CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10950 from Security-Onion-Solutions/fix/idhfirewall

Browse Source 
Fix/idhfirewall
This commit is contained in:
Josh Patterson
2023-08-04 11:00:58 -04:00
committed by GitHub
parent 560ec9106d 014aeffb2a
commit 9fe9256a0f
3 changed files with 117 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
salt/firewall/defaults.yaml
View File

@@ -26,6 +26,7 @@ firewall:
standalone: [] standalone: []
strelka_frontend: [] strelka_frontend: []
syslog: [] syslog: []
workstation: []
customhostgroup0: [] customhostgroup0: []
customhostgroup1: [] customhostgroup1: []
customhostgroup2: [] customhostgroup2: []
@@ -370,6 +371,7 @@ firewall:
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- localrules - localrules
- sensoroni
fleet: fleet:
portgroups: portgroups:
- elasticsearch_rest - elasticsearch_rest
@@ -383,6 +385,17 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
idh:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
sensor: sensor:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -393,6 +406,7 @@ firewall:
- yum - yum
- docker_registry - docker_registry
- influxdb - influxdb
- sensoroni
searchnode: searchnode:
portgroups: portgroups:
- redis - redis
@@ -405,6 +419,7 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- sensoroni
heavynode: heavynode:
portgroups: portgroups:
- redis - redis
@@ -417,6 +432,7 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- sensoroni
receiver: receiver:
portgroups: portgroups:
- yum - yum
@@ -425,6 +441,10 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
beats_endpoint: beats_endpoint:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -442,9 +462,9 @@ firewall:
endgame: endgame:
portgroups: portgroups:
- endgame - endgame
analyst: workstation:
portgroups: portgroups:
- nginx - yum
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:
@@ -476,6 +496,9 @@ firewall:
fleet: fleet:
portgroups: portgroups:
- salt_manager - salt_manager
idh:
portgroups:
- salt_manager
localhost: localhost:
portgroups: portgroups:
- all - all
@@ -491,6 +514,9 @@ firewall:
receiver: receiver:
portgroups: portgroups:
- salt_manager - salt_manager
workstation:
portgroups:
- salt_manager
self: self:
portgroups: portgroups:
- syslog - syslog
@@ -535,6 +561,7 @@ firewall:
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- localrules - localrules
- sensoroni
fleet: fleet:
portgroups: portgroups:
- elasticsearch_rest - elasticsearch_rest
@@ -548,6 +575,17 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
idh:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
sensor: sensor:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -558,6 +596,7 @@ firewall:
- yum - yum
- docker_registry - docker_registry
- influxdb - influxdb
- sensoroni
searchnode: searchnode:
portgroups: portgroups:
- redis - redis
@@ -569,6 +608,7 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- sensoroni
heavynode: heavynode:
portgroups: portgroups:
- redis - redis
@@ -580,6 +620,7 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- sensoroni
receiver: receiver:
portgroups: portgroups:
- yum - yum
@@ -588,6 +629,10 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
beats_endpoint: beats_endpoint:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -605,9 +650,9 @@ firewall:
endgame: endgame:
portgroups: portgroups:
- endgame - endgame
analyst: workstation:
portgroups: portgroups:
- nginx - yum
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:
@@ -639,6 +684,9 @@ firewall:
fleet: fleet:
portgroups: portgroups:
- salt_manager - salt_manager
idh:
portgroups:
- salt_manager
localhost: localhost:
portgroups: portgroups:
- all - all
@@ -654,6 +702,9 @@ firewall:
receiver: receiver:
portgroups: portgroups:
- salt_manager - salt_manager
workstation:
portgroups:
- salt_manager
self: self:
portgroups: portgroups:
- syslog - syslog
@@ -723,6 +774,17 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
idh:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
sensor: sensor:
portgroups: portgroups:
- docker_registry - docker_registry
@@ -760,6 +822,10 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
beats_endpoint: beats_endpoint:
portgroups: portgroups:
- beats_5044 - beats_5044
@@ -780,9 +846,9 @@ firewall:
strelka_frontend: strelka_frontend:
portgroups: portgroups:
- strelka_frontend - strelka_frontend
analyst: workstation:
portgroups: portgroups:
- nginx - yum
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:
@@ -813,7 +879,10 @@ firewall:
- all - all
fleet: fleet:
portgroups: portgroups:
- salt_manager - salt_manager
idh:
portgroups:
- salt_manager
localhost: localhost:
portgroups: portgroups:
- all - all
@@ -832,6 +901,9 @@ firewall:
receiver: receiver:
portgroups: portgroups:
- salt_manager - salt_manager
workstation:
portgroups:
- salt_manager
self: self:
portgroups: portgroups:
- syslog - syslog
@@ -1128,6 +1200,9 @@ firewall:
analyst: analyst:
portgroups: portgroups:
- nginx - nginx
workstation:
portgroups:
- yum
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:

31
salt/firewall/soc_firewall.yaml
View File

@@ -45,6 +45,7 @@ firewall:
standalone: *hostgroupsettings standalone: *hostgroupsettings
strelka_frontend: *hostgroupsettings strelka_frontend: *hostgroupsettings
syslog: *hostgroupsettings syslog: *hostgroupsettings
workstation: *hostgroupsettings
customhostgroup0: &customhostgroupsettings customhostgroup0: &customhostgroupsettings
description: List of IP or CIDR blocks to allow to this hostgroup. description: List of IP or CIDR blocks to allow to this hostgroup.
forcedType: "[]string" forcedType: "[]string"
@@ -215,6 +216,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
analyst: analyst:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
workstation:
portgroups: *portgroupsdocker
customhostgroup0: customhostgroup0:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
customhostgroup1: customhostgroup1:
@@ -338,7 +341,9 @@ firewall:
DOCKER-USER: DOCKER-USER:
hostgroups: hostgroups:
manager: manager:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
idh:
portgroups: *portgroupsdocker
sensor: sensor:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
searchnode: searchnode:
@@ -361,6 +366,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
analyst: analyst:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
workstation:
portgroups: *portgroupsdocker
customhostgroup0: customhostgroup0:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
customhostgroup1: customhostgroup1:
@@ -389,12 +396,16 @@ firewall:
portgroups: *portgroupshost portgroups: *portgroupshost
localhost: localhost:
portgroups: *portgroupshost portgroups: *portgroupshost
idh:
portgroups: *portgroupshost
sensor: sensor:
portgroups: *portgroupshost portgroups: *portgroupshost
searchnode: searchnode:
portgroups: *portgroupshost portgroups: *portgroupshost
heavynode: heavynode:
portgroups: *portgroupshost portgroups: *portgroupshost
workstation:
portgroups: *portgroupshost
customhostgroup0: customhostgroup0:
portgroups: *portgroupshost portgroups: *portgroupshost
customhostgroup1: customhostgroup1:
@@ -422,6 +433,8 @@ firewall:
hostgroups: hostgroups:
managersearch: managersearch:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
idh:
portgroups: *portgroupsdocker
sensor: sensor:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
searchnode: searchnode:
@@ -444,6 +457,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
analyst: analyst:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
workstation:
portgroups: *portgroupsdocker
customhostgroup0: customhostgroup0:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
customhostgroup1: customhostgroup1:
@@ -472,12 +487,16 @@ firewall:
portgroups: *portgroupshost portgroups: *portgroupshost
localhost: localhost:
portgroups: *portgroupshost portgroups: *portgroupshost
idh:
portgroups: *portgroupshost
sensor: sensor:
portgroups: *portgroupshost portgroups: *portgroupshost
searchnode: searchnode:
portgroups: *portgroupshost portgroups: *portgroupshost
heavynode: heavynode:
portgroups: *portgroupshost portgroups: *portgroupshost
workstation:
portgroups: *portgroupshost
customhostgroup0: customhostgroup0:
portgroups: *portgroupshost portgroups: *portgroupshost
customhostgroup1: customhostgroup1:
@@ -509,6 +528,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
fleet: fleet:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
idh:
portgroups: *portgroupsdocker
sensor: sensor:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
searchnode: searchnode:
@@ -533,6 +554,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
analyst: analyst:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
workstation:
portgroups: *portgroupsdocker
customhostgroup0: customhostgroup0:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
customhostgroup1: customhostgroup1:
@@ -565,12 +588,16 @@ firewall:
portgroups: *portgroupshost portgroups: *portgroupshost
standalone: standalone:
portgroups: *portgroupshost portgroups: *portgroupshost
idh:
portgroups: *portgroupshost
sensor: sensor:
portgroups: *portgroupshost portgroups: *portgroupshost
searchnode: searchnode:
portgroups: *portgroupshost portgroups: *portgroupshost
heavynode: heavynode:
portgroups: *portgroupshost portgroups: *portgroupshost
workstation:
portgroups: *portgroupshost
customhostgroup0: customhostgroup0:
portgroups: *portgroupshost portgroups: *portgroupshost
customhostgroup1: customhostgroup1:
@@ -795,6 +822,8 @@ firewall:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
analyst: analyst:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
workstation:
portgroups: *portgroupsdocker
customhostgroup0: customhostgroup0:
portgroups: *portgroupsdocker portgroups: *portgroupsdocker
customhostgroup1: customhostgroup1:

7
salt/manager/tools/sbin/so-firewall-minion
View File

@@ -74,9 +74,12 @@ fi
so-firewall includehost heavynode "$IP" --apply so-firewall includehost heavynode "$IP" --apply
;; ;;
'IDH') 'IDH')
so-firewall includehost sensor "$IP" --apply so-firewall includehost idh "$IP" --apply
;; ;;
'RECEIVER') 'RECEIVER')
so-firewall includehost receiver "$IP" --apply so-firewall includehost receiver "$IP" --apply
;; ;;
esac 'WORKSTATION')
so-firewall includehost workstation "$IP" --apply
;;
esac