mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-02-20 06:05:01 +01:00
Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into issue/5809
This commit is contained in:
@@ -390,20 +390,30 @@ has_uppercase() {
|
||||
}
|
||||
|
||||
valid_cidr() {
|
||||
# Verify there is a backslash in the string
|
||||
echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1
|
||||
|
||||
local cidr
|
||||
local ip
|
||||
local cidr=$1
|
||||
|
||||
cidr=$(echo "$1" | sed 's/.*\///')
|
||||
ip=$(echo "$1" | sed 's/\/.*//' )
|
||||
|
||||
if valid_ip4 "$ip"; then
|
||||
[[ $cidr =~ ([0-9]|[1-2][0-9]|3[0-2]) ]] && return 0 || return 1
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
read -r -d '' cidr_python <<- EOM
|
||||
import ipaddress
|
||||
import sys
|
||||
|
||||
def validate_cidr(cidr: str) -> bool:
|
||||
# We want the string to be a cidr block and not a single ip
|
||||
if '/' not in cidr:
|
||||
return False
|
||||
try:
|
||||
ipaddress.ip_network(cidr)
|
||||
except ValueError:
|
||||
return False
|
||||
return True
|
||||
|
||||
if validate_cidr('$cidr'):
|
||||
sys.exit(0)
|
||||
else:
|
||||
sys.exit(1)
|
||||
EOM
|
||||
|
||||
python3 -c "$cidr_python"
|
||||
return $?
|
||||
}
|
||||
|
||||
valid_cidr_list() {
|
||||
@@ -447,7 +457,26 @@ valid_hostname() {
|
||||
valid_ip4() {
|
||||
local ip=$1
|
||||
|
||||
echo "$ip" | grep -qP '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$' && return 0 || return 1
|
||||
local ip_python
|
||||
read -r -d '' ip_python <<- EOM
|
||||
import ipaddress
|
||||
import sys
|
||||
|
||||
def validate_ip(ip: str) -> bool:
|
||||
try:
|
||||
ipaddress.ip_address(ip)
|
||||
except ValueError:
|
||||
return False
|
||||
return True
|
||||
|
||||
if validate_ip('$ip'):
|
||||
sys.exit(0)
|
||||
else:
|
||||
sys.exit(1)
|
||||
EOM
|
||||
|
||||
python3 -c "$ip_python"
|
||||
return $?
|
||||
}
|
||||
|
||||
valid_int() {
|
||||
|
||||
@@ -690,9 +690,12 @@ up_2.3.5X_to_2.3.80() {
|
||||
}
|
||||
|
||||
up_2.3.80_to_2.3.90() {
|
||||
|
||||
for i in manager eval standalone; do
|
||||
echo "soc:" >> /opt/so/saltstack/local/pillar/minions/*$i*.sls
|
||||
sed -i "/^soc:/a \\ es_index_patterns: '*:so-*,*:endgame-*'" /opt/so/saltstack/local/pillar/minions/*$i*.sls
|
||||
done
|
||||
|
||||
INSTALLEDVERSION=2.3.90
|
||||
|
||||
}
|
||||
|
||||
verify_upgradespace() {
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
|
||||
{%- set ENDGAMEHOST = salt['pillar.get']('soc:endgamehost', False) %}
|
||||
[
|
||||
{ "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "",
|
||||
"links": [
|
||||
@@ -31,11 +31,10 @@
|
||||
"links": [
|
||||
"https://www.virustotal.com/gui/search/{value}"
|
||||
]}
|
||||
{%- if HIGHLANDER %}
|
||||
{%- set EGHOST = salt['pillar.get']('soc:endgamehost', 'EGHOSTNOTPOPULATED') %}
|
||||
{%- if ENDGAMEGHOST %}
|
||||
,{ "name": "Endgame", "description": "Endgame Endpoint Investigation and Response", "icon": "fa-external-link-alt", "target": "_blank",
|
||||
"links": [
|
||||
"https://{{ EGHOST }}/endpoints/{:agent.id}"
|
||||
"https://{{ ENDGAMEHOST }}/endpoints/{:agent.id}"
|
||||
]}
|
||||
{% endif %}
|
||||
]
|
||||
|
||||
Reference in New Issue
Block a user