CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #184 from Security-Onion-Solutions/issues/157

Browse Source 
Issues/157
This commit is contained in:
Mike Reeves
2019-12-30 13:47:46 -05:00
committed by GitHub
parent c6345a8950 1b8bb8e761
commit bbd95c977c
3 changed files with 99 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pillar/top.sls
View File

@@ -3,20 +3,20 @@ base:
- patch.needs_restarting - patch.needs_restarting
'G@role:so-sensor': 'G@role:so-sensor':
- sensors.{{ grains.id }} - minions.{{ grains.id }}
- static - static
- firewall.* - firewall.*
- brologs - brologs
'G@role:so-master': 'G@role:so-master':
- masters.{{ grains.id }} - minions.{{ grains.id }}
- static - static
- firewall.* - firewall.*
- data.* - data.*
- auth - auth
'G@role:so-eval': 'G@role:so-eval':
- masters.{{ grains.id }} - minions.{{ grains.id }}
- static - static
- firewall.* - firewall.*
- data.* - data.*
@@ -24,13 +24,12 @@ base:
- auth - auth
'G@role:so-node': 'G@role:so-node':
- nodes.{{ grains.id }} - minions.{{ grains.id }}
- static - static
- firewall.* - firewall.*
'G@role:so-helix': 'G@role:so-helix':
- masters.{{ grains.id }} - minions.{{ grains.id }}
- sensors.{{ grains.id }}
- static - static
- firewall.* - firewall.*
- fireeye - fireeye

197
setup/functions.sh
View File

@@ -270,9 +270,9 @@ copy_minion_tmp_files() {
if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
echo "Copying pillar and salt files in $TMP to /opt/so/saltstack" echo "Copying pillar and salt files in $TMP to /opt/so/saltstack"
cp -Rv $TMP/pillar/ /opt/so/saltstack/pillar/ >> $SETUPLOG 2>&1 cp -Rv $TMP/pillar/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
if [ -d $TMP/salt ] ; then if [ -d $TMP/salt ] ; then
cp -Rv $TMP/salt/ /opt/so/saltstack/salt/ >> $SETUPLOG 2>&1 cp -Rv $TMP/salt/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
fi fi
else else
echo "scp pillar and salt files in $TMP to master /opt/so/saltstack" echo "scp pillar and salt files in $TMP to master /opt/so/saltstack"
@@ -545,7 +545,8 @@ got_root() {
install_cleanup() { install_cleanup() {
echo "install_cleanup called" >> $SETUPLOG 2>&1 echo "install_cleanup removing the following files:"
ls -lR $TMP
# Clean up after ourselves # Clean up after ourselves
rm -rf /root/installtmp rm -rf /root/installtmp
@@ -556,6 +557,8 @@ install_prep() {
# Create a tmp space that isn't in /tmp # Create a tmp space that isn't in /tmp
mkdir /root/installtmp mkdir /root/installtmp
mkdir /root/installtmp/pillar
mkdir /root/installtmp/pillar/minions
TMP=/root/installtmp TMP=/root/installtmp
} }
@@ -595,47 +598,50 @@ ls_heapsize() {
master_pillar() { master_pillar() {
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
# Create the master pillar # Create the master pillar
touch /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo "master:" >> $PILLARFILE
echo "master:" > /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " mainip: $MAINIP" >> $PILLARFILE
echo " mainip: $MAINIP" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " mainint: $MAININT" >> $PILLARFILE
echo " mainint: $MAININT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " esheap: $ES_HEAP_SIZE" >> $PILLARFILE
echo " esheap: $ES_HEAP_SIZE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " esclustername: {{ grains.host }}" >> $PILLARFILE
echo " esclustername: {{ grains.host }}" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
if [ $INSTALLTYPE == 'EVALMODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then if [ $INSTALLTYPE == 'EVALMODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
echo " freq: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " freq: 0" >> $PILLARFILE
echo " domainstats: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " domainstats: 0" >> $PILLARFILE
echo " ls_pipeline_batch_size: 125" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " ls_pipeline_batch_size: 125" >> $PILLARFILE
echo " ls_input_threads: 1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " ls_input_threads: 1" >> $PILLARFILE
echo " ls_batch_count: 125" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " ls_batch_count: 125" >> $PILLARFILE
echo " mtu: 1500" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " mtu: 1500" >> $PILLARFILE
else else
echo " freq: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " freq: 0" >> $PILLARFILE
echo " domainstats: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " domainstats: 0" >> $PILLARFILE
fi fi
if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
echo " lsheap: 1000m" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " lsheap: 1000m" >> $PILLARFILE
else else
echo " lsheap: $LS_HEAP_SIZE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " lsheap: $LS_HEAP_SIZE" >> $PILLARFILE
fi fi
echo " lsaccessip: 127.0.0.1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " lsaccessip: 127.0.0.1" >> $PILLARFILE
echo " elastalert: 1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " elastalert: 1" >> $PILLARFILE
echo " ls_pipeline_workers: $CPUCORES" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " ls_pipeline_workers: $CPUCORES" >> $PILLARFILE
echo " nids_rules: $RULESETUP" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " nids_rules: $RULESETUP" >> $PILLARFILE
echo " oinkcode: $OINKCODE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " oinkcode: $OINKCODE" >> $PILLARFILE
#echo " access_key: $ACCESS_KEY" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls #echo " access_key: $ACCESS_KEY" >> $PILLARFILE
#echo " access_secret: $ACCESS_SECRET" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls #echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE
echo " es_port: $NODE_ES_PORT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " es_port: $NODE_ES_PORT" >> $PILLARFILE
echo " log_size_limit: $LOG_SIZE_LIMIT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE
echo " cur_close_days: $CURCLOSEDAYS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE
#echo " mysqlpass: $MYSQLPASS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls #echo " mysqlpass: $MYSQLPASS" >> $PILLARFILE
#echo " fleetpass: $FLEETPASS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls #echo " fleetpass: $FLEETPASS" >> $PILLARFILE
echo " grafana: $GRAFANA" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " grafana: $GRAFANA" >> $PILLARFILE
echo " osquery: $OSQUERY" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " osquery: $OSQUERY" >> $PILLARFILE
echo " wazuh: $WAZUH" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " wazuh: $WAZUH" >> $PILLARFILE
echo " thehive: $THEHIVE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " thehive: $THEHIVE" >> $PILLARFILE
echo " playbook: $PLAYBOOK" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls echo " playbook: $PLAYBOOK" >> $PILLARFILE
echo "" >> $PILLARFILE
} }
master_static() { master_static() {
@@ -695,53 +701,39 @@ network_setup() {
node_pillar() { node_pillar() {
NODEPILLARPATH=$TMP/pillar/nodes PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
if [ ! -d $NODEPILLARPATH ]; then
mkdir -p $NODEPILLARPATH
fi
# Create the node pillar # Create the node pillar
touch $NODEPILLARPATH/$MINION_ID.sls echo "node:" >> $PILLARFILE
echo "node:" > $NODEPILLARPATH/$MINION_ID.sls echo " mainip: $MAINIP" >> $PILLARFILE
echo " mainip: $MAINIP" >> $NODEPILLARPATH/$MINION_ID.sls echo " mainint: $MAININT" >> $PILLARFILE
echo " mainint: $MAININT" >> $NODEPILLARPATH/$MINION_ID.sls echo " esheap: $NODE_ES_HEAP_SIZE" >> $PILLARFILE
echo " esheap: $NODE_ES_HEAP_SIZE" >> $NODEPILLARPATH/$MINION_ID.sls echo " esclustername: {{ grains.host }}" >> $PILLARFILE
echo " esclustername: {{ grains.host }}" >> $NODEPILLARPATH/$MINION_ID.sls echo " lsheap: $NODE_LS_HEAP_SIZE" >> $PILLARFILE
echo " lsheap: $NODE_LS_HEAP_SIZE" >> $NODEPILLARPATH/$MINION_ID.sls echo " ls_pipeline_workers: $LSPIPELINEWORKERS" >> $PILLARFILE
echo " ls_pipeline_workers: $LSPIPELINEWORKERS" >> $NODEPILLARPATH/$MINION_ID.sls echo " ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $PILLARFILE
echo " ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $NODEPILLARPATH/$MINION_ID.sls echo " ls_input_threads: $LSINPUTTHREADS" >> $PILLARFILE
echo " ls_input_threads: $LSINPUTTHREADS" >> $NODEPILLARPATH/$MINION_ID.sls echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $PILLARFILE
echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $NODEPILLARPATH/$MINION_ID.sls echo " es_shard_count: $SHARDCOUNT" >> $PILLARFILE
echo " es_shard_count: $SHARDCOUNT" >> $NODEPILLARPATH/$MINION_ID.sls echo " node_type: $NODETYPE" >> $PILLARFILE
echo " node_type: $NODETYPE" >> $NODEPILLARPATH/$MINION_ID.sls echo " es_port: $NODE_ES_PORT" >> $PILLARFILE
echo " es_port: $NODE_ES_PORT" >> $NODEPILLARPATH/$MINION_ID.sls echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE
echo " log_size_limit: $LOG_SIZE_LIMIT" >> $NODEPILLARPATH/$MINION_ID.sls echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE
echo " cur_close_days: $CURCLOSEDAYS" >> $NODEPILLARPATH/$MINION_ID.sls echo "" >> $PILLARFILE
} }
patch_pillar() { patch_pillar() {
case $INSTALLTYPE in PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
MASTERONLY | EVALMODE | HELIXSENSOR)
PATCHPILLARPATH=/opt/so/saltstack/pillar/masters
;;
SENSORONLY)
PATCHPILLARPATH=$SENSORPILLARPATH
;;
SEARCHNODE | PARSINGNODE | HOTNODE | WARMNODE)
PATCHPILLARPATH=$NODEPILLARPATH
;;
esac
echo "" >> $PATCHPILLARPATH/$MINION_ID.sls
echo "patch:" >> $PATCHPILLARPATH/$MINION_ID.sls
echo " os:" >> $PATCHPILLARPATH/$MINION_ID.sls
echo " schedule_name: $PATCHSCHEDULENAME" >> $PATCHPILLARPATH/$MINION_ID.sls
echo " enabled: True" >> $PATCHPILLARPATH/$MINION_ID.sls
echo " splay: 300" >> $PATCHPILLARPATH/$MINION_ID.sls
echo "" >> $PILLARFILE
echo "patch:" >> $PILLARFILE
echo " os:" >> $PILLARFILE
echo " schedule_name: $PATCHSCHEDULENAME" >> $PILLARFILE
echo " enabled: True" >> $PILLARFILE
echo " splay: 300" >> $PILLARFILE
echo "" >> $PILLARFILE
} }
@@ -1105,51 +1097,44 @@ salt_install_mysql_deps() {
} }
sensor_pillar() { sensor_pillar() {
if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
SENSORPILLARPATH=/opt/so/saltstack/pillar/sensors PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
mkdir -p $TMP
mkdir -p $SENSORPILLARPATH
else
SENSORPILLARPATH=$TMP/pillar/sensors
fi
if [ ! -d $SENSORPILLARPATH ]; then
mkdir -p $SENSORPILLARPATH
fi
# Create the sensor pillar # Create the sensor pillar
touch $SENSORPILLARPATH/$MINION_ID.sls touch $PILLARFILE
echo "sensor:" > $SENSORPILLARPATH/$MINION_ID.sls echo "sensor:" >> $PILLARFILE
echo " interface: bond0" >> $SENSORPILLARPATH/$MINION_ID.sls echo " interface: bond0" >> $PILLARFILE
echo " mainip: $MAINIP" >> $SENSORPILLARPATH/$MINION_ID.sls echo " mainip: $MAINIP" >> $PILLARFILE
echo " mainint: $MAININT" >> $SENSORPILLARPATH/$MINION_ID.sls echo " mainint: $MAININT" >> $PILLARFILE
if [ $NSMSETUP == 'ADVANCED' ]; then if [ $NSMSETUP == 'ADVANCED' ]; then
echo " bro_pins:" >> $SENSORPILLARPATH/$MINION_ID.sls echo " bro_pins:" >> $PILLARFILE
for PIN in $BROPINS; do for PIN in $BROPINS; do
PIN=$(echo $PIN | cut -d\" -f2) PIN=$(echo $PIN | cut -d\" -f2)
echo " - $PIN" >> $SENSORPILLARPATH/$MINION_ID.sls echo " - $PIN" >> $PILLARFILE
done done
echo " suripins:" >> $SENSORPILLARPATH/$MINION_ID.sls echo " suripins:" >> $PILLARFILE
for SPIN in $SURIPINS; do for SPIN in $SURIPINS; do
SPIN=$(echo $SPIN | cut -d\" -f2) SPIN=$(echo $SPIN | cut -d\" -f2)
echo " - $SPIN" >> $SENSORPILLARPATH/$MINION_ID.sls echo " - $SPIN" >> $PILLARFILE
done done
elif [ $INSTALLTYPE == 'HELIXSENSOR' ]; then elif [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
echo " bro_lbprocs: $LBPROCS" >> $SENSORPILLARPATH/$MINION_ID.sls echo " bro_lbprocs: $LBPROCS" >> $PILLARFILE
echo " suriprocs: $LBPROCS" >> $SENSORPILLARPATH/$MINION_ID.sls echo " suriprocs: $LBPROCS" >> $PILLARFILE
else else
echo " bro_lbprocs: $BASICBRO" >> $SENSORPILLARPATH/$MINION_ID.sls echo " bro_lbprocs: $BASICBRO" >> $PILLARFILE
echo " suriprocs: $BASICSURI" >> $SENSORPILLARPATH/$MINION_ID.sls echo " suriprocs: $BASICSURI" >> $PILLARFILE
fi fi
echo " brobpf:" >> $SENSORPILLARPATH/$MINION_ID.sls echo " brobpf:" >> $PILLARFILE
echo " pcapbpf:" >> $SENSORPILLARPATH/$MINION_ID.sls echo " pcapbpf:" >> $PILLARFILE
echo " nidsbpf:" >> $SENSORPILLARPATH/$MINION_ID.sls echo " nidsbpf:" >> $PILLARFILE
echo " master: $MSRV" >> $SENSORPILLARPATH/$MINION_ID.sls echo " master: $MSRV" >> $PILLARFILE
echo " mtu: $MTU" >> $SENSORPILLARPATH/$MINION_ID.sls echo " mtu: $MTU" >> $PILLARFILE
if [ $HNSENSOR != 'inherit' ]; then if [ $HNSENSOR != 'inherit' ]; then
echo " hnsensor: $HNSENSOR" >> $SENSORPILLARPATH/$MINION_ID.sls echo " hnsensor: $HNSENSOR" >> $PILLARFILE
fi fi
echo " access_key: $ACCESS_KEY" >> $SENSORPILLARPATH/$MINION_ID.sls echo " access_key: $ACCESS_KEY" >> $PILLARFILE
echo " access_secret: $ACCESS_SECRET" >> $SENSORPILLARPATH/$MINION_ID.sls echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE
echo "" >> $PILLARFILE
} }

6
setup/whiptail.sh
View File

@@ -90,7 +90,7 @@ whiptail_cancel() {
whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75 whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
if [ -d "/root/installtmp" ]; then if [ -d "/root/installtmp" ]; then
echo "/root/installtmp exists" >> $SETUPLOG 2>&1 echo "/root/installtmp exists" >> $SETUPLOG 2>&1
install_cleanup install_cleanup >> $SETUPLOG 2>&1
echo "/root/installtmp removed" >> $SETUPLOG 2>&1 echo "/root/installtmp removed" >> $SETUPLOG 2>&1
fi fi
exit exit
@@ -685,14 +685,14 @@ whiptail_set_hostname() {
whiptail_setup_complete() { whiptail_setup_complete() {
whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75 whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75
install_cleanup install_cleanup >> $SETUPLOG 2>&1
} }
whiptail_setup_failed() { whiptail_setup_failed() {
whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75 whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75
install_cleanup install_cleanup >> $SETUPLOG 2>&1
} }