CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

update so-allow to allow arguments

Browse Source
This commit is contained in:
Wes Lambert
2020-01-13 20:07:54 +00:00
parent f9fd237fa5
commit c4626020a4
1 changed files with 94 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
salt/common/tools/sbin/so-allow
View File

@@ -1,4 +1,23 @@
#!/bin/bash #!/bin/bash
#!/bin/bash
#
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
SKIP=0
got_root() { got_root() {
# Make sure you are root # Make sure you are root
@@ -11,6 +30,37 @@ got_root() {
got_root got_root
while getopts "abowi:" OPTION
do
case $OPTION in
h)
usage
exit 0
;;
a)
FULLROLE="analyst"
SKIP=1
;;
b)
FULLROLE=beats_endpoint
SKIP=1
;;
i) IP=$OPTARG
;;
o)
FULLROLE=osquery_endpoint
SKIP=1
;;
w)
FULLROLE=wazuh_endpoint
SKIP=1
;;
esac
done
if [ "$SKIP" -eq 0 ]; then
echo "This program allows you to add a firewall rule to allow connections from a new IP address." echo "This program allows you to add a firewall rule to allow connections from a new IP address."
echo "" echo ""
echo "Choose the role for the IP or Range you would like to add" echo "Choose the role for the IP or Range you would like to add"
@@ -38,5 +88,25 @@ else
exit 1 exit 1
fi fi
fi
echo "Adding $IP to the $FULLROLE role. This can take a few seconds" echo "Adding $IP to the $FULLROLE role. This can take a few seconds"
/opt/so/saltstack/pillar/firewall/addfirewall.sh $FULLROLE $IP /opt/so/saltstack/pillar/firewall/addfirewall.sh $FULLROLE $IP
# Check if Wazuh enabled
if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
# If analyst, add to Wazuh AR whitelist
if [ "$FULLROLE" == "analyst" ]; then
WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
if ! grep -q "<white_list>$IP</white_list>" $WAZUH_MGR_CFG ; then
DATE=`date`
sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG
sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG
echo -e "<!--Address $IP added by /usr/sbin/so-allow on "$DATE"-->\n <global>\n <white_list>$IP</white_list>\n </global>\n</ossec_config>" >> $WAZUH_MGR_CFG
echo "Added whitelist entry for $IP in $WAZUH_MGR_CFG."
echo
echo "Restarting OSSEC Server..."
/usr/sbin/so-wazuh-restart
fi
fi
fi