Merge pull request #160 from Security-Onion-Solutions/mastersearch

Mastersearch Menu Option

pillar/firewall/search_nodes.sls

@@ -0,0 +1,2 @@
+search_nodes:
+  - 127.0.0.1

pillar/firewall/storage_nodes.sls

@@ -1,2 +0,0 @@
-storage_nodes:
-  - 127.0.0.1

salt/common/grafana/etc/dashboards/dashboard.yml

@@ -17,13 +17,13 @@ providers:
   editable: true
   options:
     path: /etc/grafana/grafana_dashboards/forward_nodes
-- name: 'Storage Nodes'
+- name: 'Search Nodes'
-  folder: 'Storage Nodes'
+  folder: 'Search Nodes'
   type: file
   disableDeletion: false
   editable: true
   options:
-    path: /etc/grafana/grafana_dashboards/storage_nodes
+    path: /etc/grafana/grafana_dashboards/search_nodes
 {%- else %}
 - name: 'Security Onion'
   folder: 'Eval Mode'

salt/common/grafana/grafana_dashboards/search_nodes/searchnode.json

@@ -12,7 +12,7 @@
       }
     ]
   },
-  "description": "This Dashboard provides a general overview of a Storage Node",
+  "description": "This Dashboard provides a general overview of a Search Node",
   "editable": true,
   "gnetId": 2381,
   "graphTooltip": 0,
@@ -3433,7 +3433,7 @@
     ]
   },
   "timezone": "browser",
-  "title": "Storage Node - {{ SERVERNAME }} Overview",
+  "title": "Search Node - {{ SERVERNAME }} Overview",
   "uid": "{{ UID }}",
   "version": 3
 }

salt/firewall/init.sls

@@ -410,9 +410,9 @@ enable_forwardnode_sensoroni_9822_{{ip}}:
 
 {% endfor %}
 
-{% for ip in pillar.get('storage_nodes')  %}
+{% for ip in pillar.get('search_nodes')  %}
 
-enable_storagenode_redis_6379_{{ip}}:
+enable_searchnode_redis_6379_{{ip}}:
   iptables.insert:
     - table: filter
     - chain: DOCKER-USER
@@ -423,7 +423,7 @@ enable_storagenode_redis_6379_{{ip}}:
     - position: 1
     - save: True
 
-enable_storagenode_ES_9300_{{ip}}:
+enable_searchnode_ES_9300_{{ip}}:
   iptables.insert:
     - table: filter
     - chain: DOCKER-USER
@@ -578,12 +578,12 @@ enable_standard_analyst_443_{{ip}}:
 
 {% endfor %}
 
-# Rules for storage nodes connecting to master
+# Rules for search nodes connecting to master
 
 
 {% endif %}
 
-# Rules if you are a Storage Node
+# Rules if you are a Node
 {% if grains['role'] == 'so-node' %}
 
 #This should be more granular

salt/top.sls

@@ -117,7 +117,7 @@ base:
     {%- endif %}
 
 
-  # Storage node logic
+  # Search node logic
 
   'G@role:so-node and I@node:node_type:parser':
     - match: pillar
@@ -151,7 +151,7 @@ base:
     {%- endif %}
     - schedule
 
-  'G@role:so-node and I@node:node_type:storage':
+  'G@role:so-node and I@node:node_type:search':
     - match: compound
     - ca
     - ssl

salt/utility/bin/crossthestreams.sh

@@ -29,7 +29,7 @@ echo "Applying cross cluster search config..."
          -H 'Content-Type: application/json' \
          -d "{\"persistent\": {\"search\": {\"remote\": {\"{{ MASTER }}\": {\"seeds\": [\"127.0.0.1:9300\"]}}}}}"
 
-# Add all the storage nodes to cross cluster searching.
+# Add all the search nodes to cross cluster searching.
 
 {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
 curl -XPUT http://{{ ES }}:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"{{ SN }}": {"skip_unavailable": "true", "seeds": ["{{ SNDATA.ip }}:9300"]}}}}}'

setup/functions.sh

@@ -729,7 +729,7 @@ patch_pillar() {
     SENSORONLY)
       PATCHPILLARPATH=$SENSORPILLARPATH
       ;;
-    STORAGENODE | PARSINGNODE | HOTNODE | WARMNODE)
+    SEARCHNODE | PARSINGNODE | HOTNODE | WARMNODE)
       PATCHPILLARPATH=$NODEPILLARPATH
       ;;
   esac
@@ -1202,7 +1202,7 @@ set_initial_firewall_policy() {
     printf "  - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
     printf "  - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
     printf "  - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/forward_nodes.sls
-    printf "  - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/storage_nodes.sls
+    printf "  - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/search_nodes.sls
     /opt/so/saltstack/pillar/data/addtotab.sh evaltab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
   fi
 
@@ -1218,9 +1218,9 @@ set_initial_firewall_policy() {
     ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
   fi
 
-  if [ $INSTALLTYPE == 'STORAGENODE' ]; then
+  if [ $INSTALLTYPE == 'SEARCHNODE' ]; then
     ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh storage_nodes $MAINIP
+    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
     ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
   fi
 
@@ -1257,8 +1257,8 @@ set_management_interface() {
 set_node_type() {
 
   # Determine the node type based on whiplash choice
-  if [ $INSTALLTYPE == 'STORAGENODE' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
+  if [ $INSTALLTYPE == 'SEARCHNODE' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
-    NODETYPE='storage'
+    NODETYPE='search'
   fi
   if [ $INSTALLTYPE == 'PARSINGNODE' ]; then
     NODETYPE='parser'

setup/so-setup.sh

@@ -589,7 +589,7 @@ if (whiptail_you_sure) ; then
       configure_minion eval >> $SETUPLOG 2>&1
       echo -e "XXX\n7\nSetting the node type to eval... \nXXX"
       set_node_type >> $SETUPLOG 2>&1
-      echo -e "XXX\n7\nStorage node pillar... \nXXX"
+      echo -e "XXX\n7\nSearch node pillar... \nXXX"
       node_pillar >> $SETUPLOG 2>&1
       echo -e "XXX\n8\nCreating firewall policies... \nXXX"
       set_initial_firewall_policy >> $SETUPLOG 2>&1
@@ -678,7 +678,7 @@ if (whiptail_you_sure) ; then
   ##     Nodes     ##
   ###################
 
-  if [ $INSTALLTYPE == 'STORAGENODE' ] || [ $INSTALLTYPE == 'PARSINGNODE' ] || [ $INSTALLTYPE == 'HOTNODE' ] || [ $INSTALLTYPE == 'WARMNODE' ]; then
+  if [ $INSTALLTYPE == 'SEARCHNODE' ] || [ $INSTALLTYPE == 'PARSINGNODE' ] || [ $INSTALLTYPE == 'HOTNODE' ] || [ $INSTALLTYPE == 'WARMNODE' ]; then
     whiptail_management_server
     whiptail_master_updates
     set_updates

setup/whiptail.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2014,2015,2016,2017,2018,2019 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -250,13 +250,14 @@ whiptail_install_type() {
   INSTALLTYPE=$(whiptail --title "Security Onion Setup" --radiolist \
   "Choose Install Type:" 20 75 13 \
   "SENSORONLY" "Create a forward only sensor" ON \
-  "STORAGENODE" "Add a Storage Hot Node with parsing" OFF \
+  "SEARCHNODE" "Add a Search Node with parsing" OFF \
   "MASTERONLY" "Start a new grid" OFF \
   "EVALMODE" "Evaluate all the things" OFF \
+  "MASTERSEARCH" "Master + Search Node" OFF \
   "HELIXSENSOR" "Connect this sensor to FireEye Helix" OFF \
   "PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF \
-  "HOTNODE" "TODO Add Hot Node (Storage Node without Parsing)" OFF \
+  "HOTNODE" "TODO Add Hot Node (Search Node without Parsing)" OFF \
-  "WARMNODE" "TODO Add Warm Node to existing Hot or Storage node" OFF \
+  "WARMNODE" "TODO Add Warm Node to existing Hot or Search node" OFF \
   "WAZUH" "TODO Stand Alone Wazuh Node" OFF \
   "STRELKA" "TODO Stand Alone Strelka Node" OFF \
   "FLEET" "TODO Stand Alone Fleet OSQuery Node" OFF 3>&1 1>&2 2>&3 )
@@ -449,7 +450,7 @@ whiptail_node_advanced() {
 
   NODESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
   "What type of config would you like to use?:" 20 75 4 \
-  "NODEBASIC" "Install Storage Node with recommended settings" ON \
+  "NODEBASIC" "Install Search Node with recommended settings" ON \
   "NODEADVANCED" "Advanced Node Setup" OFF 3>&1 1>&2 2>&3 )
 
   local exitstatus=$?