CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11241 from Security-Onion-Solutions/jertel/sod

Browse Source
This commit is contained in:
Mike Reeves
2023-09-01 18:22:38 -04:00
committed by GitHub
parent b8f69b5008 6efdf1b9d0
commit d2dcf7e7c1
6 changed files with 30 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/common/tools/sbin/so-test
View File

@@ -11,4 +11,4 @@ set -e
so-tcpreplay /opt/samples/* 2> /dev/null so-tcpreplay /opt/samples/* 2> /dev/null
# Ingest sample pfsense log entry # Ingest sample pfsense log entry
echo "<134>$(date '+%b %d %H:%M:%S') filterlog[31624]: 84,,,1567509287,igb0.244,match,pass,in,4,0x0,,64,0,0,DF,6,tcp,64,192.168.1.1,10.10.10.10,56320,443,0,S,3333585167,,65535,,mss;nop;wscale;nop;nop;TS;sackOK;eol" | nc -uv -w1 localhost 514 > /dev/null 2>&1 echo "<134>$(date '+%b %d %H:%M:%S') filterlog[31624]: 84,,,1567509287,igb0.244,match,pass,in,4,0x0,,64,0,0,DF,6,tcp,64,192.168.1.1,10.10.10.10,56320,443,0,S,3333585167,,65535,,mss;nop;wscale;nop;nop;TS;sackOK;eol" | nc -uv -w1 127.0.0.1 514 > /dev/null 2>&1

1
salt/soc/defaults.yaml
View File

@@ -1012,6 +1012,7 @@ soc:
verifyCert: false verifyCert: false
salt: salt:
queueDir: /opt/sensoroni/queue queueDir: /opt/sensoroni/queue
timeoutMs: 45000
longRelayTimeoutMs: 120000 longRelayTimeoutMs: 120000
sostatus: sostatus:
refreshIntervalMs: 30000 refreshIntervalMs: 30000

4
salt/soc/soc_soc.yaml
View File

@@ -116,6 +116,10 @@ soc:
description: Duration (in milliseconds) to wait for a response from the Salt API when executing tasks known for being long running before giving up and showing an error on the SOC UI. description: Duration (in milliseconds) to wait for a response from the Salt API when executing tasks known for being long running before giving up and showing an error on the SOC UI.
global: True global: True
advanced: True advanced: True
relayTimeoutMs:
description: Duration (in milliseconds) to wait for a response from the Salt API when executing common grid management tasks before giving up and showing an error on the SOC UI.
global: True
advanced: True
client: client:
enableReverseLookup: enableReverseLookup:
description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI. description: Set to true to enable reverse DNS lookups for IP addresses in the SOC UI.

6
setup/so-functions
View File

@@ -101,8 +101,10 @@ desktop_salt_local() {
Press the Enter key to reboot. Press the Enter key to reboot.
EOM EOM
whiptail --title "$whiptail_title" --msgbox "$message" 12 75 if [[ -z "$TESTING" ]]; then
reboot whiptail --title "$whiptail_title" --msgbox "$message" 12 75
reboot
fi
exit 0 exit 0
} }

20
setup/so-setup
View File

@@ -174,6 +174,7 @@ if [ -n "$test_profile" ]; then
# The below settings are hardcoded purely for automated testing purposes. # The below settings are hardcoded purely for automated testing purposes.
TESTING=true TESTING=true
is_desktop_grid=false
if [[ "$test_profile" =~ "-sensor" ]]; then if [[ "$test_profile" =~ "-sensor" ]]; then
install_type=SENSOR install_type=SENSOR
@@ -183,9 +184,26 @@ if [ -n "$test_profile" ]; then
install_type=SEARCHNODE install_type=SEARCHNODE
HOSTNAME=search HOSTNAME=search
MSRVIP_OFFSET=-1 MSRVIP_OFFSET=-1
else elif [[ "$test_profile" =~ "-managersearch" ]]; then
install_type=MANAGERSEARCH
elif [[ "$test_profile" =~ "-heavynode" ]]; then
install_type=HEAVYNODE
HOSTNAME=sensor
MSRVIP_OFFSET=-1
elif [[ "$test_profile" =~ "-desktop" ]]; then
install_type=DESKTOP
MSRVIP_OFFSET=-3
is_desktop_grid=true
fi
if [[ -z "$HOSTNAME" ]]; then
HOSTNAME=manager HOSTNAME=manager
fi fi
if [[ "$install_type" =~ "DESKTOP" ]]; then
is_desktop=true
HOSTNAME=desktop
fi
info "Activating test profile; profile=$test_profile; install_type=$install_type" info "Activating test profile; profile=$test_profile; install_type=$install_type"

19
setup/so-whiptail
View File

@@ -563,7 +563,7 @@ whiptail_install_type() {
"EVAL" "Evaluation mode (not for production) " \ "EVAL" "Evaluation mode (not for production) " \
"STANDALONE" "Standalone production install " \ "STANDALONE" "Standalone production install " \
"DISTRIBUTED" "Distributed install submenu " \ "DISTRIBUTED" "Distributed install submenu " \
"OTHER" "Other install types" \ "DESKTOP" "Install Security Onion Desktop" \
3>&1 1>&2 2>&3 3>&1 1>&2 2>&3
) )
elif [[ "$OSVER" == "focal" ]]; then elif [[ "$OSVER" == "focal" ]]; then
@@ -584,8 +584,6 @@ whiptail_install_type() {
else else
whiptail_install_type_dist_existing whiptail_install_type_dist_existing
fi fi
elif [[ $install_type == "OTHER" ]]; then
whiptail_install_type_other
fi fi
export install_type export install_type
@@ -691,21 +689,6 @@ whiptail_install_type_dist_existing() {
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
} }
whiptail_install_type_other() {
[ -n "$TESTING" ] && return
install_type=$(whiptail --title "$whiptail_title" --menu \
"Choose node type:" 10 65 2 \
"DESKTOP" "Install Security Onion Desktop " 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
export install_type
}
whiptail_invalid_input() { # TODO: This should accept a list of arguments to specify what general pattern the input should follow whiptail_invalid_input() { # TODO: This should accept a list of arguments to specify what general pattern the input should follow
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return