Fleet dedicated node - various fixes

2025-12-06 17:22:49 +01:00 · 2020-03-25 13:03:40 -04:00
parent 9bcba41882
commit e5ecf0f4cb
10 changed files with 164 additions and 112 deletions
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -2,6 +2,7 @@
 {% set MASTER = salt['grains.get']('master') %}
 {% set GRAFANA = salt['pillar.get']('master:grafana', '0') %}
 {% set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) %}
+{% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %}
 # Add socore Group
 socoregroup:
  group.present:
@@ -143,7 +144,7 @@ so-core:
    - port_bindings:
      - 80:80
      - 443:443
-    {%- if FLEETMASTER %}
+    {%- if FLEETMASTER or FLEETNODE %}
      - 8090:8090
    {%- endif %}
    - watch:
--- a/salt/common/nginx/nginx.conf.so-fleet
+++ b/salt/common/nginx/nginx.conf.so-fleet
@@ -65,7 +65,7 @@ http {
    server {
        listen       443 ssl http2 default_server;
        server_name  _;
-        root         /opt/socore/html;
+        root         /opt/socore/html/packages;
        index        index.html;

        ssl_certificate "/etc/pki/nginx/server.crt";
--- a/salt/fleet/event_enable-fleet.sls
+++ b/salt/fleet/event_enable-fleet.sls
@@ -1,9 +1,11 @@
 {% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret') %}
+{%- set MAINIP = salt['pillar.get']('node:mainip') -%}

 so/fleet:
  event.send:
    - data:
        action: 'enablefleet'
        hostname: {{ grains.host }}
+        mainip: {{ MAINIP }}
        role: {{ grains.role }}
        enroll-secret: {{ ENROLLSECRET }}
--- a/salt/fleet/files/dedicated-index.html
+++ b/salt/fleet/files/dedicated-index.html
@@ -0,0 +1,127 @@
+{%- set PACKAGESTS = salt['pillar.get']('static:fleet_packages-timestamp:', 'N/A') -%}
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>Security Onion - Hybrid Hunter</title>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
+<link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
+<style>
+* {
+	box-sizing: border-box;
+	font-family: Arial, Helvetica, sans-serif;
+	padding-left: 30px;
+	padding-right: 30px;
+}
+
+body {
+	font-family: Arial, Helvetica, sans-serif;
+	background-color: #2a2a2a;
+
+}
+a {
+	color: #f2f2f2;
+	text-align: left;
+	padding: 0px;
+}
+
+.center-content {
+	margin: 0 auto;
+}
+
+/* Style the top navigation bar */
+.topnav {
+	overflow: hidden;
+	background-color: #333;
+	width: 1080px;
+	display: flex;
+	align-content: center;
+}
+
+/* Style the topnav links */
+.topnav a {
+	margin: auto;
+	color: #f2f2f2;
+	text-align: center;
+	padding: 14px 16px;
+	text-decoration: none;
+}
+
+/* Change color on hover */
+.topnav a:hover {
+	background-color: #ddd;
+	color: black;
+}
+
+/* Style the content */
+.content {
+	background-color: #2a2a2a;
+	padding: 10px;
+	padding-top: 20px;
+	padding-left: 60px;
+	color: #E3DBCC;
+	width: 1080px;
+}
+
+/* Style the footer */
+.footer {
+	background-color: #2a2a2a;
+	padding: 60px;
+	color: #E3DBCC;
+	width: 1080px;
+}
+</style>
+</head>
+<body>
+	<div class="center-content">
+		<div class="topnav center-content">
+			<a href="/fleet/" target="_blank">Fleet</a>
+			<a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Configuring-Osquery-with-Security-Onion" target="_blank">Osquery/Fleet Docs</a>
+			<a href="https://www.securityonionsolutions.com" target="_blank">Security Onion Solutions</a>
+		</div>
+		  
+		<div class="content center-content">
+			<p>
+                <div style="text-align: center;">
+                    <h1>Security Onion - Dedicated Fleet Node</h1>
+					<h2>Osquery Packages</h2>
+				</div>
+				<br/>
+				<h2>Notes</h2>
+				<ul>
+					<li>These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from <a href="https://osquery.io/downloads">osquery.io</a></li>
+					<li>Packages are not signed.</li>
+				</ul>
+				<br/>
+				<h2>Downloads</h2>
+				<div>
+					Generated: {{ PACKAGESTS }}
+					<br/>
+					<br/>
+					Packages:
+					<ul>
+						<li><a href="/packages/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
+						<li><a href="/packages/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
+                        <li><a href="/packages/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
+                        <li><a href="/packages/launcher.pkg" download="pkg-launcher.pkg">PKG (MacOS)</a></li>
+					</ul>
+					<br/>
+					<br/>
+					Config Files:
+					<ul>
+						<li><a href="/packages/launcher.flags" download="launcher.flags.txt">RPM & DEB Flag File</a></li>
+						<li><a href="/packages/launcher-msi.flags" download="launcher-msi.flags.txt">MSI Flag File</a></li>
+					</ul>
+				</div>
+				<br/>
+				<h2>Known Issues</h2>
+				<ul>
+					<li>None</li>
+				</ul>
+			  </p>
+		  </div>
+	</div>
+</body>
+</html>
--- a/salt/fleet/files/osquery-packages-sa.html
+++ b/salt/fleet/files/osquery-packages-sa.html
@@ -1,107 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<title>Security Onion - Hybrid Hunter</title>
-<meta charset="utf-8">
-<meta name="viewport" content="width=device-width, initial-scale=1">
-<link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
-<link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
-<style>
-* {
-  box-sizing: border-box;
-  font-family: Arial, Helvetica, sans-serif;
-	padding-left: 30px;
-	padding right: 30px;
-}
-
-body {
-  font-family: Arial, Helvetica, sans-serif;
-	background-color: #2a2a2a;
-
-}
-a {
-	color: #f2f2f2;
-	text-align: left;
-	padding: 0px;
-}
-/* Style the top navigation bar */
-.topnav {
-  overflow: hidden;
-  background-color: #333;
-	width: 1080px;
-}
-
-/* Style the topnav links */
-.topnav a {
-  float: left;
-  display: block;
-  color: #f2f2f2;
-  text-align: center;
-  padding: 14px 16px;
-  text-decoration: none;
-}
-
-/* Change color on hover */
-.topnav a:hover {
-  background-color: #ddd;
-  color: black;
-}
-
-/* Style the content */
-.content {
-  background-color: #2a2a2a;
-  padding: 10px;
-	padding-top: 20px;
-	padding-left: 60px;
-	color: #E3DBCC;
-	width: 1080px;
-}
-
-/* Style the footer */
-.footer {
-  background-color: #2a2a2a;
-  padding: 60px;
-	color: #E3DBCC;
-	width: 1080px;
-}
-</style>
-</head>
-<body>
-
-<div class="topnav">
-	<a href="/packages/" target="_blank">Fleet</a>
-	<a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/FAQ" target="_blank">Fleet & Osquery Docs</a>
-</div>
-
-<div class="content">
-
-	<p><center><h1>Osquery Packages</h1></center><br>
-
-              <h2>Notes</h2>
-                <ul>
-                        <li>These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from <a href="https://osquery.io/downloads">osquery.io</a></li>
-                        <li>Packages are not signed.</li>
-	       	</ul>
-		<BR> <h2>Downloads</h2>
-                <ul>
-
-Generated: N/A
-                       <BR><BR>Packages:
-			<li><a href="/packages/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
-                        <li><a href="/packages/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
-                        <li><a href="/packages/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
-			<BR><BR>Config Files:
-	                <li><a href="/packages/launcher.flags" download="launcher.flags.txt">RPM & DEB Flag File</a></li>
-			 <li><a href="/packages/launcher-msi.flags" download="launcher-msi.flags.txt">MSI Flag File</a></li>
-		</ul>
-
-		<BR><h2>Known Issues</h2>
-		<ul>
-			<li>None</li>
-		</ul>
-	</p>
-</div>
-
-
-</body>
-</html>
--- a/salt/fleet/files/osquery-packages.html
+++ b/salt/fleet/files/osquery-packages.html
@@ -1,3 +1,4 @@
+{%- set PACKAGESTS = salt['pillar.get']('static:fleet_packages-timestamp:', 'N/A') -%}
 <!DOCTYPE html>
 <html lang="en">
 <head>
@@ -102,7 +103,7 @@ a {
 				<br/>
 				<h2>Downloads</h2>
 				<div>
-					Generated: N/A
+					Generated: {{ PACKAGESTS }}
 					<br/>
 					<br/>
 					Packages:
@@ -110,6 +111,7 @@ a {
 						<li><a href="/packages/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
 						<li><a href="/packages/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
 						<li><a href="/packages/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
+						<li><a href="/packages/launcher.pkg" download="pkg-launcher.pkg">PKG (MacOS)</a></li>
 					</ul>
 					<br/>
 					<br/>
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -69,7 +69,12 @@ fleetsetupscripts:
 osquerypackageswebpage:
  file.managed:
    - name: /opt/so/conf/fleet/packages/index.html
+{% if FLEETARCH == "so-fleet" %}
+    - source: salt://fleet/files/dedicated-index.html
+{% else %}
    - source: salt://fleet/files/osquery-packages.html
+{% endif %}
+    - template: jinja

 fleetdb:
  mysql_database.present:
--- a/salt/fleet/install_package.sls
+++ b/salt/fleet/install_package.sls
@@ -1,7 +1,15 @@
 {%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
 {%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
+{%- set FLEETHOSTNAME = salt['pillar.get']('static:fleet_hostname', False) -%}
+{%- set FLEETIP = salt['pillar.get']('static:fleet_ip', False) -%}

 {%- if FLEETMASTER or FLEETNODE %}
+
+{{ FLEETHOSTNAME }}:
+  host.present:
+    - ip: {{ FLEETIP }}
+    - clean: True
+
 launcherpkg:
  pkg.installed:
    - sources:
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -12,6 +12,8 @@ def run():
  HOSTNAME = data['data']['hostname']
  ROLE = data['data']['role']
  ESECRET = data['data']['enroll-secret']
+  MAINIP = data['data']['mainip']
+
  STATICFILE = '/opt/so/saltstack/pillar/static.sls'
  AUTHFILE = '/opt/so/saltstack/pillar/auth.sls'

@@ -27,11 +29,21 @@ def run():
          line = re.sub(r'fleet_master: \S*', f"fleet_master: True", line.rstrip())
        print(line) 

-      # Update the enroll secret
+      # Update the enroll secret in the auth pillar
      for line in fileinput.input(AUTHFILE, inplace=True):
        line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
        print(line)      

+        # Update the Fleet host in the static pillar
+      for line in fileinput.input(STATICFILE, inplace=True):
+        line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: {HOSTNAME}", line.rstrip())
+        print(line)  
+
+        # Update the Fleet IP in the static pillar
+      for line in fileinput.input(STATICFILE, inplace=True):
+        line = re.sub(r'fleet_ip: \S*', f"fleet_ip: {MAINIP}", line.rstrip())
+        print(line)   
+
    if ACTION == 'genpackages':
      logging.info('so/fleet genpackages reactor')

--- a/setup/so-functions
+++ b/setup/so-functions
@@ -781,6 +781,8 @@ master_static() {
  echo "  fleet_master: False" >> /opt/so/saltstack/pillar/static.sls
  echo "  fleet_node: False" >> /opt/so/saltstack/pillar/static.sls
  echo "  fleet_packages-timestamp: N/A" >> /opt/so/saltstack/pillar/static.sls
+  echo "  fleet_hostname: N/A" >> /opt/so/saltstack/pillar/static.sls
+  echo "  fleet_ip: N/A" >> /opt/so/saltstack/pillar/static.sls
  echo "  sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls
  if [[ $MASTERUPDATES == 'MASTER' ]]; then
    echo "  masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls