Continue merge of ECS into Elastic Auth

2025-12-06 09:12:45 +01:00 · 2021-06-15 09:11:58 -04:00
parent 3891ca2929
commit dd8eb29a18
8 changed files with 25 additions and 13 deletions
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -49,6 +49,7 @@ curconf:
    - source: salt://curator/files/curator.yml
    - user: 934
    - group: 939
+    - mode: 660
    - template: jinja

 curcloseddel:
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -99,6 +99,7 @@ elastaconf:
        elastalert_config: {{ elastalert_config.elastalert.config }}
    - user: 933
    - group: 933
+    - mode: 660
    - template: jinja

 wait_for_elasticsearch:
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -1,3 +1,4 @@
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -83,6 +84,7 @@ filebeatmoduleconfsync:
    - source: salt://filebeat/etc/module-setup.yml
    - user: root
    - group: root
+    - mode: 660
    - template: jinja

 sodefaults_module_conf:
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -35,6 +35,7 @@ synckibanaconfig:
    - source: salt://kibana/etc
    - user: 932
    - group: 939
+    - file_mode: 660
    - template: jinja

 kibanalogdir:
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -78,6 +78,7 @@ ls_pipeline_{{PL}}_{{CONFIGFILE.split('.')[0] | replace("/","_") }}:
    {% endif %}
    - user: 931
    - group: 939
+    - mode: 660
    - makedirs: True
  {% endfor %}

--- a/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja
+++ b/salt/logstash/pipelines/config/so/9050_output_filebeatmodules.conf.jinja
@@ -3,18 +3,22 @@
 {%- else %}
 {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%}
 {%- endif %}
+{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:user', '') %}
+{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', '') %}
 output {
- if [metadata][pipeline] {
-   elasticsearch {
-     id => "filebeat_modules_metadata_pipeline"
-     pipeline => "%{[metadata][pipeline]}"
-     hosts => "{{ ES }}"
-     index => "so-%{[event][module]}-%{+YYYY.MM.dd}"
-     template_name => "so-common"
-     template => "/templates/so-common-template.json"
-     template_overwrite => true
-     ssl => true
-     ssl_certificate_verification => false
-   }
- }
+  if [metadata][pipeline] {
+    elasticsearch {
+      id => "filebeat_modules_metadata_pipeline"
+      pipeline => "%{[metadata][pipeline]}"
+      hosts => "{{ ES }}"
+      user => "{{ ES_USER }}"
+      password => "{{ ES_PASS }}"
+      index => "so-%{[event][module]}-%{+YYYY.MM.dd}"
+      template_name => "so-common"
+      template => "/templates/so-common-template.json"
+      template_overwrite => true
+      ssl => true
+      ssl_certificate_verification => false
+    }
+  }
 }
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -44,6 +44,7 @@ playbookrulesdir:
    - name: /opt/so/rules/elastalert/playbook
    - user: 939
    - group: 939
+    - mode: 660
    - makedirs: True

 playbookrulessync:
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -38,6 +38,7 @@ tgrafconf:
    - name: /opt/so/conf/telegraf/etc/telegraf.conf
    - user: 939
    - group: 939
+    - mode: 660
    - template: jinja
    - source: salt://telegraf/etc/telegraf.conf