diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-delete b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-delete index 70b483424..d603f750f 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-delete +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-delete @@ -4,7 +4,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common POLICY_ID=$1 diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-list b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-list index 174f3cb78..6a51db6b6 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-list +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-list @@ -4,7 +4,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common # Let's snag a cookie from Kibana SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-view b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-view index f82ec1664..9b1e2ed65 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-view +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-view @@ -4,7 +4,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common POLICY_ID=$1 diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common new file mode 100755 index 000000000..e56ee7f0a --- /dev/null +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common @@ -0,0 +1,79 @@ +#!/bin/bash +# +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +DEFAULT_SALT_DIR=/opt/so/saltstack/default + +if [ -z $NOROOT ]; then + # Check for prerequisites + if [ "$(id -u)" -ne 0 ]; then + echo "This script must be run using sudo!" + exit 1 + fi +fi + +# Ensure /usr/sbin is in path +if ! echo "$PATH" | grep -q "/usr/sbin"; then + export PATH="$PATH:/usr/sbin" +fi + +# Define a banner to separate sections +banner="=========================================================================" + +elastic_fleet_integration_check() { + + AGENT_POLICY=$1 + + JSON_STRING=$2 + + NAME=$(jq -r .name $JSON_STRING) + + INTEGRATION_ID=$(/usr/sbin/so-elastic-fleet-agent-policy-view "$AGENT_POLICY" | jq -r '.item.package_policies[] | select(.name=="'"$NAME"'") | .id') + +} + +elastic_fleet_integration_create() { + + JSON_STRING=$1 + + curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/package_policies" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING" +} + +elastic_fleet_integration_update() { + + UPDATE_ID=$1 + + JSON_STRING=$2 + + curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/package_policies/$UPDATE_ID" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING" +} + +elastic_fleet_policy_create() { + + NAME=$1 + DESC=$2 + FLEETSERVER=$3 + TIMEOUT=$4 + + JSON_STRING=$( jq -n \ + --arg NAME "$NAME" \ + --arg DESC "$DESC" \ + --arg TIMEOUT $TIMEOUT \ + --arg FLEETSERVER "$FLEETSERVER" \ + '{"name": $NAME,"id":$NAME,"description":$DESC,"namespace":"default","monitoring_enabled":["logs"],"inactivity_timeout":$TIMEOUT,"has_fleet_server":$FLEETSERVER}' + ) + # Create Fleet Policy + curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/agent_policies" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING" + +} + +elastic_fleet_policy_update() { + + POLICYID=$1 + JSON_STRING=$2 + + curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/agent_policies/$POLICYID" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING" +} diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-data-streams-list b/salt/elasticfleet/tools/sbin/so-elastic-fleet-data-streams-list index b3e35fdba..451c23f3d 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-data-streams-list +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-data-streams-list @@ -4,7 +4,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common # Let's snag a cookie from Kibana SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete index ac600ab40..8bf50ecee 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete @@ -4,7 +4,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common POLICY_ID=$1 diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-delete b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-delete index ded8da808..d4155e821 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-delete +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-delete @@ -4,7 +4,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common POLICY_ID=$1 diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-list b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-list index 86338a312..6696ede25 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-list +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-list @@ -4,7 +4,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common # Let's snag a cookie from Kibana SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load index 92b20c5bf..771d923ef 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load @@ -4,7 +4,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common RETURN_CODE=0 diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-restart b/salt/elasticfleet/tools/sbin/so-elastic-fleet-restart index e3c38b409..7f7d9676c 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-restart +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-restart @@ -7,6 +7,6 @@ -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common /usr/sbin/so-restart elastic-fleet $1 diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-start b/salt/elasticfleet/tools/sbin/so-elastic-fleet-start index 5ae7d21a1..7350e6c57 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-start +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-start @@ -7,6 +7,6 @@ -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common /usr/sbin/so-start elastic-fleet $1 diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-stop b/salt/elasticfleet/tools/sbin/so-elastic-fleet-stop index f3fc3b923..29174c2ae 100755 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-stop +++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-stop @@ -7,6 +7,6 @@ -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common /usr/sbin/so-stop elastic-fleet $1 diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers index 84a519d37..d72bfeec2 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers @@ -8,7 +8,7 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common #FLEETHOST="https://{{ GLOBALS.manager_ip }}:8220" diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup index c81d69282..8a3981ef4 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup @@ -6,7 +6,7 @@ # this file except in compliance with the Elastic License 2.0. {% from 'vars/globals.map.jinja' import GLOBALS %} -. /usr/sbin/so-common +. /usr/sbin/so-elastic-fleet-common printf "\n### Create ES Token ###\n" ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' | jq -r .value)