CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove hive from more files

Browse Source
This commit is contained in:
Mike Reeves
2022-03-15 09:37:58 -04:00
parent 81f0aa58b8
commit 9c80ff4f65
7 changed files with 5 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
salt/common/tools/sbin/soup
View File

@@ -765,29 +765,6 @@ upgrade_space() {
fi fi
} }
thehive_maint() {
echo -n "Waiting for TheHive..."
COUNT=0
THEHIVE_CONNECTED="no"
while [[ "$COUNT" -le 240 ]]; do
curl --output /dev/null --silent --head --fail -k "https://localhost/thehive/api/alert"
if [ $? -eq 0 ]; then
THEHIVE_CONNECTED="yes"
echo "connected!"
break
else
((COUNT+=1))
sleep 1
echo -n "."
fi
done
if [ "$THEHIVE_CONNECTED" == "yes" ]; then
echo "Migrating thehive databases if needed."
curl -v -k -XPOST -L "https://localhost/thehive/api/maintenance/migrate" >> "$SOUP_LOG" 2>&1
curl -v -k -XPOST -L "https://localhost/cortex/api/maintenance/migrate" >> "$SOUP_LOG" 2>&1
fi
}
unmount_update() { unmount_update() {
cd /tmp cd /tmp
umount /tmp/soagupdate umount /tmp/soagupdate
@@ -1175,7 +1152,6 @@ main() {
salt-call state.highstate -l info queue=True salt-call state.highstate -l info queue=True
postupgrade_changes postupgrade_changes
[[ $is_airgap -eq 0 ]] && unmount_update [[ $is_airgap -eq 0 ]] && unmount_update
thehive_maint
echo "" echo ""
echo "Upgrade to $NEWVERSION complete." echo "Upgrade to $NEWVERSION complete."

24
salt/nginx/etc/nginx.conf
View File

@@ -335,30 +335,6 @@ http {
{%- endif %} {%- endif %}
location /thehive/ {
proxy_pass http://{{ manager_ip }}:9000/thehive/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Proto $scheme;
}
location /cortex/ {
proxy_pass http://{{ manager_ip }}:9001/cortex/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Proto $scheme;
}
location /soctopus/ { location /soctopus/ {
auth_request /auth/sessions/whoami; auth_request /auth/sessions/whoami;
proxy_pass http://{{ manager_ip }}:7000/; proxy_pass http://{{ manager_ip }}:7000/;

7
salt/soc/files/soc/soc.json
View File

@@ -1,8 +1,8 @@
{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %} {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') %} {%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') %}
{%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %} {%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %}
{%- set THEHIVEURL = salt['pillar.get']('global:hiveurl', '') %}
{%- set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %} {%- set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
{%- set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
{%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} {%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
{%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} {%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
{%- set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} {%- set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
@@ -91,7 +91,7 @@
}, },
{%- if CASE_MODULE == 'thehive' and THEHIVEKEY != '' %} {%- if CASE_MODULE == 'thehive' and THEHIVEKEY != '' %}
"thehive": { "thehive": {
"hostUrl": "http://{{ MANAGERIP }}:9000/thehive", "hostUrl": "http://{{ HIVEURL }}:9000/thehive",
"key": "{{ THEHIVEKEY }}", "key": "{{ THEHIVEKEY }}",
"verifyCert": false "verifyCert": false
}, },
@@ -140,9 +140,6 @@
{%- if PLAYBOOK == 0 %} {%- if PLAYBOOK == 0 %}
"toolPlaybook", "toolPlaybook",
{%- endif %} {%- endif %}
{%- if THEHIVE == 0 %}
"toolTheHive",
{%- endif %}
{%- if not FLEETMANAGER and not FLEETNODE %} {%- if not FLEETMANAGER and not FLEETNODE %}
"toolFleet", "toolFleet",
{%- endif %} {%- endif %}

1
salt/soc/files/soc/tools.json
View File

@@ -4,6 +4,5 @@
{ "name": "toolCyberchef", "description": "toolCyberchefHelp", "icon": "fa-external-link-alt", "target": "so-cyberchef", "link": "/cyberchef/" }, { "name": "toolCyberchef", "description": "toolCyberchefHelp", "icon": "fa-external-link-alt", "target": "so-cyberchef", "link": "/cyberchef/" },
{ "name": "toolPlaybook", "description": "toolPlaybookHelp", "icon": "fa-external-link-alt", "target": "so-playbook", "link": "/playbook/projects/detection-playbooks/issues/" }, { "name": "toolPlaybook", "description": "toolPlaybookHelp", "icon": "fa-external-link-alt", "target": "so-playbook", "link": "/playbook/projects/detection-playbooks/issues/" },
{ "name": "toolFleet", "description": "toolFleetHelp", "icon": "fa-external-link-alt", "target": "so-fleet", "link": "/fleet/" }, { "name": "toolFleet", "description": "toolFleetHelp", "icon": "fa-external-link-alt", "target": "so-fleet", "link": "/fleet/" },
{ "name": "toolTheHive", "description": "toolTheHiveHelp", "icon": "fa-external-link-alt", "target": "so-thehive", "link": "/thehive/" },
{ "name": "toolNavigator", "description": "toolNavigatorHelp", "icon": "fa-external-link-alt", "target": "so-navigator", "link": "/navigator/" } { "name": "toolNavigator", "description": "toolNavigatorHelp", "icon": "fa-external-link-alt", "target": "so-navigator", "link": "/navigator/" }
] ]

5
salt/soctopus/files/SOCtopus.conf
View File

@@ -1,6 +1,7 @@
{%- set MANAGER = salt['pillar.get']('manager:mainip', '') %} {%- set MANAGER = salt['pillar.get']('manager:mainip', '') %}
{%- set URLBASE = salt['pillar.get']('global:url_base', '') %} {%- set URLBASE = salt['pillar.get']('global:url_base', '') %}
{%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %} {%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %}
{%- set THEHIVEURL = salt['pillar.get']('global:hiveurl', '') %}
{%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %} {%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
{%- set PLAYBOOK_KEY = salt['pillar.get']('playbook:api_key', '') %} {%- set PLAYBOOK_KEY = salt['pillar.get']('playbook:api_key', '') %}
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} {%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
@@ -21,7 +22,7 @@ es_verifycert = no
[cortex] [cortex]
auto_analyze_alerts = no auto_analyze_alerts = no
cortex_url = https://{{URLBASE}}/cortex/ cortex_url = https://{{THEHIVEURL}}/cortex/
cortex_key = {{ CORTEXKEY }} cortex_key = {{ CORTEXKEY }}
supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS
@@ -42,7 +43,7 @@ grr_user = YOURGRRUSER
grr_pass = YOURGRRPASS grr_pass = YOURGRRPASS
[hive] [hive]
hive_url = https://{{URLBASE}}/thehive/ hive_url = https://{{THEHIVEURL}}/thehive/
hive_key = {{ HIVEKEY }} hive_key = {{ HIVEKEY }}
hive_tlp = 3 hive_tlp = 3
hive_verifycert = no hive_verifycert = no

36
setup/so-functions
View File

@@ -153,18 +153,6 @@ check_admin_pass() {
check_pass_match "$ADMINPASS1" "$ADMINPASS2" "APMATCH" check_pass_match "$ADMINPASS1" "$ADMINPASS2" "APMATCH"
} }
check_hive_init() {
wait_for_file /opt/so/state/thehive.txt 20 5
local return_val=$?
if [[ $return_val -ne 0 ]]; then
return $return_val
fi
docker stop so-thehive
docker rm so-thehive
}
check_manager_state() { check_manager_state() {
echo "Checking state of manager services. This may take a moment..." echo "Checking state of manager services. This may take a moment..."
retry 2 15 "__check_so_status" >> $setup_log 2>&1 && retry 2 15 "__check_salt_master" >> $setup_log 2>&1 && return 0 || return 1 retry 2 15 "__check_so_status" >> $setup_log 2>&1 && retry 2 15 "__check_salt_master" >> $setup_log 2>&1 && return 0 || return 1
@@ -1499,13 +1487,6 @@ generate_passwords(){
FLEETSAPASS=$(get_random_value) FLEETSAPASS=$(get_random_value)
FLEETJWT=$(get_random_value) FLEETJWT=$(get_random_value)
GRAFANAPASS=$(get_random_value) GRAFANAPASS=$(get_random_value)
if [[ "$THEHIVE" == "1" ]]; then
HIVEKEY=$(get_random_value)
HIVEPLAYSECRET=$(get_random_value)
CORTEXKEY=$(get_random_value)
CORTEXORGUSERKEY=$(get_random_value)
CORTEXPLAYSECRET=$(get_random_value)
fi
SENSORONIKEY=$(get_random_value) SENSORONIKEY=$(get_random_value)
KRATOSKEY=$(get_random_value) KRATOSKEY=$(get_random_value)
} }
@@ -1673,7 +1654,6 @@ manager_pillar() {
" es_port: $node_es_port"\ " es_port: $node_es_port"\
" grafana: $GRAFANA"\ " grafana: $GRAFANA"\
" osquery: $OSQUERY"\ " osquery: $OSQUERY"\
" thehive: $THEHIVE"\
" playbook: $PLAYBOOK"\ " playbook: $PLAYBOOK"\
""\ ""\
"elasticsearch:"\ "elasticsearch:"\
@@ -1759,22 +1739,6 @@ manager_global() {
" airgap: False"\ >> "$global_pillar" " airgap: False"\ >> "$global_pillar"
fi fi
# Check if TheHive is enabled. If so, add creds and other details
if [[ "$THEHIVE" == "1" ]]; then
printf '%s\n'\
" hiveuser: '$WEBUSER'"\
" hivepassword: '$WEBPASSWD1'"\
" hivekey: '$HIVEKEY'"\
" hiveplaysecret: '$HIVEPLAYSECRET'"\
" cortexuser: '$WEBUSER'"\
" cortexpassword: '$WEBPASSWD1'"\
" cortexkey: '$CORTEXKEY'"\
" cortexorgname: 'SecurityOnion'"\
" cortexorguser: 'soadmin'"\
" cortexorguserkey: '$CORTEXORGUSERKEY'"\
" cortexplaysecret: '$CORTEXPLAYSECRET'" >> "$global_pillar"
fi
# Continue adding other details # Continue adding other details
printf '%s\n'\ printf '%s\n'\
" fleet_custom_hostname: "\ " fleet_custom_hostname: "\

11
setup/so-setup
View File

@@ -440,7 +440,6 @@ if [[ $is_import ]]; then
GRAFANA=${GRAFANA:-0} GRAFANA=${GRAFANA:-0}
OSQUERY=${OSQUERY:-0} OSQUERY=${OSQUERY:-0}
WAZUH=${WAZUH:-0} WAZUH=${WAZUH:-0}
THEHIVE=${THEHIVE:-0}
PLAYBOOK=${PLAYBOOK:-0} PLAYBOOK=${PLAYBOOK:-0}
fi fi
@@ -937,11 +936,6 @@ echo "1" > /root/accept_changes
salt-call state.apply -l info wazuh >> $setup_log 2>&1 salt-call state.apply -l info wazuh >> $setup_log 2>&1
fi fi
if [[ "$THEHIVE" = 1 ]]; then
set_progress_str 80 "$(print_salt_state_apply 'thehive')"
salt-call state.apply -l info thehive >> $setup_log 2>&1
fi
if [[ "$STRELKA" = 1 ]]; then if [[ "$STRELKA" = 1 ]]; then
if [[ $is_sensor ]]; then if [[ $is_sensor ]]; then
set_progress_str 81 "$(print_salt_state_apply 'strelka')" set_progress_str 81 "$(print_salt_state_apply 'strelka')"
@@ -1018,11 +1012,6 @@ else
generate_repo_tarball >> "$setup_log" 2>&1 generate_repo_tarball >> "$setup_log" 2>&1
fi fi
if [[ $THEHIVE == 1 ]]; then
set_progress_str 99 'Waiting for TheHive to start up'
check_hive_init >> $setup_log 2>&1
fi
if [[ -n $LEARN_LOGSCAN_ENABLE ]]; then if [[ -n $LEARN_LOGSCAN_ENABLE ]]; then
set_progress_str 99 'Enabling logscan' set_progress_str 99 'Enabling logscan'
so-learn enable logscan --apply >> $setup_log 2>&1 so-learn enable logscan --apply >> $setup_log 2>&1