From c7604e893e3451ab27fbf737ba274ebfc6b8b2c4 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 3 May 2023 09:17:37 -0400
Subject: [PATCH] Fix annotations and defaults for logstash

---
 salt/elasticfleet/init.sls      |  2 ++
 salt/logstash/defaults.yaml     | 64 +++++++++++++++++++++++++--------
 salt/logstash/soc_logstash.yaml | 35 +++++++++++++++---
 3 files changed, 81 insertions(+), 20 deletions(-)

diff --git a/salt/elasticfleet/init.sls b/salt/elasticfleet/init.sls
index 924d2cb3f..9476c3b94 100644
--- a/salt/elasticfleet/init.sls
+++ b/salt/elasticfleet/init.sls
@@ -31,6 +31,7 @@ elasticfleet_sbin:
     - source: salt://elasticfleet/tools/sbin
     - user: 947
     - group: 939
+    - file_mode: 755
 
 elasticfleet_sbin_jinja:
   file.recurse:
@@ -38,6 +39,7 @@ elasticfleet_sbin_jinja:
     - source: salt://elasticfleet/tools/sbin_jinja
     - user: 947
     - group: 939 
+    - file_mode: 755
     - template: jinja
 
 eaconfdir:
diff --git a/salt/logstash/defaults.yaml b/salt/logstash/defaults.yaml
index dddab9ddf..21667ece8 100644
--- a/salt/logstash/defaults.yaml
+++ b/salt/logstash/defaults.yaml
@@ -1,22 +1,56 @@
 logstash:
   assigned_pipelines:
     roles:
-      fleet:
-        - so/0012_input_elastic_agent.conf     
-        - so/9806_output_lumberjack_fleet.conf.jinja
-      manager:
-        - so/0011_input_endgame.conf
-        - so/0012_input_elastic_agent.conf
-        - so/0013_input_lumberjack_fleet.conf
-        - so/9999_output_redis.conf.jinja        
+      standalone:
+        - manager
+        - search
       receiver:
-        - so/0011_input_endgame.conf
-        - so/0012_input_elastic_agent.conf
-        - so/9999_output_redis.conf.jinja
-      search:
-        - so/0900_input_redis.conf.jinja
-        - so/9805_output_elastic_agent.conf.jinja
-        - so/9900_output_endgame.conf.jinja
+        - receiver
+      heavynode:
+        - search
+      searchnode:
+        - search
+      manager:
+        - manager
+      managersearch:
+        - manager
+        - search
+      fleet:
+        - fleet
+  defined_pipelines:
+    fleet:
+      - so/0012_input_elastic_agent.conf     
+      - so/9806_output_lumberjack_fleet.conf.jinja
+    manager:
+      - so/0011_input_endgame.conf
+      - so/0012_input_elastic_agent.conf
+      - so/0013_input_lumberjack_fleet.conf
+      - so/9999_output_redis.conf.jinja        
+    receiver:
+      - so/0011_input_endgame.conf
+      - so/0012_input_elastic_agent.conf
+      - so/9999_output_redis.conf.jinja
+    searchnode:
+      - so/0900_input_redis.conf.jinja
+      - so/9805_output_elastic_agent.conf.jinja
+      - so/9900_output_endgame.conf.jinja
+    custom0: []
+    custom1: []
+    custom2: []
+    custom3: []
+    custom4: []
+  docker_options:
+    port_bindings:
+      - 0.0.0.0:3765:3765
+      - 0.0.0.0:5044:5044
+      - 0.0.0.0:5055:5055
+      - 0.0.0.0:5056:5056
+      - 0.0.0.0:5644:5644
+      - 0.0.0.0:6050:6050
+      - 0.0.0.0:6051:6051
+      - 0.0.0.0:6052:6052
+      - 0.0.0.0:6053:6053
+      - 0.0.0.0:9600:9600
   settings:
     lsheap: 500m
   config:
diff --git a/salt/logstash/soc_logstash.yaml b/salt/logstash/soc_logstash.yaml
index a780c1ebe..0539a9243 100644
--- a/salt/logstash/soc_logstash.yaml
+++ b/salt/logstash/soc_logstash.yaml
@@ -1,14 +1,33 @@
 logstash:
   assigned_pipelines:
+    standalone: &assigned_pipelines
+      description: List of defined pipelines to add to this role.
+      advanced: True
+      helpLink: logstash.html
+      multiline: True
+      forcedType: "[]string"
+    receiver: *assigned_pipelines
+    heavynode: *assigned_pipelines
+    searchnode: *assigned_pipelines
+    manager: *assigned_pipelines
+    managersearch: *assigned_pipelines
+    fleet: *assigned_pipelines
+  defined_pipelines:
     roles:
-      receiver: &assigned_pipelines
-        description: List of pipelines assigned to this role.
+      receiver: &defined_pipelines
+        description: List of pipeline configurations assign to this group.
         advanced: True
         helpLink: logstash.html
         multiline: True
-      fleet: *assigned_pipelines
-      manager: *assigned_pipelines
-      search: *assigned_pipelines
+        forcedType: "[]string" 
+      fleet: *defined_pipelines
+      manager: *defined_pipelines
+      search: *defined_pipelines
+      custom0: *defined_pipelines
+      custom1: *defined_pipelines
+      custom2: *defined_pipelines
+      custom3: *defined_pipelines
+      custom4: *defined_pipelines
   settings:
     lsheap: 
       description: Heap size to use for logstash
@@ -38,6 +57,12 @@ logstash:
       helpLink: logstash.html
       readonly: True
       advanced: True
+    docker_options:
+      port_bindings:
+        description: List of ports to open to the logstash docker container. Firewall ports will still need to be added to the firewall configuration.
+        helpLink: logstash.html
+        advanced: True
+        multiline: True
   dmz_nodes:
     description: "List of receiver nodes in DMZs. Prevents sensors from sending to these receivers. Primarily used for external Elastic agents."
     helpLink: logstash.html