CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix commits

Browse Source
This commit is contained in:
Joshua Brower
2025-01-27 14:48:50 -05:00
parent 97a3f130c8
commit e994f3a220
3 changed files with 82 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -77,6 +77,12 @@ elasticsearch:
custom008: *pipelines custom008: *pipelines
custom009: *pipelines custom009: *pipelines
custom010: *pipelines custom010: *pipelines
managed_integrations:
description: List of integrations to add into SOC config UI. Enter the full or partial integration name. Eg. 1password, 1pass
forcedType: "[]string"
global: True
advanced: True
helpLink: elasticsearch.html
index_settings: index_settings:
global_overrides: global_overrides:
index_template: index_template:
@@ -166,7 +172,7 @@ elasticsearch:
index_template: index_template:
index_patterns: index_patterns:
description: Patterns for matching multiple indices or tables. description: Patterns for matching multiple indices or tables.
forceType: "[]string" forcedType: "[]string"
multiline: True multiline: True
global: True global: True
advanced: True advanced: True

59
salt/manager/managed_soc_annotations.sls Normal file
View File

@@ -0,0 +1,59 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{# Managed elasticsearch/soc_elasticsearch.yaml file for adding integration configuration items to UI #}
{% set managed_integrations = salt['pillar.get']('elasticsearch:managed_integrations', []) %}
{% if managed_integrations %}
{% from 'elasticfleet/integration-defaults.map.jinja' import ADDON_INTEGRATION_DEFAULTS %}
{% set addon_integration_keys = ADDON_INTEGRATION_DEFAULTS.keys() %}
{% set matched_integration_names = [] %}
{% for k in addon_integration_keys %}
{% for i in managed_integrations %}
{% if i in k %}
{% do matched_integration_names.append(k) %}
{% endif %}
{% endfor %}
{% endfor %}
{% set es_soc_annotations = '/opt/so/saltstack/default/salt/elasticsearch/soc_elasticsearch.yaml' %}
{{ es_soc_annotations }}:
file.serialize:
- dataset:
{% set data = salt['file.read'](es_soc_annotations) | load_yaml %}
{% set es = data.get('elasticsearch', {}) %}
{% set index_settings = es.get('index_settings', {}) %}
{% set input = index_settings.get('so-logs', {}) %}
{% for k in matched_integration_names %}
{% if k not in index_settings %}
{% set _ = index_settings.update({k: input}) %}
{% endif %}
{% endfor %}
{% for k in addon_integration_keys %}
{% if k not in matched_integration_names and k in index_settings %}
{% set _ = index_settings.pop(k) %}
{% endif %}
{% endfor %}
{{ data }}
{# Managed elasticsearch/defaults.yaml file for enabling 'Revert to default' via SOC UI for newly added config items #}
{% set es_defaults = '/opt/so/saltstack/default/salt/elasticsearch/defaults.yaml' %}
{{ es_defaults }}:
file.serialize:
- dataset:
{% set data = salt['file.read'](es_defaults) | load_yaml %}
{% set es = data.get('elasticsearch', {}) %}
{% set index_settings = es.get('index_settings', {}) %}
{% for k in matched_integration_names %}
{% if k not in index_settings %}
{% set input = ADDON_INTEGRATION_DEFAULTS[k] %}
{% set _ = index_settings.update({k: input})%}
{% endif %}
{% endfor %}
{% for k in addon_integration_keys %}
{% if k not in matched_integration_names and k in index_settings %}
{% set _ = index_settings.pop(k) %}
{% endif %}
{% endfor %}
{{ data }}
{% endif %}

18
salt/manager/tools/sbin/soup
View File

@@ -406,6 +406,7 @@ preupgrade_changes() {
[[ "$INSTALLEDVERSION" == 2.4.100 ]] && up_to_2.4.110 [[ "$INSTALLEDVERSION" == 2.4.100 ]] && up_to_2.4.110
[[ "$INSTALLEDVERSION" == 2.4.110 ]] && up_to_2.4.111 [[ "$INSTALLEDVERSION" == 2.4.110 ]] && up_to_2.4.111
[[ "$INSTALLEDVERSION" == 2.4.111 ]] && up_to_2.4.120 [[ "$INSTALLEDVERSION" == 2.4.111 ]] && up_to_2.4.120
[[ "$INSTALLEDVERSION" == 2.4.120 ]] && up_to_2.4.130
true true
} }
@@ -429,6 +430,7 @@ postupgrade_changes() {
[[ "$POSTVERSION" == 2.4.100 ]] && post_to_2.4.110 [[ "$POSTVERSION" == 2.4.100 ]] && post_to_2.4.110
[[ "$POSTVERSION" == 2.4.110 ]] && post_to_2.4.111 [[ "$POSTVERSION" == 2.4.110 ]] && post_to_2.4.111
[[ "$POSTVERSION" == 2.4.111 ]] && post_to_2.4.120 [[ "$POSTVERSION" == 2.4.111 ]] && post_to_2.4.120
[[ "$POSTVERSION" == 2.4.120 ]] && post_to_2.4.130
true true
} }
@@ -538,6 +540,11 @@ post_to_2.4.120() {
POSTVERSION=2.4.120 POSTVERSION=2.4.120
} }
post_to_2.4.130() {
echo "Nothing to apply"
POSTVERSION=2.4.130
}
repo_sync() { repo_sync() {
echo "Sync the local repo." echo "Sync the local repo."
su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync." su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync."
@@ -717,8 +724,8 @@ up_to_2.4.90() {
} }
up_to_2.4.100() { up_to_2.4.100() {
# Elastic Update for this release, so download Elastic Agent files echo "Nothing to do for 2.4.100"
determine_elastic_agent_upgrade
INSTALLEDVERSION=2.4.100 INSTALLEDVERSION=2.4.100
} }
@@ -749,6 +756,13 @@ up_to_2.4.120() {
INSTALLEDVERSION=2.4.120 INSTALLEDVERSION=2.4.120
} }
up_to_2.4.130() {
# Elastic Update for this release, so download Elastic Agent files
determine_elastic_agent_upgrade
INSTALLEDVERSION=2.4.130
}
add_hydra_pillars() { add_hydra_pillars() {
mkdir -p /opt/so/saltstack/local/pillar/hydra mkdir -p /opt/so/saltstack/local/pillar/hydra
touch /opt/so/saltstack/local/pillar/hydra/soc_hydra.sls touch /opt/so/saltstack/local/pillar/hydra/soc_hydra.sls