mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Avoid filtering NIC when it's an empty string
This commit is contained in:
Jason Ertel
@@ -1,25 +0,0 @@
|
|||||||
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
|
|
||||||
{%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
|
|
||||||
{
|
|
||||||
"logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
|
|
||||||
"server": {
|
|
||||||
"bindAddress": "0.0.0.0:9822",
|
|
||||||
"maxPacketCount": 5000,
|
|
||||||
"htmlDir": "html",
|
|
||||||
"modules": {
|
|
||||||
"filedatastore": {
|
|
||||||
"jobDir": "jobs"
|
|
||||||
},
|
|
||||||
"securityonion": {
|
|
||||||
"elasticsearchHost": "http://{{ MASTERIP }}:9200",
|
|
||||||
"elasticsearchUsername": "",
|
|
||||||
"elasticsearchPassword": "",
|
|
||||||
"elasticsearchVerifyCert": false
|
|
||||||
},
|
|
||||||
"statickeyauth": {
|
|
||||||
"anonymousCidr": "172.17.0.0/24",
|
|
||||||
"apiKey": "{{ SENSORONIKEY }}"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,45 +0,0 @@
|
|||||||
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
|
|
||||||
{% set MASTER = salt['grains.get']('master') %}
|
|
||||||
|
|
||||||
sensoronidir:
|
|
||||||
file.directory:
|
|
||||||
- name: /opt/so/conf/sensoroni
|
|
||||||
- user: 939
|
|
||||||
- group: 939
|
|
||||||
- makedirs: True
|
|
||||||
|
|
||||||
sensoronidatadir:
|
|
||||||
file.directory:
|
|
||||||
- name: /nsm/sensoroni/jobs
|
|
||||||
- user: 939
|
|
||||||
- group: 939
|
|
||||||
- makedirs: True
|
|
||||||
|
|
||||||
sensoronilogdir:
|
|
||||||
file.directory:
|
|
||||||
- name: /opt/so/log/sensoroni
|
|
||||||
- user: 939
|
|
||||||
- group: 939
|
|
||||||
- makedirs: True
|
|
||||||
|
|
||||||
sensoronisync:
|
|
||||||
file.recurse:
|
|
||||||
- name: /opt/so/conf/sensoroni
|
|
||||||
- source: salt://sensoroni/files
|
|
||||||
- user: 939
|
|
||||||
- group: 939
|
|
||||||
- template: jinja
|
|
||||||
|
|
||||||
so-sensoroni:
|
|
||||||
docker_container.running:
|
|
||||||
- image: {{ MASTER }}:5000/soshybridhunter/so-sensoroni:{{ VERSION }}
|
|
||||||
- hostname: sensoroni
|
|
||||||
- name: so-sensoroni
|
|
||||||
- binds:
|
|
||||||
- /nsm/sensoroni/jobs:/opt/sensoroni/jobs:rw
|
|
||||||
- /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro
|
|
||||||
- /opt/so/log/sensoroni/:/opt/sensoroni/logs/:rw
|
|
||||||
- port_bindings:
|
|
||||||
- 0.0.0.0:9822:9822
|
|
||||||
- watch:
|
|
||||||
- file: /opt/so/conf/sensoroni
|
|
||||||
@@ -585,6 +585,9 @@ disable_misc_network_features() {
|
|||||||
filter_unused_nics
|
filter_unused_nics
|
||||||
if [ ${#filtered_nics[@]} -ne 0 ]; then
|
if [ ${#filtered_nics[@]} -ne 0 ]; then
|
||||||
for unused_nic in "${filtered_nics[@]}"; do
|
for unused_nic in "${filtered_nics[@]}"; do
|
||||||
|
if [ -n "$unused_nic" ]; then
|
||||||
|
echo "Disabling unused NIC: $unused_nic" >> "$setup_log" 2>&1
|
||||||
|
|
||||||
# Disable DHCPv4/v6 and autoconnect
|
# Disable DHCPv4/v6 and autoconnect
|
||||||
nmcli con mod "$unused_nic" \
|
nmcli con mod "$unused_nic" \
|
||||||
ipv4.method disabled \
|
ipv4.method disabled \
|
||||||
@@ -593,6 +596,7 @@ disable_misc_network_features() {
|
|||||||
|
|
||||||
# Flush any existing IPs
|
# Flush any existing IPs
|
||||||
ip addr flush "$unused_nic" >> "$setup_log" 2>&1
|
ip addr flush "$unused_nic" >> "$setup_log" 2>&1
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
# Disable IPv6
|
# Disable IPv6
|
||||||
|
|||||||
Reference in New Issue
Block a user