diff --git a/salt/elasticsearch/files/ingest/osquery.query_result b/salt/elasticsearch/files/ingest/osquery.query_result index 2005252b6..3a6ed15a3 100644 --- a/salt/elasticsearch/files/ingest/osquery.query_result +++ b/salt/elasticsearch/files/ingest/osquery.query_result @@ -18,8 +18,8 @@ "source": "def dict = ['result': new HashMap()]; for (entry in ctx['message2'].entrySet()) { dict['result'][entry.getKey()] = entry.getValue(); } ctx['osquery'] = dict; " } }, - { "set": { "field": "event.module", "value": "osquery" } }, - { "set": { "field": "event.dataset", "value": "{{osquery.result.name}}"} }, + { "set": { "field": "event.module", "value": "osquery", "override": false } }, + { "set": { "field": "event.dataset", "value": "{{osquery.result.name}}", "override": false} }, { "pipeline": { "name": "common" } } ] } \ No newline at end of file diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 32c7dbdf6..ce70a4a22 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -91,7 +91,6 @@ dashboard-manager: - defaults: SERVERNAME: {{ SN }} MANINT: {{ SNDATA.manint }} - MONINT: {{ SNDATA.monint }} CPUS: {{ SNDATA.totalcpus }} UID: so_overview ROOTFS: {{ SNDATA.rootfs }} @@ -183,7 +182,6 @@ dashboardsearch-{{ SN }}: - defaults: SERVERNAME: {{ SN }} MANINT: {{ SNDATA.manint }} - MONINT: {{ SNDATA.monint }} CPUS: {{ SNDATA.totalcpus }} UID: {{ SNDATA.guid }} ROOTFS: {{ SNDATA.rootfs }} diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index b7b347ec5..82512068c 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -254,6 +254,13 @@ ealstickeyperms: - name: /etc/pki/elasticsearch.key - mode: 640 - group: 930 + +elasticp12perms: + file.managed: + - replace: False + - name: /etc/pki/elasticsearch.p12 + - mode: 640 + - group: 930 # Create a cert for Redis encryption /etc/pki/redis.key: @@ -530,11 +537,19 @@ fleetkeyperms: - onchanges: - x509: /etc/pki/elasticsearch.key -miniokeyperms: +elasticp12perms: + file.managed: + - replace: False + - name: /etc/pki/elasticsearch.p12 + - mode: 640 + - group: 930 + +elastickeyperms: file.managed: - replace: False - name: /etc/pki/elasticsearch.key - mode: 640 - group: 930 + {%- endif %} -{%- endif %} \ No newline at end of file +{%- endif %} diff --git a/salt/top.sls b/salt/top.sls index 4b560c3c1..fdcbcab3e 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -361,6 +361,9 @@ base: - logstash - curator - filebeat + {%- if STRELKA %} + - strelka + {%- endif %} {%- if FLEETMANAGER or FLEETNODE %} - fleet.install_package - redis diff --git a/setup/so-functions b/setup/so-functions index 741929399..dc81ddafe 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1207,7 +1207,6 @@ manager_global() { " interval: 5" >> "$global_pillar" printf '%s\n' '----' >> "$setup_log" 2>&1 - cat "$global_pillar" >> "$setup_log" 2>&1 } minio_generate_keys() { diff --git a/setup/so-setup b/setup/so-setup index 640363f2b..2bb97cc16 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -326,7 +326,7 @@ if [[ $is_manager && ! $is_eval ]]; then fi if [[ $STRELKA == 1 ]]; then - whiptail_strelka_rules + STRELKARULES=1 fi if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then @@ -711,7 +711,7 @@ success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}') if [[ $success != 0 ]]; then SO_ERROR=1; fi # Check entire setup log for errors or unexpected salt states and ensure cron jobs are not reporting errors to root's mailbox -if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root ]]; then SO_ERROR=1; fi +if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then SO_ERROR=1; fi if [[ -n $SO_ERROR ]]; then echo "Errors detected during setup; skipping post-setup steps to allow for analysis of failures." >> $setup_log 2>&1