From a3b97b40ba6994d138ced415e9bf99367f4014de Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 11 May 2023 13:57:08 -0400 Subject: [PATCH] enabled/disable soctopus in ui --- salt/manager/tools/sbin/so-minion | 11 +++ salt/nginx/soc_nginx.yaml | 1 + salt/soctopus/config.sls | 88 +++++++++++++++++++++ salt/soctopus/defaults.yaml | 2 + salt/soctopus/disabled.sls | 27 +++++++ salt/soctopus/enabled.sls | 54 +++++++++++++ salt/soctopus/init.sls | 122 +++--------------------------- salt/soctopus/map.jinja | 7 ++ salt/soctopus/soc_soctopus.yaml | 5 +- salt/soctopus/sostatus.sls | 21 +++++ 10 files changed, 224 insertions(+), 114 deletions(-) create mode 100644 salt/soctopus/config.sls create mode 100644 salt/soctopus/defaults.yaml create mode 100644 salt/soctopus/disabled.sls create mode 100644 salt/soctopus/enabled.sls create mode 100644 salt/soctopus/map.jinja create mode 100644 salt/soctopus/sostatus.sls diff --git a/salt/manager/tools/sbin/so-minion b/salt/manager/tools/sbin/so-minion index 97e183f2a..3d5bd7352 100755 --- a/salt/manager/tools/sbin/so-minion +++ b/salt/manager/tools/sbin/so-minion @@ -295,6 +295,13 @@ function add_nginx_to_minion() { " " >> $PILLARFILE } +function add_soctopus_to_minion() { + printf '%s\n'\ + "soctopus:"\ + " enabled: True"\ + " " >> $PILLARFILE +} + function create_fleet_policy() { JSON_STRING=$( jq -n \ @@ -348,6 +355,7 @@ function createEVAL() { add_telegraf_to_minion add_influxdb_to_minion add_nginx_to_minion + add_soctopus_to_minion } function createSTANDALONE() { @@ -363,6 +371,7 @@ function createSTANDALONE() { add_telegraf_to_minion add_influxdb_to_minion add_nginx_to_minion + add_soctopus_to_minion } function createMANAGER() { @@ -376,6 +385,7 @@ function createMANAGER() { add_telegraf_to_minion add_influxdb_to_minion add_nginx_to_minion + add_soctopus_to_minion } function createMANAGERSEARCH() { @@ -389,6 +399,7 @@ function createMANAGERSEARCH() { add_telegraf_to_minion add_influxdb_to_minion add_nginx_to_minion + add_soctopus_to_minion } function createIMPORT() { diff --git a/salt/nginx/soc_nginx.yaml b/salt/nginx/soc_nginx.yaml index 4a3642f93..66110a62f 100644 --- a/salt/nginx/soc_nginx.yaml +++ b/salt/nginx/soc_nginx.yaml @@ -1,6 +1,7 @@ nginx: enabled: description: You can enable or disable Nginx. + advanced: True helpLink: nginx.html config: replace_cert: diff --git a/salt/soctopus/config.sls b/salt/soctopus/config.sls new file mode 100644 index 000000000..35b55d296 --- /dev/null +++ b/salt/soctopus/config.sls @@ -0,0 +1,88 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} +{% from 'vars/globals.map.jinja' import GLOBALS %} + +include: + - nginx.config + +soctopusdir: + file.directory: + - name: /opt/so/conf/soctopus/sigma-import + - user: 939 + - group: 939 + - makedirs: True + +soctopus-sync: + file.recurse: + - name: /opt/so/conf/soctopus/templates + - source: salt://soctopus/files/templates + - user: 939 + - group: 939 + - template: jinja + - defaults: + GLOBALS: {{ GLOBALS }} + +soctopusconf: + file.managed: + - name: /opt/so/conf/soctopus/SOCtopus.conf + - source: salt://soctopus/files/SOCtopus.conf + - user: 939 + - group: 939 + - mode: 600 + - template: jinja + - show_changes: False + - defaults: + GLOBALS: {{ GLOBALS }} + +soctopuslogdir: + file.directory: + - name: /opt/so/log/soctopus + - user: 939 + - group: 939 + +playbookrulesdir: + file.directory: + - name: /opt/so/rules/elastalert/playbook + - user: 939 + - group: 939 + - makedirs: True + +playbookrulessync: + file.recurse: + - name: /opt/so/rules/elastalert/playbook + - source: salt://soctopus/files/templates + - user: 939 + - group: 939 + - template: jinja + - defaults: + GLOBALS: {{ GLOBALS }} + +soctopus_sbin: + file.recurse: + - name: /usr/sbin + - source: salt://soctopus/tools/sbin + - user: 939 + - group: 939 + - file_mode: 755 + +#soctopus_sbin_jinja: +# file.recurse: +# - name: /usr/sbin +# - source: salt://soctopus/tools/sbin_jinja +# - user: 939 +# - group: 939 +# - file_mode: 755 +# - template: jinja + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/soctopus/defaults.yaml b/salt/soctopus/defaults.yaml new file mode 100644 index 000000000..cb7f286ae --- /dev/null +++ b/salt/soctopus/defaults.yaml @@ -0,0 +1,2 @@ +soctopus: + enabled: False diff --git a/salt/soctopus/disabled.sls b/salt/soctopus/disabled.sls new file mode 100644 index 000000000..9293a9d71 --- /dev/null +++ b/salt/soctopus/disabled.sls @@ -0,0 +1,27 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} + +include: + - soctopus.sostatus + +so-soctopus: + docker_container.absent: + - force: True + +so-soctopus_so-status.disabled: + file.comment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-soctopus$ + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/soctopus/enabled.sls b/salt/soctopus/enabled.sls new file mode 100644 index 000000000..9c2ee4de7 --- /dev/null +++ b/salt/soctopus/enabled.sls @@ -0,0 +1,54 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} +{% from 'vars/globals.map.jinja' import GLOBALS %} +{% from 'docker/docker.map.jinja' import DOCKER %} + +include: + - soctopus.config + - soctopus.sostatus + +so-soctopus: + docker_container.running: + - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-soctopus:{{ GLOBALS.so_version }} + - hostname: soctopus + - name: so-soctopus + - networks: + - sobridge: + - ipv4_address: {{ DOCKER.containers['so-soctopus'].ip }} + - binds: + - /opt/so/conf/soctopus/SOCtopus.conf:/SOCtopus/SOCtopus.conf:ro + - /opt/so/log/soctopus/:/var/log/SOCtopus/:rw + - /opt/so/rules/elastalert/playbook:/etc/playbook-rules:rw + - /opt/so/conf/navigator/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw + - /opt/so/conf/soctopus/sigma-import/:/SOCtopus/sigma-import/:rw + {% if GLOBALS.airgap %} + - /nsm/repo/rules/sigma:/soctopus/sigma + {% endif %} + - port_bindings: + {% for BINDING in DOCKER.containers['so-soctopus'].port_bindings %} + - {{ BINDING }} + {% endfor %} + - extra_hosts: + - {{GLOBALS.url_base}}:{{GLOBALS.manager_ip}} + - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} + - require: + - file: soctopusconf + - file: navigatordefaultlayer + +delete_so-soctopus_so-status.disabled: + file.uncomment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-soctopus$ + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index 467617a54..c9359a68c 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -1,117 +1,13 @@ -{% from 'allowed_states.map.jinja' import allowed_states %} -{% if sls in allowed_states %} -{% from 'docker/docker.map.jinja' import DOCKER %} -{% from 'vars/globals.map.jinja' import GLOBALS %} +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'soctopus/map.jinja' import SOCTOPUSMERGED %} include: - - nginx.config - -soctopusdir: - file.directory: - - name: /opt/so/conf/soctopus/sigma-import - - user: 939 - - group: 939 - - makedirs: True - -soctopus-sync: - file.recurse: - - name: /opt/so/conf/soctopus/templates - - source: salt://soctopus/files/templates - - user: 939 - - group: 939 - - template: jinja - - defaults: - GLOBALS: {{ GLOBALS }} - -soctopusconf: - file.managed: - - name: /opt/so/conf/soctopus/SOCtopus.conf - - source: salt://soctopus/files/SOCtopus.conf - - user: 939 - - group: 939 - - mode: 600 - - template: jinja - - show_changes: False - - defaults: - GLOBALS: {{ GLOBALS }} - -soctopuslogdir: - file.directory: - - name: /opt/so/log/soctopus - - user: 939 - - group: 939 - -playbookrulesdir: - file.directory: - - name: /opt/so/rules/elastalert/playbook - - user: 939 - - group: 939 - - makedirs: True - -playbookrulessync: - file.recurse: - - name: /opt/so/rules/elastalert/playbook - - source: salt://soctopus/files/templates - - user: 939 - - group: 939 - - template: jinja - - defaults: - GLOBALS: {{ GLOBALS }} - -soctopus_sbin: - file.recurse: - - name: /usr/sbin - - source: salt://soctopus/tools/sbin - - user: 939 - - group: 939 - - file_mode: 755 - -#soctopus_sbin_jinja: -# file.recurse: -# - name: /usr/sbin -# - source: salt://soctopus/tools/sbin_jinja -# - user: 939 -# - group: 939 -# - file_mode: 755 -# - template: jinja - -so-soctopus: - docker_container.running: - - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-soctopus:{{ GLOBALS.so_version }} - - hostname: soctopus - - name: so-soctopus - - networks: - - sobridge: - - ipv4_address: {{ DOCKER.containers['so-soctopus'].ip }} - - binds: - - /opt/so/conf/soctopus/SOCtopus.conf:/SOCtopus/SOCtopus.conf:ro - - /opt/so/log/soctopus/:/var/log/SOCtopus/:rw - - /opt/so/rules/elastalert/playbook:/etc/playbook-rules:rw - - /opt/so/conf/navigator/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw - - /opt/so/conf/soctopus/sigma-import/:/SOCtopus/sigma-import/:rw - {% if GLOBALS.airgap %} - - /nsm/repo/rules/sigma:/soctopus/sigma - {% endif %} - - port_bindings: - {% for BINDING in DOCKER.containers['so-soctopus'].port_bindings %} - - {{ BINDING }} - {% endfor %} - - extra_hosts: - - {{GLOBALS.url_base}}:{{GLOBALS.manager_ip}} - - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} - - require: - - file: soctopusconf - - file: navigatordefaultlayer - -append_so-soctopus_so-status.conf: - file.append: - - name: /opt/so/conf/so-status/so-status.conf - - text: so-soctopus - +{% if SOCTOPUSMERGED.enabled %} + - soctopus.enabled {% else %} - -{{sls}}_state_not_allowed: - test.fail_without_changes: - - name: {{sls}}_state_not_allowed - + - soctopus.disabled {% endif %} diff --git a/salt/soctopus/map.jinja b/salt/soctopus/map.jinja new file mode 100644 index 000000000..07df21dbb --- /dev/null +++ b/salt/soctopus/map.jinja @@ -0,0 +1,7 @@ +{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one + or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at + https://securityonion.net/license; you may not use this file except in compliance with the + Elastic License 2.0. #} + +{% import_yaml 'soctopus/defaults.yaml' as SOCTOPUSDEFAULTS %} +{% set SOCTOPUSMERGED = salt['pillar.get']('soctopus', SOCTOPUSDEFAULTS.soctopus, merge=True) %} diff --git a/salt/soctopus/soc_soctopus.yaml b/salt/soctopus/soc_soctopus.yaml index 033405345..51a3a5c52 100644 --- a/salt/soctopus/soc_soctopus.yaml +++ b/salt/soctopus/soc_soctopus.yaml @@ -1,7 +1,10 @@ soctopus: + enabled: + description: You can enable or disable SOCtopus. + helpLink: soctopus.html playbook: rulesets: description: List of playbook rulesets. advanced: True helplink: soctopus.html - global: True \ No newline at end of file + global: True diff --git a/salt/soctopus/sostatus.sls b/salt/soctopus/sostatus.sls new file mode 100644 index 000000000..8a888235e --- /dev/null +++ b/salt/soctopus/sostatus.sls @@ -0,0 +1,21 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} + +append_so-soctopus_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-soctopus + - unless: grep -q so-soctopus /opt/so/conf/so-status/so-status.conf + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %}