CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

more changes

Browse Source
This commit is contained in:
m0duspwnens
2021-06-01 10:53:58 -04:00
parent f87dce8ec1
commit d25a439bd4
6 changed files with 34 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pillar/top.sls
View File

@@ -22,6 +22,9 @@ base:
'*_manager or *_managersearch': '*_manager or *_managersearch':
- match: compound - match: compound
- data.* - data.*
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth
{% endif %}
- secrets - secrets
- global - global
- minions.{{ grains.id }} - minions.{{ grains.id }}
@@ -38,6 +41,9 @@ base:
- secrets - secrets
- healthcheck.eval - healthcheck.eval
- elasticsearch.eval - elasticsearch.eval
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth
{% endif %}
- global - global
- minions.{{ grains.id }} - minions.{{ grains.id }}
@@ -91,5 +97,8 @@ base:
- zeeklogs - zeeklogs
- secrets - secrets
- elasticsearch.eval - elasticsearch.eval
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
- elasticsearch.auth
{% endif %}
- global - global
- minions.{{ grains.id }} - minions.{{ grains.id }}

17
salt/common/init.sls
View File

@@ -3,12 +3,6 @@
{% set role = grains.id.split('_') | last %} {% set role = grains.id.split('_') | last %}
{% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %} {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
{% set ES_INCLUDED_NODES = ['so-standalone'] %}
{% if grains.role in ES_INCLUDED_NODES %}
include:
- elasticsearch.auth
{% %}
# Remove variables.txt from /tmp - This is temp # Remove variables.txt from /tmp - This is temp
rmvariablesfile: rmvariablesfile:
@@ -174,6 +168,13 @@ alwaysupdated:
Etc/UTC: Etc/UTC:
timezone.system timezone.system
elastic_curl_config:
file.managed:
- name: /opt/so/conf/elasticsearch/curl.config
- source: salt://elasticsearch/curl.config
- mode: 600
- show_changes: False
# Sync some Utilities # Sync some Utilities
utilsyncscripts: utilsyncscripts:
file.recurse: file.recurse:
@@ -185,10 +186,6 @@ utilsyncscripts:
- source: salt://common/tools/sbin - source: salt://common/tools/sbin
- defaults: - defaults:
ELASTICCURL: {{ ELASTICAUTH.elasticcurl }} ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
{% if grains.role in ES_INCLUDED_NODES %}
- require:
- file: elastic_auth_pillar
{% endif %}
{% if role in ['eval', 'standalone', 'sensor', 'heavynode'] %} {% if role in ['eval', 'standalone', 'sensor', 'heavynode'] %}
# Add sensor cleanup # Add sensor cleanup

27
salt/elasticsearch/init.sls
View File

@@ -37,8 +37,6 @@
{% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %}
{% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %} {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
# used in this state to control who can run the so-users script
{% set ES_INCLUDED_NODES = ['so-standalone'] %}
vm.max_map_count: vm.max_map_count:
sysctl.present: sysctl.present:
@@ -173,33 +171,15 @@ eslogdir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
{% if grains.role in ES_INCLUDED_NODES %}
# Must run before elasticsearch docker container is started!
syncesusers:
cmd.run:
- name: so-user sync
- creates:
- /opt/so/saltstack/local/salt/elasticsearch/files/users
- /opt/so/saltstack/local/salt/elasticsearch/files/users_roles
{% endif %}
auth_users: auth_users:
file.managed: file.managed:
- name: /opt/so/conf/elasticsearch/users - name: /opt/so/conf/elasticsearch/users
- source: salt://elasticsearch/files/users - source: salt://elasticsearch/files/users
- require:
{% if grains.role in ES_INCLUDED_NODES %}
- cmd: syncesusers
{% endif %}
auth_users_roles: auth_users_roles:
file.managed: file.managed:
- name: /opt/so/conf/elasticsearch/users_roles - name: /opt/so/conf/elasticsearch/users_roles
- source: salt://elasticsearch/files/users_roles - source: salt://elasticsearch/files/users_roles
{% if grains.role in ES_INCLUDED_NODES %}
- require:
- cmd: syncesusers
{% endif %}
so-elasticsearch: so-elasticsearch:
docker_container.running: docker_container.running:
@@ -289,13 +269,6 @@ so-elasticsearch-templates:
- template: jinja - template: jinja
{% endif %} {% endif %}
elastic_curl_config:
file.managed:
- name: /opt/so/conf/elasticsearch/curl.config
- mode: 600
- contents: user = "{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user') }}:{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass') }}"
- show_changes: False
{% endif %} {# if grains['role'] != 'so-helix' #} {% endif %} {# if grains['role'] != 'so-helix' #}
{% else %} {% else %}

16
salt/manager/init.sls
View File

@@ -105,6 +105,22 @@ strelka_yara_update:
- name: '/usr/sbin/so-yara-update >> /nsm/strelka/log/yara-update.log 2>&1' - name: '/usr/sbin/so-yara-update >> /nsm/strelka/log/yara-update.log 2>&1'
- hour: '7' - hour: '7'
- minute: '1' - minute: '1'
elastic_curl_config_distributed:
file.managed:
- name: /opt/so/saltstack/local/salt/elasticsearch/curl.config
- mode: 600
- contents: user = "{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user') }}:{{ salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass') }}"
- show_changes: False
# Must run before elasticsearch docker container is started!
syncesusers:
cmd.run:
- name: so-user sync
- creates:
- /opt/so/saltstack/local/salt/elasticsearch/files/users
- /opt/so/saltstack/local/salt/elasticsearch/files/users_roles
{% else %} {% else %}
{{sls}}_state_not_allowed: {{sls}}_state_not_allowed:

3
salt/top.sls
View File

@@ -238,7 +238,6 @@ base:
{%- endif %} {%- endif %}
{%- if ELASTICSEARCH %} {%- if ELASTICSEARCH %}
- elasticsearch - elasticsearch
- elasticsearch.auth
{%- endif %} {%- endif %}
{%- if LOGSTASH %} {%- if LOGSTASH %}
- logstash - logstash
@@ -261,7 +260,7 @@ base:
- filebeat - filebeat
{%- endif %} {%- endif %}
{%- if CURATOR %} {%- if CURATOR %}
- curator - curator0
{%- endif %} {%- endif %}
{%- if ELASTALERT %} {%- if ELASTALERT %}
- elastalert - elastalert

1
setup/so-setup
View File

@@ -752,6 +752,7 @@ echo "1" > /root/accept_changes
set_progress_str 60 "$(print_salt_state_apply 'manager')" set_progress_str 60 "$(print_salt_state_apply 'manager')"
salt-call state.apply -l info manager >> $setup_log 2>&1 salt-call state.apply -l info manager >> $setup_log 2>&1
bash /opt/so/saltstack/default/salt/common/tools/sbin/so-elastic-auth
fi fi
set_progress_str 61 "$(print_salt_state_apply 'firewall')" set_progress_str 61 "$(print_salt_state_apply 'firewall')"