CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-19 07:23:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge kaffytaffy

Browse Source 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
This commit is contained in:
reyesj2
2024-04-12 11:43:46 -04:00
parent fbd3cff90d 0ed9894b7e
commit af29ae1968
8 changed files with 41 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pillar/top.sls
View File

@@ -61,7 +61,7 @@ base:
- backup.adv_backup - backup.adv_backup
- minions.{{ grains.id }} - minions.{{ grains.id }}
- minions.adv_{{ grains.id }} - minions.adv_{{ grains.id }}
- kafka.nodes - kafka.*
- stig.soc_stig - stig.soc_stig
'*_sensor': '*_sensor':
@@ -177,6 +177,7 @@ base:
- minions.{{ grains.id }} - minions.{{ grains.id }}
- minions.adv_{{ grains.id }} - minions.adv_{{ grains.id }}
- stig.soc_stig - stig.soc_stig
- kafka.*
'*_heavynode': '*_heavynode':
- elasticsearch.auth - elasticsearch.auth
@@ -233,6 +234,15 @@ base:
- redis.adv_redis - redis.adv_redis
- minions.{{ grains.id }} - minions.{{ grains.id }}
- minions.adv_{{ grains.id }} - minions.adv_{{ grains.id }}
- kafka.*
'*_kafkanode':
- logstash.nodes
- logstash.soc_logstash
- logstash.adv_logstash
- minions.{{ grains.id }}
- minions.adv_{{ grains.id }}
- secrets
- kafka.nodes - kafka.nodes
- secrets - secrets

6
salt/allowed_states.map.jinja
View File

@@ -123,7 +123,8 @@
'utility', 'utility',
'schedule', 'schedule',
'docker_clean', 'docker_clean',
'stig' 'stig',
'kafka'
], ],
'so-searchnode': [ 'so-searchnode': [
'ssl', 'ssl',
@@ -157,7 +158,8 @@
'schedule', 'schedule',
'tcpreplay', 'tcpreplay',
'docker_clean', 'docker_clean',
'stig' 'stig',
'kafka'
], ],
'so-sensor': [ 'so-sensor': [
'ssl', 'ssl',

6
salt/kafka/soc_kafka.yaml
View File

@@ -2,6 +2,12 @@ kafka:
enabled: enabled:
description: Enable or disable Kafka. description: Enable or disable Kafka.
helpLink: kafka.html helpLink: kafka.html
cluster_id:
description: The ID of the Kafka cluster.
readonly: True
advanced: True
sensitive: True
helpLink: kafka.html
config: config:
server: server:
advertised_x_listeners: advertised_x_listeners:

7
salt/kafka/storage.sls
View File

@@ -6,17 +6,18 @@
{% from 'allowed_states.map.jinja' import allowed_states %} {% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %} {% if sls.split('.')[0] in allowed_states %}
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{% set kafka_cluster_id = salt['pillar.get']('secrets:kafka_cluster_id', default=None) %} {% set kafka_cluster_id = salt['pillar.get']('kafka:cluster_id', default=None) %}
{% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone'] %}
{% if kafka_cluster_id is none %} {% if kafka_cluster_id is none %}
generate_kafka_cluster_id: generate_kafka_cluster_id:
cmd.run: cmd.run:
- name: /usr/sbin/so-kafka-clusterid - name: /usr/sbin/so-kafka-clusterid
{% endif %} {% endif %}
{% endif %}
{# Initialize kafka storage if it doesn't already exist. Just looking for meta.properties in /nsm/kafka/data #} {# Initialize kafka storage if it doesn't already exist. Just looking for meta.properties in /nsm/kafka/data #}
{% if salt['file.file_exists']('/nsm/kafka/data/meta.properties') %} {% if not salt['file.file_exists']('/nsm/kafka/data/meta.properties') %}
{% else %}
kafka_storage_init: kafka_storage_init:
cmd.run: cmd.run:
- name: | - name: |

10
salt/manager/tools/sbin/so-kafka-clusterid
View File

@@ -13,12 +13,12 @@ else
source $(dirname $0)/../../../common/tools/sbin/so-common source $(dirname $0)/../../../common/tools/sbin/so-common
fi fi
if ! grep -q "^ kafka_cluster_id:" $local_salt_dir/pillar/secrets.sls; then if ! grep -q "^ cluster_id:" $local_salt_dir/pillar/kafka/soc_kafka.sls; then
kafka_cluster_id=$(get_random_value 22) kafka_cluster_id=$(get_random_value 22)
echo ' kafka_cluster_id: '$kafka_cluster_id >> $local_salt_dir/pillar/secrets.sls echo 'kafka: ' > $local_salt_dir/pillar/kafka/soc_kafka.sls
fi echo ' cluster_id: '$kafka_cluster_id >> $local_salt_dir/pillar/kafka/soc_kafka.sls
if ! grep -q "^ kafkapass:" $local_salt_dir/pillar/secrets.sls; then if ! grep -q "^ kafkapass:" $local_salt_dir/pillar/kafka/soc_kafka.sls; then
kafkapass=$(get_random_value) kafkapass=$(get_random_value)
echo ' kafkapass: '$kafkapass >> $local_salt_dir/pillar/secrets.sls echo ' kafkapass: '$kafkapass >> $local_salt_dir/pillar/kafka/soc_kafka.sls
fi fi

5
salt/ssl/init.sls
View File

@@ -664,7 +664,8 @@ elastickeyperms:
{%- endif %} {%- endif %}
{% if grains['role'] in ['so-manager', 'so-searchnode', 'so-receiver'] %} {% if grains['role'] in ['so-manager', 'so-receiver', 'so-searchnode'] %}
kafka_key: kafka_key:
x509.private_key_managed: x509.private_key_managed:
- name: /etc/pki/kafka.key - name: /etc/pki/kafka.key
@@ -767,7 +768,7 @@ kafka_logstash_crt:
- onchanges: - onchanges:
- x509: /etc/pki/kafka-logstash.key - x509: /etc/pki/kafka-logstash.key
{% if grains['role'] in ['so-manager'] %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-receiver'] %}
kafka_client_key: kafka_client_key:
x509.private_key_managed: x509.private_key_managed:
- name: /etc/pki/kafka-client.key - name: /etc/pki/kafka-client.key

2
salt/top.sls
View File

@@ -235,8 +235,8 @@ base:
- firewall - firewall
- logstash - logstash
- redis - redis
- kafka
- elasticfleet.install_agent_grid - elasticfleet.install_agent_grid
- kafka
'*_idh and G@saltversion:{{saltversion}}': '*_idh and G@saltversion:{{saltversion}}':
- match: compound - match: compound

8
setup/so-functions
View File

@@ -1115,8 +1115,6 @@ generate_passwords(){
REDISPASS=$(get_random_value) REDISPASS=$(get_random_value)
SOCSRVKEY=$(get_random_value 64) SOCSRVKEY=$(get_random_value 64)
IMPORTPASS=$(get_random_value) IMPORTPASS=$(get_random_value)
KAFKACLUSTERID=$(get_random_value 22)
KAFKAPASS=$(get_random_value)
} }
generate_interface_vars() { generate_interface_vars() {
@@ -1392,7 +1390,7 @@ make_some_dirs() {
mkdir -p $local_salt_dir/salt/firewall/portgroups mkdir -p $local_salt_dir/salt/firewall/portgroups
mkdir -p $local_salt_dir/salt/firewall/ports mkdir -p $local_salt_dir/salt/firewall/ports
for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni soc docker zeek suricata nginx telegraf logstash soc manager kratos idstools idh elastalert stig global;do for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni soc docker zeek suricata nginx telegraf logstash soc manager kratos idstools idh elastalert stig global kafka;do
mkdir -p $local_salt_dir/pillar/$THEDIR mkdir -p $local_salt_dir/pillar/$THEDIR
touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls
touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls
@@ -1946,9 +1944,7 @@ secrets_pillar(){
printf '%s\n'\ printf '%s\n'\
"secrets:"\ "secrets:"\
" import_pass: $IMPORTPASS"\ " import_pass: $IMPORTPASS"\
" influx_pass: $INFLUXPASS"\ " influx_pass: $INFLUXPASS" > $local_salt_dir/pillar/secrets.sls
" kafka_cluster_id: $KAFKACLUSTERID"\
" kafka_pass: $KAFKAPASS" > $local_salt_dir/pillar/secrets.sls
fi fi
} }