CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2698 from Security-Onion-Solutions/fix/reserved_ports

Browse Source 
Fix/reserved ports
This commit is contained in:
weslambert
2021-01-21 08:39:35 -05:00
committed by GitHub
parent 516634ef8d 0039877779
commit a99246c600
4 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/common/files/99-reserved-ports.conf Normal file
View File

@@ -0,0 +1 @@
net.ipv4.ip_local_reserved_ports="55000,57314"

11
salt/common/init.sls
View File

@@ -256,6 +256,17 @@ docker:
- watch: - watch:
- file: docker_daemon - file: docker_daemon
# Reserve OS ports for Docker proxy in case boot settings are not already applied/present
dockerapplyports:
cmd.run:
- name: if [ ! -f /etc/sysctl.d/99-reserved-ports.conf ]; then sysctl -w net.ipv4.ip_local_reserved_ports="55000,57314"; fi
# Reserve OS ports for Docker proxy
dockerreserveports:
file.managed:
- source: salt://common/files/99-reserved-ports.conf
- name: /etc/sysctl.d/99-reserved-ports.conf
{% else %} {% else %}
{{sls}}_state_not_allowed: {{sls}}_state_not_allowed:

5
salt/strelka/init.sls
View File

@@ -92,6 +92,11 @@ strelkaunprocessed:
- group: 939 - group: 939
- makedirs: True - makedirs: True
# Check to see if Strelka frontend port is available
strelkaportavailable:
cmd.run:
- name: netstat -utanp | grep ":57314" | grep -qv docker && PROCESS=$(netstat -utanp | grep ":57314" | uniq) && echo "Another process ($PROCESS) appears to be using port 57314. Please terminate this process, or reboot to ensure a clean state so that Strelka can start properly." && exit 1 || exit 0
strelka_coordinator: strelka_coordinator:
docker_container.running: docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}

7
salt/wazuh/init.sls
View File

@@ -94,15 +94,10 @@ wazuhmgrwhitelist:
- mode: 755 - mode: 755
- template: jinja - template: jinja
# Reserve OS port for Wazuh API
wazuhreserveport:
cmd.run:
- name: grep -q 55000 /proc/sys/net/ipv4/ip_local_reserved_ports || sysctl -w net.ipv4.ip_local_reserved_ports="55000" > /dev/null && echo "55000" >> /proc/sys/net/ipv4/ip_local_reserved_ports
# Check to see if Wazuh API port is available # Check to see if Wazuh API port is available
wazuhportavailable: wazuhportavailable:
cmd.run: cmd.run:
- name: netstat -anp | grep 55000 | grep -qv docker && PROCESS=$(netstat -anp | grep 55000 | awk '{print $NF}' | uniq) && echo "Another process ($PROCESS) appears to be using port 55000. Please terminate this process, or reboot to ensure a clean state so that the Wazuh API can start properly." && exit 1 || exit 0 -name: netstat -utanp | grep ":55000" | grep -qv docker && PROCESS=$(netstat -utanp | grep ":55000" | uniq) && echo "Another process ($PROCESS) appears to be using port 55000. Please terminate this process, or reboot to ensure a clean state so that the Wazuh API can start properly." && exit 1 || exit 0
so-wazuh: so-wazuh:
docker_container.running: docker_container.running: