Setup - Fix prompts and disable onion user if iso

2026-01-19 14:41:37 +01:00 · 2019-12-11 13:44:40 -05:00
parent e52f469915
commit 989641eb5a
3 changed files with 75 additions and 31 deletions
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -117,13 +117,13 @@ nginxtmp:
 # Start the core docker
 so-coreimage:
 cmd.run:
-   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-core:HH1.1.2
+   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-core:HH1.1.3

 so-core:
  docker_container.running:
    - require:
      - so-coreimage
-    - image: docker.io/soshybridhunter/so-core:HH1.1.2
+    - image: docker.io/soshybridhunter/so-core:HH1.1.3
    - hostname: so-core
    - user: socore
    - binds:
--- a/salt/logstash/files/dynamic/9997_output_helix.conf
+++ b/salt/logstash/files/dynamic/9997_output_helix.conf
@@ -1,7 +1,7 @@
 {% set HELIX_API_KEY = salt['pillar.get']('fireeye:helix:api_key', '') %}

 filter {
-  if [type] =~ /^bro_conn|bro_dns|bro_http|bro_files|bro_ssl$/ {
+  if [type] =~ /^bro_conn|bro_dns|bro_http|bro_files|bro_ssl|bro_dhcp|bro_x509$/ {
    grok {
      match => [
        "source_ip", "^%{IPV4:srcipv4}$",
@@ -72,7 +72,8 @@ filter {
    if "bro_dhcp" in [class] {
      mutate{
        #add_field = { "metaclass" => "dhcp"}
-        rename => { "ips" => "ip" }
+        rename => { "message_types" => "direction" }
+				rename => { "lease_time" => "duration" }
      }
    }
    if "bro_files" in [class] {
@@ -109,25 +110,35 @@ filter {
        rename => { "request_body_len" => "sentbodybytes" }
      }
    }
-  }
-}
-
-#output {
-#  if [event_type] =~ /^bro_conn|bro_dns|bro_http|bro_files|bro_ssl$/ {
-#    http {
-#      url => "https://helix-integrations.cloud.aws.apps.fireeye.com/api/upload"
-#      http_method => post
-#      http_compression => true
-#      socket_timeout => 60
-#      headers => ["Authorization","{{ HELIX_API_KEY }}"]
-#      format => json_batch
-#    }
-#  }
-#}
-output {
-  if [event_type] =~ /^bro_conn|bro_dns|bro_http|bro_files|bro_ssl$/ {
-    file {
-      path => "/var/log/logstash/output.json"      
+		if "bro_weird" in [class] {
+      mutate{
+        #add_field = { "metaclass" => "dns"}
+        rename => { "name" => "eventname" }
+      }
+    }
+		if "bro_x509" in [class] {
+      mutate{
+        #add_field = { "metaclass" => "dns"}
+				rename => { "certificate_common_name" => "certname" }
+        rename => { "certificate_subject" => "certsubject" }
+				rename => { "issuer_common_name" => "issuer" }
+				reanme => { "certificate_issuer" => "issuersubject" }
+				rename => { "certificate_not_valid_before" => "issuetime" }
+				rename => { "certificate_key_type" => "cert_type" }
+      }
+    }
+  }
+}
+
+output {
+  if [event_type] =~ /^bro_conn|bro_dns|bro_http|bro_files|bro_ssl|bro_dhcp|bro_x509$/ {
+    http {
+      url => "https://helix-integrations.cloud.aws.apps.fireeye.com/api/upload"
+      http_method => post
+      http_compression => true
+      socket_timeout => 60
+      headers => ["Authorization","{{ HELIX_API_KEY }}"]
+      format => json_batch
    }
  }
 }