CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Curator scripts

Browse Source
This commit is contained in:
Wes
2023-03-28 00:54:04 +00:00
parent 6c3c5730c5
commit 934b8894e2
3 changed files with 60 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
salt/curator/files/bin/so-curator-cluster-close Normal file → Executable file
View File

38
salt/curator/files/bin/so-curator-cluster-delete Normal file → Executable file
View File

@@ -4,7 +4,27 @@
# https://securityonion.net/license; you may not use this file except in compliance with the # https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0. # Elastic License 2.0.
APP=delete
#. /usr/sbin/so-elastic-common
#. /etc/nsm/securityonion.conf
# If logrotate script doesn't already exist, create it
#FILE="/etc/logrotate.d/so-curator-cluster-delete"
#if ! [ -f ${FILE} ]; then
# cat << EOF > ${FILE}
#/var/log/nsm/so-curator-cluster-delete.log {
# daily
# rotate 7
# copytruncate
# compress
# missingok
# notifempty
#}
#EOF
#fi
# Avoid starting multiple instances
APP=clusterdelete
lf=/tmp/$APP-pidLockFile lf=/tmp/$APP-pidLockFile
# create empty lock file if none exists # create empty lock file if none exists
cat /dev/null >> $lf cat /dev/null >> $lf
@@ -13,18 +33,4 @@ read lastPID < $lf
[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit [ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
echo $$ > $lf echo $$ > $lf
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-delete.yml > /dev/null 2>&1; /usr/sbin/so-curator-cluster-delete-delete
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-kratos-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-import-so-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-strelka-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-suricata-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-syslog-delete.yml > /dev/null 2>&1;
docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/logs-zeek-delete.yml > /dev/null 2>&1;

50
salt/curator/init.sls
View File

@@ -5,12 +5,6 @@
{% from 'allowed_states.map.jinja' import allowed_states %} {% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls in allowed_states %} {% if sls in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'docker/docker.map.jinja' import DOCKER %}
{% from "curator/map.jinja" import CURATOROPTIONS %}
{% from "curator/map.jinja" import CURATORMERGED %}
{% set REMOVECURATORCRON = False %}
# Curator # Curator
# Create the group # Create the group
curatorgroup: curatorgroup:
@@ -27,6 +21,17 @@ curator:
- createhome: False - createhome: False
# Create the log directory # Create the log directory
curlogdir:
file.directory:
- name: /opt/so/log/curator
- user: 934
- group: 939
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% if GLOBALS.role in ['so-eval', 'so-standalone', 'so-managersearch', 'so-heavynode', 'so-manager']%}
{% from 'docker/docker.map.jinja' import DOCKER %}
{% from "curator/map.jinja" import CURATOROPTIONS %}
{% from "curator/map.jinja" import CURATORMERGED %}
{% set REMOVECURATORCRON = False %}
curactiondir: curactiondir:
file.directory: file.directory:
- name: /opt/so/conf/curator/action - name: /opt/so/conf/curator/action
@@ -34,12 +39,6 @@ curactiondir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
curlogdir:
file.directory:
- name: /opt/so/log/curator
- user: 934
- group: 939
actionconfs: actionconfs:
file.recurse: file.recurse:
- name: /opt/so/conf/curator/action - name: /opt/so/conf/curator/action
@@ -172,7 +171,34 @@ so-curatorclusterdelete:
- daymonth: '*' - daymonth: '*'
- month: '*' - month: '*'
- dayweek: '*' - dayweek: '*'
{% else %}
curnodedel:
file.managed:
- name: /usr/sbin/so-curator-node-delete
- source: salt://curator/files/bin/so-curator-node-delete
- user: 934
- group: 939
- mode: 755
curnodedeldel:
file.managed:
- name: /usr/sbin/so-curator-node-delete-delete
- source: salt://curator/files/bin/so-curator-node-delete-delete
- user: 934
- group: 939
- mode: 755
- template: jinja
so-curatornodedeletecron:
cron.present:
- name: /usr/sbin/so-curator-node-delete > /opt/so/log/curator/cron-node-delete.log 2>&1
- user: root
- minute: '*/5'
- hour: '*'
- daymonth: '*'
- month: '*'
- dayweek: '*'
{% endif %}
{% else %} {% else %}
{{sls}}_state_not_allowed: {{sls}}_state_not_allowed: