Merge pull request #10829 from Security-Onion-Solutions/2.4/heavynoderedux

Heavy Node fixes

salt/elasticagent/enabled.sls

@@ -33,19 +33,22 @@ so-elastic-agent:
         {% endif %}
     - binds:
       - /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro
+      - /etc/pki/tls/certs/intca.crt:/etc/pki/tls/certs/intca.crt:ro 
       - /nsm:/nsm:ro
      {% if DOCKER.containers['so-elastic-agent'].custom_bind_mounts %}
         {% for BIND in DOCKER.containers['so-elastic-agent'].custom_bind_mounts %}
       - {{ BIND }}
         {% endfor %}
       {% endif %}      
-      {% if DOCKER.containers['so-elastic-agent'].extra_env %}
     - environment:
+      - FLEET_CA=/etc/pki/tls/certs/intca.crt
+      {% if DOCKER.containers['so-elastic-agent'].extra_env %}
         {% for XTRAENV in DOCKER.containers['so-elastic-agent'].extra_env %}
       - {{ XTRAENV }}
         {% endfor %}
       {% endif %}
-
+    - watch:
+      - file: create-elastic-agent-config
 
 delete_so-elastic-agent_so-status.disabled:
   file.uncomment:

salt/elasticagent/files/elastic-agent.yml.jinja

@@ -11,7 +11,7 @@ outputs:
       - 'https://{{ GLOBALS.hostname }}:9200'
     username: '{{ ES_USER }}'
     password: '{{ ES_PASS }}'
-    ssl.verification_mode: none
+    ssl.verification_mode: full
 output_permissions: {}
 agent:
   download:

salt/firewall/defaults.yaml

@@ -999,6 +999,14 @@ firewall:
               portgroups:
                 - elasticsearch_node
                 - elasticsearch_rest
+            managersearch:
+              portgroups:
+                - elasticsearch_node
+                - elasticsearch_rest
+            standalone:
+              portgroups:
+                - elasticsearch_node
+                - elasticsearch_rest
             dockernet:
               portgroups:
                 - elasticsearch_node