CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-15 05:32:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix Elastic Agent for Heavy

Browse Source
This commit is contained in:
Josh Brower
2023-06-23 10:45:58 -04:00
parent 8de01625a8
commit a9585b2a7f
8 changed files with 57 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/docker/defaults.yaml
View File

@@ -178,6 +178,11 @@ docker:
custom_bind_mounts: [] custom_bind_mounts: []
extra_hosts: [] extra_hosts: []
extra_env: [] extra_env: []
'so-elastic-agent':
final_octet: 46
custom_bind_mounts: []
extra_hosts: []
extra_env: []
'so-telegraf': 'so-telegraf':
final_octet: 99 final_octet: 99
custom_bind_mounts: [] custom_bind_mounts: []

7
salt/elasticagent/enabled.sls
View File

@@ -31,19 +31,16 @@ so-elastic-agent:
- {{ XTRAHOST }} - {{ XTRAHOST }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
- port_bindings:
{% for BINDING in DOCKER.containers['so-elastic-agent'].port_bindings %}
- {{ BINDING }}
{% endfor %}
- binds: - binds:
- /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro - /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro
- /nsm:/nsm:ro
{% if DOCKER.containers['so-elastic-agent'].custom_bind_mounts %} {% if DOCKER.containers['so-elastic-agent'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-elastic-agent'].custom_bind_mounts %} {% for BIND in DOCKER.containers['so-elastic-agent'].custom_bind_mounts %}
- {{ BIND }} - {{ BIND }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
- environment:
{% if DOCKER.containers['so-elastic-agent'].extra_env %} {% if DOCKER.containers['so-elastic-agent'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-elastic-agent'].extra_env %} {% for XTRAENV in DOCKER.containers['so-elastic-agent'].extra_env %}
- {{ XTRAENV }} - {{ XTRAENV }}
{% endfor %} {% endfor %}

7
salt/elasticagent/files/elastic-agent.yml.jinja
View File

@@ -11,6 +11,7 @@ outputs:
- 'https://{{ GLOBALS.hostname }}:9200' - 'https://{{ GLOBALS.hostname }}:9200'
username: '{{ ES_USER }}' username: '{{ ES_USER }}'
password: '{{ ES_PASS }}' password: '{{ ES_PASS }}'
ssl.verification_mode: none
output_permissions: {} output_permissions: {}
agent: agent:
download: download:
@@ -29,7 +30,7 @@ inputs:
meta: meta:
package: package:
name: log name: log
version: 1.1.2 version:
data_stream: data_stream:
namespace: so namespace: so
package_policy_id: 80ffa884-2cfc-459a-964a-34df25714d85 package_policy_id: 80ffa884-2cfc-459a-964a-34df25714d85
@@ -54,7 +55,7 @@ inputs:
meta: meta:
package: package:
name: log name: log
version: 1.1.2 version:
data_stream: data_stream:
namespace: so namespace: so
package_policy_id: 90103ac4-f6bd-4a4a-b596-952c332390fc package_policy_id: 90103ac4-f6bd-4a4a-b596-952c332390fc
@@ -79,7 +80,7 @@ inputs:
meta: meta:
package: package:
name: log name: log
version: 1.1.2 version:
data_stream: data_stream:
namespace: so namespace: so
package_policy_id: 6197fe84-9b58-4d9b-8464-3d517f28808d package_policy_id: 6197fe84-9b58-4d9b-8464-3d517f28808d

10
salt/elasticagent/tools/sbin/so-elastic-agent-restart Executable file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-restart elastic-agent $1

12
salt/elasticagent/tools/sbin/so-elastic-agent-start Executable file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-start elastic-agent $1

12
salt/elasticagent/tools/sbin/so-elastic-agent-stop Executable file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
. /usr/sbin/so-common
/usr/sbin/so-stop elastic-agent $1

2
salt/elasticfleet/install_agent_grid.sls
View File

@@ -7,10 +7,12 @@
{% set AGENT_STATUS = salt['service.available']('elastic-agent') %} {% set AGENT_STATUS = salt['service.available']('elastic-agent') %}
{% if not AGENT_STATUS %} {% if not AGENT_STATUS %}
{% if grains.role not in ['so-heavy'] %}
run_installer: run_installer:
cmd.script: cmd.script:
- name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux_amd64 - name: salt://elasticfleet/files/so_agent-installers/so-elastic-agent_linux_amd64
- cwd: /opt/so - cwd: /opt/so
- args: -token={{ GRIDNODETOKEN }} - args: -token={{ GRIDNODETOKEN }}
{% endif %}
{% endif %} {% endif %}

10
salt/manager/tools/sbin/so-minion
View File

@@ -133,6 +133,15 @@ function add_elasticsearch_to_minion() {
" " >> $PILLARFILE " " >> $PILLARFILE
} }
# Add Elastic Agent settings to the minion file
function add_elastic_agent_to_minion() {
printf '%s\n'\
"elasticagent:"\
" enabled: True"\
" " >> $PILLARFILE
}
# Add Elastic Fleet Server settings to the minion file # Add Elastic Fleet Server settings to the minion file
function add_fleet_to_minion() { function add_fleet_to_minion() {
@@ -518,6 +527,7 @@ function createIDH() {
function createHEAVYNODE() { function createHEAVYNODE() {
add_elasticsearch_to_minion add_elasticsearch_to_minion
add_elastic_agent_to_minion
add_logstash_to_minion add_logstash_to_minion
add_sensor_to_minion add_sensor_to_minion
add_strelka_to_minion add_strelka_to_minion