From a5b1660778e7a5307f1bb6b1b68e16249504f777 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 3 May 2023 14:12:32 -0400
Subject: [PATCH] Fix firewall changes

---
 salt/idh/init.sls                               | 17 +++++++++++++++++
 salt/idstools/init.sls                          | 17 +++++++++++++++++
 salt/influxdb/init.sls                          | 17 +++++++++++++++++
 salt/kibana/init.sls                            | 17 +++++++++++++++++
 .../so-kibana-config-export}                    |  0
 .../so-kibana-config-load}                      |  0
 .../so-kibana-space-defaults}                   |  0
 salt/logstash/init.sls                          | 17 +++++++++++++++++
 salt/logstash/tools/sbin/so-logstash-events     |  7 ++-----
 salt/logstash/tools/sbin/so-logstash-get-parsed | 12 ------------
 .../tools/sbin/so-logstash-pipeline-stats       |  6 ++----
 salt/manager/tools/sbin/so-firewall             |  2 +-
 salt/manager/tools/sbin/so-firewall-minion      |  2 +-
 13 files changed, 91 insertions(+), 23 deletions(-)
 rename salt/kibana/tools/{sbin/so-kibana-config-export.jinja => sbin_jinja/so-kibana-config-export} (100%)
 rename salt/kibana/tools/{sbin/so-kibana-config-load.jinja => sbin_jinja/so-kibana-config-load} (100%)
 rename salt/kibana/tools/{sbin/so-kibana-space-defaults.jinja => sbin_jinja/so-kibana-space-defaults} (100%)
 delete mode 100755 salt/logstash/tools/sbin/so-logstash-get-parsed

diff --git a/salt/idh/init.sls b/salt/idh/init.sls
index 20a6412ce..895cd61ac 100644
--- a/salt/idh/init.sls
+++ b/salt/idh/init.sls
@@ -60,6 +60,23 @@ opencanary_config:
     - defaults:
         OPENCANARYCONFIG: {{ OPENCANARYCONFIG }}
 
+idh_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://idh/tools/sbin
+    - user: 934
+    - group: 939
+    - file_mode: 755
+
+#idh_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://idh/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 so-idh:
   docker_container.running:
     - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-idh:{{ GLOBALS.so_version }}
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index 5ec9464cc..7ad22e58b 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -20,6 +20,23 @@ idstoolslogdir:
     - group: 939
     - makedirs: True
 
+idstools_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://idstools/tools/sbin
+    - user: 934
+    - group: 939
+    - file_mode: 755
+
+#idstools_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://idstools/tools/sbin_jinja
+#    - user: 934
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 so-rule-update:
   cron.present:
     - name: /usr/sbin/so-rule-update > /opt/so/log/idstools/download.log 2>&1
diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls
index b4824825b..7e10a6798 100644
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -31,6 +31,23 @@ influxdbdir:
     - name: /nsm/influxdb
     - makedirs: True
 
+influxdb_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://influxdb/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#influxdb_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://influxdb/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 influxdbconf:
   file.managed:
     - name: /opt/so/conf/influxdb/config.yaml
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index a974dcf48..015aa4396 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -34,6 +34,23 @@ kibanaconfdir:
     - group: 939
     - makedirs: True
 
+kibana_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://kibana/tools/sbin
+    - user: 932
+    - group: 939
+    - file_mode: 755
+
+curator_sbin_jinja:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://kibana/tools/sbin_jinja
+    - user: 932
+    - group: 939 
+    - file_mode: 755
+    - template: jinja
+
 kibanaconfig:
   file.managed:
     - name: /opt/so/conf/kibana/etc/kibana.yml
diff --git a/salt/kibana/tools/sbin/so-kibana-config-export.jinja b/salt/kibana/tools/sbin_jinja/so-kibana-config-export
similarity index 100%
rename from salt/kibana/tools/sbin/so-kibana-config-export.jinja
rename to salt/kibana/tools/sbin_jinja/so-kibana-config-export
diff --git a/salt/kibana/tools/sbin/so-kibana-config-load.jinja b/salt/kibana/tools/sbin_jinja/so-kibana-config-load
similarity index 100%
rename from salt/kibana/tools/sbin/so-kibana-config-load.jinja
rename to salt/kibana/tools/sbin_jinja/so-kibana-config-load
diff --git a/salt/kibana/tools/sbin/so-kibana-space-defaults.jinja b/salt/kibana/tools/sbin_jinja/so-kibana-space-defaults
similarity index 100%
rename from salt/kibana/tools/sbin/so-kibana-space-defaults.jinja
rename to salt/kibana/tools/sbin_jinja/so-kibana-space-defaults
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index caabd10ea..c80df1f5c 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -43,6 +43,23 @@ lslibdir:
   file.absent:
     - name: /opt/so/conf/logstash/lib
 
+logstash_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://logstash/tools/sbin
+    - user: 931
+    - group: 939
+    - file_mode: 755
+
+#logstash_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://logstash/tools/sbin_jinja
+#    - user: 931
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 lsetcdir:
   file.directory:
     - name: /opt/so/conf/logstash/etc
diff --git a/salt/logstash/tools/sbin/so-logstash-events b/salt/logstash/tools/sbin/so-logstash-events
index 5ea34ad80..60d02e8d9 100755
--- a/salt/logstash/tools/sbin/so-logstash-events
+++ b/salt/logstash/tools/sbin/so-logstash-events
@@ -5,13 +5,10 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{% set MAININT = salt['pillar.get']('host:mainint') -%}
-{% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%}
-
 . /usr/sbin/so-common
 
 if [ "$1" == "" ]; then
-        for i in $(curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines | jq '. | to_entries | .[].key' | sed 's/\"//g'); do echo ${i^}:; curl -s localhost:9600/_node/stats | jq .pipelines.$i.events; done
+        for i in $(curl -s -L http://localhost:9600/_node/stats | jq .pipelines | jq '. | to_entries | .[].key' | sed 's/\"//g'); do echo ${i^}:; curl -s localhost:9600/_node/stats | jq .pipelines.$i.events; done
 else
-        curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines.$1.events
+        curl -s -L http://localhost:9600/_node/stats | jq .pipelines.$1.events
 fi
diff --git a/salt/logstash/tools/sbin/so-logstash-get-parsed b/salt/logstash/tools/sbin/so-logstash-get-parsed
deleted file mode 100755
index 1575010ac..000000000
--- a/salt/logstash/tools/sbin/so-logstash-get-parsed
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-
-
-. /usr/sbin/so-common
-
-docker exec -it so-redis redis-cli llen logstash:unparsed
diff --git a/salt/logstash/tools/sbin/so-logstash-pipeline-stats b/salt/logstash/tools/sbin/so-logstash-pipeline-stats
index 4ad58e5b3..badcddf72 100755
--- a/salt/logstash/tools/sbin/so-logstash-pipeline-stats
+++ b/salt/logstash/tools/sbin/so-logstash-pipeline-stats
@@ -5,13 +5,11 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{% set MAININT = salt['pillar.get']('host:mainint') -%}
-{% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%}
 
 . /usr/sbin/so-common
 
 if [ "$1" == "" ]; then
-        curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines 
+        curl -s -L http://localhost:9600/_node/stats | jq .pipelines 
 else
-        curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines.$1
+        curl -s -L http://localhost:9600/_node/stats | jq .pipelines.$1
 fi
diff --git a/salt/manager/tools/sbin/so-firewall b/salt/manager/tools/sbin/so-firewall
index 94302b5b2..6c47a3719 100755
--- a/salt/manager/tools/sbin/so-firewall
+++ b/salt/manager/tools/sbin/so-firewall
@@ -144,4 +144,4 @@ def main():
   sys.exit(code)
 
 if __name__ == "__main__":
-  main()
+  main()
\ No newline at end of file
diff --git a/salt/manager/tools/sbin/so-firewall-minion b/salt/manager/tools/sbin/so-firewall-minion
index 610d0fc3a..4834f0e41 100755
--- a/salt/manager/tools/sbin/so-firewall-minion
+++ b/salt/manager/tools/sbin/so-firewall-minion
@@ -79,4 +79,4 @@ fi
 		'RECEIVER')
 			so-firewall includehost receiver "$IP" --apply
 			;;
-    esac
+    esac
\ No newline at end of file