CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9939 from Security-Onion-Solutions/kilo

Browse Source 
automated testing support; removal of nonexistent ScanRuby strelka scanner
This commit is contained in:
Jason Ertel
2023-03-16 09:30:05 -04:00
committed by GitHub
parent c355e6eaf0 3ab3e4712c
commit ad2616900c
32 changed files with 154 additions and 1685 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
salt/common/tools/sbin/so-minion
View File

@@ -23,6 +23,7 @@ if [[ $# -lt 1 ]]; then
echo " accept: Accepts a new key and adds the minion files" echo " accept: Accepts a new key and adds the minion files"
echo " delete: Removes the key and deletes the minion files" echo " delete: Removes the key and deletes the minion files"
echo " reject: Rejects a key" echo " reject: Rejects a key"
echo " test: Ingest test data"
echo "" echo ""
exit 1 exit 1
fi fi
@@ -75,6 +76,22 @@ function getinstallinfo() {
source <(echo $INSTALLVARS) source <(echo $INSTALLVARS)
} }
function testminion() {
# Always run on the host, since this is going to be the manager of a distributed grid, or an eval/standalone.
# Distributed managers must run this in order for the sensor nodes to have access to the so-tcpreplay image.
so-test
result=$?
# If this so-minion script is not running on the given minion ID, run so-test remotely on the sensor as well
local_id=$(lookup_grain id)
if [[ ! "$local_id" =~ "${MINION_ID}_" ]]; then
salt "$MINION_ID" cmd.run 'so-test'
result=$?
fi
exit $result
}
function listminions() { function listminions() {
salt-key list -F --out=json salt-key list -F --out=json
exit $? exit $?
@@ -277,3 +294,7 @@ if [[ "$OPERATION" = 'add' || "$OPERATION" = 'setup' ]]; then
create$NODETYPE create$NODETYPE
echo "Minion file created for $MINION_ID" echo "Minion file created for $MINION_ID"
fi fi
if [[ "$OPERATION" = 'test' ]]; then
testminion
fi

2
salt/common/tools/sbin/so-playbook-reset
View File

@@ -17,6 +17,6 @@ salt-call state.apply playbook,playbook.automation_user_create
/usr/sbin/so-soctopus-restart /usr/sbin/so-soctopus-restart
echo "Importing Plays - this will take some time...." echo "Importing Plays - NOTE: this will continue after installation finishes and could take an hour or more. Rebooting while the import is in progress will delay playbook imports."
sleep 5 sleep 5
so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 & so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 &

21
salt/common/tools/sbin/so-status
View File

@@ -24,12 +24,14 @@ def showUsage(options, args):
print(' -h - Prints this usage information') print(' -h - Prints this usage information')
print(' -q - Suppress output; useful for automation of exit code value') print(' -q - Suppress output; useful for automation of exit code value')
print(' -j - Output in JSON format') print(' -j - Output in JSON format')
print(' -i - Consider the installation outcome regardless of whether the system appears healthy')
print('') print('')
print(' Exit codes:') print(' Exit codes:')
print(' 0 - Success, system appears to be running correctly') print(' 0 - Success, system appears to be running correctly')
print(' 1 - Error, one or more subsystems are not running') print(' 1 - Error, one or more subsystems are not running')
print(' 2 - System is starting') print(' 2 - System is starting')
print(' 99 - Installation in progress') print(' 99 - Installation in progress')
print(' 100 - System installation encountered errors')
sys.exit(1) sys.exit(1)
@@ -38,6 +40,16 @@ def fail(msg):
sys.exit(1) sys.exit(1)
def check_installation_status(options, console):
if "-i" in options:
if os.path.isfile('/root/failure'):
return 100
if os.path.isfile('/root/success'):
return 0
return 99
return 0
def check_system_status(options, console): def check_system_status(options, console):
code = 0 code = 0
highstate_end_time = 0 highstate_end_time = 0
@@ -66,6 +78,8 @@ def output(options, console, code, data):
console.print(" [bold yellow]:hourglass: [bold white]System appears to be starting. No highstate has completed since the system was restarted.") console.print(" [bold yellow]:hourglass: [bold white]System appears to be starting. No highstate has completed since the system was restarted.")
elif code == 99: elif code == 99:
console.print(" [bold red]:exclamation: [bold white]Installation does not appear to be complete. A highstate has not fully completed.") console.print(" [bold red]:exclamation: [bold white]Installation does not appear to be complete. A highstate has not fully completed.")
elif code == 100:
console.print(" [bold red]:exclamation: [bold white]Installation encountered errors.")
else: else:
table = Table(title = "Security Onion Status", show_edge = False, safe_box = True, box = box.MINIMAL) table = Table(title = "Security Onion Status", show_edge = False, safe_box = True, box = box.MINIMAL)
table.add_column("Container", justify="right", style="white", no_wrap=True) table.add_column("Container", justify="right", style="white", no_wrap=True)
@@ -137,7 +151,9 @@ def check_container_status(options, console):
def check_status(options, console): def check_status(options, console):
container_list = [] container_list = []
code = check_system_status(options, console) code = check_installation_status(options, console)
if code == 0:
code = check_system_status(options, console)
if code == 0: if code == 0:
code, container_list = check_container_status(options, console) code, container_list = check_container_status(options, console)
output(options, console, code, container_list) output(options, console, code, container_list)
@@ -150,9 +166,8 @@ def main():
for option in args: for option in args:
if option.startswith("-"): if option.startswith("-"):
options.append(option) options.append(option)
args.remove(option)
if len(args) != 0 or "-h" in options: if "-h" in options or "--help" in options or "-?" in options:
showUsage(options, None) showUsage(options, None)
if os.environ["USER"] != "root": if os.environ["USER"] != "root":

18
salt/common/tools/sbin/so-user
View File

@@ -496,19 +496,6 @@ EOF
fi fi
} }
function migrateLockedUsers() {
# This is a migration function to convert locked users from prior to 2.3.90
# to inactive users using the newer Kratos functionality. This should only
# find locked users once.
lockedEmails=$(curl -s ${kratosUrl}/identities | jq -r '.[] | select(.traits.status == "locked") | .traits.email')
if [[ -n "$lockedEmails" ]]; then
echo "Disabling locked users..."
for email in $lockedEmails; do
updateStatus "$email" locked
done
fi
}
function updateStatus() { function updateStatus() {
email=$1 email=$1
status=$2 status=$2
@@ -703,11 +690,6 @@ case "${operation}" in
echo "Password is acceptable" echo "Password is acceptable"
;; ;;
"migrate")
migrateLockedUsers
echo "User migration complete"
;;
*) *)
fail "Unsupported operation: $operation" fail "Unsupported operation: $operation"
usage usage

5
salt/strelka/defaults.yaml
View File

@@ -308,11 +308,6 @@ strelka:
priority: 5 priority: 5
options: options:
limit: 1000 limit: 1000
'ScanRuby':
- positive:
flavors:
- 'text/x-ruby'
priority: 5
'ScanSwf': 'ScanSwf':
- positive: - positive:
flavors: flavors:

67
setup/automation/distributed-airgap-manager
View File

@@ -1,67 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
#BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=Distributed-manager
install_type=MANAGER
INTERWEBS=AIRGAP
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

68
setup/automation/distributed-airgap-search
View File

@@ -1,68 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
# ALLOW_CIDR=0.0.0.0/0
# ALLOW_ROLE=a
# BASICZEEK=7
# BASICSURI=7
# BLOGS=
# BNICS=eth1
# ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=distributed-search
install_type=SEARCHNODE
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
# MANAGERADV=BASIC
MANAGERUPDATES=1
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
MSRV=distributed-manager
MSRVIP=10.66.166.52
# MTU=
# NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
# OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
# PLAYBOOK=1
# REDIRECTHOST=
# REDIRECTINFO=IP
# RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
# STRELKA=1
# THEHIVE=0
# WAZUH=1
# WEBUSER=onionuser@somewhere.invalid
# WEBPASSWD1=0n10nus3r
# WEBPASSWD2=0n10nus3r

68
setup/automation/distributed-airgap-sensor
View File

@@ -1,68 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
# ALLOW_CIDR=0.0.0.0/0
# ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=Distributed-sensor
install_type=SENSOR
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
# MANAGERADV=BASIC
MANAGERUPDATES=1
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
MSRV=distributed-manager
MSRVIP=10.66.166.52
# MTU=
# NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
# NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
# OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
# PLAYBOOK=1
# REDIRECTHOST=
# REDIRECTINFO=IP
# RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
# STRELKA=1
# THEHIVE=0
# WAZUH=1
# WEBUSER=onionuser@somewhere.invalid
# WEBPASSWD1=0n10nus3r
# WEBPASSWD2=0n10nus3r

66
setup/automation/distributed-cloud-manager
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
#BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=distributed-manager
install_type=MANAGER
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
REDIRECTHOST=$(cat /root/public_ip)
REDIRECTINFO=OTHER
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=0
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

68
setup/automation/distributed-cloud-search
View File

@@ -1,68 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
#ALLOW_CIDR=0.0.0.0/0
#ALLOW_ROLE=a
#BASICZEEK=7
#BASICSURI=7
# BLOGS=
#BNICS=ens6
#ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=distributed-search
install_type=SEARCHNODE
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
#MANAGERADV=BASIC
MANAGERUPDATES=1
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
MSRV=distributed-manager
MSRVIP=10.99.1.20
# MTU=
#NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
#OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
#PLAYBOOK=1
# REDIRECTHOST=
#REDIRECTINFO=HOSTNAME
#RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=0
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
#STRELKA=1
#THEHIVE=0
#WAZUH=1
# WEBUSER=onionuser@somewhere.invalid
# WEBPASSWD1=0n10nus3r
# WEBPASSWD2=0n10nus3r

68
setup/automation/distributed-cloud-sensor
View File

@@ -1,68 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
#ALLOW_CIDR=0.0.0.0/0
#ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=distributed-sensor
install_type=SENSOR
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
#MANAGERADV=BASIC
MANAGERUPDATES=1
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
MSRV=distributed-manager
MSRVIP=10.99.1.20
# MTU=
#NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
#NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
#OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
#PLAYBOOK=1
# REDIRECTHOST=
#REDIRECTINFO=HOSTNAME
#RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=0
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
#STRELKA=1
#THEHIVE=0
#WAZUH=1
# WEBUSER=onionuser@somewhere.invalid
# WEBPASSWD1=0n10nus3r
# WEBPASSWD2=0n10nus3r

66
setup/automation/distributed-iso-manager
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=7
BASICSURI=7
# BLOGS=
#BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=distributed-manager
install_type=MANAGER
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

68
setup/automation/distributed-iso-search
View File

@@ -1,68 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
# ALLOW_CIDR=0.0.0.0/0
# ALLOW_ROLE=a
# BASICZEEK=7
# BASICSURI=7
# BLOGS=
# BNICS=eth1
# ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=distributed-search
install_type=SEARCHNODE
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
# MANAGERADV=BASIC
MANAGERUPDATES=1
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
MSRV=distributed-manager
MSRVIP=10.66.166.42
# MTU=
# NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=ADVANCED
NODEUPDATES=MANAGER
# OINKCODE=
# OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
# PLAYBOOK=1
# REDIRECTHOST=
# REDIRECTINFO=IP
# RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
# STRELKA=1
# THEHIVE=0
# WAZUH=1
# WEBUSER=onionuser@somewhere.invalid
# WEBPASSWD1=0n10nus3r
# WEBPASSWD2=0n10nus3r

70
setup/automation/distributed-iso-sensor
View File

@@ -1,70 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
# ALLOW_CIDR=0.0.0.0/0
# ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=Distributed-Sensor
install_type=SENSOR
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
# MANAGERADV=BASIC
MANAGERUPDATES=1
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
MSRV=distributed-manager
MSRVIP=10.66.166.42
MTU=1500
# NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
# NODESETUP=NODEBASIC
NSMSETUP=ADVANCED
NODEUPDATES=MANAGER
# OINKCODE=
# OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
# PLAYBOOK=1
# REDIRECTHOST=
# REDIRECTINFO=IP
# RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
# STRELKA=1
SURIPINS=(2 3)
# THEHIVE=0
# WAZUH=1
# WEBUSER=onionuser@somewhere.invalid
# WEBPASSWD1=0n10nus3r
# WEBPASSWD2=0n10nus3r
ZEEKPINS=(0 1)

66
setup/automation/distributed-net-manager
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=7
BASICSURI=7
# BLOGS=
#BNICS=eth1
ZEEKVERSION=SURICATA
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=distributed-manager
install_type=MANAGER
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

68
setup/automation/distributed-net-search
View File

@@ -1,68 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
# ALLOW_CIDR=0.0.0.0/0
# ALLOW_ROLE=a
# BASICZEEK=7
# BASICSURI=7
# BLOGS=
# BNICS=eth1
# ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=distributed-search
install_type=SEARCHNODE
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
# MANAGERADV=BASIC
MANAGERUPDATES=1
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
MSRV=distributed-manager
MSRVIP=10.66.166.72
# MTU=
# NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
# OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
# PLAYBOOK=1
# REDIRECTHOST=
# REDIRECTINFO=IP
# RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
# STRELKA=1
# THEHIVE=0
# WAZUH=1
# WEBUSER=onionuser@somewhere.invalid
# WEBPASSWD1=0n10nus3r
# WEBPASSWD2=0n10nus3r

68
setup/automation/distributed-net-sensor
View File

@@ -1,68 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
# ALLOW_CIDR=0.0.0.0/0
# ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=SURICATA
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=distributed-sensor
install_type=SENSOR
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
# MANAGERADV=BASIC
MANAGERUPDATES=1
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
MSRV=distributed-manager
MSRVIP=10.66.166.72
# MTU=
# NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
# NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
# OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
# PLAYBOOK=1
# REDIRECTHOST=
# REDIRECTINFO=IP
# RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
# STRELKA=1
# THEHIVE=0
# WAZUH=1
# WEBUSER=onionuser@somewhere.invalid
# WEBPASSWD1=0n10nus3r
# WEBPASSWD2=0n10nus3r

67
setup/automation/eval-airgap
View File

@@ -1,67 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=eval
install_type=EVAL
INTERWEBS=AIRGAP
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

66
setup/automation/eval-cloud
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=eval
install_type=EVAL
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
REDIRECTHOST=$(cat /root/public_ip)
REDIRECTINFO=OTHER
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

66
setup/automation/eval-iso
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=eval
install_type=EVAL
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

66
setup/automation/eval-net
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
# address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=eval
install_type=EVAL
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

67
setup/automation/import-airgap
View File

@@ -1,67 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
#BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=import
install_type=IMPORT
INTERWEBS=AIRGAP
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
# OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
# PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
# SOREMOTEPASS1=onionuser
# SOREMOTEPASS2=onionuser
STRELKA=1
# THEHIVE=0
# WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

66
setup/automation/import-cloud
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
#BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=import
install_type=IMPORT
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
# OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
# PLAYBOOK=1
REDIRECTHOST=$(cat /root/public_ip)
REDIRECTINFO=OTHER
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
# SOREMOTEPASS1=onionuser
# SOREMOTEPASS2=onionuser
STRELKA=1
# THEHIVE=0
# WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

66
setup/automation/import-iso
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
#BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=import
install_type=IMPORT
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
# OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
# PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
# SOREMOTEPASS1=onionuser
# SOREMOTEPASS2=onionuser
STRELKA=1
# THEHIVE=0
# WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

66
setup/automation/import-net
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
# address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
#BNICS=eth1
ZEEKVERSION=SURICATA
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=import
install_type=IMPORT
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
# OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
# PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
# SOREMOTEPASS1=onionuser
# SOREMOTEPASS2=onionuser
STRELKA=1
# THEHIVE=0
# WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

67
setup/automation/standalone-airgap
View File

@@ -1,67 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=standalone
install_type=STANDALONE
INTERWEBS=AIRGAP
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

66
setup/automation/standalone-cloud
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=standalone
install_type=STANDALONE
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
REDIRECTHOST=$(cat /root/public_ip)
REDIRECTINFO=OTHER
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

66
setup/automation/standalone-iso
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=standalone
install_type=STANDALONE
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

66
setup/automation/standalone-net
View File

@@ -1,66 +0,0 @@
#!/bin/bash
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
TESTING=true
# address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=SURICATA
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=standalone
install_type=STANDALONE
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=0
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

37
setup/so-functions
View File

@@ -17,11 +17,11 @@ log() {
} }
error() { error() {
log "$1" "E" log "$1" "ERROR"
} }
info() { info() {
log "$1" "I" log "$1" "INFO"
} }
title() { title() {
@@ -68,9 +68,7 @@ add_web_user() {
wait_for_file /nsm/kratos/db/db.sqlite 30 5 wait_for_file /nsm/kratos/db/db.sqlite 30 5
{ {
info "Attempting to add administrator user for web interface..."; info "Attempting to add administrator user for web interface...";
export SKIP_STATE_APPLY=true
echo "$WEBPASSWD1" | /usr/sbin/so-user add --email "$WEBUSER" --role "superuser"; echo "$WEBPASSWD1" | /usr/sbin/so-user add --email "$WEBUSER" --role "superuser";
unset SKIP_STATE_APPLY
info "Add user result: $?"; info "Add user result: $?";
} >> "/root/so-user-add.log" 2>&1 } >> "/root/so-user-add.log" 2>&1
} }
@@ -322,7 +320,7 @@ collect_hostname() {
} }
collect_hostname_validate() { collect_hostname_validate() {
if [[ $automated == no ]] && [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi if [[ -z "$TESTING" ]] && [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi
whiptail_set_hostname "$HOSTNAME" whiptail_set_hostname "$HOSTNAME"
@@ -1600,6 +1598,15 @@ networking_needful() {
fi fi
set_main_ip set_main_ip
compare_main_nic_ip compare_main_nic_ip
# Attempt to autodetect the manager IP, if an offset value exists
if [[ -n "$MSRVIP_OFFSET" && -z "$MSRVIP" ]]; then
mips1=$(echo "$MNIC_IP" | awk -F. '{print $1}')
mips2=$(echo "$MNIC_IP" | awk -F. '{print $2}')
mips3=$(echo "$MNIC_IP" | awk -F. '{print $3}')
mips4=$(echo "$MNIC_IP" | awk -F. '{print $4}')
MSRVIP="$mips1.$mips2.$mips3.$((mips4+$MSRVIP_OFFSET))"
fi
} }
network_setup() { network_setup() {
@@ -1766,6 +1773,10 @@ reinstall_init() {
local service_retry_count=20 local service_retry_count=20
# Disregard previous install outcomes
rm -f /root/failure
rm -f /root/success
{ {
# remove all of root's cronjobs # remove all of root's cronjobs
logCmd "crontab -r -u root" logCmd "crontab -r -u root"
@@ -2269,20 +2280,20 @@ set_initial_firewall_policy() {
title "Setting Initial Firewall Policy" title "Setting Initial Firewall Policy"
if [ -f $default_salt_dir/salt/common/tools/sbin/so-firewall ]; then chmod +x $default_salt_dir/salt/common/tools/sbin/so-firewall; fi if [ -f $default_salt_dir/salt/common/tools/sbin/so-firewall ]; then chmod +x $default_salt_dir/salt/common/tools/sbin/so-firewall; fi
case "$install_type" in case "$install_type" in
'MANAGER') 'EVAL' | 'MANAGER' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=manager --ip=$MAINIP --apply=true $default_salt_dir/salt/common/tools/sbin/so-firewall --role=$install_type --ip=$MAINIP --apply=true
;; ;;
'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') esac
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=$install_type --ip=$MAINIP --apply=true
;;
esac
} }
set_initial_firewall_access() { set_initial_firewall_access() {
if [[ ! -z "$ALLOW_CIDR" ]]; then if [[ ! -z "$ALLOW_CIDR" ]]; then
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=analyst --ip=$ALLOW_CIDR --apply=true $default_salt_dir/salt/common/tools/sbin/so-firewall --role=analyst --ip=$ALLOW_CIDR --apply=true
fi fi
if [[ ! -z "$MINION_CIDR" ]]; then
$default_salt_dir/salt/common/tools/sbin/so-firewall --role=sensors --ip=$MINION_CIDR --apply=true
fi
} }
# Set up the management interface on the ISO # Set up the management interface on the ISO

86
setup/so-setup
View File

@@ -37,10 +37,10 @@ source ./so-variables
# Parse command line arguments # Parse command line arguments
setup_type=$1 setup_type=$1
automation=$2 test_profile=$2
WHATWOULDYOUSAYYAHDOHERE=setup WHATWOULDYOUSAYYAHDOHERE=setup
# This is for automation
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
arg="$1" arg="$1"
shift shift
@@ -49,12 +49,8 @@ while [[ $# -gt 0 ]]; do
export TURBO="http://${arg#*=}";; export TURBO="http://${arg#*=}";;
"--proxy="* ) "--proxy="* )
export {http,https,ftp,rsync,all}_proxy="${arg#*=}";; export {http,https,ftp,rsync,all}_proxy="${arg#*=}";;
"--allow-role="* )
export ALLOW_ROLE="${arg#*=}";;
"--allow-cidr="* ) "--allow-cidr="* )
export ALLOW_CIDR="${arg#*=}";; export ALLOW_CIDR="${arg#*=}";;
"--skip-reboot" )
export SKIP_REBOOT=1;;
* ) * )
if [[ "$arg" == "--"* ]]; then if [[ "$arg" == "--"* ]]; then
echo "Invalid option" echo "Invalid option"
@@ -166,41 +162,65 @@ catch() {
exit 1 exit 1
} }
automated=no
# Add the progress function for manager node type installs # Add the progress function for manager node type installs
progress() { progress() {
local msg=${1:-'Please wait while installing...'} local msg=${1:-'Please wait while installing...'}
if [ $automated == no ]; then if [ -z "$TESTING" ]; then
whiptail --title "$whiptail_title" --gauge "$msg" 6 70 0 # append to text whiptail --title "$whiptail_title" --gauge "$msg" 6 70 0 # append to text
else else
cat >> $setup_log 2>&1 cat >> $setup_log 2>&1
fi fi
} }
# If using automation let's do automation things. if [ -n "$test_profile" ]; then
if [[ -f automation/$automation && $(basename $automation) == $automation ]]; then install_type="$(echo $test_profile |awk -F- '{print $1}')"
info "Preselecting variable values based on automated setup: $automation" if [[ "$install_type" == "distributed" ]]; then
source automation/$automation install_type=MANAGER
automated=yes else
install_type=${install_type^^}
fi
attempt=1 # The below settings are hardcoded purely for automated testing purposes.
attempts=60 TESTING=true
ip a | grep "$MNIC:" | grep "state UP" >> $setup_log 2>&1
while [ $? -ne 0 ]; do if [[ "$test_profile" =~ "-sensor" ]]; then
logCmd "ip a" install_type=SENSOR
if [ $attempt -gt $attempts ]; then HOSTNAME=sensor
error "Network unavailable - setup cannot continue" MSRVIP_OFFSET=-2
exit 1 elif [[ "$test_profile" =~ "-search" ]]; then
fi install_type=SEARCHNODE
info "Waiting for network to come up (attempt $attempt of $attempts)" HOSTNAME=search
attempt=$((attempt + 1)) MSRVIP_OFFSET=-1
info "Sleeping 10s to try again" else
sleep 10; HOSTNAME=manager
logCmd "ip a | grep '$MNIC:' | grep 'state UP'" fi
done
info "Network is up on $MNIC" info "Activating test profile; profile=$test_profile; install_type=$install_type"
MINION_CIDR=10.0.0.0/8
MSRV=manager
if [[ "$test_profile" =~ "-net" ]]; then
address_type=DHCP
elif [[ "$test_profile" =~ "-cloud" ]]; then
MSRVIP=10.99.1.20
elif [[ "$test_profile" =~ "-airgap" ]]; then
is_airgap=true
fi
if [ -f "/root/public_ip" ]; then
REDIRECTHOST=$(cat /root/public_ip)
REDIRECTINFO=OTHER
else
REDIRECTINFO=IP
fi
ALLOW_CIDR=0.0.0.0/0
MNIC=$(ls -1 /sys/class/net | head -1)
BNICS=$(ls -1 /sys/class/net | head -2 | tail -1)
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r
fi fi
# Make sure the setup type is suppoted. # Make sure the setup type is suppoted.
@@ -227,7 +247,7 @@ dmesg -D
# Kernel consoleblank is causing whiptail progress screen to appear to hang #1084 # Kernel consoleblank is causing whiptail progress screen to appear to hang #1084
# https://github.com/Security-Onion-Solutions/securityonion/issues/1084 # https://github.com/Security-Onion-Solutions/securityonion/issues/1084
if [ "$automated" == no ]; then if [ -z "$TESTING" ]; then
TTY=$(tty) TTY=$(tty)
info "Setup is running on TTY $TTY" info "Setup is running on TTY $TTY"
if echo $TTY | grep -q "/dev/tty"; then if echo $TTY | grep -q "/dev/tty"; then
@@ -283,7 +303,7 @@ if ! [[ -f $install_opt_file ]]; then
compare_main_nic_ip compare_main_nic_ip
fi fi
if [[ $setup_type == 'iso' ]] && [ "$automated" == no ]; then if [[ $setup_type == 'iso' ]] && [ -z "$TESTING" ]; then
whiptail_first_menu_iso whiptail_first_menu_iso
if [[ $option == "CONFIGURENETWORK" ]]; then if [[ $option == "CONFIGURENETWORK" ]]; then
collect_hostname collect_hostname
@@ -454,7 +474,7 @@ if ! [[ -f $install_opt_file ]]; then
add_mngr_ip_to_hosts add_mngr_ip_to_hosts
check_manager_connection check_manager_connection
collect_idh_services collect_idh_services
collect_idh_preferences collect_idh_preferences
set_minion_info set_minion_info
whiptail_end_settings whiptail_end_settings

43
setup/so-verify
View File

@@ -32,7 +32,7 @@ log_has_errors() {
# Ignore Failed: 0 since that is the salt state output, and we detect state failures # Ignore Failed: 0 since that is the salt state output, and we detect state failures
# via Result: False already. # via Result: False already.
grep -E "FAILED|Failed|failed|ERROR|Error|Result: False" "$setup_log" | \ grep -E "FAILED|Failed|failed|ERROR|Result: False" "$setup_log" | \
grep -vE "The Salt Master has cached the public key for this node" | \ grep -vE "The Salt Master has cached the public key for this node" | \
grep -vE "Minion failed to authenticate with the master" | \ grep -vE "Minion failed to authenticate with the master" | \
grep -vE "Failed to connect to ::1" | \ grep -vE "Failed to connect to ::1" | \
@@ -79,21 +79,52 @@ status_failed() {
return 1 return 1
} }
# Creates scripts that are going to be invoked by the automated test system. These scripts will
# overwritten by Salt, once the minion is accepted into the grid and the salt states run.
create_temp_scripts_if_missing() {
if [ ! -f /usr/sbin/so-status ]; then
if [ -f /root/success ]; then
echo "echo 'so-status not yet available'" > /usr/sbin/so-status
echo "exit 0" >> /usr/sbin/so-status
# Pretend so-test succeeded in the interim period while waiting for this minion to be accepted. This avoids tests getting hung up.
echo "echo 'so-test not yet available'" > /usr/sbin/so-test
echo "exit 0" >> /usr/sbin/so-test
chmod a+x /usr/sbin/so-test
else
echo "echo 'Installation failed - so-status not available'" > /usr/sbin/so-status
echo "exit 100" >> /usr/sbin/so-status
fi
chmod a+x /usr/sbin/so-status
fi
}
main() { main() {
exit_code=0 exit_code=0
if log_has_errors; then if [ -f /root/success ]; then
echo "WARNING: Errors detected during setup" echo "Successfully completed setup a while ago"
elif [ -f /root/failure ]; then
echo "WARNING: Failed setup a while ago"
exit_code=1 exit_code=1
elif log_has_errors; then
echo "WARNING: Errors detected during setup"
exit_code=1
touch /root/failure
elif using_iso && cron_error_in_mail_spool; then elif using_iso && cron_error_in_mail_spool; then
echo "WARNING: Unexpected cron job output in mail spool" echo "WARNING: Unexpected cron job output in mail spool"
exit_code=1 exit_code=1
touch /root/failure
elif is_manager_node && status_failed; then elif is_manager_node && status_failed; then
echo "WARNING: Containers are not in a healthy state" echo "WARNING: Containers are not in a healthy state"
exit_code=1 exit_code=1
touch /root/failure
else else
echo "Successfully completed setup!" echo "Successfully completed setup!"
fi touch /root/success
fi
create_temp_scripts_if_missing
exit $exit_code exit $exit_code
} }