CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add BPF

Browse Source
This commit is contained in:
Mike Reeves
2022-09-16 08:36:44 -04:00
parent 2c0d90bea4
commit 9a6fe3e8de
6 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/bpf/defaults.yaml Normal file
View File

@@ -0,0 +1,4 @@
bpf:
pcap: []
suricta: []
zeek: []

7
salt/bpf/soc_bpf.yaml Normal file
View File

@@ -0,0 +1,7 @@
bpf:
pcap:
description: List of BPF filters to apply to PCAP.
suricata:
description: List of BPF filters to apply to Suricata.
zeek:
description: List of BPF filters to apply to Zeek.

2
salt/pcap/init.sls
View File

@@ -13,7 +13,7 @@
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %} {% set MANAGER = salt['grains.get']('master') %}
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %} {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %} {% set BPF_STENO = salt['pillar.get']('bpf:pcap', None) %}
{% set BPF_COMPILED = "" %} {% set BPF_COMPILED = "" %}
# PCAP Section # PCAP Section

2
salt/suricata/init.sls
View File

@@ -12,7 +12,7 @@
{% set VERSION = salt['pillar.get']('global:soversion') %} {% set VERSION = salt['pillar.get']('global:soversion') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %} {% set MANAGER = salt['grains.get']('master') %}
{% set BPF_NIDS = salt['pillar.get']('nids:bpf') %} {% set BPF_NIDS = salt['pillar.get']('bpf:suricata', None) %}
{% set BPF_STATUS = 0 %} {% set BPF_STATUS = 0 %}
{# import_yaml 'suricata/files/defaults2.yaml' as suricata #} {# import_yaml 'suricata/files/defaults2.yaml' as suricata #}

2
salt/zeek/init.sls
View File

@@ -11,7 +11,7 @@
{% set VERSION = salt['pillar.get']('global:soversion') %} {% set VERSION = salt['pillar.get']('global:soversion') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %} {% set MANAGER = salt['grains.get']('master') %}
{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %} {% set BPF_ZEEK = salt['pillar.get']('bpf:zeek', {}) %}
{% set BPF_STATUS = 0 %} {% set BPF_STATUS = 0 %}
{% set INTERFACE = salt['pillar.get']('sensor:interface') %} {% set INTERFACE = salt['pillar.get']('sensor:interface') %}

2
setup/so-variables
View File

@@ -81,7 +81,7 @@ export whiptail_title
mkdir -p $local_salt_dir/pillar/minions mkdir -p $local_salt_dir/pillar/minions
for THEDIR in elasticsearch firewall redis backup strelka sensoroni curator soc soctopus docker zeek suricata nginx filebeat logstash soc manager kratos idstools idh elastalert for THEDIR in bpf pcap elasticsearch firewall redis backup strelka sensoroni curator soc soctopus docker zeek suricata nginx filebeat logstash soc manager kratos idstools idh elastalert
do do
mkdir -p $local_salt_dir/pillar/$THEDIR mkdir -p $local_salt_dir/pillar/$THEDIR
touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls