CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

2 new capabilities: send-file and import-file

Browse Source
This commit is contained in:
Corey Ogburn
2023-05-26 15:14:34 -06:00
parent b60cf29598
commit a465039887
1 changed files with 75 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
salt/soc/files/bin/salt-relay.sh
View File

@@ -172,6 +172,74 @@ function manage_salt() {
fi fi
} }
function send_file() {
request=$1
from=$(echo "$request" | jq -r .from)
to=$(echo "$request" | jq -r .to)
node=$(echo "$request" | jq -r .node)
[ $(echo "$request" | jq -r .cleanup) != "true" ] ; cleanup=$?
log "From: $from"
log "To: $to"
log "Node: $node"
log "Cleanup: $cleanup"
response=$($CMD_PREFIX salt-cp -C "$node" "$from" "$to")
exit_code=$?
log Response:$'\n'"$response"
log "Exit Code: $exit_code"
if [[ exit_code -eq 0 ]]; then
if [[ $cleanup -eq 1 ]]; then
log "Cleaning up file $from"
rm -f "$from"
fi
$(echo "true" > "${SOC_PIPE}")
else
$(echo "false" > "${SOC_PIPE}")
fi
}
function import_file() {
request=$1
node=$(echo "$request" | jq -r .node)
file=$(echo "$request" | jq -r .file)
importer=$(echo "$request" | jq -r .importer)
log "Node: $node"
log "File: $file"
log "Importer: $importer"
case $importer in
pcap)
response=$($CMD_PREFIX "salt '$node' cmd.run 'so-import-pcap $file'")
exit_code=$?
;;
evtx)
response=$($CMD_PREFIX "salt '$node' cmd.run 'so-import-evtx $file'")
exit_code=$?
;;
*)
response="Unsupported importer: $importer"
exit_code=1
;;
esac
rm "$file"
log Response:$'\n'"$response"
log "Exit Code: $exit_code"
if [[ exit_code -eq 0 ]]; then
log "true"
$(echo "true" > "${SOC_PIPE}")
else
log "false"
$(echo "false" > "${SOC_PIPE}")
fi
}
while true; do while true; do
log "Listening for request" log "Listening for request"
request=$(cat ${SOC_PIPE}) request=$(cat ${SOC_PIPE})
@@ -191,6 +259,12 @@ while true; do
manage-salt) manage-salt)
manage_salt "${request}" manage_salt "${request}"
;; ;;
send-file)
send_file "${request}"
;;
import-file)
import_file "${request}"
;;
*) *)
log "Unsupported command: $command" log "Unsupported command: $command"
$(echo "false" > "${SOC_PIPE}") $(echo "false" > "${SOC_PIPE}")