From a4b59ee8bf708dc72d424b734438e2119a5fd964 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 9 Dec 2019 10:22:35 -0500 Subject: [PATCH] logstash helix --- pillar/top.sls | 4 ++++ salt/logstash/files/dynamic/9997_output_helix.conf | 2 +- setup/functions.sh | 11 +++++++++++ setup/so-setup.sh | 2 ++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/pillar/top.sls b/pillar/top.sls index ffa99de59..77e0c1672 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -27,3 +27,7 @@ base: - nodes.{{ grains.id }} - static - firewall.* + + 'G@role:so-helix': + - fireeye + - static diff --git a/salt/logstash/files/dynamic/9997_output_helix.conf b/salt/logstash/files/dynamic/9997_output_helix.conf index a6aefbf53..fcb9d9367 100644 --- a/salt/logstash/files/dynamic/9997_output_helix.conf +++ b/salt/logstash/files/dynamic/9997_output_helix.conf @@ -1,4 +1,4 @@ -{% set helix_api_key = salt['pillar.get']('fireeye:helix:api_key', '') %} +{% set HELIXAPIKEY = salt['pillar.get']('fireeye:helix:api_key', '') %} filter { if "fe_clone" in [type] { diff --git a/setup/functions.sh b/setup/functions.sh index ff546ea31..8ae3a28c1 100644 --- a/setup/functions.sh +++ b/setup/functions.sh @@ -476,6 +476,17 @@ filter_unused_nics() { FNICS=$(ip link | grep -vwe $grep_string | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}') } +fireeye_pillar() { + + FIREEYEPILLARPATH=$TMP/pillar/fireeye + + echo "" >> $FIREEYEPILLARPATH/init.sls + echo "fireeye:" >> $FIREEYEPILLARPATH/init.sls + echo " helix:" >> $FIREEYEPILLARPATH/init.sls + echo " api_key: $HELIXAPIKEY" >> $FIREEYEPILLARPATH/init.sls + +} + generate_passwords(){ # Generate Random Passwords for Things MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) diff --git a/setup/so-setup.sh b/setup/so-setup.sh index ea7e869af..0f206fc26 100644 --- a/setup/so-setup.sh +++ b/setup/so-setup.sh @@ -193,6 +193,8 @@ if (whiptail_you_sure) ; then master_pillar >> $SETUPLOG 2>&1 echo "** Generating the patch pillar **" >> $SETUPLOG patch_pillar >> $SETUPLOG 2>&1 + echo "** Generating the FireEye pillar **" >> $SETUPLOG + fireeye_pillar >> $SETUPLOG 2>&1 echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX" copy_minion_tmp_files >> $SETUPLOG 2>&1 # Do a checkin to push the key up