Merge pull request #10604 from Security-Onion-Solutions/2.4/receiver

2.4/receiver

salt/firewall/defaults.yaml

@@ -417,6 +417,14 @@ firewall:
                 - elastic_agent_control
                 - elastic_agent_data
                 - elastic_agent_update
+            receiver:
+              portgroups:
+                - yum
+                - docker_registry
+                - influxdb
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
             self:
               portgroups:
                 - syslog
@@ -486,6 +494,9 @@ firewall:
             heavynode:
               portgroups:
                 - salt_manager
+            receiver:
+              portgroups:
+                - salt_manager
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -569,6 +580,14 @@ firewall:
                 - elastic_agent_control
                 - elastic_agent_data
                 - elastic_agent_update
+            receiver:
+              portgroups:
+                - yum
+                - docker_registry
+                - influxdb
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
             self:
               portgroups:
                 - syslog
@@ -638,6 +657,9 @@ firewall:
             heavynode:
               portgroups:
                 - salt_manager
+            receiver:
+              portgroups:
+                - salt_manager
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -731,6 +753,14 @@ firewall:
                 - redis
                 - elasticsearch_rest
                 - elasticsearch_node
+            receiver:
+              portgroups:
+                - yum
+                - docker_registry
+                - influxdb
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
             self:
               portgroups:
                 - syslog
@@ -806,6 +836,9 @@ firewall:
             heavynode:
               portgroups:
                 - salt_manager
+            receiver:
+              portgroups:
+                - salt_manager
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -1128,7 +1161,9 @@ firewall:
           hostgroups:
             sensor:
               portgroups:
+                - beats_5044
                 - beats_5644
+                - elastic_agent_data
             searchnode:
               portgroups:
                 - redis

salt/logstash/enabled.sls

@@ -58,7 +58,7 @@ so-logstash:
       - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro
       - /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro
       {% endif %}
-      {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-eval','so-fleet', 'so-heavynode'] %}
+      {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-eval','so-fleet', 'so-heavynode', 'so-receiver'] %}
       - /opt/so/conf/elastic-fleet/certs/elasticfleet-logstash.crt:/usr/share/logstash/elasticfleet-logstash.crt:ro
       - /opt/so/conf/elastic-fleet/certs/elasticfleet-logstash.p8:/usr/share/logstash/elasticfleet-logstash.key:ro
       {% endif %}

salt/motd/files/so_motd.jinja

@@ -3,7 +3,6 @@
 
 {% if GLOBALS.role in ['so-eval', 'so-managersearch', 'so-manager', 'so-standalone'] %}
 Access the Security Onion web interface at https://{{ GLOBALS.url_base }}
-(You may need to run so-allow first if you haven't yet)
 {% endif %}
 
 {%- if needs_restarting_check %}

salt/ssl/init.sls

@@ -140,7 +140,7 @@ rediskeyperms:
     - group: 939
 {% endif %}
 
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %}
 # Create cert for Elastic Fleet Host
 
 etc_elasticfleet_key:

salt/vars/receiver.map.jinja

@@ -0,0 +1 @@
+{% set ROLE_GLOBALS = {} %}