From 1d45472b48f3a8424ff654b55e49065ee6b6e828 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 24 Feb 2021 11:30:43 -0500 Subject: [PATCH] Fix Strelka Rule updates, repo fix --- salt/common/tools/sbin/soup | 6 ++++- salt/docker_clean/init.sls | 35 ++++++++++++++++++++++++++++++ salt/registry/bin/so-buildregistry | 12 ---------- salt/registry/init.sls | 11 ---------- setup/so-functions | 14 +++++++++--- 5 files changed, 51 insertions(+), 27 deletions(-) delete mode 100644 salt/registry/bin/so-buildregistry diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index c1b649610..b6df582f1 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -159,7 +159,7 @@ generate_and_clean_tarballs() { local new_version new_version=$(cat $UPDATE_DIR/VERSION) [ -d /opt/so/repo ] || mkdir -p /opt/so/repo - tar -cxf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR" + tar -czf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR" find "/opt/so/repo" -type f -not -name "$new_version.tar.gz" -exec rm -rf {} \; } @@ -340,6 +340,10 @@ up_2.3.2X_to_2.3.30() { for pillar in "${minion_pillars[@]}"; do sed -i -r "s/ (\{\{.*}})$/ '\1'/g" "$pillar" done + + # Change the IMAGEREPO + sed -i "/ imagerepo: 'securityonion'/c\ imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls + sed -i "/ imagerepo: securityonion/c\ imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls } space_check() { diff --git a/salt/docker_clean/init.sls b/salt/docker_clean/init.sls index 21e672c00..57bc47ef6 100644 --- a/salt/docker_clean/init.sls +++ b/salt/docker_clean/init.sls @@ -45,6 +45,41 @@ remove_images_{{ VERSION }}: - '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-thehive-es:{{ VERSION }}' - '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-wazuh:{{ VERSION }}' - '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-acng:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-thehive-cortex:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-curator:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-domainstats:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-elastalert:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-elasticsearch:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-filebeat:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-fleet:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-fleet-launcher:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-freqserver:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-grafana:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-idstools:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-influxdb:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-kibana:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-kratos:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-logstash:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-minio:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-mysql:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-nginx:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-pcaptools:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-playbook:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-redis:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-soc:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-soctopus:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-steno:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-strelka-frontend:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-strelka-manager:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-strelka-backend:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-strelka-filestream:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-suricata:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-telegraf:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-thehive:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-thehive-es:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-wazuh:{{ VERSION }}' + - '{{ MANAGER }}:5000/securityonion/so-zeek:{{ VERSION }}' {% endfor %} {% else %} diff --git a/salt/registry/bin/so-buildregistry b/salt/registry/bin/so-buildregistry deleted file mode 100644 index 01756fc67..000000000 --- a/salt/registry/bin/so-buildregistry +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -VERSION=HH1.1.4 -TARBALL=/nsm/docker-registry/docker/so-dockers-$VERSION.tar - -# See if the tarball is there. If so do soemthing otherwise peace out. -if [ -f "$TARBALL" ]; then - cd /nsm/docker-registry/docker - tar xvf so-dockers-$VERSION.tar -fi - -exit 0 diff --git a/salt/registry/init.sls b/salt/registry/init.sls index d733b6f54..1cec55fd2 100644 --- a/salt/registry/init.sls +++ b/salt/registry/init.sls @@ -29,17 +29,6 @@ dockerregistryconf: - name: /opt/so/conf/docker-registry/etc/config.yml - source: salt://registry/etc/config.yml -# Copy the registry script -#dockerregistrybuild: -# file.managed: -# - name: /opt/so/conf/docker-registry/so-buildregistry -# - source: salt://registry/bin/so-buildregistry -# - mode: 755 - -#dockerexpandregistry: -# cmd.run: -# - name: /opt/so/conf/docker-registry/so-buildregistry - # Install the registry container so-dockerregistry: docker_container.running: diff --git a/setup/so-functions b/setup/so-functions index 4410e7443..a42da1b52 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1558,9 +1558,17 @@ manager_global() { " node_checkin_interval_ms: $NODE_CHECKIN_INTERVAL_MS"\ "strelka:"\ " enabled: $STRELKA"\ - " rules: 1"\ - " repos:"\ - " - https://github.com/Neo23x0/signature-base"\ + " rules: 1" >> "$global_pillar" + if [[ $is_airgap ]]; then + printf '%s\n'\ + " repos:"\ + " - 'https://$HOSTNAME/repo/rules/strelka'" >> "$global_pillar" + else + printf '%s\n'\ + " repos:"\ + " - 'https://github.com/Neo23x0/signature-base'" >> "$global_pillar" + fi + printf '%s\n'\ "curator:"\ " hot_warm: False"\ "elastic:"\