CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10692 from Security-Onion-Solutions/issue/10545

Browse Source 
Issue/10545
This commit is contained in:
Josh Patterson
2023-07-03 11:05:55 -04:00
committed by GitHub
parent d31ea4097d 97a9e0989d
commit 9de8814412
14 changed files with 445 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pillar/logrotate/init.sls
View File

@@ -1,13 +0,0 @@
logrotate:
conf: |
daily
rotate 14
missingok
copytruncate
compress
create
extension .log
dateext
dateyesterday
group_conf: |
su root socore

2
salt/common/cron/common-rotate
View File

@@ -1,2 +0,0 @@
#!/bin/bash
/usr/sbin/logrotate -f /opt/so/conf/log-rotate.conf > /dev/null 2>&1

2
salt/common/cron/sensor-rotate
View File

@@ -1,2 +0,0 @@
#!/bin/bash
/usr/sbin/logrotate -f /opt/so/conf/sensor-rotate.conf > /dev/null 2>&1

37
salt/common/files/log-rotate.conf
View File

@@ -1,37 +0,0 @@
{%- set logrotate_conf = salt['pillar.get']('logrotate:conf') %}
{%- set group_conf = salt['pillar.get']('logrotate:group_conf') %}
/opt/so/log/aptcacher-ng/*.log
/opt/so/log/idstools/*.log
/opt/so/log/nginx/*.log
/opt/so/log/soc/*.log
/opt/so/log/kratos/*.log
/opt/so/log/kibana/*.log
/opt/so/log/influxdb/*.log
/opt/so/log/elastalert/*.log
/opt/so/log/soctopus/*.log
/opt/so/log/curator/*.log
/opt/so/log/fleet/*.log
/opt/so/log/suricata/*.log
/opt/so/log/mysql/*.log
/opt/so/log/telegraf/*.log
/opt/so/log/redis/*.log
/opt/so/log/sensoroni/*.log
/opt/so/log/stenographer/*.log
/opt/so/log/salt/so-salt-minion-check
/opt/so/log/salt/minion
/opt/so/log/salt/master
/opt/so/log/logscan/*.log
/nsm/idh/*.log
{
{{ logrotate_conf | indent(width=4) }}
}
# Playbook's log directory needs additional configuration
# because Playbook requires a more permissive directory
/opt/so/log/playbook/*.log
{
{{ logrotate_conf | indent(width=4) }}
{{ group_conf | indent(width=4) }}
}

22
salt/common/files/sensor-rotate.conf
View File

@@ -1,22 +0,0 @@
/opt/so/log/sensor_clean.log
{
daily
rotate 2
missingok
nocompress
create
sharedscripts
}
/nsm/strelka/log/strelka.log
{
daily
rotate 14
missingok
copytruncate
compress
create
extension .log
dateext
dateyesterday
}

48
salt/common/init.sls
View File

@@ -151,56 +151,8 @@ so-sensor-clean:
- daymonth: '*'
- month: '*'
- dayweek: '*'
sensorrotatescript:
file.managed:
- name: /usr/local/bin/sensor-rotate
- source: salt://common/cron/sensor-rotate
- mode: 755
sensorrotateconf:
file.managed:
- name: /opt/so/conf/sensor-rotate.conf
- source: salt://common/files/sensor-rotate.conf
- mode: 644
sensor-rotate:
cron.present:
- name: /usr/local/bin/sensor-rotate
- identifier: sensor-rotate
- user: root
- minute: '1'
- hour: '0'
- daymonth: '*'
- month: '*'
- dayweek: '*'
{% endif %}
commonlogrotatescript:
file.managed:
- name: /usr/local/bin/common-rotate
- source: salt://common/cron/common-rotate
- mode: 755
commonlogrotateconf:
file.managed:
- name: /opt/so/conf/log-rotate.conf
- source: salt://common/files/log-rotate.conf
- template: jinja
- mode: 644
common-rotate:
cron.present:
- name: /usr/local/bin/common-rotate
- identifier: common-rotate
- user: root
- minute: '1'
- hour: '0'
- daymonth: '*'
- month: '*'
- dayweek: '*'
# Create the status directory
sostatusdir:
file.directory:

230
salt/logrotate/defaults.yaml Normal file
View File

@@ -0,0 +1,230 @@
logrotate:
config:
/opt/so/log/idstools/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/nginx/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/soc/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/kratos/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/kibana/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/influxdb/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/elastalert/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/soctopus/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/curator/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/fleet/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/suricata/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/mysql/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/telegraf/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/redis/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/sensoroni/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/stenographer/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/salt/so-salt-minion-check:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/salt/minion:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/salt/master:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/nsm/idh/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/playbook/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
- su root socore
/nsm/strelka/log/strelka_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/sensor_clean_x_log:
- daily
- rotate 2
- missingok
- nocompress
- create
- sharedscripts

8
salt/logrotate/etc/rotate.conf.jinja Normal file
View File

@@ -0,0 +1,8 @@
{%- for file, opts in CONFIG.items() %}
{{ file | replace("_x_", ".")}}
{
{%- for opt in opts %}
{{ opt }}
{%- endfor %}
}
{%- endfor %}

31
salt/logrotate/init.sls Normal file
View File

@@ -0,0 +1,31 @@
{% from 'logrotate/map.jinja' import LOGROTATEMERGED %}
logrotateconfdir:
file.directory:
- name: /opt/so/conf/logrotate
commonlogrotatescript:
file.managed:
- name: /usr/local/bin/common-rotate
- source: salt://logrotate/tools/sbin/common-rotate
- mode: 755
commonlogrotateconf:
file.managed:
- name: /opt/so/conf/logrotate/common-rotate.conf
- source: salt://logrotate/etc/rotate.conf.jinja
- template: jinja
- mode: 644
- defaults:
CONFIG: {{ LOGROTATEMERGED.config }}
common-rotate:
cron.present:
- name: /usr/local/bin/common-rotate
- identifier: common-rotate
- user: root
- minute: '1'
- hour: '0'
- daymonth: '*'
- month: '*'
- dayweek: '*'

7
salt/logrotate/map.jinja Normal file
View File

@@ -0,0 +1,7 @@
{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
https://securityonion.net/license; you may not use this file except in compliance with the
Elastic License 2.0. #}
{% import_yaml 'logrotate/defaults.yaml' as LOGROTATEDEFAULTS %}
{% set LOGROTATEMERGED = salt['pillar.get']('logrotate', LOGROTATEDEFAULTS.logrotate, merge=True) %}

163
salt/logrotate/soc_logrotate.yaml Normal file
View File

@@ -0,0 +1,163 @@
logrotate:
config:
"/opt/so/log/idstools/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/idstools/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/nginx/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/nginx/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/soc/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/soc/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/kratos/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/kratos/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/kibana/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/kibana/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/influxdb/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/influxdb/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/elastalert/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/elastalert/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/soctopus/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/soctopus/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/curator/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/curator/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/fleet/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/fleet/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/suricata/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/suricata/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/mysql/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/mysql/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/telegraf/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/telegraf/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/redis/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/redis/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/sensoroni/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/sensoroni/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/stenographer/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/stenographer/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/salt/so-salt-minion-check":
description: List of logrotate options for this file.
title: /opt/so/log/salt/so-salt-minion-check
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/salt/minion":
description: List of logrotate options for this file.
title: /opt/so/log/salt/minion
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/salt/master":
description: List of logrotate options for this file.
title: /opt/so/log/salt/master
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/nsm/idh/*_x_log":
description: List of logrotate options for this file.
title: /nsm/idh/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/playbook/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/playbook/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/nsm/strelka/log/strelka_x_log":
description: List of logrotate options for this file.
title: /nsm/strelka/log/strelka.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/sensor_clean_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/sensor_clean.log
advanced: True
multiline: True
global: True
forcedType: "[]string"

2
salt/logrotate/tools/sbin/common-rotate Normal file
View File

@@ -0,0 +1,2 @@
#!/bin/bash
/usr/sbin/logrotate -f /opt/so/conf/logrotate/common-rotate.conf > /dev/null 2>&1

1
salt/top.sls
View File

@@ -14,6 +14,7 @@ base:
- repo.client
- ntp
- schedule
- logrotate
'not G@saltversion:{{saltversion}}':
- match: compound

5
setup/so-functions
View File

@@ -1341,8 +1341,9 @@ kibana_pillar() {
}
logrotate_pillar() {
touch $adv_logrotate_pillar_file
touch $logrotate_pillar_file
logCmd "mkdir -p $local_salt_dir/pillar/logrotate"
logCmd "touch $adv_logrotate_pillar_file"
logCmd "touch $logrotate_pillar_file"
}
patch_pillar() {