CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9185 from Security-Onion-Solutions/dougburks-patch-1

Browse Source 
Update so-functions to enable ICS/SCADA for EVAL and IMPORT
This commit is contained in:
Doug Burks
2022-11-21 12:33:06 -05:00
committed by GitHub
parent bdfab6858d aebedf9ac6
commit d4abbd89ca
1 changed files with 7 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
setup/so-functions
View File

@@ -2946,41 +2946,6 @@ zeek_logs_enabled() {
for BLOG in "${BLOGS[@]}"; do for BLOG in "${BLOGS[@]}"; do
echo " - $BLOG" | tr -d '"' >> "$zeeklogs_pillar" echo " - $BLOG" | tr -d '"' >> "$zeeklogs_pillar"
done done
elif [ "$install_type" == "EVAL" ] || [ "$install_type" == "IMPORT" ]; then
printf '%s\n'\
" - conn"\
" - dce_rpc"\
" - dhcp"\
" - dnp3"\
" - dns"\
" - dpd"\
" - files"\
" - ftp"\
" - http"\
" - intel"\
" - irc"\
" - kerberos"\
" - modbus"\
" - notice"\
" - ntlm"\
" - pe"\
" - radius"\
" - rfb"\
" - rdp"\
" - sip"\
" - smb_files"\
" - smb_mapping"\
" - smtp"\
" - snmp"\
" - ssh"\
" - ssl"\
" - syslog"\
" - tunnel"\
" - weird"\
" - mysql"\
" - socks"\
" - x509" >> "$zeeklogs_pillar"
# Disable syslog log by default
else else
printf '%s\n'\ printf '%s\n'\
" - conn"\ " - conn"\
@@ -3073,4 +3038,11 @@ zeek_logs_enabled() {
" - stun_nat"\ " - stun_nat"\
" - wireguard" >> "$zeeklogs_pillar" " - wireguard" >> "$zeeklogs_pillar"
fi fi
# We don't want Zeek syslog for production deployments as this can create duplicate logs.
# So we only enable Zeek syslog if EVAL or IMPORT.
if [ "$install_type" == "EVAL" ] || [ "$install_type" == "IMPORT" ]; then
echo " - syslog" >> "$zeeklogs_pillar"
fi
} }