Fleet cleanup

2025-12-14 13:12:49 +01:00 · 2020-06-03 05:54:35 -04:00
parent 782c669835
commit eaacb7b71e
8 changed files with 20 additions and 131 deletions
--- a/salt/common/tools/sbin/so-fleet-setup
+++ b/salt/common/tools/sbin/so-fleet-setup
@@ -20,9 +20,9 @@ docker exec so-fleet fleetctl setup --email $1 --password $2

 docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml
 docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml
-docker exec so-fleet fleetctl apply -f /packs/hh/hhdefault.yml
+docker exec so-fleet fleetctl apply -f /packs/so/so-default.yml
 docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/packs/*.yaml; do fleetctl apply -f "$pack"; done'
-docker exec so-fleet fleetctl apply -f /packs/hh/osquery.conf
+docker exec so-fleet fleetctl apply -f /packs/osquery-config.conf


 # Enable Fleet
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -355,17 +355,6 @@ enable_minions_influxdb_8086_{{ip}}:
    - position: 1
    - save: True

-enable_minion_osquery_8080_{{ip}}:
-  iptables.insert:
-    - table: filter
-    - chain: DOCKER-USER
-    - jump: ACCEPT
-    - proto: tcp
-    - source: {{ ip }}
-    - dport: 8080
-    - position: 1
-    - save: True
-
 enable_minion_osquery_8090_{{ip}}:
  iptables.insert:
    - table: filter
@@ -792,7 +781,7 @@ enable_fleet_osquery_8080_{{ip}}:
    - save: True

    
-enable_fleetnodetemp_mysql_3306_{{ip}}:
+enable_fleetnode_mysql_3306_{{ip}}:
  iptables.insert:
    - table: filter
    - chain: DOCKER-USER
@@ -803,7 +792,7 @@ enable_fleetnodetemp_mysql_3306_{{ip}}:
    - position: 1
    - save: True

-enable_fleettemp_osquery_8080_{{ip}}:
+enable_fleet_osquery_8080_{{ip}}:
  iptables.insert:
    - table: filter
    - chain: DOCKER-USER
@@ -847,4 +836,20 @@ enable_fleetnode_8090_{{ip}}:

 {% endfor %}

+# Make it so all the minions can talk to fleet standalone node
+{% for ip in pillar.get('minions')  %}
+
+enable_minion_fleet_standalone_8090_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 8090
+    - position: 1
+    - save: True
+
+{% endfor %}
+
 {% endif %}
--- a/salt/fleet/files/dedicated-index.html
+++ b/salt/fleet/files/dedicated-index.html
@@ -1,96 +0,0 @@
-{%- set PACKAGESTS = salt['pillar.get']('static:fleet_packages-timestamp:', 'N/A') -%}
-
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<title>Security Onion - Hybrid Hunter</title>
-<meta charset="utf-8">
-<meta name="viewport" content="width=device-width, initial-scale=1">
-<link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
-<link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
-<style>
-* {
-	box-sizing: border-box;
-	font-family: Arial, Helvetica, sans-serif;
-	padding-left: 30px;
-	padding-right: 30px;
-}
-
-body {
-	font-family: Arial, Helvetica, sans-serif;
-	background-color: #2a2a2a;
-
-}
-a {
-	color: #f2f2f2;
-	text-align: left;
-	padding: 0px;
-}
-
-.center-content {
-	margin: 0 auto;
-}
-
-/* Style the top navigation bar */
-.topnav {
-	overflow: hidden;
-	background-color: #333;
-	width: 1080px;
-	display: flex;
-	align-content: center;
-}
-
-/* Style the topnav links */
-.topnav a {
-	margin: auto;
-	color: #f2f2f2;
-	text-align: center;
-	padding: 14px 16px;
-	text-decoration: none;
-}
-
-/* Change color on hover */
-.topnav a:hover {
-	background-color: #ddd;
-	color: black;
-}
-
-/* Style the content */
-.content {
-	background-color: #2a2a2a;
-	padding: 10px;
-	padding-top: 20px;
-	padding-left: 60px;
-	color: #E3DBCC;
-	width: 1080px;
-}
-
-/* Style the footer */
-.footer {
-	background-color: #2a2a2a;
-	padding: 60px;
-	color: #E3DBCC;
-	width: 1080px;
-}
-</style>
-</head>
-<body>
-	<div class="center-content">
-		<div class="topnav center-content">
-			<a href="/fleet/" target="_blank">Fleet</a>
-			<a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Configuring-Osquery-with-Security-Onion" target="_blank">Osquery/Fleet Docs</a>
-			<a href="https://www.securityonionsolutions.com" target="_blank">Security Onion Solutions</a>
-		</div>
-		  
-		<div class="content center-content">
-			<p>
-                <div style="text-align: center;">
-                    <h1>Security Onion - Dedicated Fleet Node</h1>
-				</div>
-				<br/>
-				<br/>
-			  </p>
-		  </div>
-	</div>
-</body>
-</html>
--- a/salt/fleet/files/packs/PUT.PACKS.IN.HERE
+++ b/salt/fleet/files/packs/PUT.PACKS.IN.HERE
--- a/salt/fleet/files/packs/hh/hh-post-login.sh
+++ b/salt/fleet/files/packs/hh/hh-post-login.sh
@@ -1,13 +0,0 @@
-#!/bin/sh
-echo "Applying Post Configuration for Osquery"
-#fleetctl apply -f /packs/hh/osquery.conf
-fleetctl apply -f /packs/palantir/Fleet/Endpoints/options.yaml
-fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml
-fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml
-fleetctl apply -f /packs/hh/hhdefault.yml
-
-for pack in /packs/palantir/Fleet/Endpoints/packs/*.yaml;
- do fleetctl apply -f "$pack"
-done
-echo ""
-echo "You can now exit the container by typing exit"
--- a/salt/fleet/files/packs/osquery-config.conf
+++ b/salt/fleet/files/packs/osquery-config.conf
--- a/salt/fleet/files/packs/so/so-default.yml
+++ b/salt/fleet/files/packs/so/so-default.yml
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -5,7 +5,6 @@
 {% set MASTER = salt['grains.get']('master') %}
 {% set FLEETARCH = salt['grains.get']('role') %}

-
 {% if FLEETARCH == "so-fleet" %}
  {% set MAININT = salt['pillar.get']('host:mainint') %}
  {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
@@ -59,12 +58,6 @@ fleetlogdir:
    - group: 939
    - makedirs: True

-osquerypackageswebpage:
-  file.managed:
-    - name: /opt/so/conf/fleet/packages/index.html
-    - source: salt://fleet/files/dedicated-index.html
-    - template: jinja
-
 fleetdb:
  mysql_database.present:
    - name: fleet