CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' of github.com:Security-Onion-Solutions/securityonion-saltstack into dev

Browse Source
This commit is contained in:
William Wernert
2020-02-05 18:17:36 -05:00
parent 9779037e99 aeec5563eb
commit c5fa0fcdf7
6 changed files with 52 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
salt/logstash/conf/pipelines/eval/templates/9999_output_redis.conf
View File

@@ -1,26 +0,0 @@
{%- if salt['grains.get']('role') == 'so-master' %}
{% set master = salt['pillar.get']('static:masterip', '') %}
{%- set nodetype = 'master' %}
{% elif grains.role == 'so-heavynode' %}
{% set master = salt['pillar.get']('node:mainip', '') %}
{%- set nodetype = salt['pillar.get']('node:node_type', 'search') %}
{%- else %}
{%- set nodetype = salt['pillar.get']('node:node_type', 'storage') %}
{% set master = salt['pillar.get']('static:masterip', '') %}
{%- endif %}
output {
redis {
host => '{{ master }}'
data_type => 'list'
{%- if nodetype == 'parser' %}
key => 'logstash:parsed'
{%- else %}
key => 'logstash:unparsed'
{%- endif %}
congestion_interval => 1
congestion_threshold => 50000000
# batch_events => 500
}
}

0
salt/logstash/conf/pipelines/helix/9997_output_helix.conf → salt/logstash/conf/pipelines/helix/templates/9997_output_helix.conf
View File

2
salt/logstash/etc/logstash.yml
View File

@@ -63,7 +63,7 @@
# #
# path.config: # path.config:
# /etc/logstash/conf.d is mapped to /usr/share/logstash/pipeline in the Docker image # /etc/logstash/conf.d is mapped to /usr/share/logstash/pipeline in the Docker image
{%- if grains.role != 'so-mastersearch' and grains.role != 'so-heavynode' and grains.role != 'so-master' and grains.role != 'so-eval' %} {%- if grains.role != 'so-mastersearch' and grains.role != 'so-heavynode' and grains.role != 'so-master' and grains.role != 'so-eval' and grains.role != 'so-helix' %}
path.config: /usr/share/logstash/pipeline.enabled/*.conf path.config: /usr/share/logstash/pipeline.enabled/*.conf
{%- else %} {%- else %}
#path.config: /usr/share/logstash/pipeline.enabled/*.conf #path.config: /usr/share/logstash/pipeline.enabled/*.conf

1
salt/top.sls
View File

@@ -15,6 +15,7 @@ base:
'G@role:so-helix': 'G@role:so-helix':
- ca - ca
- ssl - ssl
- registry
- common - common
- firewall - firewall
- idstools - idstools

81
setup/so-functions
View File

@@ -453,42 +453,55 @@ docker_registry() {
echo "Docker Registry Setup - Complete" >> $SETUPLOG 2>&1 echo "Docker Registry Setup - Complete" >> $SETUPLOG 2>&1
} }
docker_seed_registry() { docker_seed_registry() {
VERSION="HH1.1.4" VERSION="HH1.1.4"
TRUSTED_CONTAINERS=( \ if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then
"so-acng:$VERSION" \ TRUSTED_CONTAINERS=( \
"so-auth-api:$VERSION" \ "so-acng:$VERSION" \
"so-auth-ui:$VERSION" \ "so-auth-api:$VERSION" \
"so-core:$VERSION" \ "so-auth-ui:$VERSION" \
"so-thehive-cortex:$VERSION" \ "so-core:$VERSION" \
"so-curator:$VERSION" \ "so-thehive-cortex:$VERSION" \
"so-domainstats:$VERSION" \ "so-curator:$VERSION" \
"so-elastalert:$VERSION" \ "so-domainstats:$VERSION" \
"so-elasticsearch:$VERSION" \ "so-elastalert:$VERSION" \
"so-filebeat:$VERSION" \ "so-elasticsearch:$VERSION" \
"so-fleet:$VERSION" \ "so-filebeat:$VERSION" \
"so-fleet-launcher:$VERSION" \ "so-fleet:$VERSION" \
"so-freqserver:$VERSION" \ "so-fleet-launcher:$VERSION" \
"so-grafana:$VERSION" \ "so-freqserver:$VERSION" \
"so-idstools:$VERSION" \ "so-grafana:$VERSION" \
"so-influxdb:$VERSION" \ "so-idstools:$VERSION" \
"so-kibana:$VERSION" \ "so-influxdb:$VERSION" \
"so-logstash:$VERSION" \ "so-kibana:$VERSION" \
"so-mysql:$VERSION" \ "so-logstash:$VERSION" \
"so-navigator:$VERSION" \ "so-mysql:$VERSION" \
"so-playbook:$VERSION" \ "so-navigator:$VERSION" \
"so-redis:$VERSION" \ "so-playbook:$VERSION" \
"so-sensoroni:$VERSION" \ "so-redis:$VERSION" \
"so-soctopus:$VERSION" \ "so-sensoroni:$VERSION" \
"so-steno:$VERSION" \ "so-soctopus:$VERSION" \
#"so-strelka:$VERSION" \ "so-steno:$VERSION" \
"so-suricata:$VERSION" \ #"so-strelka:$VERSION" \
"so-telegraf:$VERSION" \ "so-suricata:$VERSION" \
"so-thehive:$VERSION" \ "so-telegraf:$VERSION" \
"so-thehive-es:$VERSION" \ "so-thehive:$VERSION" \
"so-wazuh:$VERSION" \ "so-thehive-es:$VERSION" \
"so-zeek:$VERSION" ) "so-wazuh:$VERSION" \
"so-zeek:$VERSION" )
else
TRUSTED_CONTAINERS=( \
"so-core:$VERSION" \
"so-filebeat:$VERSION" \
"so-idstools:$VERSION" \
"so-logstash:$VERSION" \
"so-redis:$VERSION" \
"so-sensoroni:$VERSION" \
"so-steno:$VERSION" \
"so-suricata:$VERSION" \
"so-telegraf:$VERSION" \
"so-zeek:$VERSION" )
fi
if [ ! -f /nsm/docker-registry/docker/so-dockers-$VERSION.tar ]; then if [ ! -f /nsm/docker-registry/docker/so-dockers-$VERSION.tar ]; then
# Download the container from the interwebs # Download the container from the interwebs

3
setup/so-setup
View File

@@ -213,6 +213,9 @@ if (whiptail_you_sure) ; then
salt_checkin >> $SETUPLOG 2>&1 salt_checkin >> $SETUPLOG 2>&1
salt-call state.apply ca >> $SETUPLOG 2>&1 salt-call state.apply ca >> $SETUPLOG 2>&1
salt-call state.apply ssl >> $SETUPLOG 2>&1 salt-call state.apply ssl >> $SETUPLOG 2>&1
echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
salt-call state.apply registry >> $SETUPLOG 2>&1
docker_seed_registry >> $SETUPLOG 2>&1
echo -e "XXX\n43\nInstalling Common Components... \nXXX" echo -e "XXX\n43\nInstalling Common Components... \nXXX"
salt-call state.apply common >> $SETUPLOG 2>&1 salt-call state.apply common >> $SETUPLOG 2>&1
echo -e "XXX\n45\nApplying firewall rules... \nXXX" echo -e "XXX\n45\nApplying firewall rules... \nXXX"