From 42e00514f56bdfb6c2753cb39fe9e64bc64f83aa Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 11:09:14 -0400 Subject: [PATCH 01/11] Adding docker net setting --- setup/so-functions | 11 +++++++++++ setup/so-setup | 1 + setup/so-whiptail | 25 +++++++++++++++++++++++++ 3 files changed, 37 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 3c056d23f..0cfb5ded2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -845,6 +845,12 @@ docker_registry() { printf '%s\n'\ "{"\ " \"registry-mirrors\": [ \"$proxy:5000\" ]"\ + " \"default-address-pools\": ["\ + " {"\ + " \"base\" : \"$DOCKERNET\","\ + " \"size\" : 24"\ + " }"\ + " ]"\ "}" > /etc/docker/daemon.json echo "Docker Registry Setup - Complete" >> "$setup_log" 2>&1 @@ -1139,12 +1145,17 @@ manager_global() { fi fi + if [ -z "$DOCKERNET" ]; then + DOCKERNET=172.17.0.0/16 + fi + # Create a global file for global values printf '%s\n'\ "global:"\ " soversion: '$SOVERSION'"\ " hnmanager: '$HNMANAGER'"\ " ntpserver: '$NTPSERVER'"\ + " dockernet: '$DOCKERNET'"\ " proxy: '$PROXY'"\ " mdengine: '$ZEEKVERSION'"\ " ids: '$NIDS'"\ diff --git a/setup/so-setup b/setup/so-setup index 1c46a8bf9..9fe10ae3a 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -312,6 +312,7 @@ fi if [[ $is_helix || $is_manager || $is_import ]]; then whiptail_homenet_manager + whiptail_dockernet_check fi if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then diff --git a/setup/so-whiptail b/setup/so-whiptail index 0401146af..a99d6a8c3 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -457,6 +457,31 @@ whiptail_dhcp_warn() { } +whiptail_dockernet_check(){ + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --yesno \ + "Do you want to change the IP range Docker uses? (Choose no if you don't know what this means)" 8 75 + + local exitstatus=$? + + if [[ $exitstatus == 0 ]]; then + whiptail_dockernet_net + fi +} + +whiptail_dockernet_net() { + + [ -n "$TESTING" ] && return + + DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ + "\nEnter a network range for docker to use: \n \n(Default value is pre-populated)" 10 75 172.17.0.0/16 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + +} whiptail_enable_components() { [ -n "$TESTING" ] && return From d4dd4aa416f203f3d2ad04082d7fbf4db1c94840 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 11:25:45 -0400 Subject: [PATCH 02/11] Add missing comma in daemon.json --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 0cfb5ded2..d7252bb53 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -844,7 +844,7 @@ docker_registry() { if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="https://$MSRV"; fi printf '%s\n'\ "{"\ - " \"registry-mirrors\": [ \"$proxy:5000\" ]"\ + " \"registry-mirrors\": [ \"$proxy:5000\" ],"\ " \"default-address-pools\": ["\ " {"\ " \"base\" : \"$DOCKERNET\","\ From 697bc53aecdf84d22dd2aecb6998a5b039400ac5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 15:08:34 -0400 Subject: [PATCH 03/11] Dockernet Modifications --- salt/firewall/hostgroups.yaml | 3 ++- salt/fleet/init.sls | 6 ++++-- salt/playbook/init.sls | 6 ++++-- salt/soc/files/soc/soc.json | 4 +++- setup/so-whiptail | 6 +++--- 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/salt/firewall/hostgroups.yaml b/salt/firewall/hostgroups.yaml index 5ff6b900b..778912911 100644 --- a/salt/firewall/hostgroups.yaml +++ b/salt/firewall/hostgroups.yaml @@ -1,3 +1,4 @@ +{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %} firewall: hostgroups: anywhere: @@ -9,7 +10,7 @@ firewall: ips: delete: insert: - - 172.17.0.0/24 + - {{ DNET }}/24 localhost: ips: delete: diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls index 220f3c4cb..e85358542 100644 --- a/salt/fleet/init.sls +++ b/salt/fleet/init.sls @@ -12,6 +12,8 @@ {% else %} {% set MAINIP = salt['pillar.get']('global:managerip') %} {% endif %} +{% set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %} + include: - mysql @@ -71,7 +73,7 @@ fleetdb: fleetdbuser: mysql_user.present: - - host: 172.17.0.0/255.255.0.0 + - host: {{ DNET }}/255.255.0.0 - password: {{ FLEETPASS }} - connection_host: {{ MAINIP }} - connection_port: 3306 @@ -85,7 +87,7 @@ fleetdbpriv: - grant: all privileges - database: fleet.* - user: fleetdbuser - - host: 172.17.0.0/255.255.0.0 + - host: {{ DNET }}/255.255.0.0 - connection_host: {{ MAINIP }} - connection_port: 3306 - connection_user: root diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index c78743eb5..eb009b23e 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -10,6 +10,8 @@ {% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %} {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%} {%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook_db', None) -%} +{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %} + include: - mysql @@ -19,7 +21,7 @@ create_playbookdbuser: - mysql.user_create: - user: playbookdbuser - password: {{ PLAYBOOKPASS }} - - host: 172.17.0.0/255.255.0.0 + - host: {{ DNET }}/255.255.255.0 - connection_host: {{ MAINIP }} - connection_port: 3306 - connection_user: root @@ -28,7 +30,7 @@ create_playbookdbuser: query_playbookdbuser_grants: mysql_query.run: - database: playbook - - query: "GRANT ALL ON playbook.* TO 'playbookdbuser'@'172.17.0.0/255.255.0.0';" + - query: "GRANT ALL ON playbook.* TO 'playbookdbuser'@'{{ DNET }}/255.255.255.0';" - connection_host: {{ MAINIP }} - connection_port: 3306 - connection_user: root diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 1407218ad..bea5dde2f 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -9,6 +9,8 @@ {%- import_json "soc/files/soc/hunt.queries.json" as hunt_queries %} {%- import_json "soc/files/soc/hunt.actions.json" as hunt_actions %} {%- import_json "soc/files/soc/hunt.eventfields.json" as hunt_eventfields %} +{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %} + { "logFilename": "/opt/sensoroni/logs/sensoroni-server.log", "server": { @@ -49,7 +51,7 @@ }, {% endif %} "statickeyauth": { - "anonymousCidr": "172.17.0.0/24", + "anonymousCidr": "{{ DNET }}/24", "apiKey": "{{ SENSORONIKEY }}" } }, diff --git a/setup/so-whiptail b/setup/so-whiptail index a99d6a8c3..f71a652f5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -462,11 +462,11 @@ whiptail_dockernet_check(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to change the IP range Docker uses? (Choose no if you don't know what this means)" 8 75 + "Do you want to keep the default Docker IP range? (Choose yes if you don't know what this means)" 8 75 local exitstatus=$? - if [[ $exitstatus == 0 ]]; then + if [[ $exitstatus == 1 ]]; then whiptail_dockernet_net fi } @@ -476,7 +476,7 @@ whiptail_dockernet_net() { [ -n "$TESTING" ] && return DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter a network range for docker to use: \n \n(Default value is pre-populated)" 10 75 172.17.0.0/16 3>&1 1>&2 2>&3) + "\nEnter a /24 network range for docker to use: \n \n(Default value is pre-populated)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus From 8fee19ee1bd36ec29dcef60a36f4d6d49b1f2ec0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 18:01:48 -0400 Subject: [PATCH 04/11] add bip for docker --- setup/so-functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index d7252bb53..51f081b04 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -845,6 +845,7 @@ docker_registry() { printf '%s\n'\ "{"\ " \"registry-mirrors\": [ \"$proxy:5000\" ],"\ + " \"bip\": \"$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24,\"\ " \"default-address-pools\": ["\ " {"\ " \"base\" : \"$DOCKERNET\","\ @@ -1146,7 +1147,7 @@ manager_global() { fi if [ -z "$DOCKERNET" ]; then - DOCKERNET=172.17.0.0/16 + DOCKERNET=172.17.0.0 fi # Create a global file for global values From fedf334ee9787157d695ad0825e703898eb8b8c5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 18:21:09 -0400 Subject: [PATCH 05/11] add bip for docker --- setup/so-functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 51f081b04..7c6feb5c6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -841,11 +841,12 @@ docker_registry() { echo "Setting up Docker Registry" >> "$setup_log" 2>&1 mkdir -p /etc/docker >> "$setup_log" 2>&1 # Make the host use the manager docker registry + DNETBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24 if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="https://$MSRV"; fi printf '%s\n'\ "{"\ " \"registry-mirrors\": [ \"$proxy:5000\" ],"\ - " \"bip\": \"$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24,\"\ + " \"bip\": \"$DNETBIP\",\ " \"default-address-pools\": ["\ " {"\ " \"base\" : \"$DOCKERNET\","\ From 741e17a637c08f7299c3fa032f6132f2e54ebe4f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Oct 2020 18:21:53 -0400 Subject: [PATCH 06/11] add bip for docker --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 7c6feb5c6..8de1f6ee4 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -846,7 +846,7 @@ docker_registry() { printf '%s\n'\ "{"\ " \"registry-mirrors\": [ \"$proxy:5000\" ],"\ - " \"bip\": \"$DNETBIP\",\ + " \"bip\": \"$DNETBIP\","\ " \"default-address-pools\": ["\ " {"\ " \"base\" : \"$DOCKERNET\","\ From 8f7dffea4b9bf64c1cb68bde757834d1912c71cd Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:10:43 -0400 Subject: [PATCH 07/11] Upodate dockernet menu --- setup/so-setup | 6 ++---- setup/so-whiptail | 4 +++- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 9fe10ae3a..50c37d15a 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -310,10 +310,8 @@ if [[ $is_helix || $is_sensor || $is_import ]]; then calculate_useable_cores fi -if [[ $is_helix || $is_manager || $is_import ]]; then - whiptail_homenet_manager - whiptail_dockernet_check -fi +whiptail_homenet_manager +whiptail_dockernet_check if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then set_base_heapsizes diff --git a/setup/so-whiptail b/setup/so-whiptail index f71a652f5..cfad65fae 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -476,7 +476,9 @@ whiptail_dockernet_net() { [ -n "$TESTING" ] && return DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter a /24 network range for docker to use: \n \n(Default value is pre-populated)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) + "\nEnter a /24 network range for docker to use: \n\ + \nThe same range MUST be used on ALL node\n\ + \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus From 8d952eca7e9c63b8b42889afbf7224541726fbc4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:12:07 -0400 Subject: [PATCH 08/11] Upodate dockernet menu --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index cfad65fae..957532bed 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -462,7 +462,7 @@ whiptail_dockernet_check(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to keep the default Docker IP range? (Choose yes if you don't know what this means)" 8 75 + "Do you want to keep the default Docker IP range?\n \n(Choose yes if you don't know what this means)" 8 75 local exitstatus=$? From 563a606e0e24d73cb4d3a308e07b2e039f6f0a02 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:14:14 -0400 Subject: [PATCH 09/11] Upodate dockernet menu --- setup/so-whiptail | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 957532bed..ae8d35d48 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -462,7 +462,8 @@ whiptail_dockernet_check(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to keep the default Docker IP range?\n \n(Choose yes if you don't know what this means)" 8 75 + "Do you want to keep the default Docker IP range? \n\ + (Choose yes if you don't know what this means)" 8 75 local exitstatus=$? @@ -477,8 +478,8 @@ whiptail_dockernet_net() { DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ "\nEnter a /24 network range for docker to use: \n\ - \nThe same range MUST be used on ALL node\n\ - \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) + The same range MUST be used on ALL node\n\ + (Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus From 8173cb589b9b226a4427c99b4c208e752a8d1084 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:17:53 -0400 Subject: [PATCH 10/11] Update whiptail menu for docker question --- setup/so-whiptail | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index ae8d35d48..33e14f904 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -462,8 +462,7 @@ whiptail_dockernet_check(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to keep the default Docker IP range? \n\ - (Choose yes if you don't know what this means)" 8 75 + "Do you want to keep the default Docker IP range? \n(Choose yes if you don't know what this means)" 8 75 local exitstatus=$? @@ -477,9 +476,7 @@ whiptail_dockernet_net() { [ -n "$TESTING" ] && return DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter a /24 network range for docker to use: \n\ - The same range MUST be used on ALL node\n\ - (Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) + "\nEnter a /24 network range for docker to use: \nThe same range MUST be used on ALL nodes \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus From bed70ab6bfca4b5ba2efcc5539c4c1fbc96b0e60 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Oct 2020 10:19:15 -0400 Subject: [PATCH 11/11] Update whiptail menu for docker question --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 33e14f904..d42df729e 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -462,7 +462,7 @@ whiptail_dockernet_check(){ [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" --yesno \ - "Do you want to keep the default Docker IP range? \n(Choose yes if you don't know what this means)" 8 75 + "Do you want to keep the default Docker IP range? \n \n(Choose yes if you don't know what this means)" 10 75 local exitstatus=$?