Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into feature/mkrsoup

2026-02-19 13:43:32 +01:00 · 2020-08-18 17:33:25 -04:00
parent 294a197cbf ad0f54fc40
commit afa87374ad
6 changed files with 24 additions and 9 deletions
--- a/salt/elasticsearch/files/ingest/osquery.query_result
+++ b/salt/elasticsearch/files/ingest/osquery.query_result
@@ -18,8 +18,8 @@
        "source": "def dict = ['result': new HashMap()]; for (entry in ctx['message2'].entrySet()) { dict['result'][entry.getKey()] = entry.getValue(); } ctx['osquery'] = dict; "
      }
    },
-    { "set":           { "field": "event.module", "value": "osquery" }  },
-    { "set":           { "field": "event.dataset", "value": "{{osquery.result.name}}"}  },
+    { "set":           { "field": "event.module", "value": "osquery", "override": false }  },
+    { "set":           { "field": "event.dataset", "value": "{{osquery.result.name}}", "override": false}  },
    { "pipeline":    { "name": "common" } }
  ]
 }
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -91,7 +91,6 @@ dashboard-manager:
    - defaults:
      SERVERNAME: {{ SN }}
      MANINT: {{ SNDATA.manint }}
-      MONINT: {{ SNDATA.monint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: so_overview
      ROOTFS: {{ SNDATA.rootfs }}
@@ -183,7 +182,6 @@ dashboardsearch-{{ SN }}:
    - defaults:
      SERVERNAME: {{ SN }}
      MANINT: {{ SNDATA.manint }}
-      MONINT: {{ SNDATA.monint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: {{ SNDATA.guid }}
      ROOTFS: {{ SNDATA.rootfs }}
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -254,6 +254,13 @@ ealstickeyperms:
    - name: /etc/pki/elasticsearch.key
    - mode: 640
    - group: 930
+    
+elasticp12perms:
+  file.managed:
+    - replace: False
+    - name: /etc/pki/elasticsearch.p12
+    - mode: 640
+    - group: 930

 # Create a cert for Redis encryption
 /etc/pki/redis.key:
@@ -530,11 +537,19 @@ fleetkeyperms:
    - onchanges:
      - x509: /etc/pki/elasticsearch.key

-miniokeyperms:
+elasticp12perms:
+  file.managed:
+    - replace: False
+    - name: /etc/pki/elasticsearch.p12
+    - mode: 640
+    - group: 930
+    
+elastickeyperms:
  file.managed:
    - replace: False
    - name: /etc/pki/elasticsearch.key
    - mode: 640
    - group: 930
+    
    {%- endif %}
-{%- endif %}
+{%- endif %}
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -361,6 +361,9 @@ base:
    - logstash
    - curator
    - filebeat
+    {%- if STRELKA %}
+    - strelka
+    {%- endif %}
    {%- if FLEETMANAGER or FLEETNODE %}
    - fleet.install_package
    - redis