CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

limit nodes that bind filebeat certs in so-logstash

Browse Source
This commit is contained in:
m0duspwnens
2021-10-27 10:45:10 -04:00
parent bf403a8307
commit e7f43cff5e
1 changed files with 53 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/logstash/init.sls
View File

@@ -170,8 +170,10 @@ so-logstash:
- /nsm/logstash:/usr/share/logstash/data:rw
- /opt/so/log/logstash:/var/log/logstash:rw
- /sys/fs/cgroup:/sys/fs/cgroup:ro
{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode'] %}
- /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro
- /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro
{% endif %}
- /opt/so/conf/logstash/etc/certs:/usr/share/logstash/certs:ro
{% if grains['role'] == 'so-heavynode' %}
- /etc/ssl/certs/intca.crt:/usr/share/filebeat/ca.crt:ro
@@ -200,7 +202,9 @@ so-logstash:
- file: es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}
{% endfor %}
- require:
{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode'] %}
- x509: etc_filebeat_crt
{% endif %}
{% if grains['role'] == 'so-heavynode' %}
- x509: trusttheca
{% else %}