CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-10 11:12:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/TOoSmOotH/securityonion-saltstack

Browse Source
This commit is contained in:
Mike Reeves
2019-11-20 10:36:44 -05:00
parent 21a29d7274 5140a17fe3
commit c0aa48ad89
9 changed files with 40 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/_modules/needs_restarting.py
View File

@@ -4,20 +4,19 @@ import subprocess
def check(): def check():
os = __grains__['os'] os = __grains__['os']
retval = 'False'
if os == 'Ubuntu': if os == 'Ubuntu':
if path.exists('/var/run/reboot-required'): if path.exists('/var/run/reboot-required'):
retval = 'True' retval = 'True'
else:
retval = 'False'
elif os == 'CentOS': elif os == 'CentOS':
cmd = 'needs-restarting -r > /dev/null 2>&1' cmd = 'needs-restarting -r > /dev/null 2>&1'
try: try:
needs_restarting = subprocess.check_call(cmd.split(), shell=True) needs_restarting = subprocess.check_call(cmd, shell=True)
except subprocess.CalledProcessError: except subprocess.CalledProcessError:
retval = 'True' retval = 'True'
retval = 'False'
else: else:
retval = 'Unsupported OS: %s' % os retval = 'Unsupported OS: %s' % os

2
salt/hive/thehive/etc/application.conf
View File

@@ -1,5 +1,5 @@
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %} {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
{%- set CORTEXKEY = salt['pillar.get']('static:cortexkey', '') %} {%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
# Secret Key # Secret Key
# The secret key is used to secure cryptographic functions. # The secret key is used to secure cryptographic functions.

26
salt/hive/thehive/scripts/cortex_init.sh
View File

@@ -3,6 +3,9 @@
{%- set CORTEXUSER = salt['pillar.get']('static:cortexuser', '') %} {%- set CORTEXUSER = salt['pillar.get']('static:cortexuser', '') %}
{%- set CORTEXPASSWORD = salt['pillar.get']('static:cortexpassword', '') %} {%- set CORTEXPASSWORD = salt['pillar.get']('static:cortexpassword', '') %}
{%- set CORTEXKEY = salt['pillar.get']('static:cortexkey', '') %} {%- set CORTEXKEY = salt['pillar.get']('static:cortexkey', '') %}
{%- set CORTEXORGNAME = salt['pillar.get']('static:cortexorgname', '') %}
{%- set CORTEXORGUSER = salt['pillar.get']('static:cortexorguser', '') %}
{%- set CORTEXORGUSERKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
cortex_init(){ cortex_init(){
sleep 60 sleep 60
@@ -10,17 +13,34 @@ cortex_init(){
CORTEX_USER="{{CORTEXUSER}}" CORTEX_USER="{{CORTEXUSER}}"
CORTEX_PASSWORD="{{CORTEXPASSWORD}}" CORTEX_PASSWORD="{{CORTEXPASSWORD}}"
CORTEX_KEY="{{CORTEXKEY}}" CORTEX_KEY="{{CORTEXKEY}}"
CORTEX_ORG_NAME="{{CORTEXORGNAME}}"
CORTEX_ORG_DESC="{{CORTEXORGNAME}} organization created by Security Onion setup"
CORTEX_ORG_USER="{{CORTEXORGUSER}}"
CORTEX_ORG_USER_KEY="{{CORTEXORGUSERKEY}}"
SOCTOPUS_CONFIG="/opt/so/saltstack/salt/soctopus/files/SOCtopus.conf" SOCTOPUS_CONFIG="/opt/so/saltstack/salt/soctopus/files/SOCtopus.conf"
# Migrate DB # Migrate DB
curl -v -k -XPOST "https://$CORTEX_IP:/cortex/api/maintenance/migrate" curl -v -k -XPOST "https://$CORTEX_IP:/cortex/api/maintenance/migrate"
# Create intial Cortex user # Create intial Cortex superadmin
curl -v -k "https://$CORTEX_IP/cortex/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$CORTEX_USER\",\"name\" : \"$CORTEX_USER\",\"roles\" : [\"superadmin\"],\"preferences\" : \"{}\",\"password\" : \"$CORTEX_PASSWORD\", \"key\": \"$CORTEX_KEY\"}" curl -v -k "https://$CORTEX_IP/cortex/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$CORTEX_USER\",\"name\" : \"$CORTEX_USER\",\"roles\" : [\"superadmin\"],\"preferences\" : \"{}\",\"password\" : \"$CORTEX_PASSWORD\", \"key\": \"$CORTEX_KEY\"}"
# Enable URLScan.io Analyzer # Create user-supplied org
curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/organization/analyzer/Urlscan_io_Search_0_1_0" -d '{"name":"Urlscan_io_Search_0_1_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2}}' curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/organization" -d "{ \"name\": \"$CORTEX_ORG_NAME\",\"description\": \"$CORTEX_ORG_DESC\",\"status\": \"Active\"}"
# Create user-supplied org user
curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_ORG_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_ORG_USER\",\"key\": \"$CORTEX_ORG_USER_KEY\" }"
# Enable URLScan.io Analyzer
curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/organization/analyzer/Urlscan_io_Search_0_1_0" -d '{"name":"Urlscan_io_Search_0_1_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2}}'
# Enable Cert PassiveDNS Analyzer
curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/organization/analyzer/CERTatPassiveDNS_2_0" -d '{"name":"CERTatPassiveDNS_2_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2, "limit": 100}}'
# Revoke $CORTEX_USER key
curl -k -XDELETE -H "Authorization: Bearer $CORTEX_KEY" "https:///$CORTEX_IP/api/user/$CORTEX_USER/key"
# Update SOCtopus config with apikey value # Update SOCtopus config with apikey value
#sed -i "s/cortex_key = .*/cortex_key = $CORTEX_KEY/" $SOCTOPUS_CONFIG #sed -i "s/cortex_key = .*/cortex_key = $CORTEX_KEY/" $SOCTOPUS_CONFIG

17
salt/logstash/files/dynamic/0006_input_beats.conf
View File

@@ -9,23 +9,6 @@ input {
} }
} }
filter { filter {
if [type] == "ids" or [type] =~ "bro" {
mutate {
rename => { "host" => "beat_host" }
remove_tag => ["beat"]
add_field => { "sensor_name" => "%{[beat][name]}" }
add_field => { "syslog-host_from" => "%{[beat][name]}" }
remove_field => [ "beat", "prospector", "input", "offset" ]
}
}
if [type] =~ "ossec" {
mutate {
rename => { "host" => "beat_host" }
remove_tag => ["beat"]
add_field => { "syslog-host_from" => "%{[beat][name]}" }
remove_field => [ "beat", "prospector", "input", "offset" ]
}
}
if [type] == "osquery" { if [type] == "osquery" {
mutate { mutate {
rename => { "host" => "beat_host" } rename => { "host" => "beat_host" }

2
salt/motd/init.sls
View File

@@ -1,5 +1,5 @@
package_update_reboot_required_motd: package_update_reboot_required_motd:
file.append: file.managed:
- name: /etc/motd - name: /etc/motd
- source: salt://motd/files/package_update_reboot_required.jinja - source: salt://motd/files/package_update_reboot_required.jinja
- template: jinja - template: jinja

5
salt/patch/needs_restarting.sls Normal file
View File

@@ -0,0 +1,5 @@
needs_restarting:
module.run:
- mine.send:
- func: needs_restarting.check
- order: last

8
salt/patch/os/init.sls
View File

@@ -1,5 +1,6 @@
{% if grains.os == "CentOS" %}
include: include:
- patch.needs_restarting
{% if grains.os == "CentOS" %}
- yum.packages - yum.packages
{% endif %} {% endif %}
@@ -7,8 +8,3 @@ patch_os:
pkg.uptodate: pkg.uptodate:
- name: patch_os - name: patch_os
- refresh: True - refresh: True
needs_restarting:
module.run:
- mine.send:
- func: needs_restarting.check

1
salt/top.sls
View File

@@ -7,6 +7,7 @@
base: base:
'*': '*':
- patch.os.schedule - patch.os.schedule
- patch.needs_restarting
- motd - motd
'G@role:so-sensor': 'G@role:so-sensor':

4
so-setup-network.sh
View File

@@ -415,6 +415,7 @@ generate_passwords(){
FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
HIVEKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) HIVEKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
CORTEXKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) CORTEXKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
CORTEXORGUSERKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
SENSORONIKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) SENSORONIKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
} }
@@ -582,6 +583,9 @@ master_static() {
echo " cortexuser: cortexadmin" >> /opt/so/saltstack/pillar/static.sls echo " cortexuser: cortexadmin" >> /opt/so/saltstack/pillar/static.sls
echo " cortexpassword: cortexchangeme" >> /opt/so/saltstack/pillar/static.sls echo " cortexpassword: cortexchangeme" >> /opt/so/saltstack/pillar/static.sls
echo " cortexkey: $CORTEXKEY" >> /opt/so/saltstack/pillar/static.sls echo " cortexkey: $CORTEXKEY" >> /opt/so/saltstack/pillar/static.sls
echo " cortexorgname: SecurityOnion" >> /opt/so/saltstack/pillar/static.sls
echo " cortexorguser: soadmin" >> /opt/so/saltstack/pillar/static.sls
echo " cortexorguserkey: $CORTEXORGUSERKEY" >> /opt/so/saltstack/pillar/static.sls
echo " fleetsetup: 0" >> /opt/so/saltstack/pillar/static.sls echo " fleetsetup: 0" >> /opt/so/saltstack/pillar/static.sls
echo " sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls echo " sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls
if [[ $MASTERUPDATES == 'MASTER' ]]; then if [[ $MASTERUPDATES == 'MASTER' ]]; then