From 1b532cd67002f2ecd90b9c3c2c5b440f2a3082d4 Mon Sep 17 00:00:00 2001 From: Dustin Lee Date: Tue, 8 Oct 2019 15:43:48 -0400 Subject: [PATCH 1/3] add playbook as installation option --- so-setup-network.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/so-setup-network.sh b/so-setup-network.sh index cd043375f..aea465f0d 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -556,7 +556,7 @@ master_pillar() { echo " osquery: $OSQUERY" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls echo " wazuh: $WAZUH" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls echo " thehive: $THEHIVE" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - echo " playbook: 0" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls + echo " playbook: $PLAYBOOK" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls } master_static() { @@ -620,6 +620,7 @@ process_components() { OSQUERY=0 WAZUH=0 THEHIVE=0 + PLAYBOOK=0 IFS=$' ' for item in $(echo "$CLEAN"); do @@ -1178,7 +1179,8 @@ whiptail_enable_components() { "GRAFANA" "Enable Grafana for system monitoring" ON \ "OSQUERY" "Enable Fleet with osquery" ON \ "WAZUH" "Enable Wazuh" ON \ - "THEHIVE" "Enable TheHive" ON 3>&1 1>&2 2>&3 ) + "THEHIVE" "Enable TheHive" ON \ + "PLAYBOOK" "Enable Playbook" ON 3>&1 1>&2 2>&3 ) } whiptail_eval_adv() { @@ -1741,6 +1743,10 @@ if (whiptail_you_sure); then echo -e "XXX\n87\nInstalling TheHive... \nXXX" salt-call state.apply hive >> $SETUPLOG 2>&1 fi + if [[ $PLAYBOOK == '1' ]]; then + echo -e "XXX\n89\nInstalling Playbook... \nXXX" + salt-call state.apply playbook >> $SETUPLOG 2>&1 + fi echo -e "XXX\n75\nEnabling Checking at Boot... \nXXX" checkin_at_boot >> $SETUPLOG 2>&1 echo -e "XXX\n95\nVerifying Install... \nXXX" @@ -1969,9 +1975,13 @@ if (whiptail_you_sure); then salt-call state.apply schedule >> $SETUPLOG 2>&1 salt-call state.apply soctopus >> $SETUPLOG 2>&1 if [[ $THEHIVE == '1' ]]; then - echo -e "XXX\n97\nInstalling The Hive... \nXXX" + echo -e "XXX\n96\nInstalling The Hive... \nXXX" salt-call state.apply hive >> $SETUPLOG 2>&1 fi + if [[ $PLAYBOOK == '1' ]]; then + echo -e "XXX\n97\nInstalling Playbook... \nXXX" + salt-call state.apply playbook >> $SETUPLOG 2>&1 + fi echo -e "XXX\n98\nSetting checkin to run on boot... \nXXX" checkin_at_boot >> $SETUPLOG 2>&1 echo -e "XXX\n99\nVerifying Setup... \nXXX" From 32d1641b6ed3d5b9400e73242247a630756e8e67 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 9 Oct 2019 13:33:07 -0400 Subject: [PATCH 2/3] Firewall Module - Fix some docker iptables issues --- salt/firewall/init.sls | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index 2489b1f47..68d1f66cd 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -6,6 +6,21 @@ {%- elif grains['role'] == 'so-sensor' %} {%- set ip = salt['pillar.get']('sensor:mainip', '') %} {%- endif %} +# Quick Fix for Docker being difficult +iptables_fix_docker: + iptables.chain_present: + - name: DOCKER-USER + - table: filter + +# Add the Forward Rule since Docker ripped it out +iptables_fix_fwd: + iptables.insert: + - table: filter + - chain: FORWARD + - jump: ACCEPT + - position: 1 + - target: DOCKER-USER + # Keep localhost in the game iptables_allow_localhost: iptables.append: @@ -238,7 +253,7 @@ enable_master_playbook_3200_{{ip}}: - dport: 3200 - position: 1 - save: True - + enable_master_navigator_4200_{{ip}}: iptables.insert: - table: filter From e999a27d3e611a32c6ce465ad4f32cda5f4b7513 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 9 Oct 2019 14:15:05 -0400 Subject: [PATCH 3/3] 1.1.2 --- README.md | 6 ++++++ salt/common/init.sls | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ced42ae50..7f01ba1ab 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,9 @@ +## Hybrid Hunter Alpha 1.1.2 + +- Quick firewall fix to address latest docker version. +- Added the option to install playbook from the initial install. +- Fixed an issue with multiple monitor interfaces not working properly. + ## Hybrid Hunter Alpha 1.1.1 ### Changes: diff --git a/salt/common/init.sls b/salt/common/init.sls index f4a78a995..9d34c4a20 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -116,13 +116,13 @@ nginxtmp: # Start the core docker so-coreimage: cmd.run: - - name: docker pull --disable-content-trust=false soshybridhunter/so-core:HH1.1.1 + - name: docker pull --disable-content-trust=false soshybridhunter/so-core:HH1.1.2 so-core: docker_container.running: - require: - so-coreimage - - image: soshybridhunter/so-core:HH1.1.1 + - image: soshybridhunter/so-core:HH1.1.2 - hostname: so-core - user: socore - binds: