CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

define and assign elastic_agent_update port

Browse Source
This commit is contained in:
m0duspwnens
2023-05-03 12:40:56 -04:00
parent 767c922083 a57ba7e35d
commit b0bd64bc10
10 changed files with 105 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
salt/common/tools/sbin/so-elastic-agent-gen-installers
View File

@@ -17,18 +17,39 @@ FLEETHOST="{{ GLOBALS.manager_ip }}"
#FLEETHOST=$1 #FLEETHOST=$1
#ENROLLMENTOKEN=$2 #ENROLLMENTOKEN=$2
CONTAINERGOOS=( "linux" "darwin" "windows" ) TARGETOS=( "linux" "darwin" "windows" )
#rm -rf /tmp/elastic-agent-workspace printf "\n### Get rid of any previous runs\n"
#mkdir -p /tmp/elastic-agent-workspace rm -rf /tmp/elastic-agent-workspace
mkdir -p /tmp/elastic-agent-workspace
for OS in "${CONTAINERGOOS[@]}" printf "\n### Extract outer tarball and then each individual tarball/zip\n"
tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-{{ GLOBALS.so_version }}.tar.gz -C /tmp/elastic-agent-workspace/
unzip /tmp/elastic-agent-workspace/elastic-agent-*.zip -d /tmp/elastic-agent-workspace/
for archive in /tmp/elastic-agent-workspace/*.tar.gz
do
tar xf "$archive" -C /tmp/elastic-agent-workspace/
done
printf "\n### Strip out unused components"
find /tmp/elastic-agent-workspace/elastic-agent-*/data/elastic-agent-*/components -regex '.*fleet.*\|.*packet.*\|.*apm*.*\|.*audit.*\|.*heart.*\|.*cloud.*' -delete
printf "\n### Tar everything up again"
for OS in "${TARGETOS[@]}"
do
rm -rf /tmp/elastic-agent-workspace/elastic-agent
mv /tmp/elastic-agent-workspace/elastic-agent-*-$OS-x86_64 /tmp/elastic-agent-workspace/elastic-agent
tar -czvf /tmp/elastic-agent-workspace/$OS.tar.gz -C /tmp/elastic-agent-workspace elastic-agent
done
printf "\n### Generate OS packages using the cleaned up tarballs"
for OS in "${TARGETOS[@]}"
do do
printf "\n\nGenerating $OS Installer..." printf "\n\n### Generating $OS Installer...\n"
#cp /opt/so/saltstack/default/salt/elasticfleet/files/elastic-agent/so-elastic-agent-*-$OS-x86_64.tar.gz /tmp/elastic-agent-workspace/$OS.tar.gz
docker run -e CGO_ENABLED=0 -e GOOS=$OS \ docker run -e CGO_ENABLED=0 -e GOOS=$OS \
--mount type=bind,source=/etc/ssl/certs/,target=/workspace/files/cert/ \ --mount type=bind,source=/etc/ssl/certs/,target=/workspace/files/cert/ \
--mount type=bind,source=/tmp/elastic-agent-workspace/,target=/workspace/files/elastic-agent/ \
--mount type=bind,source=/opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/,target=/output/ \ --mount type=bind,source=/opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/,target=/output/ \
{{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent-builder:{{ GLOBALS.so_version }} go build -ldflags "-X main.fleetHost=$FLEETHOST -X main.enrollmentToken=$ENROLLMENTOKEN" -o /output/so-elastic-agent_$OS {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elastic-agent-builder:{{ GLOBALS.so_version }} go build -ldflags "-X main.fleetHost=$FLEETHOST -X main.enrollmentToken=$ENROLLMENTOKEN" -o /output/so-elastic-agent_$OS
printf "\n $OS Installer Generated..." printf "\n### $OS Installer Generated...\n"
done done

9
salt/common/tools/sbin/so-elastic-fleet-setup
View File

@@ -62,6 +62,15 @@ elastic_fleet_policy_create "so-grid-nodes" "SO Grid Node Policy" "false"
# Load Integrations for default policies # Load Integrations for default policies
so-elastic-fleet-integration-policy-load so-elastic-fleet-integration-policy-load
# Set Elastic Agent Artifact Registry URL
JSON_STRING=$( jq -n \
--arg NAME "FleetServer_{{ GLOBALS.hostname }}" \
--arg URL "http://{{ GLOBALS.url_base }}/artifacts/" \
'{"name":$NAME,"host":$URL,"is_default":true}'
)
curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/agent_download_sources" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
### Finalization ### ### Finalization ###
# Query for Enrollment Tokens for default policies # Query for Enrollment Tokens for default policies

1
salt/docker/defaults.yaml
View File

@@ -54,6 +54,7 @@ docker:
port_bindings: port_bindings:
- 80:80 - 80:80
- 443:443 - 443:443
- 8443:8443
'so-playbook': 'so-playbook':
final_octet: 32 final_octet: 32
port_bindings: port_bindings:

11
salt/elasticfleet/artifact_registry.sls Normal file
View File

@@ -0,0 +1,11 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use
# this file except in compliance with the Elastic License 2.0.
fleetartifactdir:
file.directory:
- name: /nsm/elastic-fleet/artifacts
- user: 947
- group: 939
- makedirs: True

22
salt/firewall/defaults.yaml
View File

@@ -78,6 +78,10 @@ firewall:
tcp: tcp:
- 5055 - 5055
udp: [] udp: []
elastic_agent_update:
tcp:
- 8443
udp: []
endgame: endgame:
tcp: tcp:
- 3765 - 3765
@@ -205,6 +209,7 @@ firewall:
portgroups: portgroups:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
strelka_frontend: strelka_frontend:
portgroups: portgroups:
- strelka_frontend - strelka_frontend
@@ -273,10 +278,12 @@ firewall:
portgroups: portgroups:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
elastic_agent_endpoint: elastic_agent_endpoint:
portgroups: portgroups:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
customhostgroup0: customhostgroup0:
portgroups: [] portgroups: []
customhostgroup1: customhostgroup1:
@@ -356,12 +363,14 @@ firewall:
- docker_registry - docker_registry
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
sensor: sensor:
portgroups: portgroups:
- beats_5044 - beats_5044
- beats_5644 - beats_5644
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
- yum - yum
- docker_registry - docker_registry
- influxdb - influxdb
@@ -376,6 +385,7 @@ firewall:
- influxdb - influxdb
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
heavynode: heavynode:
portgroups: portgroups:
- redis - redis
@@ -387,6 +397,7 @@ firewall:
- influxdb - influxdb
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
self: self:
portgroups: portgroups:
- syslog - syslog
@@ -406,6 +417,7 @@ firewall:
portgroups: portgroups:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
endgame: endgame:
portgroups: portgroups:
- endgame - endgame
@@ -488,12 +500,14 @@ firewall:
- docker_registry - docker_registry
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
sensor: sensor:
portgroups: portgroups:
- beats_5044 - beats_5044
- beats_5644 - beats_5644
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
- yum - yum
- docker_registry - docker_registry
- influxdb - influxdb
@@ -507,6 +521,7 @@ firewall:
- influxdb - influxdb
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
heavynode: heavynode:
portgroups: portgroups:
- redis - redis
@@ -517,6 +532,7 @@ firewall:
- influxdb - influxdb
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
self: self:
portgroups: portgroups:
- syslog - syslog
@@ -533,6 +549,7 @@ firewall:
portgroups: portgroups:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
endgame: endgame:
portgroups: portgroups:
- endgame - endgame
@@ -628,6 +645,7 @@ firewall:
- elasticsearch_node - elasticsearch_node
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
- endgame - endgame
- strelka_frontend - strelka_frontend
fleet: fleet:
@@ -642,6 +660,7 @@ firewall:
- beats_5056 - beats_5056
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
sensor: sensor:
portgroups: portgroups:
- docker_registry - docker_registry
@@ -653,6 +672,7 @@ firewall:
- beats_5056 - beats_5056
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
searchnode: searchnode:
portgroups: portgroups:
- docker_registry - docker_registry
@@ -687,6 +707,7 @@ firewall:
portgroups: portgroups:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
endgame: endgame:
portgroups: portgroups:
- endgame - endgame
@@ -1005,6 +1026,7 @@ firewall:
portgroups: portgroups:
- elastic_agent_control - elastic_agent_control
- elastic_agent_data - elastic_agent_data
- elastic_agent_update
analyst: analyst:
portgroups: portgroups:
- nginx - nginx

3
salt/firewall/soc_firewall.yaml
View File

@@ -106,6 +106,9 @@ firewall:
elastic_agent_data: elastic_agent_data:
tcp: *tcpsettings tcp: *tcpsettings
udp: *udpsettings udp: *udpsettings
elastic_agent_update:
tcp: *tcpsettings
udp: *udpsettings
endgame: endgame:
tcp: *tcpsettings tcp: *tcpsettings
udp: *udpsettings udp: *udpsettings

16
salt/nginx/etc/nginx.conf
View File

@@ -43,6 +43,22 @@ http {
return 307 https://{{ GLOBALS.url_base }}$request_uri; return 307 https://{{ GLOBALS.url_base }}$request_uri;
} }
server {
listen 8443;
server_name {{ GLOBALS.url_base }};
root /opt/socore/html;
location /artifacts/ {
try_files $uri =206;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server { server {
listen 443 ssl http2 default_server; listen 443 ssl http2 default_server;
server_name _; server_name _;

1
salt/nginx/init.sls
View File

@@ -96,6 +96,7 @@ so-nginx:
- /opt/so/tmp/nginx/:/var/lib/nginx:rw - /opt/so/tmp/nginx/:/var/lib/nginx:rw
- /opt/so/tmp/nginx/:/run:rw - /opt/so/tmp/nginx/:/run:rw
- /opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/:/opt/socore/html/packages - /opt/so/saltstack/local/salt/elasticfleet/files/so_agent-installers/:/opt/socore/html/packages
- /nsm/elastic-fleet/artifacts/:/opt/socore/html/artifacts
{% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import'] %} {% if grains.role in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone', 'so-import'] %}
- /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro - /etc/pki/managerssl.crt:/etc/pki/nginx/server.crt:ro
- /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro - /etc/pki/managerssl.key:/etc/pki/nginx/server.key:ro

11
setup/so-functions
View File

@@ -964,6 +964,17 @@ detect_os() {
} }
download_elastic_agent_artifacts() {
#TODO - ISO
logCmd "mkdir -p /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
logCmd "curl --retry 5 --retry-delay 60 https://repo.securityonion.net/file/so-repo/prod/2.4/elasticagent/elastic-agent_SO-$SOVERSION.tar.gz --output /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz"
logCmd "tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
}
installer_progress_loop() { installer_progress_loop() {
local i=0 local i=0
local msg="${1:-Performing background actions...}" local msg="${1:-Performing background actions...}"

3
setup/so-setup
View File

@@ -607,6 +607,9 @@ if ! [[ -f $install_opt_file ]]; then
securityonion_repo securityonion_repo
# Update existing packages # Update existing packages
update_packages update_packages
# Download Elastic Agent Artifacts
title "Downloading Elastic Agent Artifacts"
download_elastic_agent_artifacts
# Install salt # Install salt
saltify saltify
# Start the master service # Start the master service