mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-14 13:12:49 +01:00
Fleet cleanup
This commit is contained in:
Josh Brower
@@ -20,9 +20,9 @@ docker exec so-fleet fleetctl setup --email $1 --password $2
|
|||||||
|
|
||||||
docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml
|
docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml
|
||||||
docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml
|
docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml
|
||||||
docker exec so-fleet fleetctl apply -f /packs/hh/hhdefault.yml
|
docker exec so-fleet fleetctl apply -f /packs/so/so-default.yml
|
||||||
docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/packs/*.yaml; do fleetctl apply -f "$pack"; done'
|
docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/packs/*.yaml; do fleetctl apply -f "$pack"; done'
|
||||||
docker exec so-fleet fleetctl apply -f /packs/hh/osquery.conf
|
docker exec so-fleet fleetctl apply -f /packs/osquery-config.conf
|
||||||
|
|
||||||
|
|
||||||
# Enable Fleet
|
# Enable Fleet
|
||||||
|
|||||||
@@ -355,17 +355,6 @@ enable_minions_influxdb_8086_{{ip}}:
|
|||||||
- position: 1
|
- position: 1
|
||||||
- save: True
|
- save: True
|
||||||
|
|
||||||
enable_minion_osquery_8080_{{ip}}:
|
|
||||||
iptables.insert:
|
|
||||||
- table: filter
|
|
||||||
- chain: DOCKER-USER
|
|
||||||
- jump: ACCEPT
|
|
||||||
- proto: tcp
|
|
||||||
- source: {{ ip }}
|
|
||||||
- dport: 8080
|
|
||||||
- position: 1
|
|
||||||
- save: True
|
|
||||||
|
|
||||||
enable_minion_osquery_8090_{{ip}}:
|
enable_minion_osquery_8090_{{ip}}:
|
||||||
iptables.insert:
|
iptables.insert:
|
||||||
- table: filter
|
- table: filter
|
||||||
@@ -792,7 +781,7 @@ enable_fleet_osquery_8080_{{ip}}:
|
|||||||
- save: True
|
- save: True
|
||||||
|
|
||||||
|
|
||||||
enable_fleetnodetemp_mysql_3306_{{ip}}:
|
enable_fleetnode_mysql_3306_{{ip}}:
|
||||||
iptables.insert:
|
iptables.insert:
|
||||||
- table: filter
|
- table: filter
|
||||||
- chain: DOCKER-USER
|
- chain: DOCKER-USER
|
||||||
@@ -803,7 +792,7 @@ enable_fleetnodetemp_mysql_3306_{{ip}}:
|
|||||||
- position: 1
|
- position: 1
|
||||||
- save: True
|
- save: True
|
||||||
|
|
||||||
enable_fleettemp_osquery_8080_{{ip}}:
|
enable_fleet_osquery_8080_{{ip}}:
|
||||||
iptables.insert:
|
iptables.insert:
|
||||||
- table: filter
|
- table: filter
|
||||||
- chain: DOCKER-USER
|
- chain: DOCKER-USER
|
||||||
@@ -847,4 +836,20 @@ enable_fleetnode_8090_{{ip}}:
|
|||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
# Make it so all the minions can talk to fleet standalone node
|
||||||
|
{% for ip in pillar.get('minions') %}
|
||||||
|
|
||||||
|
enable_minion_fleet_standalone_8090_{{ip}}:
|
||||||
|
iptables.insert:
|
||||||
|
- table: filter
|
||||||
|
- chain: DOCKER-USER
|
||||||
|
- jump: ACCEPT
|
||||||
|
- proto: tcp
|
||||||
|
- source: {{ ip }}
|
||||||
|
- dport: 8090
|
||||||
|
- position: 1
|
||||||
|
- save: True
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
@@ -1,96 +0,0 @@
|
|||||||
{%- set PACKAGESTS = salt['pillar.get']('static:fleet_packages-timestamp:', 'N/A') -%}
|
|
||||||
|
|
||||||
<!DOCTYPE html>
|
|
||||||
<html lang="en">
|
|
||||||
<head>
|
|
||||||
<title>Security Onion - Hybrid Hunter</title>
|
|
||||||
<meta charset="utf-8">
|
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
||||||
<link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
|
|
||||||
<link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
|
|
||||||
<style>
|
|
||||||
* {
|
|
||||||
box-sizing: border-box;
|
|
||||||
font-family: Arial, Helvetica, sans-serif;
|
|
||||||
padding-left: 30px;
|
|
||||||
padding-right: 30px;
|
|
||||||
}
|
|
||||||
|
|
||||||
body {
|
|
||||||
font-family: Arial, Helvetica, sans-serif;
|
|
||||||
background-color: #2a2a2a;
|
|
||||||
|
|
||||||
}
|
|
||||||
a {
|
|
||||||
color: #f2f2f2;
|
|
||||||
text-align: left;
|
|
||||||
padding: 0px;
|
|
||||||
}
|
|
||||||
|
|
||||||
.center-content {
|
|
||||||
margin: 0 auto;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Style the top navigation bar */
|
|
||||||
.topnav {
|
|
||||||
overflow: hidden;
|
|
||||||
background-color: #333;
|
|
||||||
width: 1080px;
|
|
||||||
display: flex;
|
|
||||||
align-content: center;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Style the topnav links */
|
|
||||||
.topnav a {
|
|
||||||
margin: auto;
|
|
||||||
color: #f2f2f2;
|
|
||||||
text-align: center;
|
|
||||||
padding: 14px 16px;
|
|
||||||
text-decoration: none;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Change color on hover */
|
|
||||||
.topnav a:hover {
|
|
||||||
background-color: #ddd;
|
|
||||||
color: black;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Style the content */
|
|
||||||
.content {
|
|
||||||
background-color: #2a2a2a;
|
|
||||||
padding: 10px;
|
|
||||||
padding-top: 20px;
|
|
||||||
padding-left: 60px;
|
|
||||||
color: #E3DBCC;
|
|
||||||
width: 1080px;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Style the footer */
|
|
||||||
.footer {
|
|
||||||
background-color: #2a2a2a;
|
|
||||||
padding: 60px;
|
|
||||||
color: #E3DBCC;
|
|
||||||
width: 1080px;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="center-content">
|
|
||||||
<div class="topnav center-content">
|
|
||||||
<a href="/fleet/" target="_blank">Fleet</a>
|
|
||||||
<a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Configuring-Osquery-with-Security-Onion" target="_blank">Osquery/Fleet Docs</a>
|
|
||||||
<a href="https://www.securityonionsolutions.com" target="_blank">Security Onion Solutions</a>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="content center-content">
|
|
||||||
<p>
|
|
||||||
<div style="text-align: center;">
|
|
||||||
<h1>Security Onion - Dedicated Fleet Node</h1>
|
|
||||||
</div>
|
|
||||||
<br/>
|
|
||||||
<br/>
|
|
||||||
</p>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
echo "Applying Post Configuration for Osquery"
|
|
||||||
#fleetctl apply -f /packs/hh/osquery.conf
|
|
||||||
fleetctl apply -f /packs/palantir/Fleet/Endpoints/options.yaml
|
|
||||||
fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml
|
|
||||||
fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml
|
|
||||||
fleetctl apply -f /packs/hh/hhdefault.yml
|
|
||||||
|
|
||||||
for pack in /packs/palantir/Fleet/Endpoints/packs/*.yaml;
|
|
||||||
do fleetctl apply -f "$pack"
|
|
||||||
done
|
|
||||||
echo ""
|
|
||||||
echo "You can now exit the container by typing exit"
|
|
||||||
@@ -5,7 +5,6 @@
|
|||||||
{% set MASTER = salt['grains.get']('master') %}
|
{% set MASTER = salt['grains.get']('master') %}
|
||||||
{% set FLEETARCH = salt['grains.get']('role') %}
|
{% set FLEETARCH = salt['grains.get']('role') %}
|
||||||
|
|
||||||
|
|
||||||
{% if FLEETARCH == "so-fleet" %}
|
{% if FLEETARCH == "so-fleet" %}
|
||||||
{% set MAININT = salt['pillar.get']('host:mainint') %}
|
{% set MAININT = salt['pillar.get']('host:mainint') %}
|
||||||
{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
|
{% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
|
||||||
@@ -59,12 +58,6 @@ fleetlogdir:
|
|||||||
- group: 939
|
- group: 939
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
|
|
||||||
osquerypackageswebpage:
|
|
||||||
file.managed:
|
|
||||||
- name: /opt/so/conf/fleet/packages/index.html
|
|
||||||
- source: salt://fleet/files/dedicated-index.html
|
|
||||||
- template: jinja
|
|
||||||
|
|
||||||
fleetdb:
|
fleetdb:
|
||||||
mysql_database.present:
|
mysql_database.present:
|
||||||
- name: fleet
|
- name: fleet
|
||||||
|
|||||||
Reference in New Issue
Block a user