diff --git a/salt/curator/init.sls b/salt/curator/init.sls index 966b0b857..48a10b4b8 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -49,6 +49,7 @@ curconf: - source: salt://curator/files/curator.yml - user: 934 - group: 939 + - mode: 660 - template: jinja curcloseddel: diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index 8fcb46cda..205d6432e 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -99,6 +99,7 @@ elastaconf: elastalert_config: {{ elastalert_config.elastalert.config }} - user: 933 - group: 933 + - mode: 660 - template: jinja wait_for_elasticsearch: diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index c5d859307..1517226a3 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -1,3 +1,4 @@ + # Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -83,6 +84,7 @@ filebeatmoduleconfsync: - source: salt://filebeat/etc/module-setup.yml - user: root - group: root + - mode: 660 - template: jinja sodefaults_module_conf: diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index 61498cfeb..40ed8babc 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -35,6 +35,7 @@ synckibanaconfig: - source: salt://kibana/etc - user: 932 - group: 939 + - file_mode: 660 - template: jinja kibanalogdir: diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index 2c2c89626..bfd08e4fe 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -78,6 +78,7 @@ ls_pipeline_{{PL}}_{{CONFIGFILE.split('.')[0] | replace("/","_") }}: {% endif %} - user: 931 - group: 939 + - mode: 660 - makedirs: True {% endfor %} diff --git a/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja b/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja index 20e9f0c0a..01d57c9d6 100644 --- a/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja +++ b/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja @@ -3,18 +3,22 @@ {%- else %} {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%} {%- endif %} +{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %} +{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %} output { - if [metadata][pipeline] { - elasticsearch { - id => "filebeat_modules_metadata_pipeline" - pipeline => "%{[metadata][pipeline]}" - hosts => "{{ ES }}" - index => "so-%{[event][module]}-%{+YYYY.MM.dd}" - template_name => "so-common" - template => "/templates/so-common-template.json" - template_overwrite => true - ssl => true - ssl_certificate_verification => false - } - } + if [metadata][pipeline] { + elasticsearch { + id => "filebeat_modules_metadata_pipeline" + pipeline => "%{[metadata][pipeline]}" + hosts => "{{ ES }}" + user => "{{ ES_USER }}" + password => "{{ ES_PASS }}" + index => "so-%{[event][module]}-%{+YYYY.MM.dd}" + template_name => "so-common" + template => "/templates/so-common-template.json" + template_overwrite => true + ssl => true + ssl_certificate_verification => false + } + } } \ No newline at end of file diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index 1b1132f5a..b32c67487 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -44,6 +44,7 @@ playbookrulesdir: - name: /opt/so/rules/elastalert/playbook - user: 939 - group: 939 + - mode: 660 - makedirs: True playbookrulessync: diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index cea4d3f45..14373fe9d 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -38,6 +38,7 @@ tgrafconf: - name: /opt/so/conf/telegraf/etc/telegraf.conf - user: 939 - group: 939 + - mode: 660 - template: jinja - source: salt://telegraf/etc/telegraf.conf