CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' of github.com:Security-Onion-Solutions/securityonion-saltstack into dev

Browse Source 
# Conflicts:
#	salt/common/tools/sbin/so-allow
This commit is contained in:
William Wernert
2020-06-29 15:14:12 -04:00
parent 8cbccb656d abe063602b
commit 8e15f858dd
4 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
files/firewall/hostgroups.local.yaml
View File

@@ -12,6 +12,9 @@ firewall:
ips: ips:
delete: delete:
insert: insert:
elasticsearch_rest:
delete:
insert:
fleet: fleet:
ips: ips:
delete: delete:

11
salt/common/tools/sbin/so-allow
View File

@@ -21,7 +21,7 @@ local_salt_dir=/opt/so/saltstack/local
SKIP=0 SKIP=0
while getopts "ahfsprbowi:" OPTION while getopts "ahfesprbowi:" OPTION
do do
case $OPTION in case $OPTION in
h) h)
@@ -36,7 +36,11 @@ do
FULLROLE="beats_endpoint" FULLROLE="beats_endpoint"
SKIP=1 SKIP=1
;; ;;
f) e)
FULLROLE="elasticsearch_rest"
SKIP=1
;;
f)
FULLROLE="strelka_frontend" FULLROLE="strelka_frontend"
SKIP=1 SKIP=1
;; ;;
@@ -77,6 +81,7 @@ if [ "$SKIP" -eq 0 ]; then
echo "" echo ""
echo "[a] - Analyst - ports 80/tcp and 443/tcp" echo "[a] - Analyst - ports 80/tcp and 443/tcp"
echo "[b] - Logstash Beat - port 5044/tcp" echo "[b] - Logstash Beat - port 5044/tcp"
echo "[e] - Elasticsearch REST API - port 9200/tcp"
echo "[f] - Strelka frontend - port 57314/tcp" echo "[f] - Strelka frontend - port 57314/tcp"
echo "[o] - Osquery endpoint - port 8090/tcp" echo "[o] - Osquery endpoint - port 8090/tcp"
echo "[s] - Syslog device - 514/tcp/udp" echo "[s] - Syslog device - 514/tcp/udp"
@@ -92,6 +97,8 @@ if [ "$SKIP" -eq 0 ]; then
FULLROLE=analyst FULLROLE=analyst
elif [ "$ROLE" == "b" ]; then elif [ "$ROLE" == "b" ]; then
FULLROLE=beats_endpoint FULLROLE=beats_endpoint
elif [ "$ROLE" == "e" ]; then
FULLROLE=elasticsearch_rest
elif [ "$ROLE" == "f" ]; then elif [ "$ROLE" == "f" ]; then
FULLROLE=strelka_frontend FULLROLE=strelka_frontend
elif [ "$ROLE" == "o" ]; then elif [ "$ROLE" == "o" ]; then

3
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -48,6 +48,9 @@ role:
beats_endpoint_ssl: beats_endpoint_ssl:
portgroups: portgroups:
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
elasticsearch_rest:
portgroups:
- {{ portgroups.elasticsearch_rest }}
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}

5
setup/so-whiptail
View File

@@ -536,9 +536,10 @@ whiptail_nids() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
NIDS=$(whiptail --title "Security Onion Setup" --radiolist \ NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose which IDS to run:" 20 75 4 \ "Choose which IDS to run. \n
Snort 3.0 support will be added once it is out of beta:" 25 75 4 \
"Suricata" "Suricata 4.X" ON \ "Suricata" "Suricata 4.X" ON \
"Snort" "Snort 3.0 Beta" OFF 3>&1 1>&2 2>&3 ) "Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus