CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-27 11:23:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Feature/Fleet-Standalone

Browse Source
This commit is contained in:
Josh Brower
2020-03-24 20:57:24 -04:00
parent e4e598f0be
commit 9bcba41882
49 changed files with 854 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
salt/fleet/init.sls
View File

@@ -1,8 +1,25 @@
{%- set MYSQLPASS = salt['pillar.get']('auth:mysql', 'iwonttellyou') %}
{%- set FLEETPASS = salt['pillar.get']('auth:fleet', 'bazinga') -%}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
{%- set MYSQLPASS = salt['pillar.get']('auth:mysql', None) -%}
{%- set FLEETPASS = salt['pillar.get']('auth:fleet', None) -%}
{%- set FLEETJWT = salt['pillar.get']('auth:fleet_jwt', None) -%}
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
{% set MASTER = salt['grains.get']('master') %}
{% set MAINIP = salt['pillar.get']('node:mainip') %}
{% set FLEETARCH = salt['grains.get']('role') %}
{% if FLEETARCH == "so-fleet" %}
{% set MAINIP = salt['pillar.get']('node:mainip') %}
{% else %}
{% set MAINIP = salt['pillar.get']('static:masterip') %}
{% endif %}
#{% if grains.id.split('_')|last in ['master', 'eval', 'fleet'] %}
#so/fleet:
# event.send:
# - data:
# action: 'enablefleet'
# hostname: {{ grains.host }}
#{% endif %}
# Fleet Setup
fleetcdir:
@@ -18,11 +35,18 @@ fleetpackcdir:
- user: 939
- group: 939
- makedirs: True
fleetnsmdir:
file.directory:
- name: /nsm/osquery/fleet
- user: 939
- group: 939
- makedirs: True
fleetpacksync:
file.recurse:
- name: /opt/so/conf/fleet/packs
- source: salt://fleet/packs
- source: salt://fleet/files/packs
- user: 939
- group: 939
@@ -33,24 +57,34 @@ fleetlogdir:
- group: 939
- makedirs: True
fleetsetupscript:
file.managed:
- name: /opt/so/conf/fleet/so-fleet-setup.sh
- source: salt://fleet/so-fleet-setup.sh
fleetsetupscripts:
file.recurse:
- name: /usr/sbin
- user: 0
- group: 0
- file_mode: 755
- template: jinja
- source: salt://fleet/files/scripts
osquerypackageswebpage:
file.managed:
- name: /opt/so/conf/fleet/packages/index.html
- source: salt://fleet/osquery-packages.html
- source: salt://fleet/files/osquery-packages.html
fleetdb:
mysql_database.present:
- name: fleet
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
fleetdbuser:
mysql_user.present:
- host: 172.17.0.0/255.255.0.0
- password: {{ FLEETPASS }}
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
@@ -60,6 +94,21 @@ fleetdbpriv:
- database: fleet.*
- user: fleetdbuser
- host: 172.17.0.0/255.255.0.0
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
{% if FLEETPASS == None or FLEETJWT == None %}
fleet_password_none:
test.configurable_test_state:
- changes: False
- result: False
- comment: "Fleet MySQL Password or JWT Key Error - Not Starting Fleet"
{% else %}
so-fleet:
docker_container.running:
@@ -68,22 +117,25 @@ so-fleet:
- port_bindings:
- 0.0.0.0:8080:8080
- environment:
- KOLIDE_MYSQL_ADDRESS={{ MASTERIP }}:3306
- KOLIDE_MYSQL_ADDRESS={{ MAINIP }}:3306
- KOLIDE_REDIS_ADDRESS={{ MAINIP }}:6379
- KOLIDE_MYSQL_DATABASE=fleet
- KOLIDE_MYSQL_USERNAME=fleetdbuser
- KOLIDE_MYSQL_PASSWORD={{ FLEETPASS }}
- KOLIDE_REDIS_ADDRESS={{ MASTERIP }}:6379
- KOLIDE_SERVER_CERT=/ssl/server.cert
- KOLIDE_SERVER_KEY=/ssl/server.key
- KOLIDE_LOGGING_JSON=true
- KOLIDE_AUTH_JWT_KEY=thisisatest
- KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/osquery/status.log
- KOLIDE_AUTH_JWT_KEY= {{ FLEETJWT }}
- KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/fleet/status.log
- KOLIDE_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
- KOLIDE_SERVER_URL_PREFIX=/fleet
- binds:
- /etc/pki/fleet.key:/ssl/server.key:ro
- /etc/pki/fleet.crt:/ssl/server.cert:ro
- /opt/so/log/fleet:/var/log/osquery
- /opt/so/log/fleet:/var/log/fleet
- /nsm/osquery/fleet:/var/log/osquery
- /opt/so/conf/fleet/packs:/packs
- watch:
- /opt/so/conf/fleet/etc
{% endif %}