CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Filebeat Module - Add SSL to the config

Browse Source
This commit is contained in:
Mike Reeves
2018-06-06 15:55:55 -04:00
parent e742669e7a
commit e752637e5c
2 changed files with 4 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/filebeat/etc/filebeat.yml
View File

@@ -823,13 +823,13 @@ output.logstash:
#proxy_use_local_resolver: false #proxy_use_local_resolver: false
# Enable SSL support. SSL is automatically enabled, if any SSL setting is set. # Enable SSL support. SSL is automatically enabled, if any SSL setting is set.
#ssl.enabled: true ssl.enabled: true
# Configure SSL verification mode. If `none` is configured, all server hosts # Configure SSL verification mode. If `none` is configured, all server hosts
# and certificates will be accepted. In this mode, SSL based connections are # and certificates will be accepted. In this mode, SSL based connections are
# susceptible to man-in-the-middle attacks. Use only for testing. Default is # susceptible to man-in-the-middle attacks. Use only for testing. Default is
# `full`. # `full`.
#ssl.verification_mode: full ssl.verification_mode: full
# List of supported/valid TLS versions. By default all TLS versions 1.0 up to # List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled. # 1.2 are enabled.
@@ -837,10 +837,10 @@ output.logstash:
# Optional SSL configuration options. SSL is off by default. # Optional SSL configuration options. SSL is off by default.
# List of root certificates for HTTPS server verifications # List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
# Certificate for SSL client authentication # Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem" ssl.certificate: "/usr/share/filebeat/filebeat.crt"
# Client Certificate Key # Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key" #ssl.key: "/etc/pki/client/cert.key"

13
salt/filebeat/init.sls
View File

@@ -30,18 +30,6 @@ filebeatconfsync:
- group: 0 - group: 0
- template: jinja - template: jinja
# Create Symlinks to the keys so I can distribute it to all the things
fbkeylink:
file.symlink:
- name: /opt/so/saltstack/salt/filebeat/files/filebeat.key
- target: /etc/pki/filebeat.key
fbcrtlink:
file.symlink:
- name: /opt/so/saltstack/salt/filebeat/files/filebeat.crt
- target: /etc/pki/filebeat.crt
filebeatcrt: filebeatcrt:
file.managed: file.managed:
- name: /opt/so/conf/filebeat/etc/pki/filebeat.crt - name: /opt/so/conf/filebeat/etc/pki/filebeat.crt
@@ -56,6 +44,5 @@ so-filebeat:
- /opt/so/log/filebeat:/var/log/filebeat:rw - /opt/so/log/filebeat:/var/log/filebeat:rw
- /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro - /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- /nsm/bro/spool/manager:/nsm/bro/spool:ro - /nsm/bro/spool/manager:/nsm/bro/spool:ro
- /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
- /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
- network_mode: so-elastic-net - network_mode: so-elastic-net