From 976ad4152dc6dd5702b4913a81dda1b33bbd66d6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 19 Apr 2023 10:44:02 -0400 Subject: [PATCH 1/3] move soc_global and adv_global pillar file under pillar/global/ --- pillar/top.sls | 33 ++++++++++--------- salt/common/tools/sbin/so-elastic-fleet-setup | 2 +- setup/so-variables | 4 +-- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/pillar/top.sls b/pillar/top.sls index 438aff576..21ef6b0f0 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -49,8 +49,8 @@ base: - kibana.secrets {% endif %} - secrets - - soc_global - - adv_global + - global.soc_global + - global.adv_global - manager.soc_manager - manager.adv_manager - idstools.soc_idstools @@ -74,8 +74,8 @@ base: '*_sensor': - healthcheck.sensor - - soc_global - - adv_global + - global.soc_global + - global.adv_global - minions.{{ grains.id }} - minions.adv_{{ grains.id }} @@ -89,7 +89,8 @@ base: {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %} - kibana.secrets {% endif %} - - soc_global + - global.soc_global + - global.adv_global - kratos.soc_kratos - elasticsearch.soc_elasticsearch - elasticsearch.adv_elasticsearch @@ -126,7 +127,8 @@ base: {% endif %} - secrets - healthcheck.standalone - - soc_global + - global.soc_global + - global.adv_global - idstools.soc_idstools - idstools.adv_idstools - kratos.soc_kratos @@ -149,14 +151,15 @@ base: '*_heavynode': - elasticsearch.auth - - soc_global + - global.soc_global + - global.adv_global - redis.soc_redis - minions.{{ grains.id }} - minions.adv_{{ grains.id }} '*_idh': - - soc_global - - adv_global + - global.soc_global + - global.adv_global - idh.soc_idh - idh.adv_idh - minions.{{ grains.id }} @@ -174,8 +177,8 @@ base: - elasticsearch.auth {% endif %} - redis.soc_redis - - soc_global - - adv_global + - global.soc_global + - global.adv_global - minions.{{ grains.id }} - minions.adv_{{ grains.id }} @@ -189,8 +192,8 @@ base: {% endif %} - redis.soc_redis - redis.adv_redis - - soc_global - - adv_global + - global.soc_global + - global.adv_global - minions.{{ grains.id }} - minions.adv_{{ grains.id }} @@ -209,8 +212,8 @@ base: - manager.soc_manager - manager.adv_manager - soc.soc_soc - - soc_global - - adv_global + - global.soc_global + - global.adv_global - backup.soc_backup - backup.adv_backup - kratos.soc_kratos diff --git a/salt/common/tools/sbin/so-elastic-fleet-setup b/salt/common/tools/sbin/so-elastic-fleet-setup index ab54d42a5..4afdcfc60 100755 --- a/salt/common/tools/sbin/so-elastic-fleet-setup +++ b/salt/common/tools/sbin/so-elastic-fleet-setup @@ -85,7 +85,7 @@ printf '%s\n'\ "" >> "$pillar_file" #Store Grid Nodes Enrollment token in Global pillar -global_pillar_file=/opt/so/saltstack/local/pillar/soc_global.sls +global_pillar_file=/opt/so/saltstack/local/pillar/global/soc_global.sls printf '%s\n'\ " fleet_grid_enrollment_token: '$GRIDNODESENROLLMENTOKEN'"\ "" >> "$global_pillar_file" diff --git a/setup/so-variables b/setup/so-variables index 6a3861e92..98ecb2b4f 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -76,10 +76,10 @@ export ntp_string whiptail_title="Security Onion Setup - $SOVERSION" export whiptail_title -global_pillar_file="$local_salt_dir/pillar/soc_global.sls" +global_pillar_file="$local_salt_dir/pillar/global/soc_global.sls" export global_pillar_file -adv_global_pillar_file="$local_salt_dir/pillar/adv_global.sls" +adv_global_pillar_file="$local_salt_dir/pillar/global/adv_global.sls" export adv_global_pillar_file elasticsearch_pillar_file="$local_salt_dir/pillar/elasticsearch/soc_elasticsearch.sls" From 9f07388fa4bf2554628f6871bdcc830a8a12a2c1 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 19 Apr 2023 10:47:08 -0400 Subject: [PATCH 2/3] fix global location for fleet node --- pillar/top.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pillar/top.sls b/pillar/top.sls index 9b943207b..1acc5d030 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -228,8 +228,8 @@ base: - minions.adv_{{ grains.id }} '*_fleet': - - soc_global - - adv_global + - global.soc_global + - global.adv_global - backup.soc_backup - backup.adv_backup - logstash From d5ab8ff191fb4452771a8772bcd884c4238cf2e8 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 19 Apr 2023 11:44:03 -0400 Subject: [PATCH 3/3] create the local global pillar directory --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 3e911ff68..dd5614b08 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1539,7 +1539,7 @@ make_some_dirs() { mkdir -p $local_salt_dir/salt/firewall/portgroups mkdir -p $local_salt_dir/salt/firewall/ports - for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni curator soc soctopus docker zeek suricata nginx telegraf logstash soc manager kratos idstools idh elastalert;do + for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni curator soc soctopus docker zeek suricata nginx telegraf logstash soc manager kratos idstools idh elastalert global;do mkdir -p $local_salt_dir/pillar/$THEDIR touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls