CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

add chain to iptables state - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/641

Browse Source
This commit is contained in:
m0duspwnens
2020-06-09 13:30:24 -04:00
parent 721f2682ac
commit accb3d536d
11 changed files with 394 additions and 1004 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
salt/firewall/assigned_hostgroups.local.map.yaml
View File

@@ -6,16 +6,9 @@
role: role:
eval: eval:
hostgroups: helisensor:
helixsensor:
hostgroups:
master: master:
hostgroups:
mastersearch: mastersearch:
hostgroups:
standalone: standalone:
hostgroups:
searchnode: searchnode:
hostgroups: fleet:
fleet:
hostgroups:

640
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -3,286 +3,376 @@
role: role:
eval: eval:
hostgroups: chain:
dockernet: DOCKER-USER:
portgroups: hostgroups:
- {{ portgroups.all }} master:
master: portgroups:
portgroups: - {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.playbook }}
- {{ portgroups.playbook }} - {{ portgroups.mysql }}
- {{ portgroups.mysql }} - {{ portgroups.navigator }}
- {{ portgroups.navigator }} - {{ portgroups.kibana }}
- {{ portgroups.kibana }} - {{ portgroups.redis }}
- {{ portgroups.redis }} - {{ portgroups.influxdb }}
- {{ portgroups.influxdb }} - {{ portgroups.fleet_api }}
- {{ portgroups.fleet_api }} - {{ portgroups.cortex }}
- {{ portgroups.cortex }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_rest }} - {{ portgroups.cortex_es_node }}
- {{ portgroups.cortex_es_node }} minion:
minion: portgroups:
portgroups: - {{ portgroups.acng }}
- {{ portgroups.acng }} - {{ portgroups.docker_registry }}
- {{ portgroups.salt_master }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.docker_registry }} - {{ portgroups.influxdb }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.wazuh_minion }}
- {{ portgroups.influxdb }} sensor:
- {{ portgroups.wazuh_minion }} portgroups:
sensor: - {{ portgroups.sensoroni }}
portgroups: - {{ portgroups.beats_5044 }}
- {{ portgroups.sensoroni }} - {{ portgroups.beats_5644 }}
- {{ portgroups.beats_5044 }} search_node:
- {{ portgroups.beats_5644 }} portgroups:
search_node: - {{ portgroups.redis }}
portgroups: - {{ portgroups.elasticsearch_node }}
- {{ portgroups.redis }} self:
- {{ portgroups.elasticsearch_node }} portgroups:
beats_endpoint: - {{ portgroups.syslog}}
portgroups: beats_endpoint:
- {{ portgroups.beats_5044 }} portgroups:
osquery_endpoint: - {{ portgroups.beats_5044 }}
portgroups: osquery_endpoint:
- {{ portgroups.fleet_api }} portgroups:
wazuh_endpoint: - {{ portgroups.fleet_api }}
portgroups: wazuh_endpoint:
- {{ portgroups.wazuh_endpoint }} portgroups:
analyst: - {{ portgroups.wazuh_endpoint }}
portgroups: analyst:
- {{ portgroups.nginx }} portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
helixsensor: helixsensor:
hostgroups: chain:
dockernet: DOCKER-USER:
portgroups: hostgroups:
- {{ portgroups.all }} master:
master: portgroups:
portgroups: - {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.playbook }}
- {{ portgroups.playbook }} - {{ portgroups.mysql }}
- {{ portgroups.mysql }} - {{ portgroups.navigator }}
- {{ portgroups.navigator }} - {{ portgroups.kibana }}
- {{ portgroups.kibana }} - {{ portgroups.redis }}
- {{ portgroups.redis }} - {{ portgroups.influxdb }}
- {{ portgroups.influxdb }} - {{ portgroups.fleet_api }}
- {{ portgroups.fleet_api }} - {{ portgroups.cortex }}
- {{ portgroups.cortex }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_rest }} - {{ portgroups.cortex_es_node }}
- {{ portgroups.cortex_es_node }} minion:
minion: portgroups:
portgroups: - {{ portgroups.acng }}
- {{ portgroups.acng }} - {{ portgroups.docker_registry }}
- {{ portgroups.salt_master }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.docker_registry }} - {{ portgroups.influxdb }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.wazuh_minion }}
- {{ portgroups.influxdb }} sensor:
- {{ portgroups.wazuh_minion }} portgroups:
sensor: - {{ portgroups.sensoroni }}
portgroups: - {{ portgroups.beats_5044 }}
- {{ portgroups.sensoroni }} - {{ portgroups.beats_5644 }}
- {{ portgroups.beats_5044 }} search_node:
- {{ portgroups.beats_5644 }} portgroups:
search_node: - {{ portgroups.redis }}
portgroups: - {{ portgroups.elasticsearch_node }}
- {{ portgroups.redis }} self:
- {{ portgroups.elasticsearch_node }} portgroups:
beats_endpoint: - {{ portgroups.syslog}}
portgroups: beats_endpoint:
- {{ portgroups.beats_5044 }} portgroups:
osquery_endpoint: - {{ portgroups.beats_5044 }}
portgroups: osquery_endpoint:
- {{ portgroups.fleet_api }} portgroups:
wazuh_endpoint: - {{ portgroups.fleet_api }}
portgroups: wazuh_endpoint:
- {{ portgroups.wazuh_endpoint }} portgroups:
analyst: - {{ portgroups.wazuh_endpoint }}
portgroups: analyst:
- {{ portgroups.nginx }} portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
master: master:
hostgroups: chain:
dockernet: DOCKER-USER:
portgroups: hostgroups:
- {{ portgroups.all }} master:
master: portgroups:
portgroups: - {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.playbook }}
- {{ portgroups.playbook }} - {{ portgroups.mysql }}
- {{ portgroups.mysql }} - {{ portgroups.navigator }}
- {{ portgroups.navigator }} - {{ portgroups.kibana }}
- {{ portgroups.kibana }} - {{ portgroups.redis }}
- {{ portgroups.redis }} - {{ portgroups.influxdb }}
- {{ portgroups.influxdb }} - {{ portgroups.fleet_api }}
- {{ portgroups.fleet_api }} - {{ portgroups.cortex }}
- {{ portgroups.cortex }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_rest }} - {{ portgroups.cortex_es_node }}
- {{ portgroups.cortex_es_node }} minion:
minion: portgroups:
portgroups: - {{ portgroups.acng }}
- {{ portgroups.acng }} - {{ portgroups.docker_registry }}
- {{ portgroups.salt_master }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.docker_registry }} - {{ portgroups.influxdb }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.wazuh_minion }}
- {{ portgroups.influxdb }} sensor:
- {{ portgroups.wazuh_minion }} portgroups:
sensor: - {{ portgroups.sensoroni }}
portgroups: - {{ portgroups.beats_5044 }}
- {{ portgroups.sensoroni }} - {{ portgroups.beats_5644 }}
- {{ portgroups.beats_5044 }} search_node:
- {{ portgroups.beats_5644 }} portgroups:
search_node: - {{ portgroups.redis }}
portgroups: - {{ portgroups.elasticsearch_node }}
- {{ portgroups.redis }} self:
- {{ portgroups.elasticsearch_node }} portgroups:
beats_endpoint: - {{ portgroups.syslog}}
portgroups: beats_endpoint:
- {{ portgroups.beats_5044 }} portgroups:
osquery_endpoint: - {{ portgroups.beats_5044 }}
portgroups: osquery_endpoint:
- {{ portgroups.fleet_api }} portgroups:
wazuh_endpoint: - {{ portgroups.fleet_api }}
portgroups: wazuh_endpoint:
- {{ portgroups.wazuh_endpoint }} portgroups:
analyst: - {{ portgroups.wazuh_endpoint }}
portgroups: analyst:
- {{ portgroups.nginx }} portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
mastersearch: mastersearch:
hostgroups: chain:
dockernet: DOCKER-USER:
portgroups: hostgroups:
- {{ portgroups.all }} master:
master: portgroups:
portgroups: - {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.playbook }}
- {{ portgroups.playbook }} - {{ portgroups.mysql }}
- {{ portgroups.mysql }} - {{ portgroups.navigator }}
- {{ portgroups.navigator }} - {{ portgroups.kibana }}
- {{ portgroups.kibana }} - {{ portgroups.redis }}
- {{ portgroups.redis }} - {{ portgroups.influxdb }}
- {{ portgroups.influxdb }} - {{ portgroups.fleet_api }}
- {{ portgroups.fleet_api }} - {{ portgroups.cortex }}
- {{ portgroups.cortex }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_rest }} - {{ portgroups.cortex_es_node }}
- {{ portgroups.cortex_es_node }} minion:
minion: portgroups:
portgroups: - {{ portgroups.acng }}
- {{ portgroups.acng }} - {{ portgroups.docker_registry }}
- {{ portgroups.salt_master }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.docker_registry }} - {{ portgroups.influxdb }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.wazuh_minion }}
- {{ portgroups.influxdb }} sensor:
- {{ portgroups.wazuh_minion }} portgroups:
sensor: - {{ portgroups.sensoroni }}
portgroups: - {{ portgroups.beats_5044 }}
- {{ portgroups.sensoroni }} - {{ portgroups.beats_5644 }}
- {{ portgroups.beats_5044 }} search_node:
- {{ portgroups.beats_5644 }} portgroups:
search_node: - {{ portgroups.redis }}
portgroups: - {{ portgroups.elasticsearch_node }}
- {{ portgroups.redis }} self:
- {{ portgroups.elasticsearch_node }} portgroups:
beats_endpoint: - {{ portgroups.syslog}}
portgroups: beats_endpoint:
- {{ portgroups.beats_5044 }} portgroups:
osquery_endpoint: - {{ portgroups.beats_5044 }}
portgroups: osquery_endpoint:
- {{ portgroups.fleet_api }} portgroups:
wazuh_endpoint: - {{ portgroups.fleet_api }}
portgroups: wazuh_endpoint:
- {{ portgroups.wazuh_endpoint }} portgroups:
analyst: - {{ portgroups.wazuh_endpoint }}
portgroups: analyst:
- {{ portgroups.nginx }} portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
standalone: standalone:
hostgroups: chain:
dockernet: DOCKER-USER:
portgroups: hostgroups:
- {{ portgroups.all }} master:
master: portgroups:
portgroups: - {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.playbook }}
- {{ portgroups.playbook }} - {{ portgroups.mysql }}
- {{ portgroups.mysql }} - {{ portgroups.navigator }}
- {{ portgroups.navigator }} - {{ portgroups.kibana }}
- {{ portgroups.kibana }} - {{ portgroups.redis }}
- {{ portgroups.redis }} - {{ portgroups.influxdb }}
- {{ portgroups.influxdb }} - {{ portgroups.fleet_api }}
- {{ portgroups.fleet_api }} - {{ portgroups.cortex }}
- {{ portgroups.cortex }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_rest }} - {{ portgroups.cortex_es_node }}
- {{ portgroups.cortex_es_node }} minion:
minion: portgroups:
portgroups: - {{ portgroups.acng }}
- {{ portgroups.acng }} - {{ portgroups.docker_registry }}
- {{ portgroups.salt_master }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.docker_registry }} - {{ portgroups.influxdb }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.wazuh_minion }}
- {{ portgroups.influxdb }} sensor:
- {{ portgroups.wazuh_minion }} portgroups:
sensor: - {{ portgroups.sensoroni }}
portgroups: - {{ portgroups.beats_5044 }}
- {{ portgroups.sensoroni }} - {{ portgroups.beats_5644 }}
- {{ portgroups.beats_5044 }} search_node:
- {{ portgroups.beats_5644 }} portgroups:
search_node: - {{ portgroups.redis }}
portgroups: - {{ portgroups.elasticsearch_node }}
- {{ portgroups.redis }} self:
- {{ portgroups.elasticsearch_node }} portgroups:
beats_endpoint: - {{ portgroups.syslog}}
portgroups: beats_endpoint:
- {{ portgroups.beats_5044 }} portgroups:
osquery_endpoint: - {{ portgroups.beats_5044 }}
portgroups: osquery_endpoint:
- {{ portgroups.fleet_api }} portgroups:
wazuh_endpoint: - {{ portgroups.fleet_api }}
portgroups: wazuh_endpoint:
- {{ portgroups.wazuh_endpoint }} portgroups:
analyst: - {{ portgroups.wazuh_endpoint }}
portgroups: analyst:
- {{ portgroups.nginx }} portgroups:
- {{ portgroups.nginx }}
INPUT:
hostgroups:
anywhere:
portgroups:
- {{ portgroups.ssh }}
dockernet:
portgroups:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
minion:
portgroups:
- {{ portgroups.salt_master }}
searchnode: searchnode:
hostgroups: chain:
master: DOCKER-USER:
portgroups: hostgroups:
- {{ portgroups.elasticsearch_node }} master:
dockernet: portgroups:
portgroups: - {{ portgroups.elasticsearch_node }}
- {{ portgroups.all }} dockernet:
- {{ portgroups.elasticsearch_node }} portgroups:
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.elasticsearch_node }}
INPUT:
hostgroups:
dockernet:
portgroups:
- {{ portgroups.all }}
sensor: sensor:
hostgroups: chain:
dockernet: INPUT:
portgroups: hostgroups:
- {{ portgroups.all }} dockernet:
portgroups:
- {{ portgroups.all }}
heavynode: heavynode:
hostgroups: chain:
self: DOCKER-USER:
portgroups: hostgroups:
- {{ portgroups.redis }} self:
- {{ portgroups.beats_5044 }} portgroups:
- {{ portgroups.beats_5644 }} - {{ portgroups.redis }}
- {{ portgroups.beats_5044 }}
- {{ portgroups.beats_5644 }}
fleet: fleet:
hostgroups: chain:
dockernet: DOCKER-USER:
portgroups: hostgroups:
- {{ portgroups.all }} self:
self: portgroups:
portgroups: - {{ portgroups.redis }}
- {{ portgroups.redis }} - {{ portgroups.mysql }}
- {{ portgroups.mysql }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.osquery_8080 }} localhost:
localhost: portgroups:
portgroups: - {{ portgroups.mysql }}
- {{ portgroups.mysql }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.osquery_8080 }} analyst:
analyst: portgroups:
portgroups: - {{ portgroups.fleet_webui }}
- {{ portgroups.fleet_webui }} INPUT:
hostgroups:
dockernet:
portgroups:
- {{ portgroups.all }}

4
salt/firewall/hostgroups.local.yaml
View File

@@ -4,7 +4,6 @@ firewall:
ips: ips:
delete: delete:
insert: insert:
- 10.11.1.1
beats_endpoint: beats_endpoint:
ips: ips:
delete: delete:
@@ -44,5 +43,4 @@ firewall:
wazuh_endpoint: wazuh_endpoint:
ips: ips:
delete: delete:
insert: insert:

5
salt/firewall/hostgroups.yaml
View File

@@ -1,5 +1,10 @@
firewall: firewall:
hostgroups: hostgroups:
anywhere:
ips:
delete:
insert:
- 0.0.0.0/0
dockernet: dockernet:
ips: ips:
delete: delete:

26
salt/firewall/init.sls
View File

@@ -136,30 +136,34 @@ enable_fleetnode_beats_5644_{{FLEET_NODE_IP}}:
{% endif %} {% endif %}
{% for hostgroup, portgroups in assigned_hostgroups.role[role].hostgroups.items() %} {% for chain, hg in assigned_hostgroups.role[role].chain.items() %}
{% for action in ['insert', 'delete' ] %} {% for hostgroup, portgroups in assigned_hostgroups.role[role].chain[chain].hostgroups.items() %}
{% if hostgroups[hostgroup].ips[action] %} {% for action in ['insert', 'delete' ] %}
{% for ip in hostgroups[hostgroup].ips[action] %} {% if hostgroups[hostgroup].ips[action] %}
{% for portgroup in portgroups.portgroups %} {% for ip in hostgroups[hostgroup].ips[action] %}
{% for proto, ports in portgroup.items() %} {% for portgroup in portgroups.portgroups %}
{% for port in ports %} {% for proto, ports in portgroup.items() %}
{% for port in ports %}
{{action}}_{{hostgroup}}_{{ip}}_{{port}}_{{proto}}: {{action}}_{{chain}}_{{hostgroup}}_{{ip}}_{{port}}_{{proto}}:
iptables.{{action}}: iptables.{{action}}:
- table: filter - table: filter
- chain: DOCKER-USER - chain: {{ chain }}
- jump: ACCEPT - jump: ACCEPT
- proto: {{ proto }} - proto: {{ proto }}
- source: {{ ip }} - source: {{ ip }}
- dport: {{ port }} - dport: {{ port }}
{% if action == 'insert' %}
- position: 1 - position: 1
{% endif %}
- save: True - save: True
{% endfor %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
{% endfor %} {% endif %}
{% endif %} {% endfor %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}

6
salt/firewall/portgroups.yaml
View File

@@ -71,6 +71,12 @@ firewall:
sensoroni: sensoroni:
tcp: tcp:
- 443 - 443
ssh:
tcp:
- 22
syslog:
tcp:
- 514
wazuh_minion: wazuh_minion:
tcp: tcp:
- 55000 - 55000

115
salt/firewall/unneeded_hostgroups.local.yaml
View File

@@ -1,115 +0,0 @@
{% import_yaml 'firewall/port_groups.yaml' as default_port_groups %}
{% set default_port_groups = default_port_groups.firewall.aliases.ports %}
{% import_yaml 'firewall/port_groups.local.yaml' as local_port_groups %}
{% set local_port_groups = local_port_groups.firewall.aliases.ports %}
{% set port_groups = local_port_groups, default=default_port_groups, merge=True %}
firewall:
aliases:
analyst:
ips:
delete:
allow:
port_groups:
- {{ port_groups.nginx }}
beats_endpoint:
ips:
delete:
allow:
port_groups:
- {{ port_groups.beats_5044 }}
dockernet:
ips:
delete:
allow:
- 172.17.0.0/24
fleet:
ips:
delete:
allow:
port_groups:
- {{ port_groups.mysql }}
- {{ port_groups.redis }}
- {{ port_groups.osquery_8080 }}
heavy_node:
ips:
delete:
allow:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
localhost:
ips:
delete:
allow:
- 127.0.0.1
master:
ips:
delete:
allow:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.osquery_8090 }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
ips:
delete:
allow:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
node:
ips:
delete:
allow:
port_groups:
- {{ port_groups.elasticsearch_node }}
osquery_endpoint:
ips:
delete:
allow:
port_groups:
- {{ port_groups.osquery_8090 }}
search_node:
ips:
delete:
allow:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
self:
ips:
delete:
allow:
- {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('node:mainint'))))[0] }}
sensor:
ips:
delete:
allow:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
wazuh_endpoint:
ips:
delete:
allow:
port_groups:
- {{ port_groups.wazuh_endpoint }}

95
salt/firewall/unneeded_hostgroups.yaml
View File

@@ -1,95 +0,0 @@
{% import_yaml 'firewall/port_groups.yaml' as port_groups %}
{% set port_groups = port_groups.firewall.aliases.ports %}
firewall:
aliases:
analyst:
ips:
delete:
insert:
port_groups:
- {{ port_groups.nginx }}
beats_endpoint:
ips:
delete:
insert:
port_groups:
- {{ port_groups.beats_5044 }}
fleet:
ips:
delete:
insert:
port_groups:
- {{ port_groups.mysql }}
- {{ port_groups.redis }}
- {{ port_groups.osquery_8080 }}
heavy_node:
ips:
delete:
insert:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
master:
ips:
delete:
insert:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.osquery_8090 }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
ips:
delete:
insert:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
node:
ips:
delete:
insert:
port_groups:
- {{ port_groups.elasticsearch_node }}
osquery_endpoint:
ips:
delete:
insert:
port_groups:
- {{ port_groups.osquery_8090 }}
search_node:
ips:
delete:
insert:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
sensor:
ips:
delete:
insert:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
wazuh_endpoint:
ips:
delete:
insert:
port_groups:
- {{ port_groups.wazuh_endpoint }}

145
salt/firewall/unneeded_ports.yml
View File

@@ -1,145 +0,0 @@
firewall:
aliases:
analyst:
ports:
nginx:
tcp:
- 80
- 443
beats_endpoint:
ports:
beats:
tcp:
- 5044
fleet:
ports:
mysql:
tcp:
- 3306
redis:
tcp:
- 6379
osquery:
tcp:
- 8080
forward_nodes:
ports:
sensoroni:
tcp:
- 443
beats:
tcp:
- 5044
beats_so:
tcp:
- 5644
heavy_node:
ports:
redis:
tcp:
- 6379
beats:
- 5044
beats2:
- 5644
master:
ports:
wazuh:
tcp:
- 1514
udp:
- 1514
playbook:
tcp:
- 3200
mysql:
tcp:
- 3306
navigator:
tcp:
- 4200
kibana:
tcp:
- 5601
redis:
tcp:
- 6379
influxdb:
tcp:
- 8086
osquery:
tcp:
- 8090
cortex:
tcp:
- 9001
elasticsearch_rest:
tcp:
- 9200
elasticsearch_node:
tcp:
- 9300
cortex_es_rest:
tcp:
- 9400
cortex_es_node:
tcp:
- 9500
minions:
ports:
acng:
- 3142
salt:
tcp:
- 4505
- 4506
registry:
tcp:
- 5000
osquery:
tcp:
- 8080
influxdb:
tcp:
- 8086
wazuh:
tcp:
- 55000
node:
ports:
elasticsearch_node:
tcp:
- 9300
osquery_endpoint:
ports:
fleet:
tcp:
- 8090
search_nodes:
ports:
redis:
tcp:
- 6379
elasticsearch_node:
- 9300
sensor:
ports:
wazuh_endpoint:
ports:
wazuh:
tcp:
- 1514
udp:
- 1514

63
salt/firewall/unneeded_ports.yml.old
View File

@@ -1,63 +0,0 @@
firewall:
aliases:
analyst:
ports:
tcp:
- 80
- 443
udp:
beats_endpoint:
ports:
tcp:
- 5044
forward_nodes:
ports:
tcp:
- 443
- 5044
- 5644
- 9822
udp:
master:
ports:
tcp:
- 1514
- 3200
- 3306
- 4200
- 5601
- 6379
- 8086
- 8090
- 9001
- 9200
- 9300
- 9400
- 9500
udp:
- 1514
minions:
ports:
tcp:
- 3142
- 4505
- 4506
- 5000
- 8080
- 8086
- 55000
osquery_endpoint:
ports:
tcp:
- 8090
search_nodes:
ports:
tcp:
- 6379
- 9300
wazuh_endpoint:
ports:
tcp:
- 1514
udp:
-1514

288
salt/firewall/unneeded_role.map.jinja
View File

@@ -1,288 +0,0 @@
{% import_yaml 'firewall/port_groups.yaml' as port_groups %}
{% set port_groups = port_groups.firewall.aliases.ports %}
role:
eval:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
master:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.fleet_api }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
sensor:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
search_node:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
beats_endpoint:
port_groups:
- {{ port_groups.beats_5044 }}
osquery_endpoint:
port_groups:
- {{ port_groups.fleet_api }}
wazuh_endpoint:
port_groups:
- {{ port_groups.wazuh_endpoint }}
analyst:
port_groups:
- {{ port_groups.nginx }}
helisensor:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
master:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.fleet_api }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
sensor:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
search_node:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
beats_endpoint:
port_groups:
- {{ port_groups.beats_5044 }}
osquery_endpoint:
port_groups:
- {{ port_groups.fleet_api }}
wazuh_endpoint:
port_groups:
- {{ port_groups.wazuh_endpoint }}
analyst:
port_groups:
- {{ port_groups.nginx }}
master:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
master:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.fleet_api }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
sensor:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
search_node:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
beats_endpoint:
port_groups:
- {{ port_groups.beats_5044 }}
osquery_endpoint:
port_groups:
- {{ port_groups.fleet_api }}
wazuh_endpoint:
port_groups:
- {{ port_groups.wazuh_endpoint }}
analyst:
port_groups:
- {{ port_groups.nginx }}
mastersearch:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
master:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.fleet_api }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
sensor:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
search_node:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
beats_endpoint:
port_groups:
- {{ port_groups.beats_5044 }}
osquery_endpoint:
port_groups:
- {{ port_groups.fleet_api }}
wazuh_endpoint:
port_groups:
- {{ port_groups.wazuh_endpoint }}
analyst:
port_groups:
- {{ port_groups.nginx }}
standalone:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
master:
port_groups:
- {{ port_groups.wazuh_endpoint }}
- {{ port_groups.playbook }}
- {{ port_groups.mysql }}
- {{ port_groups.navigator }}
- {{ port_groups.kibana }}
- {{ port_groups.redis }}
- {{ port_groups.influxdb }}
- {{ port_groups.fleet_api }}
- {{ port_groups.cortex }}
- {{ port_groups.elasticsearch_rest }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.cortex_es_rest }}
- {{ port_groups.cortex_es_node }}
minion:
port_groups:
- {{ port_groups.acng }}
- {{ port_groups.salt_master }}
- {{ port_groups.docker_registry }}
- {{ port_groups.osquery_8080 }}
- {{ port_groups.influxdb }}
- {{ port_groups.wazuh_minion }}
sensor:
port_groups:
- {{ port_groups.sensoroni }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
search_node:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.elasticsearch_node }}
beats_endpoint:
port_groups:
- {{ port_groups.beats_5044 }}
osquery_endpoint:
port_groups:
- {{ port_groups.fleet_api }}
wazuh_endpoint:
port_groups:
- {{ port_groups.wazuh_endpoint }}
analyst:
port_groups:
- {{ port_groups.nginx }}
searchnode:
hostgroups:
master:
port_groups:
- {{ port_groups.elasticsearch_node }}
dockernet:
port_groups:
- {{ port_groups.all }}
- {{ port_groups.elasticsearch_node }}
- {{ port_groups.elasticsearch_node }}
sensor:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
heavynode:
hostgroups:
self:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.beats_5044 }}
- {{ port_groups.beats_5644 }}
fleet:
hostgroups:
dockernet:
port_groups:
- {{ port_groups.all }}
self:
port_groups:
- {{ port_groups.redis }}
- {{ port_groups.mysql }}
- {{ port_groups.osquery_8080 }}
localhost:
port_groups:
- {{ port_groups.mysql }}
- {{ port_groups.osquery_8080 }}
analyst:
port_groups:
- {{ port_groups.fleet_webui }}