CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into issue/1191

Browse Source
This commit is contained in:
m0duspwnens
2021-01-29 16:54:26 -05:00
parent 618b94b9b6 929896c191
commit 8ca15a6679
11 changed files with 134 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
salt/common/init.sls
View File

@@ -267,6 +267,19 @@ dockerreserveports:
- source: salt://common/files/99-reserved-ports.conf - source: salt://common/files/99-reserved-ports.conf
- name: /etc/sysctl.d/99-reserved-ports.conf - name: /etc/sysctl.d/99-reserved-ports.conf
{% if salt['grains.get']('sosmodel', '') %}
# Install raid check cron
/usr/sbin/so-raid-status > /dev/null 2>&1:
cron.present:
- user: root
- minute: '*/15'
- hour: '*'
- daymonth: '*'
- month: '*'
- dayweek: '*'
{% endif %}
{% else %} {% else %}
{{sls}}_state_not_allowed: {{sls}}_state_not_allowed:

10
salt/common/tools/sbin/so-common
View File

@@ -228,23 +228,23 @@ retry() {
attempt=0 attempt=0
while [[ $attempt -lt $maxAttempts ]]; do while [[ $attempt -lt $maxAttempts ]]; do
attempt=$((attempt+1)) attempt=$((attempt+1))
info "Executing command with retry support: $cmd" echo "Executing command with retry support: $cmd"
output=$($cmd) output=$($cmd)
info "Results: $output"
exitcode=$? exitcode=$?
echo "Results: $output ($exitcode)"
if [ -n "$expectedOutput" ]; then if [ -n "$expectedOutput" ]; then
if [[ "$output" =~ "$expectedOutput" ]]; then if [[ "$output" =~ "$expectedOutput" ]]; then
return $exitCode return $exitCode
else else
info "Expected '$expectedOutput' but got '$output'" echo "Expected '$expectedOutput' but got '$output'"
fi fi
elif [[ $exitcode -eq 0 ]]; then elif [[ $exitcode -eq 0 ]]; then
return $exitCode return $exitCode
fi fi
info "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..." echo "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
sleep $sleepDelay sleep $sleepDelay
done done
error "Command continues to fail; giving up." echo "Command continues to fail; giving up."
return 1 return 1
} }

15
salt/common/tools/sbin/so-image-common
View File

@@ -126,12 +126,19 @@ update_docker_containers() {
container_list container_list
fi fi
# Let's make sure we have the public key
curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import - >> "$LOG_FILE" 2>&1
rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1 rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1
mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1 mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1
# Let's make sure we have the public key
retry 50 10 "curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS -o $SIGNPATH/KEYS" >> "$LOG_FILE" 2>&1
result=$?
if [[ $result -eq 0 ]]; then
cat $SIGNPATH/KEYS | gpg --import - >> "$LOG_FILE" 2>&1
else
echo "Failed to pull signature key file: $result"
exit 1
fi
# Download the containers from the interwebs # Download the containers from the interwebs
for i in "${TRUSTED_CONTAINERS[@]}" for i in "${TRUSTED_CONTAINERS[@]}"
do do
@@ -146,7 +153,7 @@ update_docker_containers() {
docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1 docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1
# Get signature # Get signature
curl -A "$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)" https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig >> "$LOG_FILE" 2>&1 retry 50 10 "curl -A '$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)' https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig" >> "$LOG_FILE" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo "Unable to pull signature file for $image" >> "$LOG_FILE" 2>&1 echo "Unable to pull signature file for $image" >> "$LOG_FILE" 2>&1
exit 1 exit 1

81
salt/common/tools/sbin/so-raid-status Normal file
View File

@@ -0,0 +1,81 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common
#check_boss_raid() {
# BOSSBIN=/opt/boss/mvcli
# BOSSRC=$($BOSSBIN info -o vd | grep functional)
#
# if [[ $BOSSRC ]]; then
# # Raid is good
# BOSSRAID=0
# else
# BOSSRAID=1
# fi
#}
check_lsi_raid() {
# For use for LSI on Ubuntu
#MEGA=/opt/MegaRAID/MegeCli/MegaCli64
#LSIRC=$($MEGA -LDInfo -Lall -aALL | grep Optimal)
# Open Source Centos
MEGA=/opt/mega/megasasctl
LSIRC=$($MEGA | grep optimal)
if [[ $LSIRC ]]; then
# Raid is good
LSIRAID=0
else
LSIRAID=1
fi
}
check_software_raid() {
SWRC=$(grep "_" /proc/mdstat)
if [[ $SWRC ]]; then
# RAID is failed in some way
SWRAID=1
else
SWRAID=0
fi
}
# This script checks raid status if you use SO appliances
# See if this is an appliance
{%- if salt['grains.get']('sosmodel', '') %}
mkdir -p /opt/so/log/raid
{%- if grains['sosmodel'] in ['SOSMN', 'SOSSNNV'] %}
#check_boss_raid
check_software_raid
echo "osraid=$BOSSRAID nsmraid=$SWRAID" > /opt/so/log/raid/status.log
{%- elif grains['sosmodel'] in ['SOS1000F', 'SOS1000', 'SOSSN7200', 'SOS10K', 'SOS4000'] %}
#check_boss_raid
check_lsi_raid
echo "osraid=$BOSSRAID nsmraid=$LSIRAID" > /opt/so/log/raid/status.log
{%- else %}
exit 0
{%- endif %}
{%- else %}
exit 0
{%- endif %}

18
salt/common/tools/sbin/so-user
View File

@@ -1,12 +1,20 @@
#!/bin/bash #!/bin/bash
# Copyright 2020 Security Onion Solutions. All rights reserved.
# # Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# This program is distributed under the terms of version 2 of the
# GNU General Public License. See LICENSE for further details. # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# #
# This program is distributed in the hope that it will be useful, # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of # but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
source $(dirname $0)/so-common source $(dirname $0)/so-common

2
setup/automation/distributed-net-centos-search
View File

@@ -49,7 +49,7 @@ MANAGERUPDATES=1
MNIC=eth0 MNIC=eth0
# MSEARCH= # MSEARCH=
MSRV=distributed-manager MSRV=distributed-manager
MSRVIP=10.66.166.42 MSRVIP=10.66.166.72
# MTU= # MTU=
# NIDS=Suricata # NIDS=Suricata
# NODE_ES_HEAP_SIZE= # NODE_ES_HEAP_SIZE=

2
setup/automation/distributed-net-centos-sensor
View File

@@ -49,7 +49,7 @@ MANAGERUPDATES=1
MNIC=eth0 MNIC=eth0
# MSEARCH= # MSEARCH=
MSRV=distributed-manager MSRV=distributed-manager
MSRVIP=10.66.166.42 MSRVIP=10.66.166.72
# MTU= # MTU=
# NIDS=Suricata # NIDS=Suricata
# NODE_ES_HEAP_SIZE= # NODE_ES_HEAP_SIZE=

2
setup/automation/distributed-net-ubuntu-search
View File

@@ -49,7 +49,7 @@ MANAGERUPDATES=1
MNIC=ens18 MNIC=ens18
# MSEARCH= # MSEARCH=
MSRV=distributed-manager MSRV=distributed-manager
MSRVIP=10.66.166.42 MSRVIP=10.66.166.62
# MTU= # MTU=
# NIDS=Suricata # NIDS=Suricata
# NODE_ES_HEAP_SIZE= # NODE_ES_HEAP_SIZE=

2
setup/automation/distributed-net-ubuntu-sensor
View File

@@ -49,7 +49,7 @@ MANAGERUPDATES=1
MNIC=ens18 MNIC=ens18
# MSEARCH= # MSEARCH=
MSRV=distributed-manager MSRV=distributed-manager
MSRVIP=10.66.166.42 MSRVIP=10.66.166.62
# MTU= # MTU=
# NIDS=Suricata # NIDS=Suricata
# NODE_ES_HEAP_SIZE= # NODE_ES_HEAP_SIZE=

4
setup/automation/import-airgap
View File

@@ -63,8 +63,8 @@ OSQUERY=1
# PATCHSCHEDULEHOURS= # PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto PATCHSCHEDULENAME=auto
# PLAYBOOK=1 # PLAYBOOK=1
REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) # REDIRECTHOST=
REDIRECTINFO=OTHER REDIRECTINFO=IP
RULESETUP=ETOPEN RULESETUP=ETOPEN
# SHARDCOUNT= # SHARDCOUNT=
# SKIP_REBOOT= # SKIP_REBOOT=

6
setup/so-setup
View File

@@ -567,7 +567,7 @@ set_redirect >> $setup_log 2>&1
set_updates >> $setup_log 2>&1 set_updates >> $setup_log 2>&1
fi fi
if [[ $is_manager && $is_airgap ]]; then if [[ ( $is_manager || $is_import ) && $is_airgap ]]; then
info "Creating airgap repo" info "Creating airgap repo"
create_repo >> $setup_log 2>&1 create_repo >> $setup_log 2>&1
airgap_rules >> $setup_log 2>&1 airgap_rules >> $setup_log 2>&1
@@ -652,12 +652,12 @@ set_redirect >> $setup_log 2>&1
if [[ $is_minion ]]; then if [[ $is_minion ]]; then
set_progress_str 20 'Accepting Salt key on manager' set_progress_str 20 'Accepting Salt key on manager'
retry 20 10 accept_salt_key_remote "going to be accepted" retry 20 10 accept_salt_key_remote "going to be accepted" >> $setup_log 2>&1
fi fi
if [[ $is_manager || $is_import || $is_helix ]]; then if [[ $is_manager || $is_import || $is_helix ]]; then
set_progress_str 20 'Accepting Salt key' set_progress_str 20 'Accepting Salt key'
retry 20 10 "salt-key -ya $MINION_ID" "going to be accepted" retry 20 10 "salt-key -ya $MINION_ID" "going to be accepted" >> $setup_log 2>&1
fi fi
set_progress_str 21 'Copying minion pillars to manager' set_progress_str 21 'Copying minion pillars to manager'