From d02bff22ac2786d66b44426d1cb6d2a0df01b55f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 12 Jun 2020 11:27:28 -0400 Subject: [PATCH] adding fw rules to master nodes for wazuh and syslog --- files/firewall/hostgroups.local.yaml | 14 +++- salt/firewall/assigned_hostgroups.map.yaml | 85 ++++++++++++++++------ salt/firewall/portgroups.yaml | 15 ++-- 3 files changed, 87 insertions(+), 27 deletions(-) diff --git a/files/firewall/hostgroups.local.yaml b/files/firewall/hostgroups.local.yaml index f933dd7c4..b63b90fd1 100644 --- a/files/firewall/hostgroups.local.yaml +++ b/files/firewall/hostgroups.local.yaml @@ -40,7 +40,19 @@ firewall: ips: delete: insert: - wazuh_endpoint: + syslog: + ips: + delete: + insert: + wazuh_agent: + ips: + delete: + insert: + wazuh_api: + ips: + delete: + insert: + wazuh_authd: ips: delete: insert: \ No newline at end of file diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index a564942e1..8c7ec591c 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -8,7 +8,9 @@ role: hostgroups: master: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.navigator }} @@ -27,7 +29,7 @@ role: - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_minion }} + - {{ portgroups.wazuh_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -46,9 +48,18 @@ role: osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} - wazuh_endpoint: + syslog: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.syslog }} + wazuh_agent: + portgroups: + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} @@ -72,7 +83,7 @@ role: hostgroups: master: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.navigator }} @@ -91,7 +102,7 @@ role: - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_minion }} + - {{ portgroups.wazuh_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -110,9 +121,9 @@ role: osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} - wazuh_endpoint: + wazuh_agent: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} analyst: portgroups: - {{ portgroups.nginx }} @@ -136,7 +147,9 @@ role: hostgroups: master: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.navigator }} @@ -155,7 +168,7 @@ role: - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_minion }} + - {{ portgroups.wazuh_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -168,15 +181,24 @@ role: self: portgroups: - {{ portgroups.syslog}} + syslog: + portgroups: + - {{ portgroups.syslog }} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} - wazuh_endpoint: + wazuh_agent: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} @@ -200,7 +222,9 @@ role: hostgroups: master: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.navigator }} @@ -219,7 +243,7 @@ role: - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_minion }} + - {{ portgroups.wazuh_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -238,9 +262,18 @@ role: osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} - wazuh_endpoint: + syslog: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.syslog }} + wazuh_agent: + portgroups: + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} @@ -264,7 +297,9 @@ role: hostgroups: master: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.navigator }} @@ -283,7 +318,7 @@ role: - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_minion }} + - {{ portgroups.wazuh_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -302,9 +337,18 @@ role: osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} - wazuh_endpoint: + syslog: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.syslog }} + wazuh_agent: + portgroups: + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} @@ -322,7 +366,6 @@ role: minion: portgroups: - {{ portgroups.salt_master }} - searchnode: chain: DOCKER-USER: diff --git a/salt/firewall/portgroups.yaml b/salt/firewall/portgroups.yaml index e505dd3d0..94dace60f 100644 --- a/salt/firewall/portgroups.yaml +++ b/salt/firewall/portgroups.yaml @@ -77,11 +77,16 @@ firewall: syslog: tcp: - 514 - wazuh_minion: - tcp: - - 55000 - wazuh_endpoint: + udp: + - 514 + wazuh_agent: tcp: - 1514 udp: - - 1514 \ No newline at end of file + - 1514 + wazuh_api: + tcp: + - 55000 + wazuh_authd: + tcp: + - 1515 \ No newline at end of file