From e50002e0ca5f5764212b28c3ee9bc3919984b6bc Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 17 May 2021 16:26:12 -0400 Subject: [PATCH 1/3] influx and grafana default for manager nodes - https://github.com/Security-Onion-Solutions/securityonion/issues/4207 --- salt/grafana/init.sls | 2 +- salt/influxdb/init.sls | 2 +- salt/soc/files/soc/soc.json | 2 +- setup/so-whiptail | 12 ++++++++++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 4a0cc7b08..b6e20bb9d 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -11,7 +11,7 @@ {% set GRAFANA_SETTINGS = salt['grains.filter_by'](default_settings, default='grafana', merge=salt['pillar.get']('grafana', {})) %} -{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %} +{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} # Grafana all the things grafanadir: diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index aace4e827..485cc951b 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -6,7 +6,7 @@ {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} -{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %} +{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] or (grains.role == 'so-eval' and GRAFANA == 1) %} # Influx DB influxconfdir: diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 6f1c3a6da..266b602aa 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -54,7 +54,7 @@ "verifyCert": false }, "influxdb": { -{%- if grains['role'] in ['so-import'] %} +{%- if grains['role'] in ['so-import'] or GRAFANA == 0 %} "hostUrl": "", {%- else %} "hostUrl": "https://{{ MANAGERIP }}:8086", diff --git a/setup/so-whiptail b/setup/so-whiptail index 09346828f..5eca2d39a 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -408,6 +408,7 @@ whiptail_enable_components() { PLAYBOOK=0 STRELKA=0 +if [[ $is_eval ]]; then COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \ "Select Components to install:" 20 75 8 \ GRAFANA "Enable Grafana for system monitoring" ON \ @@ -416,6 +417,17 @@ whiptail_enable_components() { THEHIVE "Enable TheHive" ON \ PLAYBOOK "Enable Playbook" ON \ STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3) +else + COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \ + "Select Components to install:" 20 75 7 \ + OSQUERY "Enable Fleet with osquery" ON \ + WAZUH "Enable Wazuh" ON \ + THEHIVE "Enable TheHive" ON \ + PLAYBOOK "Enable Playbook" ON \ + STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3) + export "GRAFANA=1" +fi + local exitstatus=$? whiptail_check_exitstatus $exitstatus From ef32bff302a8781e68bbf55ceb9fcaa079125fba Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 17 May 2021 18:29:27 -0400 Subject: [PATCH 2/3] fix up soc.json --- salt/soc/files/soc/soc.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 266b602aa..5dfd364d2 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -54,7 +54,7 @@ "verifyCert": false }, "influxdb": { -{%- if grains['role'] in ['so-import'] or GRAFANA == 0 %} +{%- if grains['role'] in ['so-import'] or (grains['role'] == 'so-eval' and GRAFANA == 0) %} "hostUrl": "", {%- else %} "hostUrl": "https://{{ MANAGERIP }}:8086", From 0de1c9a6696144f8e46eca2a6a420649690ba55b Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 18 May 2021 07:57:00 -0400 Subject: [PATCH 3/3] removing unreference pillar file docker/config.sls --- pillar/docker/config.sls | 208 --------------------------------------- 1 file changed, 208 deletions(-) delete mode 100644 pillar/docker/config.sls diff --git a/pillar/docker/config.sls b/pillar/docker/config.sls deleted file mode 100644 index da6fac83a..000000000 --- a/pillar/docker/config.sls +++ /dev/null @@ -1,208 +0,0 @@ -{%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) -%} -{%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) -%} -{% set WAZUH = salt['pillar.get']('manager:wazuh', '0') %} -{% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %} -{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %} -{% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %} -{% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %} -{% set ZEEKVER = salt['pillar.get']('global:mdengine', 'COMMUNITY') %} -{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} - -eval: - containers: - - so-nginx - - so-telegraf - {% if GRAFANA == '1' %} - - so-influxdb - - so-grafana - {% endif %} - - so-dockerregistry - - so-soc - - so-kratos - - so-idstools - {% if FLEETMANAGER %} - - so-mysql - - so-fleet - - so-redis - {% endif %} - - so-elasticsearch - - so-logstash - - so-kibana - - so-steno - - so-suricata - - so-zeek - - so-curator - - so-elastalert - {% if WAZUH != '0' %} - - so-wazuh - {% endif %} - - so-soctopus - {% if THEHIVE != '0' %} - - so-thehive - - so-thehive-es - - so-cortex - {% endif %} - {% if PLAYBOOK != '0' %} - - so-playbook - {% endif %} - {% if FREQSERVER != '0' %} - - so-freqserver - {% endif %} - {% if DOMAINSTATS != '0' %} - - so-domainstats - {% endif %} -heavy_node: - containers: - - so-nginx - - so-telegraf - - so-redis - - so-logstash - - so-elasticsearch - - so-curator - - so-steno - - so-suricata - - so-wazuh - - so-filebeat - {% if ZEEKVER != 'SURICATA' %} - - so-zeek - {% endif %} -helix: - containers: - - so-nginx - - so-telegraf - - so-idstools - - so-steno - - so-zeek - - so-redis - - so-logstash - - so-filebeat -hot_node: - containers: - - so-nginx - - so-telegraf - - so-logstash - - so-elasticsearch - - so-curator -manager_search: - containers: - - so-nginx - - so-telegraf - - so-soc - - so-kratos - - so-acng - - so-idstools - - so-redis - - so-logstash - - so-elasticsearch - - so-curator - - so-kibana - - so-elastalert - - so-filebeat - - so-soctopus - {% if FLEETMANAGER %} - - so-mysql - - so-fleet - - so-redis - {% endif %} - {% if WAZUH != '0' %} - - so-wazuh - {% endif %} - - so-soctopus - {% if THEHIVE != '0' %} - - so-thehive - - so-thehive-es - - so-cortex - {% endif %} - {% if PLAYBOOK != '0' %} - - so-playbook - {% endif %} - {% if FREQSERVER != '0' %} - - so-freqserver - {% endif %} - {% if DOMAINSTATS != '0' %} - - so-domainstats - {% endif %} -manager: - containers: - - so-dockerregistry - - so-nginx - - so-telegraf - {% if GRAFANA == '1' %} - - so-influxdb - - so-grafana - {% endif %} - - so-soc - - so-kratos - - so-acng - - so-idstools - - so-redis - - so-elasticsearch - - so-logstash - - so-kibana - - so-elastalert - - so-filebeat - {% if FLEETMANAGER %} - - so-mysql - - so-fleet - - so-redis - {% endif %} - {% if WAZUH != '0' %} - - so-wazuh - {% endif %} - - so-soctopus - {% if THEHIVE != '0' %} - - so-thehive - - so-thehive-es - - so-cortex - {% endif %} - {% if PLAYBOOK != '0' %} - - so-playbook - {% endif %} - {% if FREQSERVER != '0' %} - - so-freqserver - {% endif %} - {% if DOMAINSTATS != '0' %} - - so-domainstats - {% endif %} -parser_node: - containers: - - so-nginx - - so-telegraf - - so-logstash -search_node: - containers: - - so-nginx - - so-telegraf - - so-logstash - - so-elasticsearch - - so-curator - - so-filebeat - {% if WAZUH != '0' %} - - so-wazuh - {% endif %} -sensor: - containers: - - so-nginx - - so-telegraf - - so-steno - - so-suricata - {% if ZEEKVER != 'SURICATA' %} - - so-zeek - {% endif %} - - so-wazuh - - so-filebeat -warm_node: - containers: - - so-nginx - - so-telegraf - - so-elasticsearch -fleet: - containers: - {% if FLEETNODE %} - - so-mysql - - so-fleet - - so-redis - - so-filebeat - - so-nginx - - so-telegraf - {% endif %} \ No newline at end of file