CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into feature/auth

Browse Source
This commit is contained in:
Jason Ertel
2020-04-09 17:37:09 -04:00
parent bb470be4e6 cf8c33ccea
commit c130c8fbf4
22 changed files with 249 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pillar/firewall/fleet_nodes.sls
View File

@@ -1,3 +0,0 @@
fleet_nodes:
- 127.0.0.1

9
salt/common/nginx/nginx.conf.so-eval
View File

@@ -1,5 +1,7 @@
{%- set masterip = salt['pillar.get']('master:mainip', '') %} {%- set masterip = salt['pillar.get']('master:mainip', '') %}
{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %} {%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
# For more information on configuration, see: # For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/ # * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -217,6 +219,11 @@ http {
} }
{%- if FLEET_NODE %}
location /fleet/ {
return 301 https://{{ FLEET_IP }}/fleet;
}
{%- else %}
location /fleet/ { location /fleet/ {
proxy_pass https://{{ masterip }}:8080; proxy_pass https://{{ masterip }}:8080;
proxy_read_timeout 90; proxy_read_timeout 90;
@@ -225,8 +232,8 @@ http {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy ""; proxy_set_header Proxy "";
} }
{%- endif %}
location /thehive/ { location /thehive/ {
proxy_pass http://{{ masterip }}:9000/thehive/; proxy_pass http://{{ masterip }}:9000/thehive/;

9
salt/common/nginx/nginx.conf.so-master
View File

@@ -1,5 +1,7 @@
{%- set masterip = salt['pillar.get']('master:mainip', '') %} {%- set masterip = salt['pillar.get']('master:mainip', '') %}
{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %} {%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
# For more information on configuration, see: # For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/ # * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -217,6 +219,11 @@ http {
} }
{%- if FLEET_NODE %}
location /fleet/ {
return 301 https://{{ FLEET_IP }}/fleet;
}
{%- else %}
location /fleet/ { location /fleet/ {
proxy_pass https://{{ masterip }}:8080; proxy_pass https://{{ masterip }}:8080;
proxy_read_timeout 90; proxy_read_timeout 90;
@@ -225,8 +232,8 @@ http {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy ""; proxy_set_header Proxy "";
} }
{%- endif %}
location /thehive/ { location /thehive/ {
proxy_pass http://{{ masterip }}:9000/thehive/; proxy_pass http://{{ masterip }}:9000/thehive/;

9
salt/common/nginx/nginx.conf.so-mastersearch
View File

@@ -1,5 +1,7 @@
{%- set masterip = salt['pillar.get']('master:mainip', '') %} {%- set masterip = salt['pillar.get']('master:mainip', '') %}
{%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %} {%- set FLEET_MASTER = salt['pillar.get']('static:fleet_master') %}
{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
{%- set FLEET_IP = salt['pillar.get']('static:fleet_ip', None) %}
# For more information on configuration, see: # For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/ # * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
@@ -217,6 +219,11 @@ http {
} }
{%- if FLEET_NODE %}
location /fleet/ {
return 301 https://{{ FLEET_IP }}/fleet;
}
{%- else %}
location /fleet/ { location /fleet/ {
proxy_pass https://{{ masterip }}:8080; proxy_pass https://{{ masterip }}:8080;
proxy_read_timeout 90; proxy_read_timeout 90;
@@ -225,8 +232,8 @@ http {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy ""; proxy_set_header Proxy "";
} }
{%- endif %}
location /thehive/ { location /thehive/ {
proxy_pass http://{{ masterip }}:9000/thehive/; proxy_pass http://{{ masterip }}:9000/thehive/;

2
salt/common/tools/sbin/so-status
View File

@@ -107,7 +107,7 @@ populate_container_lists() {
systemctl is-active --quiet docker systemctl is-active --quiet docker
if [[ $? = 0 ]]; then if [[ $? = 0 ]]; then
mapfile -t docker_raw_list < <(curl -s --unix-socket /var/run/docker.sock http:/v2/containers/json?all=1 \ mapfile -t docker_raw_list < <(curl -s --unix-socket /var/run/docker.sock http:/v1.40/containers/json?all=1 \
| jq -c '.[] | { Name: .Names[0], State: .State }' \ | jq -c '.[] | { Name: .Names[0], State: .State }' \
| tr -d '/{"}') | tr -d '/{"}')
else else

1
salt/elasticsearch/files/ingest/ossec.alert
View File

@@ -33,6 +33,7 @@
{ "rename": { "field": "data.win.eventdata.user", "target_field": "user.name", "ignore_missing": true } }, { "rename": { "field": "data.win.eventdata.user", "target_field": "user.name", "ignore_missing": true } },
{ "rename": { "field": "data.win.system.eventID", "target_field": "event.code", "ignore_missing": true } }, { "rename": { "field": "data.win.system.eventID", "target_field": "event.code", "ignore_missing": true } },
{ "rename": { "field": "predecoder.program_name", "target_field": "process.name", "ignore_missing": true } }, { "rename": { "field": "predecoder.program_name", "target_field": "process.name", "ignore_missing": true } },
{ "rename": { "field": "rule.description", "target_field": "rule.name", "ignore_missing": true } },
{ "set": { "if": "ctx.rule.level == 1", "field": "rule.category", "value": "None" } }, { "set": { "if": "ctx.rule.level == 1", "field": "rule.category", "value": "None" } },
{ "set": { "if": "ctx.rule.level == 2", "field": "rule.category", "value": "System low priority notification" } }, { "set": { "if": "ctx.rule.level == 2", "field": "rule.category", "value": "System low priority notification" } },
{ "set": { "if": "ctx.rule.level == 3", "field": "rule.category", "value": "Successful/authorized event" } }, { "set": { "if": "ctx.rule.level == 3", "field": "rule.category", "value": "Successful/authorized event" } },

2
salt/elasticsearch/files/ingest/strelka.file
View File

@@ -5,7 +5,7 @@
{ "rename": { "field": "message2.file", "target_field": "file", "ignore_missing": true } }, { "rename": { "field": "message2.file", "target_field": "file", "ignore_missing": true } },
{ "rename": { "field": "message2.scan", "target_field": "scan", "ignore_missing": true } }, { "rename": { "field": "message2.scan", "target_field": "scan", "ignore_missing": true } },
{ "rename": { "field": "message2.request", "target_field": "request", "ignore_missing": true } }, { "rename": { "field": "message2.request", "target_field": "request", "ignore_missing": true } },
{ "rename": { "field": "scan.hash", "target_field": "file.hash", "ignore_missing": true } }, { "rename": { "field": "scan.hash", "target_field": "hash", "ignore_missing": true } },
{ "remove": { "field": ["host", "path"], "ignore_missing": true } }, { "remove": { "field": ["host", "path"], "ignore_missing": true } },
{ "pipeline": { "name": "common" } } { "pipeline": { "name": "common" } }
] ]

6
salt/elasticsearch/files/ingest/zeek.dnp3
View File

@@ -3,9 +3,9 @@
"processors" : [ "processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.fc_request", "target_field": "fc_request", "ignore_missing": true } }, { "rename": { "field": "message2.fc_request", "target_field": "dnp3.fc_request", "ignore_missing": true } },
{ "rename": { "field": "message2.fc_reply", "target_field": "fc_reply", "ignore_missing": true } }, { "rename": { "field": "message2.fc_reply", "target_field": "dnp3.fc_reply", "ignore_missing": true } },
{ "rename": { "field": "message2.iin", "target_field": "iin", "ignore_missing": true } }, { "rename": { "field": "message2.iin", "target_field": "dnp3.iin", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } } { "pipeline": { "name": "zeek.common" } }
] ]
} }

4
salt/elasticsearch/files/ingest/zeek.files
View File

@@ -4,8 +4,8 @@
{ "remove": { "field": ["host"], "ignore_failure": true } }, { "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } }, { "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.fuid", "target_field": "log.id.fuid", "ignore_missing": true } }, { "rename": { "field": "message2.fuid", "target_field": "log.id.fuid", "ignore_missing": true } },
{ "rename": { "field": "message2.rx_hosts", "target_field": "file.receive_ip", "ignore_missing": true } }, { "rename": { "field": "message2.rx_hosts", "target_field": "destination.ip", "ignore_missing": true } },
{ "rename": { "field": "message2.tx_hosts", "target_field": "file.transmit_ip", "ignore_missing": true } }, { "rename": { "field": "message2.tx_hosts", "target_field": "source.ip", "ignore_missing": true } },
{ "set": { "field": "server.ip", "value": "{{source.ip}}", "ignore_failure": true } }, { "set": { "field": "server.ip", "value": "{{source.ip}}", "ignore_failure": true } },
{ "set": { "field": "client.ip", "value": "{{destination.ip}}", "ignore_failure": true } }, { "set": { "field": "client.ip", "value": "{{destination.ip}}", "ignore_failure": true } },
{ "rename": { "field": "message2.conn_uids", "target_field": "log.id.uids", "ignore_missing": true } }, { "rename": { "field": "message2.conn_uids", "target_field": "log.id.uids", "ignore_missing": true } },

28
salt/elasticsearch/files/ingest/zeek.notice
View File

@@ -7,20 +7,20 @@
{ "rename": { "field": "message2.mime", "target_field": "file.mimetype", "ignore_missing": true } }, { "rename": { "field": "message2.mime", "target_field": "file.mimetype", "ignore_missing": true } },
{ "rename": { "field": "message2.desc", "target_field": "file.description", "ignore_missing": true } }, { "rename": { "field": "message2.desc", "target_field": "file.description", "ignore_missing": true } },
{ "rename": { "field": "message2.proto", "target_field": "network.protocol", "ignore_missing": true } }, { "rename": { "field": "message2.proto", "target_field": "network.protocol", "ignore_missing": true } },
{ "rename": { "field": "message2.note", "target_field": "note", "ignore_missing": true } }, { "rename": { "field": "message2.note", "target_field": "notice.note", "ignore_missing": true } },
{ "rename": { "field": "message2.msg", "target_field": "msg", "ignore_missing": true } }, { "rename": { "field": "message2.msg", "target_field": "notice.message", "ignore_missing": true } },
{ "rename": { "field": "message2.sub", "target_field": "sub_msg", "ignore_missing": true } }, { "rename": { "field": "message2.sub", "target_field": "notice.sub_message", "ignore_missing": true } },
{ "rename": { "field": "message2.p", "target_field": "p", "ignore_missing": true } }, { "rename": { "field": "message2.p", "target_field": "notice.p", "ignore_missing": true } },
{ "rename": { "field": "message2.n", "target_field": "n", "ignore_missing": true } }, { "rename": { "field": "message2.n", "target_field": "notice.n", "ignore_missing": true } },
{ "rename": { "field": "message2.peer_descr", "target_field": "peer_description", "ignore_missing": true } }, { "rename": { "field": "message2.peer_descr", "target_field": "notice.peer_description", "ignore_missing": true } },
{ "rename": { "field": "message2.actions", "target_field": "action", "ignore_missing": true } }, { "rename": { "field": "message2.actions", "target_field": "notice.action", "ignore_missing": true } },
{ "rename": { "field": "message2.suppress_for", "target_field": "suppress_for", "ignore_missing": true } }, { "rename": { "field": "message2.suppress_for", "target_field": "notice.suppress_for", "ignore_missing": true } },
{ "rename": { "field": "message2.dropped", "target_field": "dropped", "ignore_missing": true } }, { "rename": { "field": "message2.dropped", "target_field": "notice.dropped", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_country_code", "target_field": "destination_country_code", "ignore_missing": true } }, { "rename": { "field": "message2.destination_country_code", "target_field": "geo.destination_country_code", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_region", "target_field": "destination_region", "ignore_missing": true } }, { "rename": { "field": "message2.destination_region", "target_field": "geo.destination_region", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_city", "target_field": "destination_city", "ignore_missing": true } }, { "rename": { "field": "message2.destination_city", "target_field": "geo.destination_city", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_latitude", "target_field": "destination_latitude", "ignore_missing": true } }, { "rename": { "field": "message2.destination_latitude", "target_field": "geo.destination_latitude", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_longitude", "target_field": "destination_longitude", "ignore_missing": true } }, { "rename": { "field": "message2.destination_longitude", "target_field": "geo.destination_longitude", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } } { "pipeline": { "name": "zeek.common" } }
] ]
} }

2
salt/elasticsearch/files/ingest/zeek.rfb
View File

@@ -8,7 +8,7 @@
{ "rename": { "field": "message2.server_major_version", "target_field": "rfb.server_major_version", "ignore_missing": true } }, { "rename": { "field": "message2.server_major_version", "target_field": "rfb.server_major_version", "ignore_missing": true } },
{ "rename": { "field": "message2.server_minor_version", "target_field": "rfb.server_minor_version", "ignore_missing": true } }, { "rename": { "field": "message2.server_minor_version", "target_field": "rfb.server_minor_version", "ignore_missing": true } },
{ "rename": { "field": "message2.authentication_method", "target_field": "rfb.authentication.method","ignore_missing": true } }, { "rename": { "field": "message2.authentication_method", "target_field": "rfb.authentication.method","ignore_missing": true } },
{ "rename": { "field": "message2.auth", "target_field": "rfb.authenticaiton.success", "ignore_missing": true } }, { "rename": { "field": "message2.auth", "target_field": "rfb.authentication.success", "ignore_missing": true } },
{ "rename": { "field": "message2.share_flag", "target_field": "rfb.share_flag", "ignore_missing": true } }, { "rename": { "field": "message2.share_flag", "target_field": "rfb.share_flag", "ignore_missing": true } },
{ "rename": { "field": "message2.desktop_name", "target_field": "rfb.desktop.name", "ignore_missing": true } }, { "rename": { "field": "message2.desktop_name", "target_field": "rfb.desktop.name", "ignore_missing": true } },
{ "rename": { "field": "message2.width", "target_field": "rfb.desktop.width", "ignore_missing": true } }, { "rename": { "field": "message2.width", "target_field": "rfb.desktop.width", "ignore_missing": true } },

4
salt/filebeat/etc/filebeat.yml
View File

@@ -7,8 +7,8 @@
{%- set HOSTNAME = salt['grains.get']('host', '') %} {%- set HOSTNAME = salt['grains.get']('host', '') %}
{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %} {%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
{%- set WAZUHENABLED = salt['pillar.get']('static:wazuh_enabled', '1') %} {%- set WAZUHENABLED = salt['pillar.get']('master:wazuh_enabled', '0') %}
{%- set STRELKAENABLED = salt['pillar.get']('static:strelka_enabled', '1') %} {%- set STRELKAENABLED = salt['pillar.get']('master:strelka_enabled', '0') %}
{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%} {%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%} {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}

18
salt/firewall/init.sls
View File

@@ -8,6 +8,8 @@
{%- elif grains['role'] == 'so-fleet' %} {%- elif grains['role'] == 'so-fleet' %}
{%- set ip = salt['pillar.get']('node:mainip', '') %} {%- set ip = salt['pillar.get']('node:mainip', '') %}
{%- endif %} {%- endif %}
{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
{%- set FLEET_NODE_IP = salt['pillar.get']('static:fleet_ip') %}
# Quick Fix for Docker being difficult # Quick Fix for Docker being difficult
iptables_fix_docker: iptables_fix_docker:
@@ -424,6 +426,22 @@ enable_forwardnode_sensoroni_9822_{{ip}}:
{% endfor %} {% endfor %}
# Allow Fleet Node to send its beats traffic
{% if FLEET_NODE %}
enable_fleetnode_beats_5644_{{FLEET_NODE_IP}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ FLEET_NODE_IP }}
- dport: 5644
- position: 1
- save: True
{% endif %}
{% for ip in pillar.get('search_nodes') %} {% for ip in pillar.get('search_nodes') %}
enable_searchnode_redis_6379_{{ip}}: enable_searchnode_redis_6379_{{ip}}:

2
salt/fleet/event_gen-packages.sls
View File

@@ -1,4 +1,4 @@
{% set ENROLLSECRET = salt['pillar.get']('auth:fleet_enroll-secret') %} {% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
so/fleet: so/fleet:
event.send: event.send:

31
salt/fleet/files/dedicated-index.html
View File

@@ -86,40 +86,9 @@ a {
<p> <p>
<div style="text-align: center;"> <div style="text-align: center;">
<h1>Security Onion - Dedicated Fleet Node</h1> <h1>Security Onion - Dedicated Fleet Node</h1>
<h2>Osquery Packages</h2>
</div> </div>
<br/> <br/>
<h2>Notes</h2>
<ul>
<li>These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from <a href="https://osquery.io/downloads">osquery.io</a></li>
<li>Packages are not signed.</li>
</ul>
<br/> <br/>
<h2>Downloads</h2>
<div>
Generated: {{ PACKAGESTS }}
<br/>
<br/>
Packages:
<ul>
<li><a href="/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
<li><a href="/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
<li><a href="/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
<li><a href="/launcher.pkg" download="pkg-launcher.pkg">PKG (MacOS)</a></li>
</ul>
<br/>
<br/>
Config Files:
<ul>
<li><a href="/launcher.flags" download="launcher.flags.txt">RPM & DEB Flag File</a></li>
<li><a href="/launcher-msi.flags" download="launcher-msi.flags.txt">MSI Flag File</a></li>
</ul>
</div>
<br/>
<h2>Known Issues</h2>
<ul>
<li>None</li>
</ul>
</p> </p>
</div> </div>
</div> </div>

4
salt/kibana/bin/so-kibana-config-load
View File

@@ -31,8 +31,8 @@ curl -X PUT "localhost:5601/api/saved_objects/config/$KIBANA_VERSION" -H 'kbn-xs
}' }'
# Sub our IP for placholders # Sub our IP for placholders
for i in FLEETPLACEHOLDER PCAPPLACEHOLDER SOCTOPUSPLACEHOLDER; do for i in PLACEHOLDER FLEETPLACEHOLDER PCAPPLACEHOLDER SOCTOPUSPLACEHOLDER; do
sed -i "s/$i/{{ MASTER }}/" /opt/so/saltstack/salt/kibana/saved_objects.ndjson sed -i "s/$i/{{ MASTER }}/g" /opt/so/saltstack/salt/kibana/saved_objects.ndjson
done done
# Load saved objects # Load saved objects

207
salt/kibana/saved_objects.ndjson
View File

File diff suppressed because one or more lines are too long

16
salt/logstash/pipelines/templates/so/so-common-template.json
View File

@@ -184,6 +184,10 @@
"type":"object", "type":"object",
"dynamic": true "dynamic": true
}, },
"irc":{
"type":"object",
"dynamic": true
},
"kerberos":{ "kerberos":{
"type":"object", "type":"object",
"dynamic": true "dynamic": true
@@ -208,10 +212,18 @@
"type":"object", "type":"object",
"dynamic": true "dynamic": true
}, },
"mysql":{
"type":"object",
"dynamic": true
},
"network":{ "network":{
"type":"object", "type":"object",
"dynamic": true "dynamic": true
}, },
"notice":{
"type":"object",
"dynamic": true
},
"ntlm":{ "ntlm":{
"type":"object", "type":"object",
"dynamic": true "dynamic": true
@@ -316,6 +328,10 @@
"type":"object", "type":"object",
"dynamic": true "dynamic": true
}, },
"syslog":{
"type":"object",
"dynamic": true
},
"tags":{ "tags":{
"type":"text", "type":"text",
"fields":{ "fields":{

8
salt/reactor/fleet.sls
View File

@@ -15,9 +15,9 @@ def run():
MAINIP = data['data']['mainip'] MAINIP = data['data']['mainip']
STATICFILE = '/opt/so/saltstack/pillar/static.sls' STATICFILE = '/opt/so/saltstack/pillar/static.sls'
AUTHFILE = '/opt/so/saltstack/pillar/auth.sls' SECRETSFILE = '/opt/so/saltstack/pillar/secrets.sls'
if MINIONID.split('_')[-1] in ['master','eval','fleet']: if MINIONID.split('_')[-1] in ['master','eval','fleet','mastersearch']:
if ACTION == 'enablefleet': if ACTION == 'enablefleet':
logging.info('so/fleet enablefleet reactor') logging.info('so/fleet enablefleet reactor')
@@ -29,8 +29,8 @@ def run():
line = re.sub(r'fleet_master: \S*', f"fleet_master: True", line.rstrip()) line = re.sub(r'fleet_master: \S*', f"fleet_master: True", line.rstrip())
print(line) print(line)
# Update the enroll secret in the auth pillar # Update the enroll secret in the secrets pillar
for line in fileinput.input(AUTHFILE, inplace=True): for line in fileinput.input(SECRETSFILE, inplace=True):
line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip()) line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
print(line) print(line)

2
salt/soctopus/files/SOCtopus.conf
View File

@@ -3,7 +3,7 @@
{%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %} {%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %}
[es] [es]
es_url = https://{{ip}}:9200 es_url = http://{{ip}}:9200
es_user = YOURESUSER es_user = YOURESUSER
es_pass = YOURESPASS es_pass = YOURESPASS
es_index_pattern = so-* es_index_pattern = so-*

2
salt/ssl/init.sls
View File

@@ -142,7 +142,7 @@ fbcrtlink:
backup: True backup: True
{% endif %} {% endif %}
{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-master' or grains['role'] == 'so-node' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' or grains['role'] == 'so-heavynode' %} {% if grains['role'] == 'so-sensor' or grains['role'] == 'so-master' or grains['role'] == 'so-node' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' or grains['role'] == 'so-heavynode' or grains['role'] == 'so-fleet' %}
fbcertdir: fbcertdir:
file.directory: file.directory:

2
salt/top.sls
View File

@@ -6,7 +6,7 @@
{%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%} {%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%}
{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%} {%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%} {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
{%- set STRELKA = salt['pillar.get']('master:strelka', '1') -%} {%- set STRELKA = salt['pillar.get']('master:strelka', '0') -%}
base: base: