Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into feature/mkrsoup

2025-12-06 17:22:49 +01:00 · 2020-08-18 17:33:25 -04:00
parent 294a197cbf ad0f54fc40
commit afa87374ad
6 changed files with 24 additions and 9 deletions
--- a/salt/elasticsearch/files/ingest/osquery.query_result
+++ b/salt/elasticsearch/files/ingest/osquery.query_result
@@ -18,8 +18,8 @@
        "source": "def dict = ['result': new HashMap()]; for (entry in ctx['message2'].entrySet()) { dict['result'][entry.getKey()] = entry.getValue(); } ctx['osquery'] = dict; "
      }
    },
-    { "set":           { "field": "event.module", "value": "osquery" }  },
+    { "set":           { "field": "event.module", "value": "osquery", "override": false }  },
-    { "set":           { "field": "event.dataset", "value": "{{osquery.result.name}}"}  },
+    { "set":           { "field": "event.dataset", "value": "{{osquery.result.name}}", "override": false}  },
    { "pipeline":    { "name": "common" } }
  ]
 }
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -91,7 +91,6 @@ dashboard-manager:
    - defaults:
      SERVERNAME: {{ SN }}
      MANINT: {{ SNDATA.manint }}
      MONINT: {{ SNDATA.monint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: so_overview
      ROOTFS: {{ SNDATA.rootfs }}
@@ -183,7 +182,6 @@ dashboardsearch-{{ SN }}:
    - defaults:
      SERVERNAME: {{ SN }}
      MANINT: {{ SNDATA.manint }}
      MONINT: {{ SNDATA.monint }}
      CPUS: {{ SNDATA.totalcpus }}
      UID: {{ SNDATA.guid }}
      ROOTFS: {{ SNDATA.rootfs }}
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -255,6 +255,13 @@ ealstickeyperms:
    - mode: 640
    - group: 930
 elasticp12perms:
  file.managed:
    - replace: False
    - name: /etc/pki/elasticsearch.p12
    - mode: 640
    - group: 930
 # Create a cert for Redis encryption
 /etc/pki/redis.key:
  x509.private_key_managed:
@@ -530,11 +537,19 @@ fleetkeyperms:
    - onchanges:
      - x509: /etc/pki/elasticsearch.key
-miniokeyperms:
+elasticp12perms:
  file.managed:
    - replace: False
    - name: /etc/pki/elasticsearch.p12
    - mode: 640
    - group: 930
 elastickeyperms:
  file.managed:
    - replace: False
    - name: /etc/pki/elasticsearch.key
    - mode: 640
    - group: 930
    {%- endif %}
 {%- endif %}
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -361,6 +361,9 @@ base:
    - logstash
    - curator
    - filebeat
    {%- if STRELKA %}
    - strelka
    {%- endif %}
    {%- if FLEETMANAGER or FLEETNODE %}
    - fleet.install_package
    - redis
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1207,7 +1207,6 @@ manager_global() {
 		"  interval: 5" >> "$global_pillar"
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
 	cat "$global_pillar" >> "$setup_log" 2>&1
 }
 minio_generate_keys() {
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -326,7 +326,7 @@ if [[ $is_manager && ! $is_eval ]]; then
 	fi
 	if [[ $STRELKA == 1 ]]; then
-            whiptail_strelka_rules
+            STRELKARULES=1
        fi
 	if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then
@@ -711,7 +711,7 @@ success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
 if [[ $success != 0 ]]; then SO_ERROR=1; fi
 # Check entire setup log for errors or unexpected salt states and ensure cron jobs are not reporting errors to root's mailbox
-if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root ]]; then SO_ERROR=1; fi
+if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then SO_ERROR=1; fi
 if [[ -n $SO_ERROR ]]; then 
 	echo "Errors detected during setup; skipping post-setup steps to allow for analysis of failures." >> $setup_log 2>&1