mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
regex for hostgroups
This commit is contained in:
Mike Reeves
@@ -1,138 +1,176 @@
|
|||||||
firewall:
|
firewall:
|
||||||
hostgroups:
|
hostgroups:
|
||||||
analyst: &hostgroupsettings
|
analyst: &hostgroupsettings
|
||||||
description: List of IP or CIDR blocks to allow access to for this hostgroup.
|
description: List of IP or CIDR blocks to allow access to this hostgroup.
|
||||||
helplink: firewall.html
|
helplink: firewall.html
|
||||||
multiline: True
|
multiline: True
|
||||||
regex: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
|
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
||||||
regexFailureMessage: You must enter a properly formatted IP address or CIDR.
|
regexFailureMessage: You must enter a valid IP address or CIDR.
|
||||||
anywhere: *hostgroupsettings
|
anywhere: &hostgroupsettingsadv
|
||||||
|
description: List of IP or CIDR blocks to allow access to this hostgroup.
|
||||||
|
helplink: firewall.html
|
||||||
|
multiline: True
|
||||||
|
advanced: True
|
||||||
|
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
||||||
|
regexFailureMessage: You must enter a valid IP address or CIDR.
|
||||||
beats_endpoint: *hostgroupsettings
|
beats_endpoint: *hostgroupsettings
|
||||||
beats_endpoint_ssl: *hostgroupsettings
|
beats_endpoint_ssl: *hostgroupsettings
|
||||||
dockernet: *hostgroupsettings
|
dockernet: *hostgroupsettingsadv
|
||||||
elastic_agent_endpoint: *hostgroupsettings
|
elastic_agent_endpoint: *hostgroupsettings
|
||||||
elasticsearch_rest: *hostgroupsettings
|
elasticsearch_rest: *hostgroupsettingsadv
|
||||||
endgame: *hostgroupsettings
|
endgame: *hostgroupsettingsadv
|
||||||
eval: *hostgroupsettings
|
eval: *hostgroupsettings
|
||||||
fleet: *hostgroupsettings
|
fleet: *hostgroupsettings
|
||||||
heavynodes: *hostgroupsettings
|
heavynodes: *hostgroupsettings
|
||||||
idh: *hostgroupsettings
|
idh: *hostgroupsettings
|
||||||
localhost: *hostgroupsettings
|
localhost: *hostgroupsettingsadv
|
||||||
manager: *hostgroupsettings
|
manager: *hostgroupsettings
|
||||||
receivers: *hostgroupsettings
|
receivers: *hostgroupsettings
|
||||||
searchnodes: *hostgroupsettings
|
searchnodes: *hostgroupsettings
|
||||||
securityonion_desktops: *hostgroupsettings
|
securityonion_desktops: *hostgroupsettings
|
||||||
self: *hostgroupsettings
|
self: *hostgroupsettingsadv
|
||||||
sensors: *hostgroupsettings
|
sensors: *hostgroupsettings
|
||||||
standalone: *hostgroupsettings
|
standalone: *hostgroupsettings
|
||||||
strelka_frontend: *hostgroupsettings
|
strelka_frontend: *hostgroupsettings
|
||||||
syslog: *hostgroupsettings
|
syslog: *hostgroupsettings
|
||||||
|
customhostgroup1: &customhostgroupsettings
|
||||||
|
description: List of IP or CIDR blocks to allow to this hostgroup.
|
||||||
|
helpLink: firewall.html
|
||||||
|
advanced: True
|
||||||
|
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
|
||||||
|
regexFailureMessage: You must enter a valid IP address or CIDR.
|
||||||
|
customhostgroup2: *customhostgroupsettings
|
||||||
|
customhostgroup3: *customhostgroupsettings
|
||||||
|
customhostgroup4: *customhostgroupsettings
|
||||||
|
customhostgroup5: *customhostgroupsettings
|
||||||
|
customhostgroup6: *customhostgroupsettings
|
||||||
|
customhostgroup7: *customhostgroupsettings
|
||||||
|
customhostgroup8: *customhostgroupsettings
|
||||||
|
customhostgroup9: *customhostgroupsettings
|
||||||
|
customhostgroup10: *customhostgroupsettings
|
||||||
|
|
||||||
portgroups:
|
portgroups:
|
||||||
all:
|
all:
|
||||||
tcp:
|
tcp: &tcpsettings
|
||||||
udp:
|
description: List of TCP ports for this port group.
|
||||||
|
helplink: firewall.html
|
||||||
|
advanced: True
|
||||||
|
multiline: True
|
||||||
|
udp: &udpsettings
|
||||||
|
description: List of UDP ports for this port group.
|
||||||
|
helplink: firewall.html
|
||||||
|
advanced: True
|
||||||
|
multiline: True
|
||||||
agrules:
|
agrules:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
beats_5044:
|
beats_5044:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
beats_5644:
|
beats_5644:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
beats_5066:
|
beats_5066:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
beats_5056:
|
beats_5056:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
docker_registry:
|
docker_registry:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
elasticsearch_node:
|
elasticsearch_node:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
elasticsearch_rest:
|
elasticsearch_rest:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
elastic_agent_control:
|
elastic_agent_control:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
elastic_agent_data:
|
elastic_agent_data:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
endgame:
|
endgame:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
influxdb:
|
influxdb:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
kibana:
|
kibana:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
mysql:
|
mysql:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
nginx:
|
nginx:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
playbook:
|
playbook:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
redis:
|
redis:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
salt_manager:
|
salt_manager:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
sensoroni:
|
sensoroni:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
ssh:
|
ssh:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
strelka_frontend:
|
strelka_frontend:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
syslog:
|
syslog:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
yum:
|
yum:
|
||||||
tcp:
|
tcp: *tcpsettings
|
||||||
udp:
|
udp: *udpsettings
|
||||||
role:
|
role:
|
||||||
eval:
|
eval:
|
||||||
chain:
|
chain:
|
||||||
DOCKER-USER:
|
DOCKER-USER:
|
||||||
hostgroups:
|
hostgroups:
|
||||||
eval:
|
eval:
|
||||||
portgroups:
|
portgroups: &portgroupsdocker
|
||||||
|
description: Portgroups to add access to the docker containers for this role.
|
||||||
|
advanced: True
|
||||||
|
multiline: True
|
||||||
|
helpLink: firewall.html
|
||||||
sensors:
|
sensors:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
searchnodes:
|
searchnodes:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
heavynodes:
|
heavynodes:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
self:
|
self:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
beats_endpoint:
|
beats_endpoint:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
beats_endpoint_ssl:
|
beats_endpoint_ssl:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
elasticsearch_rest:
|
elasticsearch_rest:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
elastic_agent_endpoint:
|
elastic_agent_endpoint:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
strelka_frontend:
|
strelka_frontend:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
syslog:
|
syslog:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
analyst:
|
analyst:
|
||||||
portgroups:
|
portgroups: *portgroupsdocker
|
||||||
INPUT:
|
INPUT:
|
||||||
hostgroups:
|
hostgroups:
|
||||||
anywhere:
|
anywhere:
|
||||||
portgroups:
|
portgroups: &portgroupshost
|
||||||
|
description: Portgroups to add access to the host.
|
||||||
|
advacned: True
|
||||||
|
multiline: True
|
||||||
|
helpLink
|
||||||
dockernet:
|
dockernet:
|
||||||
portgroups:
|
portgroups:
|
||||||
localhost:
|
localhost:
|
||||||
@@ -189,6 +227,10 @@ firewall:
|
|||||||
portgroups:
|
portgroups:
|
||||||
analyst:
|
analyst:
|
||||||
portgroups:
|
portgroups:
|
||||||
|
custom1:
|
||||||
|
portgroups:
|
||||||
|
custom2:
|
||||||
|
|
||||||
INPUT:
|
INPUT:
|
||||||
hostgroups:
|
hostgroups:
|
||||||
anywhere:
|
anywhere:
|
||||||
|
|||||||
Reference in New Issue
Block a user