CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

more changes for healthcheck - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/90

Browse Source
This commit is contained in:
m0duspwnens
2020-03-26 15:45:19 -04:00
parent 22127a3d58
commit c14f32fcc9
4 changed files with 40 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pillar/top.sls
View File

@@ -13,6 +13,7 @@ base:
- static - static
- firewall.* - firewall.*
- brologs - brologs
- healthcheck.sensor
- minions.{{ grains.id }} - minions.{{ grains.id }}
'*_master or *_mastersearch': '*_master or *_mastersearch':

36
salt/_modules/healthcheck.py
View File

@@ -7,14 +7,20 @@ allowed_functions = ['zeek']
states_to_apply = [] states_to_apply = []
def apply_states(): def apply_states(states=''):
if states_to_apply: calling_func = sys._getframe().f_back.f_code.co_name
logging.debug('healthcheck module: apply_states function caller: %s' % calling_func)
if not states:
states = ','.join(states_to_apply) states = ','.join(states_to_apply)
if states:
logging.info('healthcheck module: apply_states states: %s' % str(states))
__salt__['state.apply'](states) __salt__['state.apply'](states)
def docker_restart(container, state): def docker_restart(container):
try: try:
stopdocker = __salt__['docker.rm'](container, 'stop=True') stopdocker = __salt__['docker.rm'](container, 'stop=True')
@@ -22,27 +28,40 @@ def docker_restart(container, state):
logging.error('healthcheck module: %s' % e) logging.error('healthcheck module: %s' % e)
def run(checks): def run(checks=''):
retval = []
calling_func = sys._getframe().f_back.f_code.co_name
logging.debug('healthcheck module: run function caller: %s' % calling_func)
if checks: if checks:
checks = checks.split(',') checks = checks.split(',')
else: else:
checks = __salt__['pillar.get']('healthcheck:checks', {}) checks = __salt__['pillar.get']('healthcheck:checks', {})
logging.debug('healthcheck module: run checks to be run: %s' % str(checks))
for check in checks: for check in checks:
if check in allowed_functions: if check in allowed_functions:
retval.append(check)
check = getattr(sys.modules[__name__], check) check = getattr(sys.modules[__name__], check)
check() check()
else: else:
logging.warning('healthcheck module: attempted to run function %s' % check) logging.warning('healthcheck module: attempted to run function %s' % check)
# If you want to apply states at the end of the run,
# be sure to append the state name to states_to_apply[]
apply_states()
return checks return retval
def zeek(): def zeek():
calling_func = sys._getframe().f_back.f_code.co_name
logging.debug('healthcheck module: zeek function caller: %s' % calling_func)
retcode = __salt__['zeekctl.status'](verbose=False) retcode = __salt__['zeekctl.status'](verbose=False)
logging.info('zeekctl.status retcode: %i' % retcode) logging.debug('zeekctl.status retcode: %i' % retcode)
if retcode: if retcode:
docker_restart('so-zeek') docker_restart('so-zeek')
states_to_apply.append('zeek') states_to_apply.append('zeek')
@@ -50,7 +69,8 @@ def zeek():
else: else:
zeek_restarted = False zeek_restarted = False
if calling_func == 'execute':
apply_states()
__salt__['telegraf.send']('healthcheck zeek_restarted=%s' % str(zeek_restarted)) __salt__['telegraf.send']('healthcheck zeek_restarted=%s' % str(zeek_restarted))
return 'zeek_restarted: %s' % str(zeek_restarted) return 'zeek_restarted: %s' % str(zeek_restarted)
apply_states()

19
salt/healthcheck/init.sls
View File

@@ -1,6 +1,6 @@
{% set CHECKS = salt['pillar.get']('healthcheck:checks', {} %} {% set CHECKS = salt['pillar.get']('healthcheck:checks', {}) %}
{% set ENABLED = salt['pillar.get']('healthcheck:enabled', False %} {% set ENABLED = salt['pillar.get']('healthcheck:enabled', False) %}
{% set SCHEDULE = salt['pillar.get']('healthcheck:schedule', 30 %} {% set SCHEDULE = salt['pillar.get']('healthcheck:schedule', 30) %}
{% if CHECKS and ENABLED %} {% if CHECKS and ENABLED %}
{% set STATUS = ['present','enabled'] %} {% set STATUS = ['present','enabled'] %}
@@ -10,17 +10,16 @@ nohealthchecks:
test.configurable_test_state: test.configurable_test_state:
- name: nohealthchecks - name: nohealthchecks
- changes: True - changes: True
- result: False - result: True
- comment: No checks are enabled for the healthcheck schedule - comment: 'No checks are enabled for the healthcheck schedule'
- warnings: Add checks to the healcheck:checks pillar
{% endif %} {% endif %}
healthcheck_schedule_{{STATUS[0]}}: healthcheck_schedule_{{ STATUS[0] }}:
schedule.{{STATUS[0]}}: schedule.{{ STATUS[0] }}:
- name: healthcheck - name: healthcheck
- function: healthcheck.run - function: healthcheck.run
- minutes: {{ SCHEDULE }} - minutes: {{ SCHEDULE }}
healthcheck_schedule_{{STATUS[1]}}: healthcheck_schedule_{{ STATUS[1] }}:
schedule.{{STATUS[1]}}: schedule.{{ STATUS[1] }}:
- name: healthcheck - name: healthcheck

2
salt/top.sls
View File

@@ -35,6 +35,7 @@ base:
- firewall - firewall
- pcap - pcap
- suricata - suricata
- healthcheck
{%- if BROVER != 'SURICATA' %} {%- if BROVER != 'SURICATA' %}
- zeek - zeek
{%- endif %} {%- endif %}
@@ -55,6 +56,7 @@ base:
- firewall - firewall
- idstools - idstools
- auth - auth
- healthcheck
{%- if FLEETMASTER or FLEETNODE %} {%- if FLEETMASTER or FLEETNODE %}
- mysql - mysql
{%- endif %} {%- endif %}