CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10950 from Security-Onion-Solutions/fix/idhfirewall

Browse Source 
Fix/idhfirewall
This commit is contained in:
Josh Patterson
2023-08-04 11:00:58 -04:00
committed by GitHub
parent 560ec9106d 014aeffb2a
commit 9fe9256a0f
3 changed files with 117 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
salt/firewall/defaults.yaml
View File

@@ -26,6 +26,7 @@ firewall:
standalone: []
strelka_frontend: []
syslog: []
workstation: []
customhostgroup0: []
customhostgroup1: []
customhostgroup2: []
@@ -370,6 +371,7 @@ firewall:
- elastic_agent_data
- elastic_agent_update
- localrules
- sensoroni
fleet:
portgroups:
- elasticsearch_rest
@@ -383,6 +385,17 @@ firewall:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
idh:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
sensor:
portgroups:
- beats_5044
@@ -393,6 +406,7 @@ firewall:
- yum
- docker_registry
- influxdb
- sensoroni
searchnode:
portgroups:
- redis
@@ -405,6 +419,7 @@ firewall:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
heavynode:
portgroups:
- redis
@@ -417,6 +432,7 @@ firewall:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
receiver:
portgroups:
- yum
@@ -425,6 +441,10 @@ firewall:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
beats_endpoint:
portgroups:
- beats_5044
@@ -442,9 +462,9 @@ firewall:
endgame:
portgroups:
- endgame
analyst:
workstation:
portgroups:
- nginx
- yum
customhostgroup0:
portgroups: []
customhostgroup1:
@@ -476,6 +496,9 @@ firewall:
fleet:
portgroups:
- salt_manager
idh:
portgroups:
- salt_manager
localhost:
portgroups:
- all
@@ -491,6 +514,9 @@ firewall:
receiver:
portgroups:
- salt_manager
workstation:
portgroups:
- salt_manager
self:
portgroups:
- syslog
@@ -535,6 +561,7 @@ firewall:
- elastic_agent_data
- elastic_agent_update
- localrules
- sensoroni
fleet:
portgroups:
- elasticsearch_rest
@@ -548,6 +575,17 @@ firewall:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
idh:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
sensor:
portgroups:
- beats_5044
@@ -558,6 +596,7 @@ firewall:
- yum
- docker_registry
- influxdb
- sensoroni
searchnode:
portgroups:
- redis
@@ -569,6 +608,7 @@ firewall:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
heavynode:
portgroups:
- redis
@@ -580,6 +620,7 @@ firewall:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
receiver:
portgroups:
- yum
@@ -588,6 +629,10 @@ firewall:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
beats_endpoint:
portgroups:
- beats_5044
@@ -605,9 +650,9 @@ firewall:
endgame:
portgroups:
- endgame
analyst:
workstation:
portgroups:
- nginx
- yum
customhostgroup0:
portgroups: []
customhostgroup1:
@@ -639,6 +684,9 @@ firewall:
fleet:
portgroups:
- salt_manager
idh:
portgroups:
- salt_manager
localhost:
portgroups:
- all
@@ -654,6 +702,9 @@ firewall:
receiver:
portgroups:
- salt_manager
workstation:
portgroups:
- salt_manager
self:
portgroups:
- syslog
@@ -723,6 +774,17 @@ firewall:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
idh:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
sensor:
portgroups:
- docker_registry
@@ -760,6 +822,10 @@ firewall:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
beats_endpoint:
portgroups:
- beats_5044
@@ -780,9 +846,9 @@ firewall:
strelka_frontend:
portgroups:
- strelka_frontend
analyst:
workstation:
portgroups:
- nginx
- yum
customhostgroup0:
portgroups: []
customhostgroup1:
@@ -813,7 +879,10 @@ firewall:
- all
fleet:
portgroups:
- salt_manager
- salt_manager
idh:
portgroups:
- salt_manager
localhost:
portgroups:
- all
@@ -832,6 +901,9 @@ firewall:
receiver:
portgroups:
- salt_manager
workstation:
portgroups:
- salt_manager
self:
portgroups:
- syslog
@@ -1128,6 +1200,9 @@ firewall:
analyst:
portgroups:
- nginx
workstation:
portgroups:
- yum
customhostgroup0:
portgroups: []
customhostgroup1:

31
salt/firewall/soc_firewall.yaml
View File

@@ -45,6 +45,7 @@ firewall:
standalone: *hostgroupsettings
strelka_frontend: *hostgroupsettings
syslog: *hostgroupsettings
workstation: *hostgroupsettings
customhostgroup0: &customhostgroupsettings
description: List of IP or CIDR blocks to allow to this hostgroup.
forcedType: "[]string"
@@ -215,6 +216,8 @@ firewall:
portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
workstation:
portgroups: *portgroupsdocker
customhostgroup0:
portgroups: *portgroupsdocker
customhostgroup1:
@@ -338,7 +341,9 @@ firewall:
DOCKER-USER:
hostgroups:
manager:
portgroups: *portgroupsdocker
portgroups: *portgroupsdocker
idh:
portgroups: *portgroupsdocker
sensor:
portgroups: *portgroupsdocker
searchnode:
@@ -361,6 +366,8 @@ firewall:
portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
workstation:
portgroups: *portgroupsdocker
customhostgroup0:
portgroups: *portgroupsdocker
customhostgroup1:
@@ -389,12 +396,16 @@ firewall:
portgroups: *portgroupshost
localhost:
portgroups: *portgroupshost
idh:
portgroups: *portgroupshost
sensor:
portgroups: *portgroupshost
searchnode:
portgroups: *portgroupshost
heavynode:
portgroups: *portgroupshost
workstation:
portgroups: *portgroupshost
customhostgroup0:
portgroups: *portgroupshost
customhostgroup1:
@@ -422,6 +433,8 @@ firewall:
hostgroups:
managersearch:
portgroups: *portgroupsdocker
idh:
portgroups: *portgroupsdocker
sensor:
portgroups: *portgroupsdocker
searchnode:
@@ -444,6 +457,8 @@ firewall:
portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
workstation:
portgroups: *portgroupsdocker
customhostgroup0:
portgroups: *portgroupsdocker
customhostgroup1:
@@ -472,12 +487,16 @@ firewall:
portgroups: *portgroupshost
localhost:
portgroups: *portgroupshost
idh:
portgroups: *portgroupshost
sensor:
portgroups: *portgroupshost
searchnode:
portgroups: *portgroupshost
heavynode:
portgroups: *portgroupshost
workstation:
portgroups: *portgroupshost
customhostgroup0:
portgroups: *portgroupshost
customhostgroup1:
@@ -509,6 +528,8 @@ firewall:
portgroups: *portgroupsdocker
fleet:
portgroups: *portgroupsdocker
idh:
portgroups: *portgroupsdocker
sensor:
portgroups: *portgroupsdocker
searchnode:
@@ -533,6 +554,8 @@ firewall:
portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
workstation:
portgroups: *portgroupsdocker
customhostgroup0:
portgroups: *portgroupsdocker
customhostgroup1:
@@ -565,12 +588,16 @@ firewall:
portgroups: *portgroupshost
standalone:
portgroups: *portgroupshost
idh:
portgroups: *portgroupshost
sensor:
portgroups: *portgroupshost
searchnode:
portgroups: *portgroupshost
heavynode:
portgroups: *portgroupshost
workstation:
portgroups: *portgroupshost
customhostgroup0:
portgroups: *portgroupshost
customhostgroup1:
@@ -795,6 +822,8 @@ firewall:
portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
workstation:
portgroups: *portgroupsdocker
customhostgroup0:
portgroups: *portgroupsdocker
customhostgroup1:

7
salt/manager/tools/sbin/so-firewall-minion
View File

@@ -74,9 +74,12 @@ fi
so-firewall includehost heavynode "$IP" --apply
;;
'IDH')
so-firewall includehost sensor "$IP" --apply
so-firewall includehost idh "$IP" --apply
;;
'RECEIVER')
so-firewall includehost receiver "$IP" --apply
;;
esac
'WORKSTATION')
so-firewall includehost workstation "$IP" --apply
;;
esac