sbin/so-elasticsearch-template-view index 6d549d7c0..5934de13e 100755 --- a/salt/common/tools/sbin/so-elasticsearch-template-view +++ b/salt/common/tools/sbin/so-elasticsearch-template-view @@ -1,19 +1,10 @@ #!/bin/bash # -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + {%- set NODEIP = salt['pillar.get']('host:mainip', '') -%} . /usr/sbin/so-common diff --git a/salt/common/tools/sbin/so-logstash-events b/salt/common/tools/sbin/so-logstash-events index 1765fd654..5ea34ad80 100755 --- a/salt/common/tools/sbin/so-logstash-events +++ b/salt/common/tools/sbin/so-logstash-events @@ -1,19 +1,10 @@ #!/bin/bash # -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + {% set MAININT = salt['pillar.get']('host:mainint') -%} {% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%} diff --git a/salt/common/tools/sbin/so-logstash-pipeline-stats b/salt/common/tools/sbin/so-logstash-pipeline-stats index 31cfaee34..4ad58e5b3 100755 --- a/salt/common/tools/sbin/so-logstash-pipeline-stats +++ b/salt/common/tools/sbin/so-logstash-pipeline-stats @@ -1,19 +1,10 @@ #!/bin/bash # -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + {% set MAININT = salt['pillar.get']('host:mainint') -%} {% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%} diff --git a/salt/common/tools/sbin/so-tcpreplay b/salt/common/tools/sbin/so-tcpreplay index 8165d55b7..99314c289 100755 --- a/salt/common/tools/sbin/so-tcpreplay +++ b/salt/common/tools/sbin/so-tcpreplay @@ -1,19 +1,9 @@ #!/bin/bash -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. # Usage: so-tcpreplay "/opt/samples/*" diff --git a/salt/common/tools/sbin/so-tcpreplay-start b/salt/common/tools/sbin/so-tcpreplay-start index 3bef3c76c..8c0d95623 100755 --- a/salt/common/tools/sbin/so-tcpreplay-start +++ b/salt/common/tools/sbin/so-tcpreplay-start @@ -1,19 +1,9 @@ #!/bin/bash -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. . /usr/sbin/so-common diff --git a/salt/common/tools/sbin/so-test b/salt/common/tools/sbin/so-test index aedcb0ad6..8d6bcf4e1 100755 --- a/salt/common/tools/sbin/so-test +++ b/salt/common/tools/sbin/so-test @@ -1,18 +1,8 @@ #!/bin/bash -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. so-tcpreplay /opt/samples/* 2> /dev/null diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index dd30d4205..8fab6963a 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -1,17 +1,8 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. -# Copyright 2014-2022 Security Onion Solutions, LLC -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} diff --git a/salt/idh/init.sls b/salt/idh/init.sls index bcde7212a..d4191c31e 100644 --- a/salt/idh/init.sls +++ b/salt/idh/init.sls @@ -1,17 +1,7 @@ - -# Copyright 2014-2022 Security Onion Solutions, LLC -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} diff --git a/salt/soc/files/soc/custom.js b/salt/soc/files/soc/custom.js index 9b8fd51a3..cf6c85b8a 100644 --- a/salt/soc/files/soc/custom.js +++ b/salt/soc/files/soc/custom.js @@ -1,12 +1,8 @@ -// Copyright 2019 Jason Ertel (jertel). All rights reserved. -// Copyright 2021-2022 Security Onion Solutions, LLC. All rights reserved. -// -// This program is distributed under the terms of version 2 of the -// GNU General Public License. See LICENSE for further details. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +// Copyright Jason Ertel (github.com/jertel). +// Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +// or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +// https://securityonion.net/license; you may not use this file except in compliance with the +// Elastic License 2.0. /* diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index 6bdd1b1d1..330bdb681 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -1,17 +1,8 @@ -# Copyright 2014-2022 Security Onion Solutions, LLC -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} From d2fc712400caa3c9cfa92d60c9ffec87758cb7f1 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 13 Sep 2022 11:49:19 -0400 Subject: [PATCH 2/2] Initial SOC annotations --- salt/soc/soc_soc.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 salt/soc/soc_soc.yaml diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml new file mode 100644 index 000000000..7ae91d98c --- /dev/null +++ b/salt/soc/soc_soc.yaml @@ -0,0 +1,23 @@ +soc: + files: + soc: + banner__md: + title: Login Banner + description: Customize the login page with a specific markdown-formatted message. + file: True + global: True + motd__md: + title: Overview Page + description: Customize the overview page with specific markdown-formatted content. Images can be used but must be hosted from another host that is accessible by the users' browser. + file: True + global: True + custom__js: + title: Custom Javascript + description: Customize SOC UI behavior with custom Javascript code. Custom Javascript not provided by Security Onion Solutions is unsupported, and should be removed prior to requesting support. + file: True + global: True + custom_roles: + title: Custom Roles + description: Add additional roles for assigning to users. These roles will not have specific permissions associated to them, however, this can be useful for organizing SOC analyst teams. + file: True + global: True \ No newline at end of file