From e5ecf0f4cbd1eb3906726ede4e0175df843e5820 Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@Defensivedepth.com>
Date: Wed, 25 Mar 2020 13:03:40 -0400
Subject: [PATCH] Fleet dedicated node - various fixes

---
 salt/common/init.sls                      |   3 +-
 salt/common/nginx/nginx.conf.so-fleet     |   2 +-
 salt/fleet/event_enable-fleet.sls         |   2 +
 salt/fleet/files/dedicated-index.html     | 127 ++++++++++++++++++++++
 salt/fleet/files/osquery-packages-sa.html | 107 ------------------
 salt/fleet/files/osquery-packages.html    |   4 +-
 salt/fleet/init.sls                       |   5 +
 salt/fleet/install_package.sls            |   8 ++
 salt/reactor/fleet.sls                    |  16 ++-
 setup/so-functions                        |   2 +
 10 files changed, 164 insertions(+), 112 deletions(-)
 create mode 100644 salt/fleet/files/dedicated-index.html
 delete mode 100644 salt/fleet/files/osquery-packages-sa.html

diff --git a/salt/common/init.sls b/salt/common/init.sls
index 13c174265..8146f281b 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -2,6 +2,7 @@
 {% set MASTER = salt['grains.get']('master') %}
 {% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
 {% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
+{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
 # Add socore Group
 socoregroup:
   group.present:
@@ -143,7 +144,7 @@ so-core:
     - port_bindings:
       - 80:80
       - 443:443
-    {%- if FLEETMASTER %}
+    {%- if FLEETMASTER or FLEETNODE %}
       - 8090:8090
     {%- endif %}
     - watch:
diff --git a/salt/common/nginx/nginx.conf.so-fleet b/salt/common/nginx/nginx.conf.so-fleet
index 5665fcf4e..dd4b22d9b 100644
--- a/salt/common/nginx/nginx.conf.so-fleet
+++ b/salt/common/nginx/nginx.conf.so-fleet
@@ -65,7 +65,7 @@ http {
     server {
         listen       443 ssl http2 default_server;
         server_name  _;
-        root         /opt/socore/html;
+        root         /opt/socore/html/packages;
         index        index.html;
 
         ssl_certificate "/etc/pki/nginx/server.crt";
diff --git a/salt/fleet/event_enable-fleet.sls b/salt/fleet/event_enable-fleet.sls
index 8c3426e0d..007f3690c 100644
--- a/salt/fleet/event_enable-fleet.sls
+++ b/salt/fleet/event_enable-fleet.sls
@@ -1,9 +1,11 @@
 {% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret') %}
+{%- set MAINIP = salt['pillar.get']('node:mainip') -%}
 
 so/fleet:
   event.send:
     - data:
         action: 'enablefleet'
         hostname: {{ grains.host }}
+        mainip: {{ MAINIP }}
         role: {{ grains.role }}
         enroll-secret: {{ ENROLLSECRET }}
\ No newline at end of file
diff --git a/salt/fleet/files/dedicated-index.html b/salt/fleet/files/dedicated-index.html
new file mode 100644
index 000000000..d6fead8f9
--- /dev/null
+++ b/salt/fleet/files/dedicated-index.html
@@ -0,0 +1,127 @@
+{%- set PACKAGESTS = salt['pillar.get']('static:fleet_packages-timestamp:', 'N/A') -%}
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>Security Onion - Hybrid Hunter</title>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
+<link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
+<style>
+* {
+	box-sizing: border-box;
+	font-family: Arial, Helvetica, sans-serif;
+	padding-left: 30px;
+	padding-right: 30px;
+}
+
+body {
+	font-family: Arial, Helvetica, sans-serif;
+	background-color: #2a2a2a;
+
+}
+a {
+	color: #f2f2f2;
+	text-align: left;
+	padding: 0px;
+}
+
+.center-content {
+	margin: 0 auto;
+}
+
+/* Style the top navigation bar */
+.topnav {
+	overflow: hidden;
+	background-color: #333;
+	width: 1080px;
+	display: flex;
+	align-content: center;
+}
+
+/* Style the topnav links */
+.topnav a {
+	margin: auto;
+	color: #f2f2f2;
+	text-align: center;
+	padding: 14px 16px;
+	text-decoration: none;
+}
+
+/* Change color on hover */
+.topnav a:hover {
+	background-color: #ddd;
+	color: black;
+}
+
+/* Style the content */
+.content {
+	background-color: #2a2a2a;
+	padding: 10px;
+	padding-top: 20px;
+	padding-left: 60px;
+	color: #E3DBCC;
+	width: 1080px;
+}
+
+/* Style the footer */
+.footer {
+	background-color: #2a2a2a;
+	padding: 60px;
+	color: #E3DBCC;
+	width: 1080px;
+}
+</style>
+</head>
+<body>
+	<div class="center-content">
+		<div class="topnav center-content">
+			<a href="/fleet/" target="_blank">Fleet</a>
+			<a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Configuring-Osquery-with-Security-Onion" target="_blank">Osquery/Fleet Docs</a>
+			<a href="https://www.securityonionsolutions.com" target="_blank">Security Onion Solutions</a>
+		</div>
+		  
+		<div class="content center-content">
+			<p>
+                <div style="text-align: center;">
+                    <h1>Security Onion - Dedicated Fleet Node</h1>
+					<h2>Osquery Packages</h2>
+				</div>
+				<br/>
+				<h2>Notes</h2>
+				<ul>
+					<li>These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from <a href="https://osquery.io/downloads">osquery.io</a></li>
+					<li>Packages are not signed.</li>
+				</ul>
+				<br/>
+				<h2>Downloads</h2>
+				<div>
+					Generated: {{ PACKAGESTS }}
+					<br/>
+					<br/>
+					Packages:
+					<ul>
+						<li><a href="/packages/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
+						<li><a href="/packages/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
+                        <li><a href="/packages/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
+                        <li><a href="/packages/launcher.pkg" download="pkg-launcher.pkg">PKG (MacOS)</a></li>
+					</ul>
+					<br/>
+					<br/>
+					Config Files:
+					<ul>
+						<li><a href="/packages/launcher.flags" download="launcher.flags.txt">RPM & DEB Flag File</a></li>
+						<li><a href="/packages/launcher-msi.flags" download="launcher-msi.flags.txt">MSI Flag File</a></li>
+					</ul>
+				</div>
+				<br/>
+				<h2>Known Issues</h2>
+				<ul>
+					<li>None</li>
+				</ul>
+			  </p>
+		  </div>
+	</div>
+</body>
+</html>
diff --git a/salt/fleet/files/osquery-packages-sa.html b/salt/fleet/files/osquery-packages-sa.html
deleted file mode 100644
index c35449522..000000000
--- a/salt/fleet/files/osquery-packages-sa.html
+++ /dev/null
@@ -1,107 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<title>Security Onion - Hybrid Hunter</title>
-<meta charset="utf-8">
-<meta name="viewport" content="width=device-width, initial-scale=1">
-<link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
-<link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
-<style>
-* {
-  box-sizing: border-box;
-  font-family: Arial, Helvetica, sans-serif;
-	padding-left: 30px;
-	padding right: 30px;
-}
-
-body {
-  font-family: Arial, Helvetica, sans-serif;
-	background-color: #2a2a2a;
-
-}
-a {
-	color: #f2f2f2;
-	text-align: left;
-	padding: 0px;
-}
-/* Style the top navigation bar */
-.topnav {
-  overflow: hidden;
-  background-color: #333;
-	width: 1080px;
-}
-
-/* Style the topnav links */
-.topnav a {
-  float: left;
-  display: block;
-  color: #f2f2f2;
-  text-align: center;
-  padding: 14px 16px;
-  text-decoration: none;
-}
-
-/* Change color on hover */
-.topnav a:hover {
-  background-color: #ddd;
-  color: black;
-}
-
-/* Style the content */
-.content {
-  background-color: #2a2a2a;
-  padding: 10px;
-	padding-top: 20px;
-	padding-left: 60px;
-	color: #E3DBCC;
-	width: 1080px;
-}
-
-/* Style the footer */
-.footer {
-  background-color: #2a2a2a;
-  padding: 60px;
-	color: #E3DBCC;
-	width: 1080px;
-}
-</style>
-</head>
-<body>
-
-<div class="topnav">
-	<a href="/packages/" target="_blank">Fleet</a>
-	<a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/FAQ" target="_blank">Fleet & Osquery Docs</a>
-</div>
-
-<div class="content">
-
-	<p><center><h1>Osquery Packages</h1></center><br>
-
-              <h2>Notes</h2>
-                <ul>
-                        <li>These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from <a href="https://osquery.io/downloads">osquery.io</a></li>
-                        <li>Packages are not signed.</li>
-	       	</ul>
-		<BR> <h2>Downloads</h2>
-                <ul>
-
-Generated: N/A
-                       <BR><BR>Packages:
-			<li><a href="/packages/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
-                        <li><a href="/packages/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
-                        <li><a href="/packages/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
-			<BR><BR>Config Files:
-	                <li><a href="/packages/launcher.flags" download="launcher.flags.txt">RPM & DEB Flag File</a></li>
-			 <li><a href="/packages/launcher-msi.flags" download="launcher-msi.flags.txt">MSI Flag File</a></li>
-		</ul>
-
-		<BR><h2>Known Issues</h2>
-		<ul>
-			<li>None</li>
-		</ul>
-	</p>
-</div>
-
-
-</body>
-</html>
diff --git a/salt/fleet/files/osquery-packages.html b/salt/fleet/files/osquery-packages.html
index c1843bf01..a64e6a2df 100644
--- a/salt/fleet/files/osquery-packages.html
+++ b/salt/fleet/files/osquery-packages.html
@@ -1,3 +1,4 @@
+{%- set PACKAGESTS = salt['pillar.get']('static:fleet_packages-timestamp:', 'N/A') -%}
 <!DOCTYPE html>
 <html lang="en">
 <head>
@@ -102,7 +103,7 @@ a {
 				<br/>
 				<h2>Downloads</h2>
 				<div>
-					Generated: N/A
+					Generated: {{ PACKAGESTS }}
 					<br/>
 					<br/>
 					Packages:
@@ -110,6 +111,7 @@ a {
 						<li><a href="/packages/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
 						<li><a href="/packages/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
 						<li><a href="/packages/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
+						<li><a href="/packages/launcher.pkg" download="pkg-launcher.pkg">PKG (MacOS)</a></li>
 					</ul>
 					<br/>
 					<br/>
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index 15f55b594..52fc665bb 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -69,7 +69,12 @@ fleetsetupscripts:
 osquerypackageswebpage:
   file.managed:
     - name: /opt/so/conf/fleet/packages/index.html
+{% if FLEETARCH == "so-fleet" %}
+    - source: salt://fleet/files/dedicated-index.html
+{% else %}
     - source: salt://fleet/files/osquery-packages.html
+{% endif %}
+    - template: jinja
 
 fleetdb:
   mysql_database.present:
diff --git a/salt/fleet/install_package.sls b/salt/fleet/install_package.sls
index 7a87a5f92..583970bcd 100644
--- a/salt/fleet/install_package.sls
+++ b/salt/fleet/install_package.sls
@@ -1,7 +1,15 @@
 {%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
 {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
+{%- set FLEETHOSTNAME = salt['pillar.get']('static:fleet_hostname', False) -%}
+{%- set FLEETIP = salt['pillar.get']('static:fleet_ip', False) -%}
 
 {%- if FLEETMASTER or FLEETNODE %}
+
+{{ FLEETHOSTNAME }}:
+  host.present:
+    - ip: {{ FLEETIP }}
+    - clean: True
+
 launcherpkg:
   pkg.installed:
     - sources:
diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls
index 83a1d981c..c1d6bdd5c 100644
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -12,6 +12,8 @@ def run():
   HOSTNAME = data['data']['hostname']
   ROLE = data['data']['role']
   ESECRET = data['data']['enroll-secret']
+  MAINIP = data['data']['mainip']
+
   STATICFILE = '/opt/so/saltstack/pillar/static.sls'
   AUTHFILE = '/opt/so/saltstack/pillar/auth.sls'
 
@@ -27,10 +29,20 @@ def run():
           line = re.sub(r'fleet_master: \S*', f"fleet_master: True", line.rstrip())
         print(line) 
 
-      # Update the enroll secret
+      # Update the enroll secret in the auth pillar
       for line in fileinput.input(AUTHFILE, inplace=True):
         line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
-        print(line)       
+        print(line)      
+
+        # Update the Fleet host in the static pillar
+      for line in fileinput.input(STATICFILE, inplace=True):
+        line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: {HOSTNAME}", line.rstrip())
+        print(line)  
+
+        # Update the Fleet IP in the static pillar
+      for line in fileinput.input(STATICFILE, inplace=True):
+        line = re.sub(r'fleet_ip: \S*', f"fleet_ip: {MAINIP}", line.rstrip())
+        print(line)   
 
     if ACTION == 'genpackages':
       logging.info('so/fleet genpackages reactor')
diff --git a/setup/so-functions b/setup/so-functions
index d7cf4c387..7b1b34a55 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -781,6 +781,8 @@ master_static() {
   echo "  fleet_master: False" >> /opt/so/saltstack/pillar/static.sls
   echo "  fleet_node: False" >> /opt/so/saltstack/pillar/static.sls
   echo "  fleet_packages-timestamp: N/A" >> /opt/so/saltstack/pillar/static.sls
+  echo "  fleet_hostname: N/A" >> /opt/so/saltstack/pillar/static.sls
+  echo "  fleet_ip: N/A" >> /opt/so/saltstack/pillar/static.sls
   echo "  sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls
   if [[ $MASTERUPDATES == 'MASTER' ]]; then
     echo "  masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls