CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 14:07:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

rename analyst to workstation for fw rules. allow workstation to connect to salt_manager port on managers

Browse Source
This commit is contained in:
m0duspwnens
2023-08-04 09:17:22 -04:00
parent 682289ef23
commit a51acfc314
3 changed files with 24 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/firewall/defaults.yaml
+20 -11
View File
@@ -1,6 +1,5 @@
firewall: firewall:
hostgroups: hostgroups:
analyst: []
anywhere: anywhere:
- 0.0.0.0/0 - 0.0.0.0/0
beats_endpoint: [] beats_endpoint: []
@@ -26,6 +25,7 @@ firewall:
standalone: [] standalone: []
strelka_frontend: [] strelka_frontend: []
syslog: [] syslog: []
workstation: []
customhostgroup0: [] customhostgroup0: []
customhostgroup1: [] customhostgroup1: []
customhostgroup2: [] customhostgroup2: []
@@ -215,9 +215,9 @@ firewall:
strelka_frontend: strelka_frontend:
portgroups: portgroups:
- strelka_frontend - strelka_frontend
analyst: workstation:
portgroups: portgroups:
- nginx - yum
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:
@@ -458,9 +458,9 @@ firewall:
endgame: endgame:
portgroups: portgroups:
- endgame - endgame
analyst: workstation:
portgroups: portgroups:
- nginx - yum
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:
@@ -507,6 +507,9 @@ firewall:
receiver: receiver:
portgroups: portgroups:
- salt_manager - salt_manager
workstation:
portgroups:
- salt_manager
self: self:
portgroups: portgroups:
- syslog - syslog
@@ -637,9 +640,9 @@ firewall:
endgame: endgame:
portgroups: portgroups:
- endgame - endgame
analyst: workstation:
portgroups: portgroups:
- nginx - yum
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:
@@ -686,6 +689,9 @@ firewall:
receiver: receiver:
portgroups: portgroups:
- salt_manager - salt_manager
workstation:
portgroups:
- salt_manager
self: self:
portgroups: portgroups:
- syslog - syslog
@@ -824,9 +830,9 @@ firewall:
strelka_frontend: strelka_frontend:
portgroups: portgroups:
- strelka_frontend - strelka_frontend
analyst: workstation:
portgroups: portgroups:
- nginx - yum
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:
@@ -876,6 +882,9 @@ firewall:
receiver: receiver:
portgroups: portgroups:
- salt_manager - salt_manager
workstation:
portgroups:
- salt_manager
self: self:
portgroups: portgroups:
- syslog - syslog
@@ -1169,9 +1178,9 @@ firewall:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update - elastic_agent_update
analyst: workstation:
portgroups: portgroups:
- nginx - yum
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:
salt/firewall/soc_firewall.yaml
+1 -1
View File
@@ -1,6 +1,6 @@
firewall: firewall:
hostgroups: hostgroups:
analyst: &hostgroupsettings workstation: &hostgroupsettings
description: List of IP or CIDR blocks to allow access to this hostgroup. description: List of IP or CIDR blocks to allow access to this hostgroup.
forcedType: "[]string" forcedType: "[]string"
helplink: firewall.html helplink: firewall.html
salt/manager/tools/sbin/so-firewall-minion
+3
View File
@@ -79,4 +79,7 @@ fi
'RECEIVER') 'RECEIVER')
so-firewall includehost receiver "$IP" --apply so-firewall includehost receiver "$IP" --apply
;; ;;
'WORKSTATION')
so-firewall includehost workstation "$IP" --apply
;;
esac esac