CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add workstation to the salt config

Browse Source
This commit is contained in:
Mike Reeves
2022-03-30 14:03:52 -04:00
parent f43a6757e0
commit a049e458c6
2 changed files with 43 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
setup/so-functions
View File

@@ -155,7 +155,8 @@ analyst_workstation_pillar() {
"workstation:"\ "workstation:"\
" gui:"\ " gui:"\
" enabled: true" >> "$pillar_file" " enabled: true" >> "$pillar_file"
"sensoroni:"\
" node_description: '${NODE_DESCRIPTION//\'/''}'"
} }
calculate_useable_cores() { calculate_useable_cores() {
@@ -786,6 +787,9 @@ collect_zeek() {
configure_minion() { configure_minion() {
local minion_type=$1 local minion_type=$1
if [[ $is_analyst ]]; then
minion_type=workstation
fi
echo "Configuring minion type as $minion_type" >> "$setup_log" 2>&1 echo "Configuring minion type as $minion_type" >> "$setup_log" 2>&1
echo "role: so-$minion_type" > /etc/salt/grains echo "role: so-$minion_type" > /etc/salt/grains
@@ -794,6 +798,9 @@ configure_minion() {
echo "id: '$MINION_ID'" > "$minion_config" echo "id: '$MINION_ID'" > "$minion_config"
case "$minion_type" in case "$minion_type" in
'workstation')
echo "master: '$HOSTNAME'" >> "$minion_config"
;;
'helix') 'helix')
cp -f ../salt/ca/files/signing_policies.conf /etc/salt/minion.d/signing_policies.conf cp -f ../salt/ca/files/signing_policies.conf /etc/salt/minion.d/signing_policies.conf
echo "master: '$HOSTNAME'" >> "$minion_config" echo "master: '$HOSTNAME'" >> "$minion_config"
@@ -2249,38 +2256,41 @@ remove_package() {
saltify() { saltify() {
# Install updates and Salt # Install updates and Salt
if [ $OS = 'centos' ]; then if [[ $is_centos ]]; then
set_progress_str 6 'Installing various dependencies' set_progress_str 6 'Installing various dependencies'
if [[ ! $is_iso ]]; then if [[ ! ( $is_iso || $is_analyst_iso ) ]]; then
logCmd "yum -y install wget nmap-ncat" logCmd "yum -y install wget nmap-ncat"
fi fi
case "$install_type" in
'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'FLEET' | 'HELIXSENSOR' | 'STANDALONE'| 'IMPORT') if [[ ! is_analyst ]]; then
reserve_group_ids case "$install_type" in
if [[ ! $is_iso ]]; then 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'FLEET' | 'HELIXSENSOR' | 'STANDALONE'| 'IMPORT')
logCmd "yum -y install sqlite curl mariadb-devel" reserve_group_ids
fi if [[ ! $is_iso ]]; then
# Download Ubuntu Keys in case manager updates = 1 logCmd "yum -y install sqlite curl mariadb-devel"
logCmd "mkdir -vp /opt/so/gpg" fi
if [[ ! $is_airgap ]]; then # Download Ubuntu Keys in case manager updates = 1
logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3004/SALTSTACK-GPG-KEY.pub" logCmd "mkdir -vp /opt/so/gpg"
logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg" if [[ ! $is_airgap ]]; then
logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH" logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3004/SALTSTACK-GPG-KEY.pub"
fi logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg"
set_progress_str 7 'Installing salt-master' logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH"
if [[ ! $is_iso ]]; then fi
logCmd "yum -y install salt-master-3004" set_progress_str 7 'Installing salt-master'
fi if [[ ! $is_iso ]]; then
logCmd "systemctl enable salt-master" logCmd "yum -y install salt-master-3004"
;; fi
*) logCmd "systemctl enable salt-master"
;; ;;
esac *)
;;
esac
fi
if [[ ! $is_airgap ]]; then if [[ ! $is_airgap ]]; then
logCmd "yum clean expire-cache" logCmd "yum clean expire-cache"
fi fi
set_progress_str 8 'Installing salt-minion & python modules' set_progress_str 8 'Installing salt-minion & python modules'
if [[ ! $is_iso ]]; then if [[ ! ( $is_iso || $is_analyst_iso ) ]]; then
logCmd "yum -y install salt-minion-3004 httpd-tools python3 python36-docker python36-dateutil python36-m2crypto python36-mysql python36-packaging python36-lxml yum-utils device-mapper-persistent-data lvm2 openssl jq" logCmd "yum -y install salt-minion-3004 httpd-tools python3 python36-docker python36-dateutil python36-m2crypto python36-mysql python36-packaging python36-lxml yum-utils device-mapper-persistent-data lvm2 openssl jq"
logCmd "yum -y update --exclude=salt*" logCmd "yum -y update --exclude=salt*"
fi fi

7
setup/so-setup
View File

@@ -461,7 +461,12 @@ detect_cloud
short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}') short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')
MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]') if [[ $is_analyst ]]; then
MINION_ID=$(echo "${short_name}_workstation" | tr '[:upper:]' '[:lower:]')
fi
if [[ ! $is_analyst ]]; then
MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]')
fi
export MINION_ID export MINION_ID
echo "MINION_ID = $MINION_ID" >> $setup_log 2>&1 echo "MINION_ID = $MINION_ID" >> $setup_log 2>&1