CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

adding fw rules to master nodes for wazuh and syslog

Browse Source
This commit is contained in:
m0duspwnens
2020-06-12 11:27:28 -04:00
parent d146e65412
commit d02bff22ac
3 changed files with 87 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
files/firewall/hostgroups.local.yaml
View File

@@ -40,7 +40,19 @@ firewall:
ips: ips:
delete: delete:
insert: insert:
wazuh_endpoint: syslog:
ips:
delete:
insert:
wazuh_agent:
ips:
delete:
insert:
wazuh_api:
ips:
delete:
insert:
wazuh_authd:
ips: ips:
delete: delete:
insert: insert:

85
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -8,7 +8,9 @@ role:
hostgroups: hostgroups:
master: master:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }} - {{ portgroups.playbook }}
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.navigator }} - {{ portgroups.navigator }}
@@ -27,7 +29,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }} - {{ portgroups.wazuh_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -46,9 +48,18 @@ role:
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
wazuh_endpoint: syslog:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}
@@ -72,7 +83,7 @@ role:
hostgroups: hostgroups:
master: master:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
- {{ portgroups.playbook }} - {{ portgroups.playbook }}
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.navigator }} - {{ portgroups.navigator }}
@@ -91,7 +102,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }} - {{ portgroups.wazuh_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -110,9 +121,9 @@ role:
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
wazuh_endpoint: wazuh_agent:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}
@@ -136,7 +147,9 @@ role:
hostgroups: hostgroups:
master: master:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }} - {{ portgroups.playbook }}
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.navigator }} - {{ portgroups.navigator }}
@@ -155,7 +168,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }} - {{ portgroups.wazuh_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -168,15 +181,24 @@ role:
self: self:
portgroups: portgroups:
- {{ portgroups.syslog}} - {{ portgroups.syslog}}
syslog:
portgroups:
- {{ portgroups.syslog }}
beats_endpoint: beats_endpoint:
portgroups: portgroups:
- {{ portgroups.beats_5044 }} - {{ portgroups.beats_5044 }}
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
wazuh_endpoint: wazuh_agent:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}
@@ -200,7 +222,9 @@ role:
hostgroups: hostgroups:
master: master:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }} - {{ portgroups.playbook }}
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.navigator }} - {{ portgroups.navigator }}
@@ -219,7 +243,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }} - {{ portgroups.wazuh_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -238,9 +262,18 @@ role:
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
wazuh_endpoint: syslog:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}
@@ -264,7 +297,9 @@ role:
hostgroups: hostgroups:
master: master:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }} - {{ portgroups.playbook }}
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.navigator }} - {{ portgroups.navigator }}
@@ -283,7 +318,7 @@ role:
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }} - {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }} - {{ portgroups.wazuh_api }}
sensor: sensor:
portgroups: portgroups:
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -302,9 +337,18 @@ role:
osquery_endpoint: osquery_endpoint:
portgroups: portgroups:
- {{ portgroups.fleet_api }} - {{ portgroups.fleet_api }}
wazuh_endpoint: syslog:
portgroups: portgroups:
- {{ portgroups.wazuh_endpoint }} - {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst: analyst:
portgroups: portgroups:
- {{ portgroups.nginx }} - {{ portgroups.nginx }}
@@ -322,7 +366,6 @@ role:
minion: minion:
portgroups: portgroups:
- {{ portgroups.salt_master }} - {{ portgroups.salt_master }}
searchnode: searchnode:
chain: chain:
DOCKER-USER: DOCKER-USER:

15
salt/firewall/portgroups.yaml
View File

@@ -77,11 +77,16 @@ firewall:
syslog: syslog:
tcp: tcp:
- 514 - 514
wazuh_minion: udp:
tcp: - 514
- 55000 wazuh_agent:
wazuh_endpoint:
tcp: tcp:
- 1514 - 1514
udp: udp:
- 1514 - 1514
wazuh_api:
tcp:
- 55000
wazuh_authd:
tcp:
- 1515