CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-23 02:38:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Firewall Module - Update Rules and apply them to SN

Browse Source
This commit is contained in:
Mike Reeves
2018-10-10 14:03:39 -04:00
parent a44c3e62d2
commit bf229f65e3
3 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/firewall/init.sls
+46
View File
@@ -114,6 +114,40 @@ enable_maternode_redis_6379_{{ip}}:
- position: 1 - position: 1
- save: True - save: True
enable_masternode_kibana_5601_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 5601
- position: 1
- save: True
enable_masternode_ES_9200_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 9200
- position: 1
- save: True
enable_masternode_ES_9300_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 9300
- position: 1
- save: True
{% endfor %} {% endfor %}
# Make it so all the minions can talk to salt and update etc. # Make it so all the minions can talk to salt and update etc.
@@ -237,6 +271,18 @@ enable_standard_analyst_443_{{ip}}:
- position: 1 - position: 1
- save: True - save: True
#THIS IS TEMPORARY
enable_standard_analyst_5601_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 5601
- position: 1
- save: True
{% endfor %} {% endfor %}
# Rules for storage nodes connecting to master # Rules for storage nodes connecting to master
salt/top.sls
+6
View File
@@ -2,6 +2,7 @@ base:
'G@role:so-sensor': 'G@role:so-sensor':
- ssl - ssl
- common - common
- firewall
- pcap - pcap
- suricata - suricata
- bro - bro
@@ -29,26 +30,31 @@ base:
'G@role:so-node and I@node:node_type:parser': 'G@role:so-node and I@node:node_type:parser':
- match: pillar - match: pillar
- common - common
- firewall
- logstash - logstash
'G@role:so-node and I@node:node_type:hot': 'G@role:so-node and I@node:node_type:hot':
- match: pillar - match: pillar
- common - common
- firewall
- logstash - logstash
- elasticsearch - elasticsearch
'G@role:so-node and I@node:node_type:warm': 'G@role:so-node and I@node:node_type:warm':
- match: pillar - match: pillar
- common - common
- firewall
- elasticsearch - elasticsearch
'G@role:so-node and I@node:node_type:storage': 'G@role:so-node and I@node:node_type:storage':
- match: compound - match: compound
- common - common
- firewall
- logstash - logstash
- elasticsearch - elasticsearch
'G@role:mastersensor': 'G@role:mastersensor':
- common - common
- firewall
- sensor - sensor
- master - master
so-setup-network.sh
+2
View File
@@ -621,6 +621,8 @@ set_initial_firewall_policy() {
get_main_ip get_main_ip
if [ $INSTALLTYPE == 'MASTERONLY' ]; then if [ $INSTALLTYPE == 'MASTERONLY' ]; then
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
fi fi
if [ $INSTALLTYPE == 'SENSORONLY' ]; then if [ $INSTALLTYPE == 'SENSORONLY' ]; then