Fix firewall changes

2025-12-06 17:22:49 +01:00 · 2023-05-03 14:12:32 -04:00
parent d5c4a2887e
commit a5b1660778
13 changed files with 91 additions and 23 deletions
--- a/salt/idh/init.sls
+++ b/salt/idh/init.sls
@@ -60,6 +60,23 @@ opencanary_config:
    - defaults:
        OPENCANARYCONFIG: {{ OPENCANARYCONFIG }}
 idh_sbin:
  file.recurse:
    - name: /usr/sbin
    - source: salt://idh/tools/sbin
    - user: 934
    - group: 939
    - file_mode: 755
 #idh_sbin_jinja:
 #  file.recurse:
 #    - name: /usr/sbin
 #    - source: salt://idh/tools/sbin_jinja
 #    - user: 939
 #    - group: 939 
 #    - file_mode: 755
 #    - template: jinja
 so-idh:
  docker_container.running:
    - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-idh:{{ GLOBALS.so_version }}
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -20,6 +20,23 @@ idstoolslogdir:
    - group: 939
    - makedirs: True
 idstools_sbin:
  file.recurse:
    - name: /usr/sbin
    - source: salt://idstools/tools/sbin
    - user: 934
    - group: 939
    - file_mode: 755
 #idstools_sbin_jinja:
 #  file.recurse:
 #    - name: /usr/sbin
 #    - source: salt://idstools/tools/sbin_jinja
 #    - user: 934
 #    - group: 939 
 #    - file_mode: 755
 #    - template: jinja
 so-rule-update:
  cron.present:
    - name: /usr/sbin/so-rule-update > /opt/so/log/idstools/download.log 2>&1
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -31,6 +31,23 @@ influxdbdir:
    - name: /nsm/influxdb
    - makedirs: True
 influxdb_sbin:
  file.recurse:
    - name: /usr/sbin
    - source: salt://influxdb/tools/sbin
    - user: 939
    - group: 939
    - file_mode: 755
 #influxdb_sbin_jinja:
 #  file.recurse:
 #    - name: /usr/sbin
 #    - source: salt://influxdb/tools/sbin_jinja
 #    - user: 939
 #    - group: 939 
 #    - file_mode: 755
 #    - template: jinja
 influxdbconf:
  file.managed:
    - name: /opt/so/conf/influxdb/config.yaml
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -34,6 +34,23 @@ kibanaconfdir:
    - group: 939
    - makedirs: True
 kibana_sbin:
  file.recurse:
    - name: /usr/sbin
    - source: salt://kibana/tools/sbin
    - user: 932
    - group: 939
    - file_mode: 755
 curator_sbin_jinja:
  file.recurse:
    - name: /usr/sbin
    - source: salt://kibana/tools/sbin_jinja
    - user: 932
    - group: 939 
    - file_mode: 755
    - template: jinja
 kibanaconfig:
  file.managed:
    - name: /opt/so/conf/kibana/etc/kibana.yml
--- a/salt/kibana/tools/sbin_jinja/so-kibana-config-export
+++ b/salt/kibana/tools/sbin_jinja/so-kibana-config-export
--- a/salt/kibana/tools/sbin_jinja/so-kibana-config-load
+++ b/salt/kibana/tools/sbin_jinja/so-kibana-config-load
--- a/salt/kibana/tools/sbin_jinja/so-kibana-space-defaults
+++ b/salt/kibana/tools/sbin_jinja/so-kibana-space-defaults
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -43,6 +43,23 @@ lslibdir:
  file.absent:
    - name: /opt/so/conf/logstash/lib
 logstash_sbin:
  file.recurse:
    - name: /usr/sbin
    - source: salt://logstash/tools/sbin
    - user: 931
    - group: 939
    - file_mode: 755
 #logstash_sbin_jinja:
 #  file.recurse:
 #    - name: /usr/sbin
 #    - source: salt://logstash/tools/sbin_jinja
 #    - user: 931
 #    - group: 939 
 #    - file_mode: 755
 #    - template: jinja
 lsetcdir:
  file.directory:
    - name: /opt/so/conf/logstash/etc
--- a/salt/logstash/tools/sbin/so-logstash-events
+++ b/salt/logstash/tools/sbin/so-logstash-events
@@ -5,13 +5,10 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 {% set MAININT = salt['pillar.get']('host:mainint') -%}
 {% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%}
 . /usr/sbin/so-common
 if [ "$1" == "" ]; then
-        for i in $(curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines | jq '. | to_entries | .[].key' | sed 's/\"//g'); do echo ${i^}:; curl -s localhost:9600/_node/stats | jq .pipelines.$i.events; done
+        for i in $(curl -s -L http://localhost:9600/_node/stats | jq .pipelines | jq '. | to_entries | .[].key' | sed 's/\"//g'); do echo ${i^}:; curl -s localhost:9600/_node/stats | jq .pipelines.$i.events; done
 else
-        curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines.$1.events
+        curl -s -L http://localhost:9600/_node/stats | jq .pipelines.$1.events
 fi
--- a/salt/logstash/tools/sbin/so-logstash-get-parsed
+++ b/salt/logstash/tools/sbin/so-logstash-get-parsed
@@ -1,12 +0,0 @@
 #!/bin/bash
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 . /usr/sbin/so-common
 docker exec -it so-redis redis-cli llen logstash:unparsed
--- a/salt/logstash/tools/sbin/so-logstash-pipeline-stats
+++ b/salt/logstash/tools/sbin/so-logstash-pipeline-stats
@@ -5,13 +5,11 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 {% set MAININT = salt['pillar.get']('host:mainint') -%}
 {% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%}
 . /usr/sbin/so-common
 if [ "$1" == "" ]; then
-        curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines 
+        curl -s -L http://localhost:9600/_node/stats | jq .pipelines 
 else
-        curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines.$1
+        curl -s -L http://localhost:9600/_node/stats | jq .pipelines.$1
 fi