CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add BPF

Browse Source
This commit is contained in:
Mike Reeves
2022-09-16 08:36:44 -04:00
parent 2c0d90bea4
commit 9a6fe3e8de
6 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/bpf/defaults.yaml Normal file
View File

@@ -0,0 +1,4 @@
bpf:
pcap: []
suricta: []
zeek: []

7
salt/bpf/soc_bpf.yaml Normal file
View File

@@ -0,0 +1,7 @@
bpf:
pcap:
description: List of BPF filters to apply to PCAP.
suricata:
description: List of BPF filters to apply to Suricata.
zeek:
description: List of BPF filters to apply to Zeek.

2
salt/pcap/init.sls
View File

@@ -13,7 +13,7 @@
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
{% set BPF_STENO = salt['pillar.get']('bpf:pcap', None) %}
{% set BPF_COMPILED = "" %}
# PCAP Section

2
salt/suricata/init.sls
View File

@@ -12,7 +12,7 @@
{% set VERSION = salt['pillar.get']('global:soversion') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
{% set BPF_NIDS = salt['pillar.get']('nids:bpf') %}
{% set BPF_NIDS = salt['pillar.get']('bpf:suricata', None) %}
{% set BPF_STATUS = 0 %}
{# import_yaml 'suricata/files/defaults2.yaml' as suricata #}

2
salt/zeek/init.sls
View File

@@ -11,7 +11,7 @@
{% set VERSION = salt['pillar.get']('global:soversion') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %}
{% set BPF_ZEEK = salt['pillar.get']('bpf:zeek', {}) %}
{% set BPF_STATUS = 0 %}
{% set INTERFACE = salt['pillar.get']('sensor:interface') %}

2
setup/so-variables
View File

@@ -81,7 +81,7 @@ export whiptail_title
mkdir -p $local_salt_dir/pillar/minions
for THEDIR in elasticsearch firewall redis backup strelka sensoroni curator soc soctopus docker zeek suricata nginx filebeat logstash soc manager kratos idstools idh elastalert
for THEDIR in bpf pcap elasticsearch firewall redis backup strelka sensoroni curator soc soctopus docker zeek suricata nginx filebeat logstash soc manager kratos idstools idh elastalert
do
mkdir -p $local_salt_dir/pillar/$THEDIR
touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls