CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-17 21:51:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Initial support - IDH Node

Browse Source
This commit is contained in:
Josh Brower
2022-02-07 14:36:40 -05:00
parent c9b40d8569
commit 9b1fac8417
7 changed files with 191 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
setup/so-functions
View File

@@ -2619,7 +2619,7 @@ set_initial_firewall_policy() {
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
$default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost sensor "$MAINIP"
;;
'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET' | 'RECEIVER')
'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET' | 'IDH' | 'RECEIVER')
$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
case "$install_type" in
'SENSOR')
@@ -2639,6 +2639,9 @@ set_initial_firewall_policy() {
'FLEET')
$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost beats_endpoint_ssl "$MAINIP"
;;
'IDH')
$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost beats_endpoint_ssl "$MAINIP"
;;
'RECEIVER')
$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost receiver "$MAINIP"
$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh receiverstab "$MINION_ID" "$MAINIP"

11
setup/so-setup
View File

@@ -251,6 +251,10 @@ elif [ "$install_type" = 'FLEET' ]; then
is_minion=true
is_fleet_standalone=true
OSQUERY=1
elif [ "$install_type" = 'IDH' ]; then
is_minion=true
is_idh_standalone=true
IDH=1
elif [ "$install_type" = 'HELIXSENSOR' ]; then
is_helix=true
elif [ "$install_type" = 'IMPORT' ]; then
@@ -910,6 +914,13 @@ echo "1" > /root/accept_changes
fi
if [[ "$IDH" = 1 ]]; then
set_progress_str 79 "$(print_salt_state_apply 'idh')"
salt-call state.apply -l info idh >> $setup_log 2>&1
fi
if [[ "$WAZUH" = 1 ]]; then
set_progress_str 79 "$(print_salt_state_apply 'wazuh')"
salt-call state.apply -l info wazuh >> $setup_log 2>&1

1
setup/so-whiptail
View File

@@ -803,6 +803,7 @@ whiptail_install_type_dist_existing() {
"SEARCHNODE" "Add a search node with parsing " OFF \
"FLEET" "Dedicated Fleet Osquery Node " OFF \
"HEAVYNODE" "Sensor + Search Node " OFF \
"IDH" "Intrusion Detection Honeypot Node " OFF \
"RECEIVER" "Receiver Node " OFF \
3>&1 1>&2 2>&3
# "HOTNODE" "Add Hot Node (Uses Elastic Clustering)" OFF \ # TODO