Merge branch 'dev' of github.com:Security-Onion-Solutions/securityonion-saltstack into dev

2025-12-06 17:22:49 +01:00 · 2020-02-05 18:17:36 -05:00
parent 9779037e99 aeec5563eb
commit c5fa0fcdf7
6 changed files with 52 additions and 61 deletions
--- a/salt/logstash/conf/pipelines/eval/templates/9999_output_redis.conf
+++ b/salt/logstash/conf/pipelines/eval/templates/9999_output_redis.conf
@@ -1,26 +0,0 @@
-{%- if salt['grains.get']('role') == 'so-master' %}
-{% set master = salt['pillar.get']('static:masterip', '') %}
-{%- set nodetype = 'master' %}
-{% elif grains.role == 'so-heavynode' %}
-{% set master = salt['pillar.get']('node:mainip', '') %}
-{%- set nodetype = salt['pillar.get']('node:node_type', 'search') %}
-{%- else %}
-{%- set nodetype = salt['pillar.get']('node:node_type', 'storage') %}
-{% set master = salt['pillar.get']('static:masterip', '') %}
-{%- endif %}
-
-
-output {
-	redis {
-		host => '{{ master }}'
-		data_type => 'list'
-		{%- if nodetype == 'parser' %}
-		key => 'logstash:parsed'
-		{%- else %}
-		key => 'logstash:unparsed'
-		{%- endif %}
-		congestion_interval => 1
-		congestion_threshold => 50000000
-		# batch_events => 500
-	}
-}
--- a/salt/logstash/conf/pipelines/helix/templates/9997_output_helix.conf
+++ b/salt/logstash/conf/pipelines/helix/templates/9997_output_helix.conf
--- a/salt/logstash/etc/logstash.yml
+++ b/salt/logstash/etc/logstash.yml
@@ -63,7 +63,7 @@
 #
 # path.config:
 # /etc/logstash/conf.d is mapped to /usr/share/logstash/pipeline in the Docker image
-{%- if grains.role != 'so-mastersearch' and grains.role != 'so-heavynode' and grains.role != 'so-master' and grains.role != 'so-eval' %}
+{%- if grains.role != 'so-mastersearch' and grains.role != 'so-heavynode' and grains.role != 'so-master' and grains.role != 'so-eval' and grains.role != 'so-helix' %}
 path.config: /usr/share/logstash/pipeline.enabled/*.conf
 {%- else %} 
 #path.config: /usr/share/logstash/pipeline.enabled/*.conf
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -15,6 +15,7 @@ base:
  'G@role:so-helix':
    - ca
    - ssl
+    - registry
    - common
    - firewall
    - idstools
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -453,42 +453,55 @@ docker_registry() {
  echo "Docker Registry Setup - Complete" >> $SETUPLOG 2>&1

 }
-
 docker_seed_registry() {
  VERSION="HH1.1.4"
-  TRUSTED_CONTAINERS=( \
-  "so-acng:$VERSION" \
-  "so-auth-api:$VERSION" \
-  "so-auth-ui:$VERSION" \
-  "so-core:$VERSION" \
-  "so-thehive-cortex:$VERSION" \
-  "so-curator:$VERSION" \
-  "so-domainstats:$VERSION" \
-  "so-elastalert:$VERSION" \
-  "so-elasticsearch:$VERSION" \
-  "so-filebeat:$VERSION" \
-  "so-fleet:$VERSION" \
-  "so-fleet-launcher:$VERSION" \
-  "so-freqserver:$VERSION" \
-  "so-grafana:$VERSION" \
-  "so-idstools:$VERSION" \
-  "so-influxdb:$VERSION" \
-  "so-kibana:$VERSION" \
-  "so-logstash:$VERSION" \
-  "so-mysql:$VERSION" \
-  "so-navigator:$VERSION" \
-  "so-playbook:$VERSION" \
-  "so-redis:$VERSION" \
-  "so-sensoroni:$VERSION" \
-  "so-soctopus:$VERSION" \
-  "so-steno:$VERSION" \
-  #"so-strelka:$VERSION" \
-  "so-suricata:$VERSION" \
-  "so-telegraf:$VERSION" \
-  "so-thehive:$VERSION" \
-  "so-thehive-es:$VERSION" \
-  "so-wazuh:$VERSION" \
-  "so-zeek:$VERSION" )
+  if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then
+    TRUSTED_CONTAINERS=( \
+    "so-acng:$VERSION" \
+    "so-auth-api:$VERSION" \
+    "so-auth-ui:$VERSION" \
+    "so-core:$VERSION" \
+    "so-thehive-cortex:$VERSION" \
+    "so-curator:$VERSION" \
+    "so-domainstats:$VERSION" \
+    "so-elastalert:$VERSION" \
+    "so-elasticsearch:$VERSION" \
+    "so-filebeat:$VERSION" \
+    "so-fleet:$VERSION" \
+    "so-fleet-launcher:$VERSION" \
+    "so-freqserver:$VERSION" \
+    "so-grafana:$VERSION" \
+    "so-idstools:$VERSION" \
+    "so-influxdb:$VERSION" \
+    "so-kibana:$VERSION" \
+    "so-logstash:$VERSION" \
+    "so-mysql:$VERSION" \
+    "so-navigator:$VERSION" \
+    "so-playbook:$VERSION" \
+    "so-redis:$VERSION" \
+    "so-sensoroni:$VERSION" \
+    "so-soctopus:$VERSION" \
+    "so-steno:$VERSION" \
+    #"so-strelka:$VERSION" \
+    "so-suricata:$VERSION" \
+    "so-telegraf:$VERSION" \
+    "so-thehive:$VERSION" \
+    "so-thehive-es:$VERSION" \
+    "so-wazuh:$VERSION" \
+    "so-zeek:$VERSION" )
+  else
+    TRUSTED_CONTAINERS=( \
+    "so-core:$VERSION" \
+    "so-filebeat:$VERSION" \
+    "so-idstools:$VERSION" \
+    "so-logstash:$VERSION" \
+    "so-redis:$VERSION" \
+    "so-sensoroni:$VERSION" \
+    "so-steno:$VERSION" \
+    "so-suricata:$VERSION" \
+    "so-telegraf:$VERSION" \
+    "so-zeek:$VERSION" )
+  fi

  if [ ! -f /nsm/docker-registry/docker/so-dockers-$VERSION.tar ]; then
    # Download the container from the interwebs
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -213,6 +213,9 @@ if (whiptail_you_sure) ; then
      salt_checkin >> $SETUPLOG 2>&1
      salt-call state.apply ca >> $SETUPLOG 2>&1
      salt-call state.apply ssl >> $SETUPLOG 2>&1
+      echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
+      salt-call state.apply registry >> $SETUPLOG 2>&1
+      docker_seed_registry >> $SETUPLOG 2>&1
      echo -e "XXX\n43\nInstalling Common Components... \nXXX"
      salt-call state.apply common >> $SETUPLOG 2>&1
      echo -e "XXX\n45\nApplying firewall rules... \nXXX"