CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.4/dev' into guifixes

Browse Source
This commit is contained in:
Mike Reeves
2023-03-20 08:57:42 -04:00
committed by GitHub
parent 536391bb3b 542eb19cdc
commit da3fa31439
5 changed files with 49 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/common/tools/sbin/so-elastic-fleet-integration-policy-load
View File

@@ -17,7 +17,9 @@ SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http:
# Disable certain Features from showing up in the Kibana UI # Disable certain Features from showing up in the Kibana UI
echo echo
echo "Setting up default Security Onion package policies for Elastic Agent..." echo "Disable certain Features from showing up in the Kibana UI"
so-kibana-space-defaults
echo
# Suricata logs # Suricata logs
echo echo

6
salt/common/tools/sbin/so-elastic-fleet-setup
View File

@@ -97,9 +97,9 @@ salt-call state.apply elasticfleet queue=True
/usr/sbin/so-elastic-fleet-integration-policy-load /usr/sbin/so-elastic-fleet-integration-policy-load
# Temp # Temp
wget -P /opt/so/saltstack/default/salt/elasticfleet/files/elastic-agent/ https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/so_elastic-agent-8.4.1/so-elastic-agent-8.4.1-darwin-x86_64.tar.gz wget --progress=bar:force:noscroll -P /opt/so/saltstack/default/salt/elasticfleet/files/elastic-agent/ https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/so_elastic-agent-8.4.1/so-elastic-agent-8.4.1-darwin-x86_64.tar.gz
wget -P /opt/so/saltstack/default/salt/elasticfleet/files/elastic-agent/ https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/so_elastic-agent-8.4.1/so-elastic-agent-8.4.1-linux-x86_64.tar.gz wget --progress=bar:force:noscroll -P /opt/so/saltstack/default/salt/elasticfleet/files/elastic-agent/ https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/so_elastic-agent-8.4.1/so-elastic-agent-8.4.1-linux-x86_64.tar.gz
wget -P /opt/so/saltstack/default/salt/elasticfleet/files/elastic-agent/ https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/so_elastic-agent-8.4.1/so-elastic-agent-8.4.1-windows-x86_64.tar.gz wget --progress=bar:force:noscroll -P /opt/so/saltstack/default/salt/elasticfleet/files/elastic-agent/ https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/so_elastic-agent-8.4.1/so-elastic-agent-8.4.1-windows-x86_64.tar.gz
#git clone -b 2.4-so-elastic-agent https://github.com/Security-Onion-Solutions/securityonion-image.git #git clone -b 2.4-so-elastic-agent https://github.com/Security-Onion-Solutions/securityonion-image.git
#cd securityonion-image/so-elastic-agent-builder #cd securityonion-image/so-elastic-agent-builder

2
salt/common/tools/sbin/so-kibana-space-defaults
View File

@@ -13,6 +13,6 @@ echo "Setting up default Space:"
{% if HIGHLANDER %} {% if HIGHLANDER %}
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["enterpriseSearch"]} ' >> /opt/so/log/kibana/misc.log curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["enterpriseSearch"]} ' >> /opt/so/log/kibana/misc.log
{% else %} {% else %}
curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","siem","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","fleet","fleetv2","securitySolutionCases"]} ' >> /opt/so/log/kibana/misc.log curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X PUT "localhost:5601/api/spaces/space/default" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d' {"id":"default","name":"Default","disabledFeatures":["ml","enterpriseSearch","siem","logs","infrastructure","apm","uptime","monitoring","stackAlerts","actions","securitySolutionCases"]} ' >> /opt/so/log/kibana/misc.log
{% endif %} {% endif %}
echo echo

2
setup/so-functions
View File

@@ -144,7 +144,7 @@ check_manager_connection() {
local ret=$? local ret=$?
if [[ $ret != 1 ]]; then if [[ $ret != 1 ]]; then
error "Could not reach $MSRV" info "Could not reach $MSRV"
whiptail_manager_unreachable whiptail_manager_unreachable
fi fi
} }

66
setup/so-whiptail
View File

@@ -1271,38 +1271,54 @@ whiptail_setup_complete() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
if [[ -n "$REDIRECTIT" && $is_manager = true ]]; then
if [[ $waitforstate ]]; then
# Manager-type Nodes - Install Summary
if [[ -n $ALLOW_CIDR ]]; then if [[ -n $ALLOW_CIDR ]]; then
local sentence_prefix="Access" local sentence_prefix="Access"
else else
local sentence_prefix="Run so-allow to access" local sentence_prefix="Run so-allow to access"
fi fi
local accessMessage="\n${sentence_prefix} the web interface at: https://${REDIRECTIT}\n"
elif [[ $is_idh ]]; then read -r -d '' message <<- EOM
local accessMessage="\nSSH for this node has been moved to TCP/2222, accessible only from the Manager node.\n" ${install_type} setup is now complete!
${sentence_prefix} the Security Onion Console (SOC) web interface by navigating to:
https://${REDIRECTIT}
Then login with the following username and password.
SOC Username: ${WEBUSER}
SOC Password: Use the password that was entered during setup
Press TAB and then the ENTER key to exit this screen.
EOM
whiptail --title "$whiptail_title" --msgbox "$message" 24 75 --scrolltext
else else
local accessMessage="" if [[ $is_idh ]]; then
local accessMessage="\nSSH for this node has been moved to TCP/2222, accessible only from the Manager node.\n"
else
local accessMessage=""
fi
MINIONFINGERPRINT=$(salt-call --local key.finger --out=newline_values_only)
read -r -d '' message <<- EOM
${install_type} initialization is now complete!
To finish configuration, open the Security Onion Console web interface
and navigate to Administration -> Grid Members.
Then find this node in the Pending Members list,
click the Review button, and then click the Accept button.
Node Hostname: $HOSTNAME
Node Fingerprint:
$MINIONFINGERPRINT
$accessMessage
Press TAB and then the ENTER key to exit this screen.
EOM
whiptail --title "$whiptail_title" --msgbox "$message" 24 75 --scrolltext
fi fi
MINIONFINGERPRINT=$(salt-call --local key.finger --out=newline_values_only)
read -r -d '' message <<- EOM
${install_type} initialization is now complete!
To finish configuration, open the Security Onion Console web interface
and navigate to Administration -> Grid Members.
Then find this node in the Pending Members list,
click the Review button, and then click the Accept button.
Node Hostname: $HOSTNAME
Node Fingerprint:
$MINIONFINGERPRINT
$accessMessage
Press TAB and then the ENTER key to exit this screen.
EOM
whiptail --title "$whiptail_title" --msgbox "$message" 24 75 --scrolltext
} }
whiptail_setup_failed() { whiptail_setup_failed() {