Merge pull request #902 from Security-Onion-Solutions/feature/es_allow

Add ES REST API option for so-allow
2025-12-06 09:12:45 +01:00 · 2020-06-29 14:51:09 -04:00
parent b01bdf35f9 ed60d48c81
commit b398d58dc9
3 changed files with 14 additions and 1 deletions
--- a/files/firewall/hostgroups.local.yaml
+++ b/files/firewall/hostgroups.local.yaml
@@ -12,6 +12,9 @@ firewall:
      ips:
        delete:
        insert:
+    elasticsearch_rest:
+        delete:
+        insert:
    fleet:
      ips:
        delete:
--- a/salt/common/tools/sbin/so-allow
+++ b/salt/common/tools/sbin/so-allow
@@ -38,7 +38,11 @@ do
            FULLROLE="beats_endpoint"
            SKIP=1
            ;;
-	f)
+	e)
+            FULLROLE="elasticsearch_rest"
+            SKIP=1
+            ;;
+        f)
 	    FULLROLE="strelka_frontend"
            SKIP=1
            ;;
@@ -77,6 +81,7 @@ if [ "$SKIP" -eq 0 ]; then
    echo ""
    echo "[a] - Analyst - ports 80/tcp and 443/tcp"
    echo "[b] - Logstash Beat - port 5044/tcp"
+    echo "[e] - Elasticsearch REST API - port 9200/tcp"
    echo "[f] - Strelka frontend - port 57314/tcp"
    echo "[o] - Osquery endpoint - port 8090/tcp"
    echo "[s] - Syslog device - 514/tcp/udp"
@@ -92,6 +97,8 @@ if [ "$SKIP" -eq 0 ]; then
        FULLROLE=analyst
    elif [ "$ROLE" == "b" ]; then
        FULLROLE=beats_endpoint
+    elif [ "$ROLE" == "e" ]; then
+        FULLROLE=elasticsearch_rest
    elif [ "$ROLE" == "f" ]; then
        FULLROLE=strelka_frontend
    elif [ "$ROLE" == "o" ]; then
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -48,6 +48,9 @@ role:
          beats_endpoint_ssl:
            portgroups:
              - {{ portgroups.beats_5644 }}
+          elasticsearch_rest:
+            portgroups:
+              - {{ portgroups.elasticsearch_rest }}
          osquery_endpoint:
            portgroups:
              - {{ portgroups.fleet_api }}