diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml index 3095c052e..9b8325a34 100644 --- a/salt/firewall/defaults.yaml +++ b/salt/firewall/defaults.yaml @@ -26,6 +26,7 @@ firewall: standalone: [] strelka_frontend: [] syslog: [] + workstation: [] customhostgroup0: [] customhostgroup1: [] customhostgroup2: [] @@ -370,6 +371,7 @@ firewall: - elastic_agent_data - elastic_agent_update - localrules + - sensoroni fleet: portgroups: - elasticsearch_rest @@ -383,6 +385,17 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + idh: + portgroups: + - docker_registry + - influxdb + - sensoroni + - yum + - beats_5044 + - beats_5644 + - elastic_agent_control + - elastic_agent_data + - elastic_agent_update sensor: portgroups: - beats_5044 @@ -393,6 +406,7 @@ firewall: - yum - docker_registry - influxdb + - sensoroni searchnode: portgroups: - redis @@ -405,6 +419,7 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + - sensoroni heavynode: portgroups: - redis @@ -417,6 +432,7 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + - sensoroni receiver: portgroups: - yum @@ -425,6 +441,10 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + - sensoroni + analyst: + portgroups: + - nginx beats_endpoint: portgroups: - beats_5044 @@ -442,9 +462,9 @@ firewall: endgame: portgroups: - endgame - analyst: + workstation: portgroups: - - nginx + - yum customhostgroup0: portgroups: [] customhostgroup1: @@ -476,6 +496,9 @@ firewall: fleet: portgroups: - salt_manager + idh: + portgroups: + - salt_manager localhost: portgroups: - all @@ -491,6 +514,9 @@ firewall: receiver: portgroups: - salt_manager + workstation: + portgroups: + - salt_manager self: portgroups: - syslog @@ -535,6 +561,7 @@ firewall: - elastic_agent_data - elastic_agent_update - localrules + - sensoroni fleet: portgroups: - elasticsearch_rest @@ -548,6 +575,17 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + idh: + portgroups: + - docker_registry + - influxdb + - sensoroni + - yum + - beats_5044 + - beats_5644 + - elastic_agent_control + - elastic_agent_data + - elastic_agent_update sensor: portgroups: - beats_5044 @@ -558,6 +596,7 @@ firewall: - yum - docker_registry - influxdb + - sensoroni searchnode: portgroups: - redis @@ -569,6 +608,7 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + - sensoroni heavynode: portgroups: - redis @@ -580,6 +620,7 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + - sensoroni receiver: portgroups: - yum @@ -588,6 +629,10 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + - sensoroni + analyst: + portgroups: + - nginx beats_endpoint: portgroups: - beats_5044 @@ -605,9 +650,9 @@ firewall: endgame: portgroups: - endgame - analyst: + workstation: portgroups: - - nginx + - yum customhostgroup0: portgroups: [] customhostgroup1: @@ -639,6 +684,9 @@ firewall: fleet: portgroups: - salt_manager + idh: + portgroups: + - salt_manager localhost: portgroups: - all @@ -654,6 +702,9 @@ firewall: receiver: portgroups: - salt_manager + workstation: + portgroups: + - salt_manager self: portgroups: - syslog @@ -723,6 +774,17 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + idh: + portgroups: + - docker_registry + - influxdb + - sensoroni + - yum + - beats_5044 + - beats_5644 + - elastic_agent_control + - elastic_agent_data + - elastic_agent_update sensor: portgroups: - docker_registry @@ -760,6 +822,10 @@ firewall: - elastic_agent_control - elastic_agent_data - elastic_agent_update + - sensoroni + analyst: + portgroups: + - nginx beats_endpoint: portgroups: - beats_5044 @@ -780,9 +846,9 @@ firewall: strelka_frontend: portgroups: - strelka_frontend - analyst: + workstation: portgroups: - - nginx + - yum customhostgroup0: portgroups: [] customhostgroup1: @@ -813,7 +879,10 @@ firewall: - all fleet: portgroups: - - salt_manager + - salt_manager + idh: + portgroups: + - salt_manager localhost: portgroups: - all @@ -832,6 +901,9 @@ firewall: receiver: portgroups: - salt_manager + workstation: + portgroups: + - salt_manager self: portgroups: - syslog @@ -1128,6 +1200,9 @@ firewall: analyst: portgroups: - nginx + workstation: + portgroups: + - yum customhostgroup0: portgroups: [] customhostgroup1: diff --git a/salt/firewall/soc_firewall.yaml b/salt/firewall/soc_firewall.yaml index 0011a245e..8f8dbb69d 100644 --- a/salt/firewall/soc_firewall.yaml +++ b/salt/firewall/soc_firewall.yaml @@ -45,6 +45,7 @@ firewall: standalone: *hostgroupsettings strelka_frontend: *hostgroupsettings syslog: *hostgroupsettings + workstation: *hostgroupsettings customhostgroup0: &customhostgroupsettings description: List of IP or CIDR blocks to allow to this hostgroup. forcedType: "[]string" @@ -215,6 +216,8 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker + workstation: + portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: @@ -338,7 +341,9 @@ firewall: DOCKER-USER: hostgroups: manager: - portgroups: *portgroupsdocker + portgroups: *portgroupsdocker + idh: + portgroups: *portgroupsdocker sensor: portgroups: *portgroupsdocker searchnode: @@ -361,6 +366,8 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker + workstation: + portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: @@ -389,12 +396,16 @@ firewall: portgroups: *portgroupshost localhost: portgroups: *portgroupshost + idh: + portgroups: *portgroupshost sensor: portgroups: *portgroupshost searchnode: portgroups: *portgroupshost heavynode: portgroups: *portgroupshost + workstation: + portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: @@ -422,6 +433,8 @@ firewall: hostgroups: managersearch: portgroups: *portgroupsdocker + idh: + portgroups: *portgroupsdocker sensor: portgroups: *portgroupsdocker searchnode: @@ -444,6 +457,8 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker + workstation: + portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: @@ -472,12 +487,16 @@ firewall: portgroups: *portgroupshost localhost: portgroups: *portgroupshost + idh: + portgroups: *portgroupshost sensor: portgroups: *portgroupshost searchnode: portgroups: *portgroupshost heavynode: portgroups: *portgroupshost + workstation: + portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: @@ -509,6 +528,8 @@ firewall: portgroups: *portgroupsdocker fleet: portgroups: *portgroupsdocker + idh: + portgroups: *portgroupsdocker sensor: portgroups: *portgroupsdocker searchnode: @@ -533,6 +554,8 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker + workstation: + portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: @@ -565,12 +588,16 @@ firewall: portgroups: *portgroupshost standalone: portgroups: *portgroupshost + idh: + portgroups: *portgroupshost sensor: portgroups: *portgroupshost searchnode: portgroups: *portgroupshost heavynode: portgroups: *portgroupshost + workstation: + portgroups: *portgroupshost customhostgroup0: portgroups: *portgroupshost customhostgroup1: @@ -795,6 +822,8 @@ firewall: portgroups: *portgroupsdocker analyst: portgroups: *portgroupsdocker + workstation: + portgroups: *portgroupsdocker customhostgroup0: portgroups: *portgroupsdocker customhostgroup1: diff --git a/salt/manager/tools/sbin/so-firewall-minion b/salt/manager/tools/sbin/so-firewall-minion index 4834f0e41..d3bbb3eeb 100755 --- a/salt/manager/tools/sbin/so-firewall-minion +++ b/salt/manager/tools/sbin/so-firewall-minion @@ -74,9 +74,12 @@ fi so-firewall includehost heavynode "$IP" --apply ;; 'IDH') - so-firewall includehost sensor "$IP" --apply + so-firewall includehost idh "$IP" --apply ;; 'RECEIVER') so-firewall includehost receiver "$IP" --apply ;; - esac \ No newline at end of file + 'WORKSTATION') + so-firewall includehost workstation "$IP" --apply + ;; + esac