CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into dev

Browse Source
This commit is contained in:
m0duspwnens
2020-12-16 10:53:35 -05:00
parent fffca7e0d8 142649b396
commit 9fd2ab530e
7 changed files with 33 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/common/tools/sbin/soup
View File

@@ -324,6 +324,8 @@ rc3_to_2.3.0() {
fi fi
INSTALLEDVERSION=2.3.0
} }
space_check() { space_check() {
@@ -504,11 +506,12 @@ else
update_docker_containers "soup" update_docker_containers "soup"
FEATURESCHECK=$(lookup_pillar features elastic) FEATURESCHECK=$(lookup_pillar features elastic)
if [[ "$FEATURESCHECK" == "True" ]]; then if [[ "$FEATURESCHECK" == "True" ]]; then
TRUSTED_CONTAINERS=( \ TRUSTED_CONTAINERS=(
"so-elasticsearch" \ "so-elasticsearch"
"so-filebeat" \ "so-filebeat"
"so-kibana" \ "so-kibana"
"so-logstash" ) "so-logstash"
)
update_docker_containers "features" "-features" update_docker_containers "features" "-features"
fi fi
fi fi
@@ -580,6 +583,9 @@ if [[ "$FLEET_MANAGER" == "True" || "$FLEET_NODE" == "True" ]]; then
echo "" echo ""
fi fi
echo ""
echo "Applying common state for any package updates."
salt-call -l info state.apply common queue=True
echo "" echo ""
echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes." echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes."
salt-call state.highstate -l info queue=True salt-call state.highstate -l info queue=True

8
salt/elasticsearch/init.sls
View File

@@ -38,6 +38,8 @@
{% set esclustername = salt['pillar.get']('elasticsearch:esclustername') %} {% set esclustername = salt['pillar.get']('elasticsearch:esclustername') %}
{% set esheap = salt['pillar.get']('elasticsearch:esheap') %} {% set esheap = salt['pillar.get']('elasticsearch:esheap') %}
{% set ismanager = False %} {% set ismanager = False %}
{% elif grains['role'] == 'so-helix' %}
{% set ismanager = True %} {# Solely for the sake of running so-catrust #}
{% endif %} {% endif %}
{% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %}
@@ -86,6 +88,8 @@ capemz:
- user: 939 - user: 939
- group: 939 - group: 939
{% if grains['role'] != 'so-helix' %}
# Add ES Group # Add ES Group
elasticsearchgroup: elasticsearchgroup:
group.present: group.present:
@@ -251,10 +255,12 @@ so-elasticsearch-templates:
- template: jinja - template: jinja
{% endif %} {% endif %}
{% endif %} {# if grains['role'] != 'so-helix' #}
{% else %} {% else %}
elasticsearch_state_not_allowed: elasticsearch_state_not_allowed:
test.fail_without_changes: test.fail_without_changes:
- name: elasticsearch_state_not_allowed - name: elasticsearch_state_not_allowed
{% endif %} {% endif %} {# if 'elasticsearch' in top_states #}

2
salt/logstash/init.sls
View File

@@ -45,10 +45,8 @@
{% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %} {% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %}
{% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %}
{% if grains['role'] != 'so-helix' %}
include: include:
- elasticsearch - elasticsearch
{% endif %}
# Create the logstash group # Create the logstash group
logstashgroup: logstashgroup:

18
salt/sensoroni/files/sensoroni.json
View File

@@ -1,9 +1,15 @@
{% set URLBASE = salt['pillar.get']('global:url_base') -%} {%- set URLBASE = salt['pillar.get']('global:url_base') %}
{% set DESCRIPTION = salt['pillar.get']('sensoroni:node_description') -%} {%- set DESCRIPTION = salt['pillar.get']('sensoroni:node_description') %}
{% set ADDRESS = salt['pillar.get']('sensoroni:node_address') -%} {%- set ADDRESS = salt['pillar.get']('sensoroni:node_address') %}
{% set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%} {%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') %}
{% set CHECKININTERVALMS = salt['pillar.get']('sensoroni:node_checkin_interval_ms', 10000) -%} {%- set CHECKININTERVALMS = salt['pillar.get']('sensoroni:node_checkin_interval_ms', 10000) %}
{% set STENOENABLED = salt['pillar.get']('steno:enabled', False) -%} {%- set ROLE = grains.id.split('_') | last %}
{%- if ROLE in ['eval', 'standalone', 'sensor', 'heavynode'] %}
{%- set STENODEFAULT = True %}
{%- else %}
{%- set STENODEFAULT = False %}
{%- endif %}
{%- set STENOENABLED = salt['pillar.get']('steno:enabled', STENODEFAULT) %}
{ {
"logFilename": "/opt/sensoroni/logs/sensoroni.log", "logFilename": "/opt/sensoroni/logs/sensoroni.log",
"logLevel":"info", "logLevel":"info",

1
salt/top.sls
View File

@@ -61,6 +61,7 @@ base:
- suricata - suricata
- zeek - zeek
- redis - redis
- elasticsearch
- logstash - logstash
{%- if FILEBEAT %} {%- if FILEBEAT %}
- filebeat - filebeat

2
setup/so-functions
View File

@@ -996,8 +996,8 @@ fireeye_pillar() {
printf '%s\n'\ printf '%s\n'\
"fireeye:"\ "fireeye:"\
" helix:"\ " helix:"\
"" > "$fireeye_pillar_path"/init.sls
" api_key: '$HELIXAPIKEY'" \ " api_key: '$HELIXAPIKEY'" \
"" > "$fireeye_pillar_path/init.sls"
} }

2
setup/so-setup
View File

@@ -692,7 +692,7 @@ set_redirect >> $setup_log 2>&1
salt-call state.apply -l info nginx >> $setup_log 2>&1 salt-call state.apply -l info nginx >> $setup_log 2>&1
fi fi
if [[ $is_manager || $is_node || $is_import ]]; then if [[ $is_manager || $is_node || $is_import || $is_helix ]]; then
set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')" set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')"
salt-call state.apply -l info elasticsearch >> $setup_log 2>&1 salt-call state.apply -l info elasticsearch >> $setup_log 2>&1
fi fi