CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

adding fw rules to master nodes for wazuh and syslog

Browse Source
This commit is contained in:
m0duspwnens
2020-06-12 11:27:28 -04:00
parent d146e65412
commit d02bff22ac
3 changed files with 87 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
files/firewall/hostgroups.local.yaml
View File

@@ -40,7 +40,19 @@ firewall:
ips:
delete:
insert:
wazuh_endpoint:
syslog:
ips:
delete:
insert:
wazuh_agent:
ips:
delete:
insert:
wazuh_api:
ips:
delete:
insert:
wazuh_authd:
ips:
delete:
insert:

85
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -8,7 +8,9 @@ role:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
@@ -27,7 +29,7 @@ role:
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
@@ -46,9 +48,18 @@ role:
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
syslog:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
@@ -72,7 +83,7 @@ role:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
@@ -91,7 +102,7 @@ role:
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
@@ -110,9 +121,9 @@ role:
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
analyst:
portgroups:
- {{ portgroups.nginx }}
@@ -136,7 +147,9 @@ role:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
@@ -155,7 +168,7 @@ role:
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
@@ -168,15 +181,24 @@ role:
self:
portgroups:
- {{ portgroups.syslog}}
syslog:
portgroups:
- {{ portgroups.syslog }}
beats_endpoint:
portgroups:
- {{ portgroups.beats_5044 }}
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
@@ -200,7 +222,9 @@ role:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
@@ -219,7 +243,7 @@ role:
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
@@ -238,9 +262,18 @@ role:
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
syslog:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
@@ -264,7 +297,9 @@ role:
hostgroups:
master:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.wazuh_agent }}
- {{ portgroups.wazuh_api }}
- {{ portgroups.wazuh_authd }}
- {{ portgroups.playbook }}
- {{ portgroups.mysql }}
- {{ portgroups.navigator }}
@@ -283,7 +318,7 @@ role:
- {{ portgroups.docker_registry }}
- {{ portgroups.osquery_8080 }}
- {{ portgroups.influxdb }}
- {{ portgroups.wazuh_minion }}
- {{ portgroups.wazuh_api }}
sensor:
portgroups:
- {{ portgroups.sensoroni }}
@@ -302,9 +337,18 @@ role:
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
wazuh_endpoint:
syslog:
portgroups:
- {{ portgroups.wazuh_endpoint }}
- {{ portgroups.syslog }}
wazuh_agent:
portgroups:
- {{ portgroups.wazuh_agent }}
wazuh_api:
portgroups:
- {{ portgroups.wazuh_api }}
wazuh_authd:
portgroups:
- {{ portgroups.wazuh_authd }}
analyst:
portgroups:
- {{ portgroups.nginx }}
@@ -322,7 +366,6 @@ role:
minion:
portgroups:
- {{ portgroups.salt_master }}
searchnode:
chain:
DOCKER-USER:

15
salt/firewall/portgroups.yaml
View File

@@ -77,11 +77,16 @@ firewall:
syslog:
tcp:
- 514
wazuh_minion:
tcp:
- 55000
wazuh_endpoint:
udp:
- 514
wazuh_agent:
tcp:
- 1514
udp:
- 1514
- 1514
wazuh_api:
tcp:
- 55000
wazuh_authd:
tcp:
- 1515