From 97a2d91d15f85767c85a51e23f881c48a7a37fd3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 12:14:30 -0400 Subject: [PATCH 01/54] Re-arrange whiptail screens --- salt/elasticsearch/files/elasticsearch.yml | 7 +- setup/so-whiptail | 477 +++++++++++---------- 2 files changed, 250 insertions(+), 234 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index acad465d1..40f708057 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -42,5 +42,10 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% # authz_exception: true {%- endif %} node.attr.box_type: {{ NODE_ROUTE_TYPE }} -node.name: {{ ESCLUSTERNAME }} +node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m +{%- if salt['pillar.get']('elasticsearch:true_cluster') %} + {%- if grains.role == 'so-manager' %} +node.roles: [ master ] + {%- endif %} +{%- endif %} diff --git a/setup/so-whiptail b/setup/so-whiptail index 0401146af..78e66285b 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -31,24 +31,6 @@ whiptail_airgap() { whiptail_check_exitstatus $exitstatus } -whiptail_basic_zeek() { - - [ -n "$TESTING" ] && return - - if [[ $is_smooshed ]]; then - local PROCS=$(expr $lb_procs / 2) - if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi - else - local PROCS=$lb_procs - fi - - BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - whiptail_basic_suri() { [ -n "$TESTING" ] && return @@ -68,15 +50,10 @@ whiptail_basic_suri() { } -whiptail_zeek_pins() { +whiptail_basic_zeek() { [ -n "$TESTING" ] && return - local cpu_core_list_whiptail=() - for item in "${cpu_core_list[@]}"; do - cpu_core_list_whiptail+=("$item" "OFF") - done - if [[ $is_smooshed ]]; then local PROCS=$(expr $lb_procs / 2) if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi @@ -84,65 +61,11 @@ whiptail_zeek_pins() { local PROCS=$lb_procs fi - ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - - ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"') - - IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS" -} - -whiptail_zeek_version() { - - [ -n "$TESTING" ] && return - - ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)" ON \ - "SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3) + BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus - -} - -whiptail_sensor_nics() { - - [ -n "$TESTING" ] && return - - filter_unused_nics - - if [[ $is_ec2 ]]; then - local menu_text="Please select NIC for the Monitor Interface:" - local list_type="radiolist" - else - local menu_text="Please add NICs to the Monitor Interface:" - local list_type="checklist" - fi - - BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - - while [ -z "$BNICS" ] - do - BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - done - - BNICS=$(echo "$BNICS" | tr -d '"') - - IFS=' ' read -ra BNICS <<< "$BNICS" - - for bond_nic in "${BNICS[@]}"; do - if [[ "${nmcli_dev_status_list}" =~ $bond_nic\:unmanaged ]]; then - whiptail \ - --title "Security Onion Setup" \ - --msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \ - 8 75 - exit - fi - done } whiptail_bond_nics_mtu() { @@ -184,6 +107,13 @@ whiptail_check_exitstatus() { esac } +whiptail_components_adv_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75 +} + whiptail_create_admin_user() { [ -n "$TESTING" ] && return @@ -291,13 +221,6 @@ whiptail_create_web_user() { whiptail_check_exitstatus $exitstatus } -whiptail_invalid_user_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75 -} - whiptail_create_web_user_password1() { [ -n "$TESTING" ] && return @@ -321,72 +244,6 @@ whiptail_create_web_user_password2() { } -whiptail_fleet_custom_hostname() { - - [ -n "$TESTING" ] && return - - FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \ - "What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - -whiptail_requirements_error() { - - local requirement_needed=$1 - local current_val=$2 - local needed_val=$3 - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" \ - --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - -whiptail_storage_requirements() { - local mount=$1 - local current_val=$2 - local needed_val=$3 - - [ -n "$TESTING" ] && return - - read -r -d '' message <<- EOM - Free space on mount point '${mount}' is currently ${current_val}. - - You need ${needed_val} to meet minimum requirements. - - Visit https://docs.securityonion.net/en/2.1/hardware.html for more information. - - Press YES to continue anyway, or press NO to cancel. - EOM - - whiptail \ - --title "Security Onion Setup" \ - --yesno "$message" \ - 14 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - -whiptail_invalid_pass_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75 -} - -whiptail_invalid_pass_characters_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75 -} - whiptail_cur_close_days() { [ -n "$TESTING" ] && return @@ -502,11 +359,26 @@ whiptail_eval_adv() { whiptail_check_exitstatus $exitstatus } -whiptail_components_adv_warning() { +whiptail_fleet_custom_hostname() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75 + FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \ + "What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + +whiptail_gauge_post_setup() { + + if [ -n "$TESTING" ]; then + cat >> $setup_log 2>&1 + else + local msg=$1 + + whiptail --title "Security Onion Setup" --gauge "$msg" 6 60 96 + fi } whiptail_helix_apikey() { @@ -594,6 +466,27 @@ whiptail_install_type() { export install_type } +whiptail_invalid_pass_characters_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75 +} + +whiptail_invalid_pass_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75 +} + +whiptail_invalid_user_warning() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75 +} + whiptail_log_size_limit() { [ -n "$TESTING" ] && return @@ -608,6 +501,17 @@ whiptail_log_size_limit() { } +whiptail_make_changes() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + whiptail_management_interface_dns() { [ -n "$TESTING" ] && return @@ -672,43 +576,6 @@ whiptail_management_nic() { } -whiptail_nids() { - - [ -n "$TESTING" ] && return - - NIDS=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \ - "Suricata" "Suricata" ON \ - "Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 ) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - -} - -whiptail_oinkcode() { - - [ -n "$TESTING" ] && return - - OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter your ET Pro or oinkcode:" 10 75 XXXXXXX 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - -} - -whiptail_make_changes() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - -} - whiptail_management_server() { [ -n "$TESTING" ] && return @@ -756,6 +623,17 @@ whiptail_manager_adv() { } +# Ask if you want to do true clustering +whiptail_manager_adv_escluster(){ + + [ -n "$TESTING" ] && return + + MGRCLUSTER=$(whiptail --title "Security Onion Setup" --yesno "Do you want to set up a traditional ES cluster?" 8 75) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + # Ask which additional components to install whiptail_manager_adv_service_zeeklogs() { @@ -810,6 +688,54 @@ whiptail_manager_adv_service_zeeklogs() { } +whiptail_manager_updates() { + + [ -n "$TESTING" ] && return + + local update_string + update_string=$(whiptail --title "Security Onion Setup" --radiolist \ + "How would you like to download OS package updates for your grid?" 20 75 4 \ + "MANAGER" "Manager node is proxy for updates" ON \ + "OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + case "$update_string" in + 'MANAGER') + export MANAGERUPDATES='1' + ;; + *) + export MANAGERUPDATES='0' + ;; + esac + +} + +whiptail_manager_updates_warning() { + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup"\ + --msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\ + 8 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + +whiptail_nids() { + + [ -n "$TESTING" ] && return + + NIDS=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \ + "Suricata" "Suricata" ON \ + "Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + whiptail_network_notice() { [ -n "$TESTING" ] && return @@ -895,6 +821,18 @@ whiptail_node_ls_input_threads() { } +whiptail_oinkcode() { + + [ -n "$TESTING" ] && return + + OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter your ET Pro or oinkcode:" 10 75 XXXXXXX 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} + #TODO: helper function to display error message or exit if batch mode # exit_if_batch <"Error string"> @@ -1049,6 +987,21 @@ whiptail_patch_schedule_select_hours() { } +whiptail_requirements_error() { + + local requirement_needed=$1 + local current_val=$2 + local needed_val=$3 + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" \ + --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + whiptail_rule_setup() { [ -n "$TESTING" ] && return @@ -1080,6 +1033,46 @@ whiptail_sensor_config() { } +whiptail_sensor_nics() { + + [ -n "$TESTING" ] && return + + filter_unused_nics + + if [[ $is_ec2 ]]; then + local menu_text="Please select NIC for the Monitor Interface:" + local list_type="radiolist" + else + local menu_text="Please add NICs to the Monitor Interface:" + local list_type="checklist" + fi + + BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + while [ -z "$BNICS" ] + do + BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + done + + BNICS=$(echo "$BNICS" | tr -d '"') + + IFS=' ' read -ra BNICS <<< "$BNICS" + + for bond_nic in "${BNICS[@]}"; do + if [[ "${nmcli_dev_status_list}" =~ $bond_nic\:unmanaged ]]; then + whiptail \ + --title "Security Onion Setup" \ + --msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \ + 8 75 + exit + fi + done +} + whiptail_set_hostname() { [ -n "$TESTING" ] && return @@ -1200,15 +1193,30 @@ whiptail_so_allow() { fi } -whiptail_gauge_post_setup() { +whiptail_storage_requirements() { + local mount=$1 + local current_val=$2 + local needed_val=$3 - if [ -n "$TESTING" ]; then - cat >> $setup_log 2>&1 - else - local msg=$1 + [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --gauge "$msg" 6 60 96 - fi + read -r -d '' message <<- EOM + Free space on mount point '${mount}' is currently ${current_val}. + + You need ${needed_val} to meet minimum requirements. + + Visit https://docs.securityonion.net/en/2.1/hardware.html for more information. + + Press YES to continue anyway, or press NO to cancel. + EOM + + whiptail \ + --title "Security Onion Setup" \ + --yesno "$message" \ + 14 75 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_strelka_rules() { @@ -1251,40 +1259,6 @@ whiptail_suricata_pins() { } -whiptail_manager_updates() { - - [ -n "$TESTING" ] && return - - local update_string - update_string=$(whiptail --title "Security Onion Setup" --radiolist \ - "How would you like to download OS package updates for your grid?" 20 75 4 \ - "MANAGER" "Manager node is proxy for updates" ON \ - "OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - - case "$update_string" in - 'MANAGER') - export MANAGERUPDATES='1' - ;; - *) - export MANAGERUPDATES='0' - ;; - esac - -} - -whiptail_manager_updates_warning() { - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup"\ - --msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\ - 8 75 - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus -} - whiptail_node_updates() { [ -n "$TESTING" ] && return @@ -1322,3 +1296,40 @@ whiptail_you_sure() { return $exitstatus } + +whiptail_zeek_pins() { + + [ -n "$TESTING" ] && return + + local cpu_core_list_whiptail=() + for item in "${cpu_core_list[@]}"; do + cpu_core_list_whiptail+=("$item" "OFF") + done + + if [[ $is_smooshed ]]; then + local PROCS=$(expr $lb_procs / 2) + if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi + else + local PROCS=$lb_procs + fi + + ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"') + + IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS" +} + +whiptail_zeek_version() { + + [ -n "$TESTING" ] && return + + ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)" ON \ + "SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} From bab6b151ff9f0fbf58e9ecb36c4d3adac3824959 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:07:22 -0400 Subject: [PATCH 02/54] Add cluster whiptail questions --- setup/so-setup | 3 +++ setup/so-whiptail | 14 +++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 1c46a8bf9..e9ad3a281 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,6 +320,9 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv + if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ] + whiptail_manager_adv_escluster + fi whiptail_zeek_version # Don't run this function for now since Snort is not yet supported # whiptail_nids diff --git a/setup/so-whiptail b/setup/so-whiptail index 78e66285b..437b2192c 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -631,7 +631,19 @@ whiptail_manager_adv_escluster(){ MGRCLUSTER=$(whiptail --title "Security Onion Setup" --yesno "Do you want to set up a traditional ES cluster?" 8 75) local exitstatus=$? - whiptail_check_exitstatus $exitstatus + + if [[ $exitstatus == 0 ]]; then + whiptail_manager_adv_escluster_name + fi +} + +# Get a cluster name +whiptail_manager_adv_escluster_name(){ + + [ -n "$TESTING" ] && return + + ESCLUSTERNAME=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter a name for your ES cluster!" 10 75 securityonion 3>&1 1>&2 2>&3) } # Ask which additional components to install From bbb825a2079423d87796c3a68c201ed2f256f4c9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:33:40 -0400 Subject: [PATCH 03/54] Add cluster whiptail questions --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index e9ad3a281..cad7fea6a 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,7 +320,7 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv - if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ] + if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ]]; then whiptail_manager_adv_escluster fi whiptail_zeek_version From f893cf203f37be8dc6dd35e00237ec78a2dc92cc Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:38:17 -0400 Subject: [PATCH 04/54] Change whiptail logic --- setup/so-setup | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index cad7fea6a..93a63a758 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,8 +320,10 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv - if [[ "$install_type" = 'MANAGER' ]] || [[ "$install_type" = 'MANAGERSEARCH' ]]; then - whiptail_manager_adv_escluster + if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then + if [ "$install_type" = 'MANAGER' ]] || [ $install_type = 'MANAGERSEARCH' ]; then + whiptail_manager_adv_escluster + fi fi whiptail_zeek_version # Don't run this function for now since Snort is not yet supported From c22e8c08a6074a786726170752f1b57a7357f0e5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:40:22 -0400 Subject: [PATCH 05/54] Change whiptail logic --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 93a63a758..74ff6c0b8 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -320,7 +320,7 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv - if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then + if [ "$MANAGERADV" = 'ADVANCED' ]; then if [ "$install_type" = 'MANAGER' ]] || [ $install_type = 'MANAGERSEARCH' ]; then whiptail_manager_adv_escluster fi From c538e5f85b9ea83eb8d48ece5356e87d70571ead Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:40:56 -0400 Subject: [PATCH 06/54] Change whiptail logic --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 74ff6c0b8..ab0d809a1 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -321,7 +321,7 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv if [ "$MANAGERADV" = 'ADVANCED' ]; then - if [ "$install_type" = 'MANAGER' ]] || [ $install_type = 'MANAGERSEARCH' ]; then + if [ "$install_type" = 'MANAGER' ] || [ "$install_type" = 'MANAGERSEARCH' ]; then whiptail_manager_adv_escluster fi fi From 6f703fad259775cffd67fdddf44fc884f2d93143 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:44:43 -0400 Subject: [PATCH 07/54] Change whiptail logic --- setup/so-whiptail | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 437b2192c..302fb96e6 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -628,7 +628,8 @@ whiptail_manager_adv_escluster(){ [ -n "$TESTING" ] && return - MGRCLUSTER=$(whiptail --title "Security Onion Setup" --yesno "Do you want to set up a traditional ES cluster?" 8 75) + whiptail --title "Security Onion Setup" --yesno \ + "Do you want to set up a traditional ES cluster?" 8 75 local exitstatus=$? From 23bc5e303e873372f12ad51ca2d02d05b52be64c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:52:43 -0400 Subject: [PATCH 08/54] Add clustering to ES function --- setup/so-functions | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 06f103cfc..dc2a9e7fd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1200,14 +1200,19 @@ manager_global() { " features: False"\ "elasticsearch:"\ " replicas: 0"\ - " true_cluster: False"\ - " true_cluster_name: 'so'"\ + if [ -z "$ESCLUSTERNAME" ]; then + " true_cluster: False" + " true_cluster_name: 'so'" + else + " true_cluster: True" + " true_cluster_name: '$ESCLUSTERNAME'" + fi " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ - " cluster_routing_allocation_disk_watermark_low: '95%'"\ - " cluster_routing_allocation_disk_watermark_high: '98%'"\ - " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\ + " cluster_routing_allocation_disk_watermark_low: '95%'"\ + " cluster_routing_allocation_disk_watermark_high: '98%'"\ + " cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\ " index_settings:"\ " so-beats:"\ " shards: 1"\ From 7e0063d47467b184f7b3dc81db166582a810cdb9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:55:11 -0400 Subject: [PATCH 09/54] Fix pillar syntax --- setup/so-functions | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index dc2a9e7fd..d134a8ac8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1201,11 +1201,11 @@ manager_global() { "elasticsearch:"\ " replicas: 0"\ if [ -z "$ESCLUSTERNAME" ]; then - " true_cluster: False" - " true_cluster_name: 'so'" + printf " true_cluster: False" + " true_cluster_name: 'so'" else - " true_cluster: True" - " true_cluster_name: '$ESCLUSTERNAME'" + printf " true_cluster: True" + " true_cluster_name: '$ESCLUSTERNAME'" fi " discovery_nodes: 1"\ " hot_warm_enabled: False"\ From 4e1bff2231799b951d7495bc722227d48a392edf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 16:56:13 -0400 Subject: [PATCH 10/54] Fix pillar syntax --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index d134a8ac8..fab24b2f2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1200,7 +1200,7 @@ manager_global() { " features: False"\ "elasticsearch:"\ " replicas: 0"\ - if [ -z "$ESCLUSTERNAME" ]; then + if [[ -z "$ESCLUSTERNAME" ]]; then printf " true_cluster: False" " true_cluster_name: 'so'" else From 55b6f5ce996bdb126451f4fde21703e451b5e976 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:02:26 -0400 Subject: [PATCH 11/54] Fix pillar syntax --- setup/so-functions | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index fab24b2f2..cb7e447ea 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1200,13 +1200,14 @@ manager_global() { " features: False"\ "elasticsearch:"\ " replicas: 0"\ - if [[ -z "$ESCLUSTERNAME" ]]; then - printf " true_cluster: False" - " true_cluster_name: 'so'" + if [ -n "$ESCLUSTERNAME" ]; then + printf " true_cluster: True"\ + " true_cluster_name: '$ESCLUSTERNAME'"\ else - printf " true_cluster: True" - " true_cluster_name: '$ESCLUSTERNAME'" + printf " true_cluster: False"\ + " true_cluster_name: 'so'"\ fi + " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ From 3cb419174af91ddc1f0148a8eb3943ddbeae48c9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:04:06 -0400 Subject: [PATCH 12/54] Fix pillar syntax --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index cb7e447ea..cae48c777 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1199,7 +1199,7 @@ manager_global() { "elastic:"\ " features: False"\ "elasticsearch:"\ - " replicas: 0"\ + " replicas: 0" if [ -n "$ESCLUSTERNAME" ]; then printf " true_cluster: True"\ " true_cluster_name: '$ESCLUSTERNAME'"\ From 722f2b3913cca624520ce230c9ad163d1ba5337e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:08:06 -0400 Subject: [PATCH 13/54] Fix pillar syntax --- setup/so-functions | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index cae48c777..0c2bc804d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1201,13 +1201,15 @@ manager_global() { "elasticsearch:"\ " replicas: 0" if [ -n "$ESCLUSTERNAME" ]; then - printf " true_cluster: True"\ - " true_cluster_name: '$ESCLUSTERNAME'"\ + printf '%s\n'\ + " true_cluster: True"\ + " true_cluster_name: '$ESCLUSTERNAME'" else - printf " true_cluster: False"\ - " true_cluster_name: 'so'"\ + printf '%s\n'\ + " true_cluster: False"\ + " true_cluster_name: 'so'" fi - + printf '%s\n'\ " discovery_nodes: 1"\ " hot_warm_enabled: False"\ " cluster_routing_allocation_disk.threshold_enabled: true"\ From 87adbb5f819b4864062800d06886226b604942ff Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 19 Oct 2020 17:20:33 -0400 Subject: [PATCH 14/54] printf issues --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 0c2bc804d..9ded48ddf 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1199,15 +1199,15 @@ manager_global() { "elastic:"\ " features: False"\ "elasticsearch:"\ - " replicas: 0" + " replicas: 0" >> "$global_pillar" if [ -n "$ESCLUSTERNAME" ]; then printf '%s\n'\ " true_cluster: True"\ - " true_cluster_name: '$ESCLUSTERNAME'" + " true_cluster_name: '$ESCLUSTERNAME'" >> "$global_pillar" else printf '%s\n'\ " true_cluster: False"\ - " true_cluster_name: 'so'" + " true_cluster_name: 'so'" >> "$global_pillar" fi printf '%s\n'\ " discovery_nodes: 1"\ From 57d8f2542212230740ed33ee4a9c84ee31f0f5e0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 16:44:14 -0400 Subject: [PATCH 15/54] Create master node role in ES --- salt/elasticsearch/files/elasticsearch.yml | 11 ++++------- setup/so-functions | 11 +++++++++-- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 40f708057..b5d0b0293 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -1,11 +1,8 @@ {%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %} -{%- if salt['pillar.get']('elasticsearch:hot_warm_enabled') or salt['pillar.get']('elasticsearch:true_cluster') %} -{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name', '') %} -{%- else %} {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %} -{%- endif %} -{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} -{% set FEATURES = salt['pillar.get']('elastic:features', False) %} +{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %} +{%- set FEATURES = salt['pillar.get']('elastic:features', False) %} +{%- set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} cluster.name: "{{ ESCLUSTERNAME }}" network.host: 0.0.0.0 @@ -44,7 +41,7 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m -{%- if salt['pillar.get']('elasticsearch:true_cluster') %} +{%- if TRUECLUSTER is sameas true %} {%- if grains.role == 'so-manager' %} node.roles: [ master ] {%- endif %} diff --git a/setup/so-functions b/setup/so-functions index 9ded48ddf..3566d0d5e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1331,8 +1331,15 @@ elasticsearch_pillar() { "elasticsearch:"\ " mainip: '$MAINIP'"\ " mainint: '$MNIC'"\ - " esheap: '$NODE_ES_HEAP_SIZE'"\ - " esclustername: {{ grains.host }}"\ + " esheap: '$NODE_ES_HEAP_SIZE'" + if [ -n "$ESCLUSTERNAME" ]; then + printf '%s\n'\ + " esclustername: $ESCLUSTERNAME" + else + printf '%s\n'\ + " esclustername: {{ grains.host }}" + fi + printf '%s\n'\ " node_type: '$NODETYPE'"\ " es_port: $node_es_port"\ " log_size_limit: $log_size_limit"\ From d004263b71179c323b95421734b7b71fbc24e5db Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Dec 2020 14:33:22 -0500 Subject: [PATCH 16/54] Add Elastic Clustering --- pillar/top.sls | 1 + salt/elasticsearch/files/elasticsearch.yml | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/pillar/top.sls b/pillar/top.sls index 77db6fe60..627fed80b 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -82,6 +82,7 @@ base: - elasticsearch.search - global - minions.{{ grains.id }} + - data.nodestab '*_import': - zeeklogs diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index b5d0b0293..a7a6ad34a 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -43,6 +43,14 @@ node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m {%- if TRUECLUSTER is sameas true %} {%- if grains.role == 'so-manager' %} -node.roles: [ master ] + {%- if salt['pillar.get']('nodestab', {}) %} +node.roles: [ master, remote_cluster_client ] + {%- endif %} + {%- else %} +node.roles: [ data, ingest, ml ] {%- endif %} +discovery.seed_hosts: + - {{ grains.master }} +cluster.initial_master_nodes: + - {{ grains.master }} {%- endif %} From 3e322c38eb4559e8f3ccf34f321e47175c4d00ad Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 2 Dec 2020 15:33:35 -0500 Subject: [PATCH 17/54] Fix config for single cluster mode --- salt/elasticsearch/files/elasticsearch.yml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index a7a6ad34a..b4ea86d5a 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -1,8 +1,12 @@ {%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %} -{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %} -{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') %} +{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip') %} {%- set FEATURES = salt['pillar.get']('elastic:features', False) %} {%- set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} +{%- if TRUECLUSTER is sameas true %} + {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name') %} +{%- else %} + {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername') %} +{%- endif %} cluster.name: "{{ ESCLUSTERNAME }}" network.host: 0.0.0.0 @@ -45,12 +49,16 @@ script.max_compilations_rate: 1000/1m {%- if grains.role == 'so-manager' %} {%- if salt['pillar.get']('nodestab', {}) %} node.roles: [ master, remote_cluster_client ] - {%- endif %} - {%- else %} -node.roles: [ data, ingest, ml ] - {%- endif %} discovery.seed_hosts: - {{ grains.master }} cluster.initial_master_nodes: - {{ grains.master }} + {%- endif %} + {%- else %} +node.roles: [ data, ingest, ml ] +discovery.seed_hosts: + - {{ grains.master }} +cluster.initial_master_nodes: + - {{ grains.master }} + {%- endif %} {%- endif %} From 94253e92a65e4b130f55a362115ea3ca2009de66 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 3 Dec 2020 10:38:18 -0500 Subject: [PATCH 18/54] Adjust the elasticsearch config --- salt/elasticsearch/files/elasticsearch.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index b4ea86d5a..1d3afb49a 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -13,7 +13,7 @@ network.host: 0.0.0.0 # minimum_master_nodes need to be explicitly set when bound on a public IP # set to 1 to allow single node clusters # Details: https://github.com/elastic/elasticsearch/pull/17288 -discovery.zen.minimum_master_nodes: 1 +#discovery.zen.minimum_master_nodes: 1 # This is a test -- if this is here, then the volume is mounted correctly. path.logs: /var/log/elasticsearch action.destructive_requires_name: true @@ -38,9 +38,9 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% #xpack.security.http.ssl.client_authentication: none #xpack.security.authc: # anonymous: -# username: anonymous_user -# roles: superuser -# authz_exception: true +# username: anonymous_user +# roles: superuser +# authz_exception: true {%- endif %} node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ grains.host }} @@ -48,17 +48,16 @@ script.max_compilations_rate: 1000/1m {%- if TRUECLUSTER is sameas true %} {%- if grains.role == 'so-manager' %} {%- if salt['pillar.get']('nodestab', {}) %} -node.roles: [ master, remote_cluster_client ] +node.roles: [ master, data, remote_cluster_client ] discovery.seed_hosts: - {{ grains.master }} -cluster.initial_master_nodes: - - {{ grains.master }} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + - {{ SN.split('_')|first }} + {%- endfor %} {%- endif %} {%- else %} node.roles: [ data, ingest, ml ] discovery.seed_hosts: - {{ grains.master }} -cluster.initial_master_nodes: - - {{ grains.master }} {%- endif %} -{%- endif %} +{%- endif %} \ No newline at end of file From 8ea088c3fc0eb55416956342150beecb840f00bf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 7 Dec 2020 14:09:41 -0500 Subject: [PATCH 19/54] Restart Elastic on addition of node. --- pillar/data/addtotab.sh | 5 +++-- salt/elasticsearch/init.sls | 6 ++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh index ac3d913a5..b4c80e6fe 100644 --- a/pillar/data/addtotab.sh +++ b/pillar/data/addtotab.sh @@ -54,7 +54,8 @@ if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then salt-call state.apply utility queue=True fi fi -#if [ $TYPE == 'nodestab' ]; then +if [ $TYPE == 'nodestab' ]; then + salt-call state.apply elasticseach # echo " nodetype: $NODETYPE" >> $local_salt_dir/pillar/data/$TYPE.sls # echo " hotname: $HOTNAME" >> $local_salt_dir/pillar/data/$TYPE.sls -#fi +fi diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 0b28ee6d1..7f3a7af56 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -189,12 +189,10 @@ so-elasticsearch: - user: elasticsearch - extra_hosts: - {{ grains.host }}:{{ NODEIP }} - {%- if ismanager %} {%- if salt['pillar.get']('nodestab', {}) %} - {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - {{ SN.split('_')|first }}:{{ SNDATA.ip }} - {%- endfor %} - {%- endif %} + {%- endfor %} {%- endif %} - environment: - discovery.type=single-node From d6fa739c608095fc7a5d717ab403cec17a42e3ba Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Tue, 8 Dec 2020 11:17:47 -0500 Subject: [PATCH 20/54] Adding queue=True --- pillar/data/addtotab.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh index b4c80e6fe..0029f5492 100644 --- a/pillar/data/addtotab.sh +++ b/pillar/data/addtotab.sh @@ -55,7 +55,7 @@ if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then fi fi if [ $TYPE == 'nodestab' ]; then - salt-call state.apply elasticseach + salt-call state.apply elasticseach queue=True # echo " nodetype: $NODETYPE" >> $local_salt_dir/pillar/data/$TYPE.sls # echo " hotname: $HOTNAME" >> $local_salt_dir/pillar/data/$TYPE.sls fi From 6ceecbd524becb75f4d10d9390848b0cd29920e7 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 09:42:03 -0500 Subject: [PATCH 21/54] Fixing some elasticsearch logic --- salt/elasticsearch/init.sls | 27 ++++++++++++++------------- salt/utility/bin/crossthestreams | 13 +++++++------ 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 7f3a7af56..2e2e4d3f4 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -21,22 +21,22 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %} -{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} +{% set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} +{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} - -{%- if FEATURES is sameas true %} +{% if FEATURES is sameas true %} {% set FEATUREZ = "-features" %} {% else %} {% set FEATUREZ = '' %} {% endif %} {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %} - {% set esclustername = salt['pillar.get']('manager:esclustername', '') %} - {% set esheap = salt['pillar.get']('manager:esheap', '') %} + {% set esclustername = salt['pillar.get']('manager:esclustername') %} + {% set esheap = salt['pillar.get']('manager:esheap') %} {% set ismanager = True %} {% elif grains['role'] in ['so-node','so-heavynode'] %} - {% set esclustername = salt['pillar.get']('elasticsearch:esclustername', '') %} - {% set esheap = salt['pillar.get']('elasticsearch:esheap', '') %} + {% set esclustername = salt['pillar.get']('elasticsearch:esclustername') %} + {% set esheap = salt['pillar.get']('elasticsearch:esheap') %} {% set ismanager = False %} {% endif %} @@ -188,14 +188,15 @@ so-elasticsearch: - name: so-elasticsearch - user: elasticsearch - extra_hosts: - - {{ grains.host }}:{{ NODEIP }} - {%- if salt['pillar.get']('nodestab', {}) %} - {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - - {{ SN.split('_')|first }}:{{ SNDATA.ip }} - {%- endfor %} - {%- endif %} + - "{{ grains.host }}:{{ NODEIP }}" + {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + - "{{ SN.split('_')|first }}:{{ SNDATA.ip }}" + {% endfor %} + {% endif %} - environment: + {% if TRUECLUSTER is sameas false %} - discovery.type=single-node + {% endif %} - ES_JAVA_OPTS=-Xms{{ esheap }} -Xmx{{ esheap }} ulimits: - memlock=-1:-1 diff --git a/salt/utility/bin/crossthestreams b/salt/utility/bin/crossthestreams index 6998c7669..490c7b548 100644 --- a/salt/utility/bin/crossthestreams +++ b/salt/utility/bin/crossthestreams @@ -1,8 +1,8 @@ #!/bin/bash {% set ES = salt['pillar.get']('manager:mainip', '') %} -{%- set MANAGER = salt['grains.get']('master') %} +{% set MANAGER = salt['grains.get']('master') %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %} - +{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} # Wait for ElasticSearch to come up, so that we can query for version infromation echo -n "Waiting for ElasticSearch..." @@ -34,9 +34,10 @@ echo "Applying cross cluster search config..." -d "{\"persistent\": {\"search\": {\"remote\": {\"{{ MANAGER }}\": {\"seeds\": [\"127.0.0.1:9300\"]}}}}}" # Add all the search nodes to cross cluster searching. - -{%- if salt['pillar.get']('nodestab', {}) %} - {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} +{%- if TRUECLUSTER is sameas false %} + {%- if salt['pillar.get']('nodestab', {}) %} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} curl -XPUT -L http://{{ ES }}:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"{{ SN }}": {"skip_unavailable": "true", "seeds": ["{{ SN.split('_')|first }}:9300"]}}}}}' - {%- endfor %} + {%- endfor %} + {%- endif %} {%- endif %} From 6b479c5a89ffbeaa228d743d183c9e13ed4be38a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 11:10:00 -0500 Subject: [PATCH 22/54] pillarize grafana https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/defaults.yaml | 8 ++++++++ salt/grafana/etc/grafana.ini | 1 + salt/grafana/etc/grafana.ini.jinja | 12 ++++++++++++ salt/grafana/init.sls | 31 ++++++++++++++++++++++++++---- 4 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 salt/grafana/defaults.yaml create mode 100644 salt/grafana/etc/grafana.ini.jinja diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml new file mode 100644 index 000000000..0fde48a24 --- /dev/null +++ b/salt/grafana/defaults.yaml @@ -0,0 +1,8 @@ +grafana: + config: + server: + root_url: "%(protocol)s://%(domain)s/grafana/" + auth.anonymous: + enabled: true + org_name: Main Org. + org_role: Viewer \ No newline at end of file diff --git a/salt/grafana/etc/grafana.ini b/salt/grafana/etc/grafana.ini index 3486ff241..6056396fc 100644 --- a/salt/grafana/etc/grafana.ini +++ b/salt/grafana/etc/grafana.ini @@ -307,6 +307,7 @@ org_role = Viewer ;allow_sign_up = true #################################### SMTP / Emailing ########################## + [smtp] ;enabled = false ;host = localhost:25 diff --git a/salt/grafana/etc/grafana.ini.jinja b/salt/grafana/etc/grafana.ini.jinja new file mode 100644 index 000000000..9269aec70 --- /dev/null +++ b/salt/grafana/etc/grafana.ini.jinja @@ -0,0 +1,12 @@ +{%- macro write_config_line(cfg) %} + {%- for k,v in cfg.items() -%} +{{ k }} = {{ v }} + {% endfor %} +{%- endmacro %} + +{{ write_config_line(config.get("default", {})) }} + {% for header, cfg in config.items() %} + {%- if section == "default" %}{% continue %}{% endif %} +[{{ header }}] +{{ write_config_line(cfg) }} +{% endfor %} \ No newline at end of file diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 8fe88f354..4cb8fc83a 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -9,6 +9,10 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set ADMINPASS = salt['pillar.get']('secrets:grafana_admin') %} +{% import_yaml 'grafana/defaults.yaml' as default_settings %} +{% set GRAFANA_SETTINGS = salt['pillar.get']('grafana', default=default_settings, merge=True) %} + + {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %} # Grafana all the things @@ -75,13 +79,32 @@ grafanadashsndir: - group: 939 - makedirs: True -grafanaconf: - file.recurse: - - name: /opt/so/conf/grafana/etc +grafana-dashboard-config: + file.managed: + - name: /opt/so/conf/grafana/etc/dashboards/dashboard.yml - user: 939 - group: 939 - template: jinja - - source: salt://grafana/etc + - source: salt://grafana/etc/dashboards/dashboard.yml + +grafana-datasources-config: + file.recurse: + - name: /opt/so/conf/grafana/etc/datasources/influxdb.yaml + - user: 939 + - group: 939 + - template: jinja + - source: salt://grafana/etc/datasources/influxdb.yaml + +grafana-config: + file.recurse: + - name: /opt/so/conf/grafana/etc/grafana.ini + - user: 939 + - group: 939 + - template: jinja + - source: salt://grafana/etc/grafana.ini.jinja + - context: + config: {{ GRAFANA_SETTINGS.config|json }} + {% if salt['pillar.get']('managertab', False) %} {% for SN, SNDATA in salt['pillar.get']('managertab', {}).items() %} From e983322a182c2e9e89e06c4202df0e3da80144d2 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 11:31:22 -0500 Subject: [PATCH 23/54] Fix elastic if statement --- salt/elasticsearch/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 2e2e4d3f4..80876aec4 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -189,6 +189,7 @@ so-elasticsearch: - user: elasticsearch - extra_hosts: - "{{ grains.host }}:{{ NODEIP }}" + {% if salt['pillar.get']('nodestab', {}) %} {% for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} - "{{ SN.split('_')|first }}:{{ SNDATA.ip }}" {% endfor %} From 75ea648cf9510f6874b54b82f1f7052c37e16fa6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 11:57:28 -0500 Subject: [PATCH 24/54] change to file.managed https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 4cb8fc83a..fd07fdaf1 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -88,7 +88,7 @@ grafana-dashboard-config: - source: salt://grafana/etc/dashboards/dashboard.yml grafana-datasources-config: - file.recurse: + file.managed: - name: /opt/so/conf/grafana/etc/datasources/influxdb.yaml - user: 939 - group: 939 @@ -96,7 +96,7 @@ grafana-datasources-config: - source: salt://grafana/etc/datasources/influxdb.yaml grafana-config: - file.recurse: + file.managed: - name: /opt/so/conf/grafana/etc/grafana.ini - user: 939 - group: 939 From c5c053d24a72126708f624d13787890456c236e1 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 11:59:06 -0500 Subject: [PATCH 25/54] change to header --- salt/grafana/etc/grafana.ini.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/etc/grafana.ini.jinja b/salt/grafana/etc/grafana.ini.jinja index 9269aec70..80e216de7 100644 --- a/salt/grafana/etc/grafana.ini.jinja +++ b/salt/grafana/etc/grafana.ini.jinja @@ -6,7 +6,7 @@ {{ write_config_line(config.get("default", {})) }} {% for header, cfg in config.items() %} - {%- if section == "default" %}{% continue %}{% endif %} + {%- if header == "default" %}{% continue %}{% endif %} [{{ header }}] {{ write_config_line(cfg) }} {% endfor %} \ No newline at end of file From 617ed2a7c270241c02a2790984970f7e57e47722 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 14:06:54 -0500 Subject: [PATCH 26/54] add a place to place files referenced in the config https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/defaults.yaml | 20 +++++++++++++++++++- salt/grafana/init.sls | 12 +++++++++++- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 0fde48a24..ebdd6cb67 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -5,4 +5,22 @@ grafana: auth.anonymous: enabled: true org_name: Main Org. - org_role: Viewer \ No newline at end of file + org_role: Viewer + smtp: + enabled: false + host: localhost:25 + user: myuser + # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" + password: mypassword + cert_file: /etc/grafana/config/files/smtp_cert_file.crt + key_file: /etc/grafana/config/files/smtp_key_file.key + skip_verify: false + from_address: admin@grafana.localhost + from_name: Grafana + ehlo_identity: dashboard.example.com +# auth.ldap: +# enabled: false +# config_file: /etc/grafana/config/files/ldap.toml +# allow_sign_up: true +# enterprise: +# license_path: /opt/so/conf/grafana/etc/files/license.jwt \ No newline at end of file diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index fd07fdaf1..ec4e02e7e 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -10,7 +10,7 @@ {% set ADMINPASS = salt['pillar.get']('secrets:grafana_admin') %} {% import_yaml 'grafana/defaults.yaml' as default_settings %} -{% set GRAFANA_SETTINGS = salt['pillar.get']('grafana', default=default_settings, merge=True) %} +{% set GRAFANA_SETTINGS = salt['grains.filter_by'](default_settings, default='grafana', merge=salt['pillar.get']('grafana', {})) %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %} @@ -104,6 +104,15 @@ grafana-config: - source: salt://grafana/etc/grafana.ini.jinja - context: config: {{ GRAFANA_SETTINGS.config|json }} + +# these are the files that are referenced inside the config such as smtp:cert_file, smtp:cert_key, auth.ldap:config_file, enterprise:license_path +grafana-config-files: + file.recurse: + - name: /opt/so/conf/grafana/etc/files + - user: 939 + - group: 939 + - source: salt://grafana/etc/files + - makedirs: True {% if salt['pillar.get']('managertab', False) %} @@ -252,6 +261,7 @@ so-grafana: - /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw - /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw - /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw + - /opt/so/conf/grafana/etc/files:/etc/grafana/config/files:ro - environment: - GF_SECURITY_ADMIN_PASSWORD={{ ADMINPASS }} - port_bindings: From c320efe7e412f218406206397da944badef13c67 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 14:33:19 -0500 Subject: [PATCH 27/54] fix whitespace https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/etc/grafana.ini.jinja | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/grafana/etc/grafana.ini.jinja b/salt/grafana/etc/grafana.ini.jinja index 80e216de7..f2309056d 100644 --- a/salt/grafana/etc/grafana.ini.jinja +++ b/salt/grafana/etc/grafana.ini.jinja @@ -1,12 +1,12 @@ {%- macro write_config_line(cfg) %} - {%- for k,v in cfg.items() -%} +{%- for k,v in cfg.items() -%} {{ k }} = {{ v }} - {% endfor %} +{% endfor %} {%- endmacro %} {{ write_config_line(config.get("default", {})) }} - {% for header, cfg in config.items() %} - {%- if header == "default" %}{% continue %}{% endif %} +{% for header, cfg in config.items() %} +{%- if header == "default" %}{% continue %}{% endif %} [{{ header }}] {{ write_config_line(cfg) }} -{% endfor %} \ No newline at end of file +{% endfor %} \ No newline at end of file From 0a48f7d5dcf48fddceac434d310bfca61ef492c6 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 15:22:09 -0500 Subject: [PATCH 28/54] Simplify logic --- salt/elasticsearch/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 80876aec4..3e0bac708 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -195,7 +195,7 @@ so-elasticsearch: {% endfor %} {% endif %} - environment: - {% if TRUECLUSTER is sameas false %} + {% if TRUECLUSTER is sameas false or (TRUECLUSTER is sameas true and not salt['pillar.get']('nodestab', {})) %} - discovery.type=single-node {% endif %} - ES_JAVA_OPTS=-Xms{{ esheap }} -Xmx{{ esheap }} From e05da4efc248c12f849fd06aa253abe0d5b6577f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 15:53:01 -0500 Subject: [PATCH 29/54] remove odl grafana.ini file https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/etc/grafana.ini | 483 ----------------------------------- 1 file changed, 483 deletions(-) delete mode 100644 salt/grafana/etc/grafana.ini diff --git a/salt/grafana/etc/grafana.ini b/salt/grafana/etc/grafana.ini deleted file mode 100644 index 6056396fc..000000000 --- a/salt/grafana/etc/grafana.ini +++ /dev/null @@ -1,483 +0,0 @@ -##################### Grafana Configuration Example ##################### -# -# Everything has defaults so you only need to uncomment things you want to -# change - -# possible values : production, development -;app_mode = production - -# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty -;instance_name = ${HOSTNAME} - -#################################### Paths #################################### -[paths] -# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) -;data = /var/lib/grafana - -# Temporary files in `data` directory older than given duration will be removed -;temp_data_lifetime = 24h - -# Directory where grafana can store logs -;logs = /var/log/grafana - -# Directory where grafana will automatically scan and look for plugins -;plugins = /var/lib/grafana/plugins - -# folder that contains provisioning config files that grafana will apply on startup and while running. -;provisioning = conf/provisioning - -#################################### Server #################################### -[server] -# Protocol (http, https, socket) -;protocol = http - -# The ip address to bind to, empty will bind to all interfaces -;http_addr = - -# The http port to use -;http_port = 3000 - -# The public facing domain name used to access grafana from a browser -;domain = localhost - -# Redirect to correct domain if host header does not match domain -# Prevents DNS rebinding attacks -;enforce_domain = false - -# The full public facing url you use in browser, used for redirects and emails -# If you use reverse proxy and sub path specify full url (with sub path) -root_url = %(protocol)s://%(domain)s/grafana/ - -# Log web requests -;router_logging = false - -# the path relative working path -;static_root_path = public - -# enable gzip -;enable_gzip = false - -# https certs & key file -;cert_file = -;cert_key = - -# Unix socket path -;socket = - -#################################### Database #################################### -[database] -# You can configure the database connection by specifying type, host, name, user and password -# as separate properties or as on string using the url properties. - -# Either "mysql", "postgres" or "sqlite3", it's your choice -;type = sqlite3 -;host = 127.0.0.1:3306 -;name = grafana -;user = root -# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" -;password = - -# Use either URL or the previous fields to configure the database -# Example: mysql://user:secret@host:port/database -;url = - -# For "postgres" only, either "disable", "require" or "verify-full" -;ssl_mode = disable - -# For "sqlite3" only, path relative to data_path setting -;path = grafana.db - -# Max idle conn setting default is 2 -;max_idle_conn = 2 - -# Max conn setting default is 0 (mean not set) -;max_open_conn = - -# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) -;conn_max_lifetime = 14400 - -# Set to true to log the sql calls and execution times. -log_queries = - -#################################### Session #################################### -[session] -# Either "memory", "file", "redis", "mysql", "postgres", default is "file" -;provider = file - -# Provider config options -# memory: not have any config yet -# file: session dir path, is relative to grafana data_path -# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana` -# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name` -# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable -;provider_config = sessions - -# Session cookie name -;cookie_name = grafana_sess - -# If you use session in https only, default is false -;cookie_secure = false - -# Session life time, default is 86400 -;session_life_time = 86400 - -#################################### Data proxy ########################### -[dataproxy] - -# This enables data proxy logging, default is false -;logging = false - -#################################### Analytics #################################### -[analytics] -# Server reporting, sends usage counters to stats.grafana.org every 24 hours. -# No ip addresses are being tracked, only simple counters to track -# running instances, dashboard and error counts. It is very helpful to us. -# Change this option to false to disable reporting. -;reporting_enabled = true - -# Set to false to disable all checks to https://grafana.net -# for new vesions (grafana itself and plugins), check is used -# in some UI views to notify that grafana or plugin update exists -# This option does not cause any auto updates, nor send any information -# only a GET request to http://grafana.com to get latest versions -;check_for_updates = true - -# Google Analytics universal tracking code, only enabled if you specify an id here -;google_analytics_ua_id = - -#################################### Security #################################### -[security] -# default admin user, created on startup -;admin_user = admin - -# default admin password, can be changed before first start of grafana, or in profile settings -;admin_password = admin - -# used for signing -;secret_key = SW2YcwTIb9zpOOhoPsMm - -# Auto-login remember days -;login_remember_days = 7 -;cookie_username = grafana_user -;cookie_remember_name = grafana_remember - -# disable gravatar profile images -;disable_gravatar = false - -# data source proxy whitelist (ip_or_domain:port separated by spaces) -;data_source_proxy_whitelist = - -# disable protection against brute force login attempts -;disable_brute_force_login_protection = false - -#################################### Snapshots ########################### -[snapshots] -# snapshot sharing options -;external_enabled = true -;external_snapshot_url = https://snapshots-origin.raintank.io -;external_snapshot_name = Publish to snapshot.raintank.io - -# remove expired snapshot -;snapshot_remove_expired = true - -#################################### Dashboards History ################## -[dashboards] -# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1 -;versions_to_keep = 20 - -#################################### Users ############################### -[users] -# disable user signup / registration -;allow_sign_up = true - -# Allow non admin users to create organizations -;allow_org_create = true - -# Set to true to automatically assign new users to the default organization (id 1) -;auto_assign_org = true - -# Default role new users will be automatically assigned (if disabled above is set to true) -;auto_assign_org_role = Viewer - -# Background text for the user field on the login page -;login_hint = email or username - -# Default UI theme ("dark" or "light") -;default_theme = dark - -# External user management, these options affect the organization users view -;external_manage_link_url = -;external_manage_link_name = -;external_manage_info = - -# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard. -;viewers_can_edit = false - -[auth] -# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false -;disable_login_form = false - -# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false -;disable_signout_menu = false - -# URL to redirect the user to after sign out -;signout_redirect_url = - -#################################### Anonymous Auth ########################## -[auth.anonymous] -# enable anonymous access -enabled = true - -# specify organization name that should be used for unauthenticated users -org_name = Main Org. - -# specify role for unauthenticated users -org_role = Viewer - -#################################### Github Auth ########################## -[auth.github] -;enabled = false -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email,read:org -;auth_url = https://github.com/login/oauth/authorize -;token_url = https://github.com/login/oauth/access_token -;api_url = https://api.github.com/user -;team_ids = -;allowed_organizations = - -#################################### Google Auth ########################## -[auth.google] -;enabled = false -;allow_sign_up = true -;client_id = some_client_id -;client_secret = some_client_secret -;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email -;auth_url = https://accounts.google.com/o/oauth2/auth -;token_url = https://accounts.google.com/o/oauth2/token -;api_url = https://www.googleapis.com/oauth2/v1/userinfo -;allowed_domains = - -#################################### Generic OAuth ########################## -[auth.generic_oauth] -;enabled = false -;name = OAuth -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email,read:org -;auth_url = https://foo.bar/login/oauth/authorize -;token_url = https://foo.bar/login/oauth/access_token -;api_url = https://foo.bar/user -;team_ids = -;allowed_organizations = -;tls_skip_verify_insecure = false -;tls_client_cert = -;tls_client_key = -;tls_client_ca = - -#################################### Grafana.com Auth #################### -[auth.grafana_com] -;enabled = false -;allow_sign_up = true -;client_id = some_id -;client_secret = some_secret -;scopes = user:email -;allowed_organizations = - -#################################### Auth Proxy ########################## -[auth.proxy] -;enabled = false -;header_name = X-WEBAUTH-USER -;header_property = username -;auto_sign_up = true -;ldap_sync_ttl = 60 -;whitelist = 192.168.1.1, 192.168.2.1 -;headers = Email:X-User-Email, Name:X-User-Name - -#################################### Basic Auth ########################## -[auth.basic] -;enabled = true - -#################################### Auth LDAP ########################## -[auth.ldap] -;enabled = false -;config_file = /etc/grafana/ldap.toml -;allow_sign_up = true - -#################################### SMTP / Emailing ########################## - -[smtp] -;enabled = false -;host = localhost:25 -;user = -# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" -;password = -;cert_file = -;key_file = -;skip_verify = false -;from_address = admin@grafana.localhost -;from_name = Grafana -# EHLO identity in SMTP dialog (defaults to instance_name) -;ehlo_identity = dashboard.example.com - -[emails] -;welcome_email_on_sign_up = false - -#################################### Logging ########################## -[log] -# Either "console", "file", "syslog". Default is console and file -# Use space to separate multiple modes, e.g. "console file" -;mode = console file - -# Either "debug", "info", "warn", "error", "critical", default is "info" -;level = info - -# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug -;filters = - -# For "console" mode only -[log.console] -;level = - -# log line format, valid options are text, console and json -;format = console - -# For "file" mode only -[log.file] -;level = - -# log line format, valid options are text, console and json -;format = text - -# This enables automated log rotate(switch of following options), default is true -;log_rotate = true - -# Max line number of single file, default is 1000000 -;max_lines = 1000000 - -# Max size shift of single file, default is 28 means 1 << 28, 256MB -;max_size_shift = 28 - -# Segment log daily, default is true -;daily_rotate = true - -# Expired days of log file(delete after max days), default is 7 -;max_days = 7 - -[log.syslog] -;level = - -# log line format, valid options are text, console and json -;format = text - -# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used. -;network = -;address = - -# Syslog facility. user, daemon and local0 through local7 are valid. -;facility = - -# Syslog tag. By default, the process' argv[0] is used. -;tag = - -#################################### Alerting ############################ -[alerting] -# Disable alerting engine & UI features -;enabled = true -# Makes it possible to turn off alert rule execution but alerting UI is visible -;execute_alerts = true - -# Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state) -;error_or_timeout = alerting - -# Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok) -;nodata_or_nullvalues = no_data - -# Alert notifications can include images, but rendering many images at the same time can overload the server -# This limit will protect the server from render overloading and make sure notifications are sent out quickly -;concurrent_render_limit = 5 - -#################################### Explore ############################# -[explore] -# Enable the Explore section -;enabled = false - -#################################### Internal Grafana Metrics ########################## -# Metrics available at HTTP API Url /metrics -[metrics] -# Disable / Enable internal metrics -;enabled = true - -# Publish interval -;interval_seconds = 10 - -# Send internal metrics to Graphite -[metrics.graphite] -# Enable by setting the address setting (ex localhost:2003) -;address = -;prefix = prod.grafana.%(instance_name)s. - -#################################### Distributed tracing ############ -[tracing.jaeger] -# Enable by setting the address sending traces to jaeger (ex localhost:6831) -;address = localhost:6831 -# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2) -;always_included_tag = tag1:value1 -# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote -;sampler_type = const -# jaeger samplerconfig param -# for "const" sampler, 0 or 1 for always false/true respectively -# for "probabilistic" sampler, a probability between 0 and 1 -# for "rateLimiting" sampler, the number of spans per second -# for "remote" sampler, param is the same as for "probabilistic" -# and indicates the initial sampling rate before the actual one -# is received from the mothership -;sampler_param = 1 - -#################################### Grafana.com integration ########################## -# Url used to import dashboards directly from Grafana.com -[grafana_com] -;url = https://grafana.com - -#################################### External image storage ########################## -[external_image_storage] -# Used for uploading images to public servers so they can be included in slack/email messages. -# you can choose between (s3, webdav, gcs, azure_blob, local) -;provider = - -[external_image_storage.s3] -;bucket = -;region = -;path = -;access_key = -;secret_key = - -[external_image_storage.webdav] -;url = -;public_url = -;username = -;password = - -[external_image_storage.gcs] -;key_file = -;bucket = -;path = - -[external_image_storage.azure_blob] -;account_name = -;account_key = -;container_name = - -[external_image_storage.local] -# does not require any configuration - -[rendering] -# Options to configure external image rendering server like https://github.com/grafana/grafana-image-renderer -;server_url = -;callback_url = - -[enterprise] -# Path to a valid Grafana Enterprise license.jwt file -;license_path = From 8db79ae852fa8ff2ad3c40f64636ebdb7cda7b5c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 16:01:09 -0500 Subject: [PATCH 30/54] comment out some defaults file https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/defaults.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index ebdd6cb67..13a2f62f0 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -8,16 +8,16 @@ grafana: org_role: Viewer smtp: enabled: false - host: localhost:25 - user: myuser +# host: localhost:25 +# user: myuser # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" - password: mypassword - cert_file: /etc/grafana/config/files/smtp_cert_file.crt - key_file: /etc/grafana/config/files/smtp_key_file.key - skip_verify: false +# password: mypassword +# cert_file: /etc/grafana/config/files/smtp_cert_file.crt +# key_file: /etc/grafana/config/files/smtp_key_file.key +# skip_verify: false from_address: admin@grafana.localhost from_name: Grafana - ehlo_identity: dashboard.example.com +# ehlo_identity: dashboard.example.com # auth.ldap: # enabled: false # config_file: /etc/grafana/config/files/ldap.toml From 101ddd18a529811b49e5d9ecac6aac8f56bb11bc Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 16:08:09 -0500 Subject: [PATCH 31/54] Fix print statments --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index e772a99c5..6a6f42dc7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1309,13 +1309,13 @@ elasticsearch_pillar() { "elasticsearch:"\ " mainip: '$MAINIP'"\ " mainint: '$MNIC'"\ - " esheap: '$NODE_ES_HEAP_SIZE'" + " esheap: '$NODE_ES_HEAP_SIZE'" >> "$pillar_file" if [ -n "$ESCLUSTERNAME" ]; then printf '%s\n'\ - " esclustername: $ESCLUSTERNAME" + " esclustername: $ESCLUSTERNAME" >> "$pillar_file" else printf '%s\n'\ - " esclustername: {{ grains.host }}" + " esclustername: {{ grains.host }}" >> "$pillar_file" fi printf '%s\n'\ " node_type: '$NODETYPE'"\ From af15f0eb38e9bd39ec7fed5e7cda826ec5e09643 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Wed, 9 Dec 2020 16:23:38 -0500 Subject: [PATCH 32/54] remove ml node.role --- salt/elasticsearch/files/elasticsearch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index eee129cf9..0cadaf44c 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -56,7 +56,7 @@ discovery.seed_hosts: {%- endfor %} {%- endif %} {%- else %} -node.roles: [ data, ingest, ml ] +node.roles: [ data, ingest ] discovery.seed_hosts: - {{ grains.master }} {%- endif %} From ea1bd63f609a8d414f0111909e533a1046662e41 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 9 Dec 2020 16:59:38 -0500 Subject: [PATCH 33/54] makedirs and place readme file for grafana https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/etc/files/readme.txt | 1 + salt/grafana/init.sls | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 salt/grafana/etc/files/readme.txt diff --git a/salt/grafana/etc/files/readme.txt b/salt/grafana/etc/files/readme.txt new file mode 100644 index 000000000..c78e8687c --- /dev/null +++ b/salt/grafana/etc/files/readme.txt @@ -0,0 +1 @@ +For files that are referenced inside the Grafana config, place them in /opt/so/saltstack/local/salt/grafana/etc/files/. This would include keys used for smtp or a Grafana enterprise license file. \ No newline at end of file diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index ec4e02e7e..9c596ca98 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -86,6 +86,8 @@ grafana-dashboard-config: - group: 939 - template: jinja - source: salt://grafana/etc/dashboards/dashboard.yml + - makedirs: True + grafana-datasources-config: file.managed: @@ -94,6 +96,7 @@ grafana-datasources-config: - group: 939 - template: jinja - source: salt://grafana/etc/datasources/influxdb.yaml + - makedirs: True grafana-config: file.managed: From 0b2e2739bda26b12bdd69bf30b6d9f2678ce9849 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 9 Dec 2020 17:05:11 -0500 Subject: [PATCH 34/54] Expand STRELKARULES --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 8ee236bf1..1b54241bd 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -741,7 +741,7 @@ fi set_progress_str 81 "$(print_salt_state_apply 'strelka')" salt-call state.apply -l info strelka >> $setup_log 2>&1 fi - if [[ $STRELKARULES == 1 ]]; then + if [[ "$STRELKARULES" == 1 ]]; then /usr/sbin/so-yara-update >> $setup_log 2>&1 fi fi From f68972255961c6cd74f83274b8f2250eae6d1041 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 10 Dec 2020 14:14:50 +0000 Subject: [PATCH 35/54] Add initial suricata.ftp_data pipeline --- salt/elasticsearch/files/ingest/suricata.ftp_data | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 salt/elasticsearch/files/ingest/suricata.ftp_data diff --git a/salt/elasticsearch/files/ingest/suricata.ftp_data b/salt/elasticsearch/files/ingest/suricata.ftp_data new file mode 100644 index 000000000..2867fbab0 --- /dev/null +++ b/salt/elasticsearch/files/ingest/suricata.ftp_data @@ -0,0 +1,10 @@ +{ + "description" : "suricata.ftp_data", + "processors" : [ + { "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } }, + { "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } }, + { "rename": { "field": "message2.ftp_data.command", "target_field": "ftp.command", "ignore_missing": true } }, + { "rename": { "field": "message2.ftp_data.filename","target_field": "ftp.argument", "ignore_missing": true } }, + { "pipeline": { "name": "common" } } + ] +} From 379f1d98d89c38041b5230cebe9cbaeac837f66e Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 10 Dec 2020 09:15:17 -0500 Subject: [PATCH 36/54] fix addtotab --- pillar/data/addtotab.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh index 0029f5492..271558295 100644 --- a/pillar/data/addtotab.sh +++ b/pillar/data/addtotab.sh @@ -55,7 +55,7 @@ if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then fi fi if [ $TYPE == 'nodestab' ]; then - salt-call state.apply elasticseach queue=True + salt-call state.apply elasticsearch queue=True # echo " nodetype: $NODETYPE" >> $local_salt_dir/pillar/data/$TYPE.sls # echo " hotname: $HOTNAME" >> $local_salt_dir/pillar/data/$TYPE.sls fi From 45faa7fda4bcfdc230b12ce67837f64984ab4e00 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 10 Dec 2020 14:30:29 +0000 Subject: [PATCH 37/54] Add ability to supply an arg, for example overriding 15 min limit --- salt/common/tools/sbin/so-rule-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-rule-update b/salt/common/tools/sbin/so-rule-update index ee6ac37df..397719d61 100755 --- a/salt/common/tools/sbin/so-rule-update +++ b/salt/common/tools/sbin/so-rule-update @@ -10,4 +10,4 @@ got_root() { } got_root -docker exec so-idstools /bin/bash -c 'cd /opt/so/idstools/etc && idstools-rulecat' +docker exec so-idstools /bin/bash -c "cd /opt/so/idstools/etc && idstools-rulecat $1" From d9d7f49b96812ca836c9d6506fe841797a638215 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 10 Dec 2020 11:09:38 -0500 Subject: [PATCH 38/54] Adjust elasticsearch.yml --- salt/elasticsearch/files/elasticsearch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 0cadaf44c..3472b24db 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -42,7 +42,6 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% # roles: superuser # authz_exception: true {%- endif %} -node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m {%- if TRUECLUSTER is sameas true %} @@ -57,6 +56,7 @@ discovery.seed_hosts: {%- endif %} {%- else %} node.roles: [ data, ingest ] +node.attr.box_type: {{ NODE_ROUTE_TYPE }} discovery.seed_hosts: - {{ grains.master }} {%- endif %} From 42833b2086725f0da36e1f07d9fab3c90ecd5248 Mon Sep 17 00:00:00 2001 From: TOoSmOotH Date: Thu, 10 Dec 2020 11:14:32 -0500 Subject: [PATCH 39/54] Make non clustered node attributes --- salt/elasticsearch/files/elasticsearch.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 3472b24db..1ad65c43f 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -61,4 +61,7 @@ discovery.seed_hosts: - {{ grains.master }} {%- endif %} {%- endif %} +{%- if TRUECLUSTER is sameas false %} +node.attr.box_type: {{ NODE_ROUTE_TYPE }} +{%- endif %} indices.query.bool.max_clause_count: 1500 From 4ee944448f4089624cffa35091a6ae45d045f332 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 10 Dec 2020 12:05:57 -0500 Subject: [PATCH 40/54] remove $Interval template var since alerts cant be crated when it is used https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/eval/eval.json | 76 +++++++++---------- salt/grafana/dashboards/manager/manager.json | 74 +++++++++--------- .../managersearch/managersearch.json | 70 ++++++++--------- .../dashboards/search_nodes/searchnode.json | 70 ++++++++--------- .../dashboards/sensor_nodes/sensor.json | 76 +++++++++---------- .../dashboards/standalone/standalone.json | 76 +++++++++---------- 6 files changed, 221 insertions(+), 221 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index c9f3bced4..fdd4b6b00 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -175,7 +175,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -416,7 +416,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -556,7 +556,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -696,7 +696,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -843,7 +843,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -957,7 +957,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1059,7 +1059,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1204,7 +1204,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1349,7 +1349,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1494,7 +1494,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1652,7 +1652,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1702,7 +1702,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1752,7 +1752,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1802,7 +1802,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1852,7 +1852,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1902,7 +1902,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2182,7 +2182,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2321,7 +2321,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2460,7 +2460,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2620,7 +2620,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2725,7 +2725,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2964,7 +2964,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3118,7 +3118,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3162,7 +3162,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3206,7 +3206,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3352,7 +3352,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3395,7 +3395,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3438,7 +3438,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3481,7 +3481,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3622,7 +3622,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3783,7 +3783,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3827,7 +3827,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3870,7 +3870,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4006,7 +4006,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4054,7 +4054,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4200,7 +4200,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4264,7 +4264,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4422,7 +4422,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json index c5c09ae0e..35f3690f2 100644 --- a/salt/grafana/dashboards/manager/manager.json +++ b/salt/grafana/dashboards/manager/manager.json @@ -71,7 +71,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -260,7 +260,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -400,7 +400,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -540,7 +540,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -683,7 +683,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -793,7 +793,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -888,7 +888,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1028,7 +1028,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1168,7 +1168,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1308,7 +1308,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1454,7 +1454,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1504,7 +1504,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1554,7 +1554,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1604,7 +1604,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1654,7 +1654,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1704,7 +1704,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1846,7 +1846,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1910,7 +1910,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2286,7 +2286,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2330,7 +2330,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2374,7 +2374,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2510,7 +2510,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2574,7 +2574,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2734,7 +2734,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2777,7 +2777,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2820,7 +2820,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2863,7 +2863,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2997,7 +2997,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3041,7 +3041,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3084,7 +3084,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3219,7 +3219,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3283,7 +3283,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3434,7 +3434,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3481,7 +3481,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3616,7 +3616,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3751,7 +3751,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3815,7 +3815,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/dashboards/managersearch/managersearch.json b/salt/grafana/dashboards/managersearch/managersearch.json index 838a37426..b2b859803 100644 --- a/salt/grafana/dashboards/managersearch/managersearch.json +++ b/salt/grafana/dashboards/managersearch/managersearch.json @@ -82,7 +82,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -269,7 +269,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -689,7 +689,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -800,7 +800,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1034,7 +1034,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1458,7 +1458,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1508,7 +1508,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1558,7 +1558,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1608,7 +1608,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1658,7 +1658,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1708,7 +1708,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1850,7 +1850,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1914,7 +1914,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2062,7 +2062,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2190,7 +2190,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2373,7 +2373,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2417,7 +2417,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2461,7 +2461,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2597,7 +2597,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2661,7 +2661,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2809,7 +2809,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2937,7 +2937,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3072,7 +3072,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3116,7 +3116,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3159,7 +3159,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3495,7 +3495,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3627,7 +3627,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4005,7 +4005,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4135,7 +4135,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4182,7 +4182,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4313,7 +4313,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4453,7 +4453,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4496,7 +4496,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4539,7 +4539,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4582,7 +4582,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json index a7170d276..fd063b163 100644 --- a/salt/grafana/dashboards/search_nodes/searchnode.json +++ b/salt/grafana/dashboards/search_nodes/searchnode.json @@ -81,7 +81,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -268,7 +268,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -408,7 +408,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -548,7 +548,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -676,7 +676,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -818,7 +818,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -883,7 +883,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1024,7 +1024,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1152,7 +1152,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1280,7 +1280,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1408,7 +1408,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1548,7 +1548,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1598,7 +1598,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1648,7 +1648,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1698,7 +1698,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1748,7 +1748,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1798,7 +1798,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1976,7 +1976,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2106,7 +2106,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2153,7 +2153,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2340,7 +2340,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2384,7 +2384,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2428,7 +2428,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2568,7 +2568,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2611,7 +2611,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2654,7 +2654,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2697,7 +2697,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2832,7 +2832,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2896,7 +2896,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3051,7 +3051,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3095,7 +3095,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3138,7 +3138,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3269,7 +3269,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3404,7 +3404,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3468,7 +3468,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json index 048bb5a34..0b89f030a 100644 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ b/salt/grafana/dashboards/sensor_nodes/sensor.json @@ -174,7 +174,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -414,7 +414,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -553,7 +553,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -692,7 +692,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -838,7 +838,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -952,7 +952,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1067,7 +1067,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1162,7 +1162,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1307,7 +1307,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1452,7 +1452,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1609,7 +1609,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1659,7 +1659,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1709,7 +1709,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1759,7 +1759,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1809,7 +1809,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1859,7 +1859,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1999,7 +1999,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2132,7 +2132,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2271,7 +2271,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2410,7 +2410,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2553,7 +2553,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2786,7 +2786,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2850,7 +2850,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3016,7 +3016,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3059,7 +3059,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3102,7 +3102,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3145,7 +3145,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3281,7 +3281,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3329,7 +3329,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3475,7 +3475,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3685,7 +3685,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3729,7 +3729,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3773,7 +3773,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3914,7 +3914,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3958,7 +3958,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4001,7 +4001,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4142,7 +4142,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4206,7 +4206,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index 3bab1ff5f..d1ed7e05c 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -86,7 +86,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -284,7 +284,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -574,7 +574,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -714,7 +714,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -861,7 +861,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -975,7 +975,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1366,7 +1366,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1511,7 +1511,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1669,7 +1669,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1719,7 +1719,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1769,7 +1769,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1819,7 +1819,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1869,7 +1869,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -1919,7 +1919,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2067,7 +2067,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2131,7 +2131,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2285,7 +2285,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2424,7 +2424,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2621,7 +2621,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2665,7 +2665,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2709,7 +2709,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -2851,7 +2851,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3111,7 +3111,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3215,7 +3215,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3259,7 +3259,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3302,7 +3302,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3648,7 +3648,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3794,7 +3794,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -3937,7 +3937,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -4550,7 +4550,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5172,7 +5172,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5220,7 +5220,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5378,7 +5378,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5483,7 +5483,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5912,7 +5912,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5955,7 +5955,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -5998,7 +5998,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, @@ -6041,7 +6041,7 @@ "groupBy": [ { "params": [ - "$Interval" + "$__interval" ], "type": "time" }, From 25f2075e2234949741d01da0954c6f4e92fe2a57 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 10 Dec 2020 15:01:10 -0500 Subject: [PATCH 41/54] [fix] Revert bad change to whiptail_basic_zeek --- setup/so-whiptail | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index ebc515782..7b105bb8e 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -61,13 +61,11 @@ whiptail_basic_zeek() { local PROCS=$lb_procs fi - ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) + BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3) + local exitstatus=$? whiptail_check_exitstatus $exitstatus - - ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"') - - IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS" } whiptail_zeek_version() { From 733f5a50215b2be5cda51b785fb25909019aa823 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 10 Dec 2020 15:17:22 -0500 Subject: [PATCH 42/54] allowUiUpdates to dashboards to allow for alert creation on stock dashboards issue/1175 --- salt/grafana/etc/dashboards/dashboard.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/salt/grafana/etc/dashboards/dashboard.yml b/salt/grafana/etc/dashboards/dashboard.yml index 72f77f845..b00dadc04 100644 --- a/salt/grafana/etc/dashboards/dashboard.yml +++ b/salt/grafana/etc/dashboards/dashboard.yml @@ -8,6 +8,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/manager - name: 'Manager Search' @@ -15,6 +16,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/managersearch - name: 'Sensor Nodes' @@ -22,6 +24,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/sensor_nodes - name: 'Search Nodes' @@ -29,6 +32,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/search_nodes - name: 'Standalone' @@ -36,6 +40,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/standalone {%- else %} @@ -44,6 +49,7 @@ providers: type: file disableDeletion: false editable: true + allowUiUpdates: true options: path: /etc/grafana/grafana_dashboards/eval {% endif %} From 14f28e38be8b4420cd4e8e53eb9de4bb434d9071 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Dec 2020 10:04:38 -0500 Subject: [PATCH 43/54] Ensure so-yara-updata script is logging to a file during cron job execution --- salt/common/tools/sbin/so-yara-update | 21 ++++++++++++--------- salt/manager/init.sls | 2 +- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/salt/common/tools/sbin/so-yara-update b/salt/common/tools/sbin/so-yara-update index 9d7b3fcdf..7a8f98bf7 100755 --- a/salt/common/tools/sbin/so-yara-update +++ b/salt/common/tools/sbin/so-yara-update @@ -27,6 +27,7 @@ updatecounter=0 {% if ISAIRGAP is sameas true %} +echo "Updating rules in airgap mode..." clone_dir="/nsm/repo/rules/strelka" repo_name="signature-base" @@ -73,20 +74,22 @@ done echo "Done!" - if [ "$newcounter" -gt 0 ];then - echo "$newcounter new rules added." - fi +if [ "$newcounter" -gt 0 ];then + echo "$newcounter new rules added." +fi - if [ "$updatecounter" -gt 0 ];then - echo "$updatecounter rules updated." - fi +if [ "$updatecounter" -gt 0 ];then + echo "$updatecounter rules updated." +fi - if [ "$deletecounter" -gt 0 ];then - echo "$deletecounter rules removed because they were deprecated or don't exist in the source repo." - fi +if [ "$deletecounter" -gt 0 ];then + echo "$deletecounter rules removed because they were deprecated or don't exist in the source repo." +fi {% else %} +echo "Starting to update rules..." + gh_status=$(curl -s -o /dev/null -w "%{http_code}" http://github.com) clone_dir="/tmp" if [ "$gh_status" == "200" ] || [ "$gh_status" == "301" ]; then diff --git a/salt/manager/init.sls b/salt/manager/init.sls index b506d06bf..4136b276d 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -91,7 +91,7 @@ append_so-aptcacherng_so-status.conf: strelka_yara_update: cron.present: - user: root - - name: '/usr/sbin/so-yara-update > /dev/null 2>&1' + - name: '/usr/sbin/so-yara-update >> /nsm/strelka/log/yara-update.log 2>&1' - hour: '7' - minute: '1' {% else %} From 0915ae30e4d86b55db4353e00d705d2261e1fead Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Dec 2020 10:08:10 -0500 Subject: [PATCH 44/54] Add timestamps to so-yara-update output --- salt/common/tools/sbin/so-yara-update | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-yara-update b/salt/common/tools/sbin/so-yara-update index 7a8f98bf7..a2a633957 100755 --- a/salt/common/tools/sbin/so-yara-update +++ b/salt/common/tools/sbin/so-yara-update @@ -16,6 +16,8 @@ # along with this program. If not, see . {%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} +echo "Starting to check for yara rule updates at $(date)..." + output_dir="/opt/so/saltstack/default/salt/strelka/rules" mkdir -p $output_dir repos="$output_dir/repos.txt" @@ -27,7 +29,7 @@ updatecounter=0 {% if ISAIRGAP is sameas true %} -echo "Updating rules in airgap mode..." +echo "Airgap mode enabled." clone_dir="/nsm/repo/rules/strelka" repo_name="signature-base" @@ -88,8 +90,6 @@ fi {% else %} -echo "Starting to update rules..." - gh_status=$(curl -s -o /dev/null -w "%{http_code}" http://github.com) clone_dir="/tmp" if [ "$gh_status" == "200" ] || [ "$gh_status" == "301" ]; then @@ -165,4 +165,6 @@ else echo "No connectivity to Github...exiting..." exit 1 fi -{%- endif -%} \ No newline at end of file +{%- endif -%} + +echo "Finished rule updates at $(date)..." From e0e38ac37fc9bff540ec93c6a12578ca51e0b61e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 10:39:25 -0500 Subject: [PATCH 45/54] update standlone dashboard panaels from guage to graph https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- .../dashboards/standalone/standalone.json | 473 ++++++++++++------ salt/grafana/defaults.yaml | 2 +- 2 files changed, 322 insertions(+), 153 deletions(-) diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index d1ed7e05c..311015151 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -21,23 +21,13 @@ "links": [], "panels": [ { - "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, + "unit": "percent", "min": 0, - "nullValueMode": "connected", + "max": 100, "thresholds": { "mode": "absolute", "steps": [ @@ -55,7 +45,16 @@ } ] }, - "unit": "percent" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -68,18 +67,9 @@ "id": 2, "links": [], "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -134,11 +124,80 @@ "operator": "=", "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "timeFrom": null, + "timeShift": null, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "datasource": "InfluxDB", @@ -796,68 +855,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -881,7 +926,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -906,72 +951,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ NSMFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 31, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -995,7 +1066,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -1020,8 +1091,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, @@ -3045,24 +3156,14 @@ "type": "stat" }, { - "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "decimals": 2, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 1209600, + "unit": "s", "min": 0, - "nullValueMode": "connected", + "max": null, + "decimals": 2, "thresholds": { "mode": "absolute", "steps": [ @@ -3080,7 +3181,16 @@ } ] }, - "unit": "s" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -3093,18 +3203,9 @@ "id": 22, "links": [], "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -3147,13 +3248,81 @@ "operator": "=", "value": "{{ SERVERNAME }}" } - ] + ], + "alias": "Oldest Pcap" } ], + "title": "{{ SERVERNAME }} - PCAP Retention", + "type": "graph", + "renderer": "flot", + "yaxes": [ + { + "label": "", + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "s", + "$$hashKey": "object:643", + "decimals": 2 + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:644" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "cacheTimeout": null, "timeFrom": null, "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", - "type": "gauge" + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false }, { "aliasColors": { diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml index 13a2f62f0..171f679e3 100644 --- a/salt/grafana/defaults.yaml +++ b/salt/grafana/defaults.yaml @@ -10,7 +10,7 @@ grafana: enabled: false # host: localhost:25 # user: myuser - # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" + # If the password contains # or ; you have to wrap it with triple quotes wrapped by single quotes. Ex '"""#password;"""' # password: mypassword # cert_file: /etc/grafana/config/files/smtp_cert_file.crt # key_file: /etc/grafana/config/files/smtp_key_file.key From 33fde42dbce65d38a51bdba75ac8b11fe06e3162 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 10:42:30 -0500 Subject: [PATCH 46/54] dont show legend on pcap retention panel --- salt/grafana/dashboards/standalone/standalone.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index 311015151..40ad57237 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -3294,7 +3294,7 @@ "spaceLength": 10, "pointradius": 2, "legend": { - "show": true, + "show": false, "values": false, "min": false, "max": false, From 2fc151d92350ba01da9bed6b69c588aef11e9aa5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 11:34:08 -0500 Subject: [PATCH 47/54] update eval dashboard panaels from guage to graph https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/eval/eval.json | 365 ++++++++++++++++--------- 1 file changed, 239 insertions(+), 126 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index fdd4b6b00..b674a4173 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -778,68 +778,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -863,7 +849,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -888,72 +874,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ NSMFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 31, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -977,7 +989,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -1002,8 +1014,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, @@ -2897,25 +2949,18 @@ "title": "Zeek Restarts via Healthcheck", "type": "stat" }, + + + { - "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "decimals": 2, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 1209600, + "unit": "s", "min": 0, - "nullValueMode": "connected", + "max": , + "decimals": 2, "thresholds": { "mode": "absolute", "steps": [ @@ -2933,7 +2978,16 @@ } ] }, - "unit": "s" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -2946,18 +3000,9 @@ "id": 22, "links": [], "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -3000,13 +3045,81 @@ "operator": "=", "value": "{{ SERVERNAME }}" } - ] + ], + "alias": "Oldest Pcap" } ], + "title": "{{ SERVERNAME }} - PCAP Retention", + "type": "graph", + "renderer": "flot", + "yaxes": [ + { + "label": "", + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "s", + "$$hashKey": "object:643", + "decimals": 2 + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:644" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "cacheTimeout": null, "timeFrom": null, "timeShift": null, - "title": "{{ SERVERNAME }} - PCAP Retention", - "type": "gauge" + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false }, { "aliasColors": { From 5a95181b2b09150d7cb168af8c284c74364d4534 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 11:36:19 -0500 Subject: [PATCH 48/54] update eval version 1 https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/eval/eval.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index b674a4173..449233508 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -4735,5 +4735,5 @@ "timezone": "browser", "title": "Evaluation Mode - {{ SERVERNAME }} Overview", "uid": "{{ UID }}", - "version": 6 + "version": 1 } From 6eb64227ae52777c3cc52f9c6d06c513d7f2efa9 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 11:44:21 -0500 Subject: [PATCH 49/54] update manager dashboard panaels from guage to graph https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/manager/manager.json | 260 ++++++++++++------- 1 file changed, 160 insertions(+), 100 deletions(-) diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json index 35f3690f2..d0d55243f 100644 --- a/salt/grafana/dashboards/manager/manager.json +++ b/salt/grafana/dashboards/manager/manager.json @@ -622,64 +622,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "6.6.2", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -703,7 +693,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -728,68 +718,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 35, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ NSMFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "6.6.2", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -813,7 +833,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -838,8 +858,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, From 0a77a28e066a0f67b9eb451a40444fe0d7609cd3 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 11:51:42 -0500 Subject: [PATCH 50/54] guage to graph cor cpu on manager and eval https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/eval/eval.json | 135 ++++++++++++++--- salt/grafana/dashboards/manager/manager.json | 145 ++++++++++++++----- 2 files changed, 220 insertions(+), 60 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index 449233508..63f88de19 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -24,18 +24,36 @@ "fieldConfig": { "defaults": { "custom": {}, - "decimals": 2, - "mappings": [], + "unit": "percent", + "min": 0, + "max": 100, "thresholds": { "mode": "absolute", "steps": [ { - "color": "rgb(255, 255, 255)", + "color": "rgba(50, 172, 45, 0.97)", "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 60 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 } ] }, - "unit": "s" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -45,23 +63,15 @@ "x": 0, "y": 0 }, - "id": 39, + "id": 2, + "links": [], "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - } + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { + "dsType": "influxdb", "groupBy": [ { "params": [ @@ -76,7 +86,7 @@ "type": "fill" } ], - "measurement": "system", + "measurement": "cpu", "orderByTime": "ASC", "policy": "default", "refId": "A", @@ -85,13 +95,19 @@ [ { "params": [ - "uptime" + "usage_idle" ], "type": "field" }, { "params": [], - "type": "last" + "type": "mean" + }, + { + "params": [ + "* -1 + 100" + ], + "type": "math" } ] ], @@ -100,14 +116,87 @@ "key": "host", "operator": "=", "value": "{{ SERVERNAME }}" + }, + { + "condition": "AND", + "key": "cpu", + "operator": "=", + "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], + "title": "{{ SERVERNAME }} - CPU", + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, "timeFrom": null, "timeShift": null, - "title": "{{ SERVERNAME }} - System Uptime", - "type": "stat" + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "cacheTimeout": null, diff --git a/salt/grafana/dashboards/manager/manager.json b/salt/grafana/dashboards/manager/manager.json index d0d55243f..9a498a34f 100644 --- a/salt/grafana/dashboards/manager/manager.json +++ b/salt/grafana/dashboards/manager/manager.json @@ -20,8 +20,43 @@ "links": [], "panels": [ { - "cacheTimeout": null, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {}, + "unit": "percent", + "min": 0, + "max": 100, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 60 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 + } + ] + }, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" + }, + "overrides": [] + }, "gridPos": { "h": 5, "w": 4, @@ -31,40 +66,9 @@ "id": 2, "links": [], "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [], - "max": 100, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "orange", - "value": 60 - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "percent" - }, - "overrides": [], - "values": false - }, - "orientation": "auto", - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "6.6.2", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -119,13 +123,80 @@ "operator": "=", "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], + "title": "{{ SERVERNAME }} - CPU", + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, "timeFrom": null, "timeShift": null, - "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "datasource": "InfluxDB", From e3335a310620abefdefaa2c139a52469f4ec3f6d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 12:00:02 -0500 Subject: [PATCH 51/54] update managersearch dashboard panaels from guage to graph https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- .../managersearch/managersearch.json | 416 +++++++++++------- 1 file changed, 269 insertions(+), 147 deletions(-) diff --git a/salt/grafana/dashboards/managersearch/managersearch.json b/salt/grafana/dashboards/managersearch/managersearch.json index b2b859803..a852d8c0a 100644 --- a/salt/grafana/dashboards/managersearch/managersearch.json +++ b/salt/grafana/dashboards/managersearch/managersearch.json @@ -21,8 +21,43 @@ "links": [], "panels": [ { - "cacheTimeout": null, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {}, + "unit": "percent", + "min": 0, + "max": 100, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 60 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 + } + ] + }, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" + }, + "overrides": [] + }, "gridPos": { "h": 5, "w": 4, @@ -32,50 +67,9 @@ "id": 2, "links": [], "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 60 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 80 - } - ] - }, - "unit": "percent" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "6.7.3", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -130,11 +124,80 @@ "operator": "=", "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "timeFrom": null, + "timeShift": null, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "datasource": "InfluxDB", @@ -628,64 +691,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "6.7.3", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -709,7 +762,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -734,69 +787,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 35, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "decimals": 2, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ NSMFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "6.7.3", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -820,7 +902,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -845,8 +927,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, From c88a1a943d24ddbdba1286b5f48752388295dd57 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 12:21:16 -0500 Subject: [PATCH 52/54] update search and sensor node dashboard panaels from guage to graph https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- .../dashboards/search_nodes/searchnode.json | 416 +++++++++------ .../dashboards/sensor_nodes/sensor.json | 475 ++++++++++++------ 2 files changed, 592 insertions(+), 299 deletions(-) diff --git a/salt/grafana/dashboards/search_nodes/searchnode.json b/salt/grafana/dashboards/search_nodes/searchnode.json index fd063b163..72ebe768a 100644 --- a/salt/grafana/dashboards/search_nodes/searchnode.json +++ b/salt/grafana/dashboards/search_nodes/searchnode.json @@ -20,8 +20,43 @@ "links": [], "panels": [ { - "cacheTimeout": null, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {}, + "unit": "percent", + "min": 0, + "max": 100, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 60 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 80 + } + ] + }, + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" + }, + "overrides": [] + }, "gridPos": { "h": 5, "w": 4, @@ -31,50 +66,9 @@ "id": 2, "links": [], "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 60 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 80 - } - ] - }, - "unit": "percent" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "6.6.2", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -129,11 +123,80 @@ "operator": "=", "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "timeFrom": null, + "timeShift": null, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "datasource": "InfluxDB", @@ -757,64 +820,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "fieldOptions": { - "calcs": [ - "lastNotNull" - ], - "defaults": { - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" - }, - "overrides": [], - "values": false - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "6.6.2", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -838,7 +891,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -863,23 +916,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", - "cacheTimeout": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 35, - "links": [], + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -903,7 +1031,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -928,54 +1056,48 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge", - "options": { - "showThresholdMarkers": true, - "showThresholdLabels": false, - "fieldOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "mappings": [ - { - "op": "=", - "text": "N/A", - "value": "null", - "id": 0, - "type": 1 - } - ], - "unit": "bytes", - "nullValueMode": "connected", - "min": 0, - "max": "{{ NSMFS}}", - "decimals": 2 - }, - "overrides": [] - }, - "orientation": "horizontal" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" }, - "pluginVersion": "6.6.2" + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { "aliasColors": {}, diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json index 0b89f030a..f8ba531a0 100644 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ b/salt/grafana/dashboards/sensor_nodes/sensor.json @@ -109,23 +109,13 @@ "type": "stat" }, { - "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 100, + "unit": "percent", "min": 0, - "nullValueMode": "connected", + "max": 100, "thresholds": { "mode": "absolute", "steps": [ @@ -143,7 +133,16 @@ } ] }, - "unit": "percent" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -156,18 +155,9 @@ "id": 2, "links": [], "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -222,11 +212,80 @@ "operator": "=", "value": "cpu-total" } - ] + ], + "alias": "Usage" } ], "title": "{{ SERVERNAME }} - CPU", - "type": "gauge" + "type": "graph", + "cacheTimeout": null, + "renderer": "flot", + "yaxes": [ + { + "label": null, + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "percent", + "$$hashKey": "object:395" + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:396" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "fillGradient": 0, + "linewidth": 1, + "dashes": false, + "hiddenSeries": false, + "dashLength": 10, + "spaceLength": 10, + "points": false, + "pointradius": 2, + "bars": false, + "stack": false, + "percentage": false, + "legend": { + "show": false, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "steppedLine": false, + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "timeFrom": null, + "timeShift": null, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [] }, { "aliasColors": {}, @@ -773,68 +832,54 @@ } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ ROOTFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ ROOTFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ ROOTFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 0, "y": 5 }, - "id": 12, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 73, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -858,7 +903,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -883,72 +928,98 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { - "custom": {}, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": "{{ NSMFS }}", - "min": 0, - "nullValueMode": "connected", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "{{ NSMFS * '.80'|float }}" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "{{ NSMFS * '.90'|float }}" - } - ] - }, - "unit": "bytes" + "custom": {} }, "overrides": [] }, + "fill": 1, + "fillGradient": 0, "gridPos": { "h": 5, "w": 4, "x": 4, "y": 5 }, - "id": 31, - "links": [], - "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "hiddenSeries": false, + "id": 74, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false }, - "pluginVersion": "7.0.5", + "lines": true, + "linewidth": 1, + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.3.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, "targets": [ { - "dsType": "influxdb", + "alias": "Used", "groupBy": [ { "params": [ @@ -972,7 +1043,7 @@ [ { "params": [ - "used" + "used_percent" ], "type": "field" }, @@ -997,28 +1068,58 @@ ] } ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, "title": "{{ SERVERNAME }} - Disk Used(/nsm)", - "type": "gauge" + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:708", + "format": "percent", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "$$hashKey": "object:709", + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } }, { - "cacheTimeout": null, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, - "decimals": 2, - "mappings": [ - { - "id": 0, - "op": "=", - "text": "N/A", - "type": 1, - "value": "null" - } - ], - "max": 1209600, + "unit": "s", "min": 0, - "nullValueMode": "connected", + "max": , + "decimals": 2, "thresholds": { "mode": "absolute", "steps": [ @@ -1036,7 +1137,16 @@ } ] }, - "unit": "s" + "mappings": [ + { + "id": 0, + "op": "=", + "text": "N/A", + "type": 1, + "value": "null" + } + ], + "nullValueMode": "connected" }, "overrides": [] }, @@ -1049,18 +1159,9 @@ "id": 22, "links": [], "options": { - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": true + "alertThreshold": true }, - "pluginVersion": "7.0.5", + "pluginVersion": "7.3.4", "targets": [ { "dsType": "influxdb", @@ -1103,12 +1204,82 @@ "operator": "=", "value": "{{ SERVERNAME }}" } - ] + ], + "alias": "Oldest Pcap" } ], "title": "{{ SERVERNAME }} - PCAP Retention", - "type": "gauge" - }, + "type": "graph", + "renderer": "flot", + "yaxes": [ + { + "label": "", + "show": true, + "logBase": 1, + "min": null, + "max": null, + "format": "s", + "$$hashKey": "object:643", + "decimals": 2 + }, + { + "label": null, + "show": false, + "logBase": 1, + "min": null, + "max": null, + "format": "short", + "$$hashKey": "object:644" + } + ], + "xaxis": { + "show": true, + "mode": "time", + "name": null, + "values": [], + "buckets": null + }, + "yaxis": { + "align": false, + "alignLevel": null + }, + "lines": true, + "fill": 1, + "linewidth": 1, + "dashLength": 10, + "spaceLength": 10, + "pointradius": 2, + "legend": { + "show": true, + "values": false, + "min": false, + "max": false, + "current": false, + "total": false, + "avg": false + }, + "nullPointMode": "connected", + "tooltip": { + "value_type": "individual", + "shared": true, + "sort": 0 + }, + "aliasColors": {}, + "seriesOverrides": [], + "thresholds": [], + "timeRegions": [], + "cacheTimeout": null, + "timeFrom": null, + "timeShift": null, + "fillGradient": 0, + "dashes": false, + "hiddenSeries": false, + "points": false, + "bars": false, + "stack": false, + "percentage": false, + "steppedLine": false + }, { "aliasColors": {}, "bars": false, From d877fac786b5d945d6ccc56c06c5de6bf4c373dc Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 11 Dec 2020 12:28:43 -0500 Subject: [PATCH 53/54] add null for max graph value https://github.com/Security-Onion-Solutions/securityonion/issues/1175 --- salt/grafana/dashboards/eval/eval.json | 2 +- salt/grafana/dashboards/sensor_nodes/sensor.json | 2 +- salt/grafana/dashboards/standalone/standalone.json | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index 63f88de19..ee94504d1 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -3048,7 +3048,7 @@ "custom": {}, "unit": "s", "min": 0, - "max": , + "max": null, "decimals": 2, "thresholds": { "mode": "absolute", diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json index f8ba531a0..9136a7838 100644 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ b/salt/grafana/dashboards/sensor_nodes/sensor.json @@ -1118,7 +1118,7 @@ "custom": {}, "unit": "s", "min": 0, - "max": , + "max": null, "decimals": 2, "thresholds": { "mode": "absolute", diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index 40ad57237..079578a38 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -199,6 +199,9 @@ "thresholds": [], "timeRegions": [] }, + + + { "datasource": "InfluxDB", "fieldConfig": { From eb735c72895459eca36b397458548a8d931dce66 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Dec 2020 13:22:13 -0500 Subject: [PATCH 54/54] Replace duplicate random generator with common function --- salt/common/tools/sbin/so-common | 5 ++++ salt/common/tools/sbin/soup | 8 +++---- salt/playbook/files/playbook_db_init.sh | 3 ++- setup/so-functions | 32 ++++++++++++------------- setup/so-variables | 2 +- 5 files changed, 28 insertions(+), 22 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 1dfa22a5f..6c7989c3d 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -135,3 +135,8 @@ fail() { echo "Exiting." exit 1 } + +get_random_value() { + length=${1:-20} + head -c 5000 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1 +} \ No newline at end of file diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 27439a137..ca840de59 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -212,8 +212,8 @@ rc1_to_rc2() { sed -i "/^global:/a \\$line" /opt/so/saltstack/local/pillar/global.sls; # Adding play values to the global.sls - local HIVEPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - local CORTEXPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) + local HIVEPLAYSECRET=$(get_random_value) + local CORTEXPLAYSECRET=$(get_random_value) sed -i "/^global:/a \\ hiveplaysecret: $HIVEPLAYSECRET" /opt/so/saltstack/local/pillar/global.sls; sed -i "/^global:/a \\ cortexplaysecret: $CORTEXPLAYSECRET" /opt/so/saltstack/local/pillar/global.sls; @@ -275,8 +275,8 @@ rc3_to_2.3.0() { sed -i 's/playbook:/playbook_db:/' /opt/so/saltstack/local/pillar/secrets.sls { - echo "playbook_admin: $(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)" - echo "playbook_automation: $(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)" + echo "playbook_admin: $(get_random_value)" + echo "playbook_automation: $(get_random_value)" } >> /opt/so/saltstack/local/pillar/secrets.sls } diff --git a/salt/playbook/files/playbook_db_init.sh b/salt/playbook/files/playbook_db_init.sh index bd4f7abae..94aef0a44 100644 --- a/salt/playbook/files/playbook_db_init.sh +++ b/salt/playbook/files/playbook_db_init.sh @@ -1,11 +1,12 @@ #!/bin/bash # {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%} # {%- set admin_pass = salt['pillar.get']('secrets:playbook_admin', None) %} +. /usr/sbin/so-common default_salt_dir=/opt/so/saltstack/default # Generate salt + hash for admin user -admin_salt=$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 32 | head -n 1) +admin_salt=$(get_random_value 32) admin_stage1_hash=$(echo -n '{{ admin_pass }}' | sha1sum | awk '{print $1}') admin_hash=$(echo -n "${admin_salt}${admin_stage1_hash}" | sha1sum | awk '{print $1}') sed -i "s/ADMIN_HASH/${admin_hash}/g" $default_salt_dir/salt/playbook/files/playbook_db_init.sql diff --git a/setup/so-functions b/setup/so-functions index 6a6f42dc7..66450a6bb 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -954,22 +954,22 @@ fleet_pillar() { generate_passwords(){ # Generate Random Passwords for Things - MYSQLPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - PLAYBOOKDBPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - PLAYBOOKADMINPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - PLAYBOOKAUTOMATIONPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - FLEETPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - FLEETJWT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - GRAFANAPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) + MYSQLPASS=$(get_random_value) + PLAYBOOKDBPASS=$(get_random_value) + PLAYBOOKADMINPASS=$(get_random_value) + PLAYBOOKAUTOMATIONPASS=$(get_random_value) + FLEETPASS=$(get_random_value) + FLEETJWT=$(get_random_value) + GRAFANAPASS=$(get_random_value) if [[ "$THEHIVE" == "1" ]]; then - HIVEKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - HIVEPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - CORTEXKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - CORTEXORGUSERKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - CORTEXPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) + HIVEKEY=$(get_random_value) + HIVEPLAYSECRET=$(get_random_value) + CORTEXKEY=$(get_random_value) + CORTEXORGUSERKEY=$(get_random_value) + CORTEXPLAYSECRET=$(get_random_value) fi - SENSORONIKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) + SENSORONIKEY=$(get_random_value) + KRATOSKEY=$(get_random_value) } get_redirect() { @@ -1272,8 +1272,8 @@ minio_generate_keys() { local charSet="[:graph:]" - ACCESS_KEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) - ACCESS_SECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 40 | head -n 1) + ACCESS_KEY=$(get_random_value) + ACCESS_SECRET=$(get_random_value 40) } diff --git a/setup/so-variables b/setup/so-variables index 83b9b4325..17441dca0 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -12,7 +12,7 @@ export num_cpu_cores readarray -t cpu_core_list <<< "$(grep "processor" /proc/cpuinfo | grep -v "KVM" | awk '{print $3}')" export cpu_core_list -random_uid=$(