CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Elastic Fleet integration update improvements

Browse Source
This commit is contained in:
Wes
2023-05-30 02:54:39 +00:00
parent a01704a1d7
commit c835c523a9
5 changed files with 76 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
salt/elasticfleet/config.sls
View File

@@ -51,6 +51,34 @@ eastatedir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
eaintegrationsdir:
file.directory:
- name: /opt/so/conf/elastic-fleet/integrations
- user: 947
- group: 939
- makedirs: True
eadynamicintegration:
file.recurse:
- name: /opt/so/conf/elastic-fleet/integrations
- source: salt://elasticfleet/files/integrations-dynamic
- user: 947
- group: 939
- template: jinja
eaintegration:
file.recurse:
- name: /opt/so/conf/elastic-fleet/integrations
- source: salt://elasticfleet/files/integrations
- user: 947
- group: 939
ea-integrations-load:
file.absent:
- name: /opt/so/state/eaintegrations.txt
- onchanges:
- file: eaintegration
- file: eadynamicintegration
{% else %} {% else %}
{{sls}}_state_not_allowed: {{sls}}_state_not_allowed:

4
salt/elasticfleet/enabled.sls
View File

@@ -47,6 +47,10 @@ so-elastic-fleet:
- FLEET_CA=/etc/pki/tls/certs/intca.crt - FLEET_CA=/etc/pki/tls/certs/intca.crt
{% endif %} {% endif %}
so-elastic-fleet-integrations:
cmd.run:
- name: /usr/sbin/so-elastic-fleet-integration-policy-load
delete_so-elastic-fleet_so-status.disabled: delete_so-elastic-fleet_so-status.disabled:
file.uncomment: file.uncomment:
- name: /opt/so/conf/so-status/so-status.conf - name: /opt/so/conf/so-status/so-status.conf

6
salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-view
View File

@@ -9,11 +9,9 @@
POLICY_ID=$1 POLICY_ID=$1
# Let's snag a cookie from Kibana # Let's snag a cookie from Kibana
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
echo "Viewing agent policy $POLICY_ID"
# View agent policy # View agent policy
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/agent_policies/$POLICY_ID/full" | jq curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -H "kbn-xsrf: true" -L -X GET "localhost:5601/api/fleet/agent_policies/$POLICY_ID" | jq
echo echo

6
salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-list
View File

@@ -7,11 +7,9 @@
. /usr/sbin/so-common . /usr/sbin/so-common
# Let's snag a cookie from Kibana # Let's snag a cookie from Kibana
SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}') SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
echo "Setting up default Security Onion package policies for Elastic Agent..."
# List configured package policies # List configured package policies
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/package_policies" | jq curl -s -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X GET "localhost:5601/api/fleet/package_policies" -H 'kbn-xsrf: true' | jq
echo echo

52
salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load
View File

@@ -6,16 +6,44 @@
. /usr/sbin/so-common . /usr/sbin/so-common
# Initial Endpoints RETURN_CODE=0
for INTEGRATION in /opt/so/saltstack/default/salt/elasticfleet/files/integrations/endpoints-initial/*.json
do if [ ! -f /opt/so/state/eaintegrations.txt ]; then
printf "\n\nInitial Endpoint Policy - Loading $INTEGRATION\n" # Initial Endpoints
elastic_fleet_integration_create "@$INTEGRATION" for INTEGRATION in /opt/so/conf/elastic-fleet/integrations/endpoints-initial/*.json
done do
printf "\n\nInitial Endpoints Policy - Loading $INTEGRATION\n"
elastic_fleet_integration_check "endpoints-initial" "$INTEGRATION"
if [ -n "$INTEGRATION_ID" ]; then
if [ "$NAME" != "elastic-defend-endpoints" ]; then
printf "\n\nIntegration $NAME exists - Updating integration\n"
elastic_fleet_integration_update "$INTEGRATION_ID" "@$INTEGRATION"
fi
else
printf "\n\nIntegration does not exist - Creating integration\n"
elastic_fleet_integration_create "@$INTEGRATION"
fi
done
# Grid Nodes
for INTEGRATION in /opt/so/conf/elastic-fleet/integrations/grid-nodes/*.json
do
printf "\n\nGrid Nodes Policy - Loading $INTEGRATION\n"
elastic_fleet_integration_check "so-grid-nodes" "$INTEGRATION"
if [ -n "$INTEGRATION_ID" ]; then
printf "\n\nIntegration $NAME exists - Updating integration\n"
elastic_fleet_integration_update "$INTEGRATION_ID" "@$INTEGRATION"
else
printf "\n\nIntegration does not exist - Creating integration\n"
elastic_fleet_integration_create "@$INTEGRATION"
fi
done
if [[ "$RETURN_CODE" != "1" ]]; then
touch /opt/so/state/eaintegrations.txt
fi
else
exit $RETURN_CODE
fi
# Grid Nodes
for INTEGRATION in /opt/so/saltstack/default/salt/elasticfleet/files/integrations/grid-nodes/*.json
do
printf "\n\nGrid Nodes Policy - Loading $INTEGRATION\n"
elastic_fleet_integration_create "@$INTEGRATION"
done