mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
Merge pull request #184 from Security-Onion-Solutions/issues/157
Issues/157
This commit is contained in:
Mike Reeves
GitHub
@@ -3,20 +3,20 @@ base:
|
||||
- patch.needs_restarting
|
||||
|
||||
'G@role:so-sensor':
|
||||
- sensors.{{ grains.id }}
|
||||
- minions.{{ grains.id }}
|
||||
- static
|
||||
- firewall.*
|
||||
- brologs
|
||||
|
||||
'G@role:so-master':
|
||||
- masters.{{ grains.id }}
|
||||
- minions.{{ grains.id }}
|
||||
- static
|
||||
- firewall.*
|
||||
- data.*
|
||||
- auth
|
||||
|
||||
'G@role:so-eval':
|
||||
- masters.{{ grains.id }}
|
||||
- minions.{{ grains.id }}
|
||||
- static
|
||||
- firewall.*
|
||||
- data.*
|
||||
@@ -24,13 +24,12 @@ base:
|
||||
- auth
|
||||
|
||||
'G@role:so-node':
|
||||
- nodes.{{ grains.id }}
|
||||
- minions.{{ grains.id }}
|
||||
- static
|
||||
- firewall.*
|
||||
|
||||
'G@role:so-helix':
|
||||
- masters.{{ grains.id }}
|
||||
- sensors.{{ grains.id }}
|
||||
- minions.{{ grains.id }}
|
||||
- static
|
||||
- firewall.*
|
||||
- fireeye
|
||||
|
||||
@@ -270,9 +270,9 @@ copy_minion_tmp_files() {
|
||||
|
||||
if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
|
||||
echo "Copying pillar and salt files in $TMP to /opt/so/saltstack"
|
||||
cp -Rv $TMP/pillar/ /opt/so/saltstack/pillar/ >> $SETUPLOG 2>&1
|
||||
cp -Rv $TMP/pillar/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
|
||||
if [ -d $TMP/salt ] ; then
|
||||
cp -Rv $TMP/salt/ /opt/so/saltstack/salt/ >> $SETUPLOG 2>&1
|
||||
cp -Rv $TMP/salt/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
|
||||
fi
|
||||
else
|
||||
echo "scp pillar and salt files in $TMP to master /opt/so/saltstack"
|
||||
@@ -545,7 +545,8 @@ got_root() {
|
||||
|
||||
install_cleanup() {
|
||||
|
||||
echo "install_cleanup called" >> $SETUPLOG 2>&1
|
||||
echo "install_cleanup removing the following files:"
|
||||
ls -lR $TMP
|
||||
|
||||
# Clean up after ourselves
|
||||
rm -rf /root/installtmp
|
||||
@@ -556,6 +557,8 @@ install_prep() {
|
||||
|
||||
# Create a tmp space that isn't in /tmp
|
||||
mkdir /root/installtmp
|
||||
mkdir /root/installtmp/pillar
|
||||
mkdir /root/installtmp/pillar/minions
|
||||
TMP=/root/installtmp
|
||||
|
||||
}
|
||||
@@ -595,47 +598,50 @@ ls_heapsize() {
|
||||
|
||||
master_pillar() {
|
||||
|
||||
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
|
||||
|
||||
# Create the master pillar
|
||||
touch /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo "master:" > /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " mainip: $MAINIP" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " mainint: $MAININT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " esheap: $ES_HEAP_SIZE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " esclustername: {{ grains.host }}" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo "master:" >> $PILLARFILE
|
||||
echo " mainip: $MAINIP" >> $PILLARFILE
|
||||
echo " mainint: $MAININT" >> $PILLARFILE
|
||||
echo " esheap: $ES_HEAP_SIZE" >> $PILLARFILE
|
||||
echo " esclustername: {{ grains.host }}" >> $PILLARFILE
|
||||
if [ $INSTALLTYPE == 'EVALMODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
|
||||
echo " freq: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " domainstats: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " ls_pipeline_batch_size: 125" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " ls_input_threads: 1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " ls_batch_count: 125" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " mtu: 1500" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " freq: 0" >> $PILLARFILE
|
||||
echo " domainstats: 0" >> $PILLARFILE
|
||||
echo " ls_pipeline_batch_size: 125" >> $PILLARFILE
|
||||
echo " ls_input_threads: 1" >> $PILLARFILE
|
||||
echo " ls_batch_count: 125" >> $PILLARFILE
|
||||
echo " mtu: 1500" >> $PILLARFILE
|
||||
|
||||
else
|
||||
echo " freq: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " domainstats: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " freq: 0" >> $PILLARFILE
|
||||
echo " domainstats: 0" >> $PILLARFILE
|
||||
fi
|
||||
if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
|
||||
echo " lsheap: 1000m" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " lsheap: 1000m" >> $PILLARFILE
|
||||
else
|
||||
echo " lsheap: $LS_HEAP_SIZE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " lsheap: $LS_HEAP_SIZE" >> $PILLARFILE
|
||||
fi
|
||||
echo " lsaccessip: 127.0.0.1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " elastalert: 1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " ls_pipeline_workers: $CPUCORES" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " nids_rules: $RULESETUP" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " oinkcode: $OINKCODE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
#echo " access_key: $ACCESS_KEY" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
#echo " access_secret: $ACCESS_SECRET" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " es_port: $NODE_ES_PORT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " log_size_limit: $LOG_SIZE_LIMIT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " cur_close_days: $CURCLOSEDAYS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
#echo " mysqlpass: $MYSQLPASS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
#echo " fleetpass: $FLEETPASS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " grafana: $GRAFANA" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " osquery: $OSQUERY" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " wazuh: $WAZUH" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " thehive: $THEHIVE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " playbook: $PLAYBOOK" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
|
||||
echo " lsaccessip: 127.0.0.1" >> $PILLARFILE
|
||||
echo " elastalert: 1" >> $PILLARFILE
|
||||
echo " ls_pipeline_workers: $CPUCORES" >> $PILLARFILE
|
||||
echo " nids_rules: $RULESETUP" >> $PILLARFILE
|
||||
echo " oinkcode: $OINKCODE" >> $PILLARFILE
|
||||
#echo " access_key: $ACCESS_KEY" >> $PILLARFILE
|
||||
#echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE
|
||||
echo " es_port: $NODE_ES_PORT" >> $PILLARFILE
|
||||
echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE
|
||||
echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE
|
||||
#echo " mysqlpass: $MYSQLPASS" >> $PILLARFILE
|
||||
#echo " fleetpass: $FLEETPASS" >> $PILLARFILE
|
||||
echo " grafana: $GRAFANA" >> $PILLARFILE
|
||||
echo " osquery: $OSQUERY" >> $PILLARFILE
|
||||
echo " wazuh: $WAZUH" >> $PILLARFILE
|
||||
echo " thehive: $THEHIVE" >> $PILLARFILE
|
||||
echo " playbook: $PLAYBOOK" >> $PILLARFILE
|
||||
echo "" >> $PILLARFILE
|
||||
|
||||
}
|
||||
|
||||
master_static() {
|
||||
@@ -695,53 +701,39 @@ network_setup() {
|
||||
|
||||
node_pillar() {
|
||||
|
||||
NODEPILLARPATH=$TMP/pillar/nodes
|
||||
if [ ! -d $NODEPILLARPATH ]; then
|
||||
mkdir -p $NODEPILLARPATH
|
||||
fi
|
||||
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
|
||||
|
||||
# Create the node pillar
|
||||
touch $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo "node:" > $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " mainip: $MAINIP" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " mainint: $MAININT" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " esheap: $NODE_ES_HEAP_SIZE" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " esclustername: {{ grains.host }}" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " lsheap: $NODE_LS_HEAP_SIZE" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " ls_pipeline_workers: $LSPIPELINEWORKERS" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " ls_input_threads: $LSINPUTTHREADS" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " es_shard_count: $SHARDCOUNT" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " node_type: $NODETYPE" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " es_port: $NODE_ES_PORT" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " log_size_limit: $LOG_SIZE_LIMIT" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo " cur_close_days: $CURCLOSEDAYS" >> $NODEPILLARPATH/$MINION_ID.sls
|
||||
echo "node:" >> $PILLARFILE
|
||||
echo " mainip: $MAINIP" >> $PILLARFILE
|
||||
echo " mainint: $MAININT" >> $PILLARFILE
|
||||
echo " esheap: $NODE_ES_HEAP_SIZE" >> $PILLARFILE
|
||||
echo " esclustername: {{ grains.host }}" >> $PILLARFILE
|
||||
echo " lsheap: $NODE_LS_HEAP_SIZE" >> $PILLARFILE
|
||||
echo " ls_pipeline_workers: $LSPIPELINEWORKERS" >> $PILLARFILE
|
||||
echo " ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $PILLARFILE
|
||||
echo " ls_input_threads: $LSINPUTTHREADS" >> $PILLARFILE
|
||||
echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $PILLARFILE
|
||||
echo " es_shard_count: $SHARDCOUNT" >> $PILLARFILE
|
||||
echo " node_type: $NODETYPE" >> $PILLARFILE
|
||||
echo " es_port: $NODE_ES_PORT" >> $PILLARFILE
|
||||
echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE
|
||||
echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE
|
||||
echo "" >> $PILLARFILE
|
||||
|
||||
}
|
||||
|
||||
patch_pillar() {
|
||||
|
||||
case $INSTALLTYPE in
|
||||
MASTERONLY | EVALMODE | HELIXSENSOR)
|
||||
PATCHPILLARPATH=/opt/so/saltstack/pillar/masters
|
||||
;;
|
||||
SENSORONLY)
|
||||
PATCHPILLARPATH=$SENSORPILLARPATH
|
||||
;;
|
||||
SEARCHNODE | PARSINGNODE | HOTNODE | WARMNODE)
|
||||
PATCHPILLARPATH=$NODEPILLARPATH
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
echo "" >> $PATCHPILLARPATH/$MINION_ID.sls
|
||||
echo "patch:" >> $PATCHPILLARPATH/$MINION_ID.sls
|
||||
echo " os:" >> $PATCHPILLARPATH/$MINION_ID.sls
|
||||
echo " schedule_name: $PATCHSCHEDULENAME" >> $PATCHPILLARPATH/$MINION_ID.sls
|
||||
echo " enabled: True" >> $PATCHPILLARPATH/$MINION_ID.sls
|
||||
echo " splay: 300" >> $PATCHPILLARPATH/$MINION_ID.sls
|
||||
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
|
||||
|
||||
echo "" >> $PILLARFILE
|
||||
echo "patch:" >> $PILLARFILE
|
||||
echo " os:" >> $PILLARFILE
|
||||
echo " schedule_name: $PATCHSCHEDULENAME" >> $PILLARFILE
|
||||
echo " enabled: True" >> $PILLARFILE
|
||||
echo " splay: 300" >> $PILLARFILE
|
||||
echo "" >> $PILLARFILE
|
||||
|
||||
}
|
||||
|
||||
@@ -1105,51 +1097,44 @@ salt_install_mysql_deps() {
|
||||
}
|
||||
|
||||
sensor_pillar() {
|
||||
if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
|
||||
SENSORPILLARPATH=/opt/so/saltstack/pillar/sensors
|
||||
mkdir -p $TMP
|
||||
mkdir -p $SENSORPILLARPATH
|
||||
else
|
||||
SENSORPILLARPATH=$TMP/pillar/sensors
|
||||
fi
|
||||
if [ ! -d $SENSORPILLARPATH ]; then
|
||||
mkdir -p $SENSORPILLARPATH
|
||||
fi
|
||||
|
||||
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
|
||||
|
||||
# Create the sensor pillar
|
||||
touch $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo "sensor:" > $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " interface: bond0" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " mainip: $MAINIP" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " mainint: $MAININT" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
touch $PILLARFILE
|
||||
echo "sensor:" >> $PILLARFILE
|
||||
echo " interface: bond0" >> $PILLARFILE
|
||||
echo " mainip: $MAINIP" >> $PILLARFILE
|
||||
echo " mainint: $MAININT" >> $PILLARFILE
|
||||
if [ $NSMSETUP == 'ADVANCED' ]; then
|
||||
echo " bro_pins:" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " bro_pins:" >> $PILLARFILE
|
||||
for PIN in $BROPINS; do
|
||||
PIN=$(echo $PIN | cut -d\" -f2)
|
||||
echo " - $PIN" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " - $PIN" >> $PILLARFILE
|
||||
done
|
||||
echo " suripins:" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " suripins:" >> $PILLARFILE
|
||||
for SPIN in $SURIPINS; do
|
||||
SPIN=$(echo $SPIN | cut -d\" -f2)
|
||||
echo " - $SPIN" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " - $SPIN" >> $PILLARFILE
|
||||
done
|
||||
elif [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
|
||||
echo " bro_lbprocs: $LBPROCS" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " suriprocs: $LBPROCS" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " bro_lbprocs: $LBPROCS" >> $PILLARFILE
|
||||
echo " suriprocs: $LBPROCS" >> $PILLARFILE
|
||||
else
|
||||
echo " bro_lbprocs: $BASICBRO" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " suriprocs: $BASICSURI" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " bro_lbprocs: $BASICBRO" >> $PILLARFILE
|
||||
echo " suriprocs: $BASICSURI" >> $PILLARFILE
|
||||
fi
|
||||
echo " brobpf:" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " pcapbpf:" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " nidsbpf:" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " master: $MSRV" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " mtu: $MTU" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " brobpf:" >> $PILLARFILE
|
||||
echo " pcapbpf:" >> $PILLARFILE
|
||||
echo " nidsbpf:" >> $PILLARFILE
|
||||
echo " master: $MSRV" >> $PILLARFILE
|
||||
echo " mtu: $MTU" >> $PILLARFILE
|
||||
if [ $HNSENSOR != 'inherit' ]; then
|
||||
echo " hnsensor: $HNSENSOR" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " hnsensor: $HNSENSOR" >> $PILLARFILE
|
||||
fi
|
||||
echo " access_key: $ACCESS_KEY" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " access_secret: $ACCESS_SECRET" >> $SENSORPILLARPATH/$MINION_ID.sls
|
||||
echo " access_key: $ACCESS_KEY" >> $PILLARFILE
|
||||
echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE
|
||||
echo "" >> $PILLARFILE
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -90,7 +90,7 @@ whiptail_cancel() {
|
||||
whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
|
||||
if [ -d "/root/installtmp" ]; then
|
||||
echo "/root/installtmp exists" >> $SETUPLOG 2>&1
|
||||
install_cleanup
|
||||
install_cleanup >> $SETUPLOG 2>&1
|
||||
echo "/root/installtmp removed" >> $SETUPLOG 2>&1
|
||||
fi
|
||||
exit
|
||||
@@ -685,14 +685,14 @@ whiptail_set_hostname() {
|
||||
whiptail_setup_complete() {
|
||||
|
||||
whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75
|
||||
install_cleanup
|
||||
install_cleanup >> $SETUPLOG 2>&1
|
||||
|
||||
}
|
||||
|
||||
whiptail_setup_failed() {
|
||||
|
||||
whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75
|
||||
install_cleanup
|
||||
install_cleanup >> $SETUPLOG 2>&1
|
||||
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user