CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1417 from Security-Onion-Solutions/bugfix/local_zeeklogs

Browse Source 
Bugfix/local zeeklogs
This commit is contained in:
William Wernert
2020-09-29 08:58:02 -04:00
committed by GitHub
parent 60134829d5 f77305e22f
commit ebe00822f8
4 changed files with 54 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
pillar/zeeklogs.sls
View File

@@ -1,42 +0,0 @@
zeeklogs:
enabled:
- conn
- dce_rpc
- dhcp
- dhcpv6
- dnp3
- dns
- dpd
- files
- ftp
- http
- intel
- irc
- kerberos
- modbus
- mqtt
- notice
- ntlm
- openvpn
- pe
- radius
- rfb
- rdp
- signatures
- sip
- smb_files
- smb_mapping
- smtp
- snmp
- software
- ssh
- ssl
- syslog
- telnet
- tunnel
- weird
- mysql
- socks
- x509
disabled:

16
setup/so-functions
View File

@@ -1119,8 +1119,6 @@ manager_pillar() {
" kratoskey: $KRATOSKEY"\ " kratoskey: $KRATOSKEY"\
"" >> "$pillar_file" "" >> "$pillar_file"
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$pillar_file" >> "$setup_log" 2>&1
} }
manager_global() { manager_global() {
@@ -1326,8 +1324,6 @@ elasticsearch_pillar() {
" lsheap: $NODE_LS_HEAP_SIZE"\ " lsheap: $NODE_LS_HEAP_SIZE"\
"" >> "$pillar_file" "" >> "$pillar_file"
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$pillar_file" >> "$setup_log" 2>&1
} }
parse_install_username() { parse_install_username() {
@@ -1347,9 +1343,6 @@ patch_pillar() {
" splay: 300"\ " splay: 300"\
"" >> "$pillar_file" "" >> "$pillar_file"
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$pillar_file" >> "$setup_log" 2>&1
} }
patch_schedule_os_new() { patch_schedule_os_new() {
@@ -1372,8 +1365,6 @@ patch_schedule_os_new() {
done done
done done
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$OSPATCHSCHEDULE" >> "$setup_log" 2>&1
} }
print_salt_state_apply() { print_salt_state_apply() {
@@ -1746,8 +1737,6 @@ sensor_pillar() {
echo " hnsensor: $HNSENSOR" >> "$pillar_file" echo " hnsensor: $HNSENSOR" >> "$pillar_file"
fi fi
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$pillar_file" >> "$setup_log" 2>&1
} }
set_default_log_size() { set_default_log_size() {
@@ -2031,7 +2020,7 @@ es_heapsize() {
zeek_logs_enabled() { zeek_logs_enabled() {
echo "Enabling Zeek Logs" >> "$setup_log" 2>&1 echo "Enabling Zeek Logs" >> "$setup_log" 2>&1
local zeeklogs_pillar=./pillar/zeeklogs.sls local zeeklogs_pillar=$local_salt_dir/pillar/zeeklogs.sls
printf '%s\n'\ printf '%s\n'\
"zeeklogs:"\ "zeeklogs:"\
@@ -2122,7 +2111,4 @@ zeek_logs_enabled() {
" - socks"\ " - socks"\
" - x509" >> "$zeeklogs_pillar" " - x509" >> "$zeeklogs_pillar"
fi fi
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$zeeklogs_pillar" >> "$setup_log" 2>&1
} }

20
setup/so-setup
View File

@@ -490,17 +490,17 @@ fi
set_progress_str 5 'Installing Salt and dependencies' set_progress_str 5 'Installing Salt and dependencies'
saltify 2>> $setup_log saltify 2>> $setup_log
set_progress_str 7 'Installing Docker and dependencies' set_progress_str 6 'Installing Docker and dependencies'
docker_install >> $setup_log 2>&1 docker_install >> $setup_log 2>&1
set_progress_str 8 'Generating patch pillar' set_progress_str 7 'Generating patch pillar'
patch_pillar >> $setup_log 2>&1 patch_pillar >> $setup_log 2>&1
set_progress_str 9 'Initializing Salt minion' set_progress_str 8 'Initializing Salt minion'
configure_minion "$minion_type" >> $setup_log 2>&1 configure_minion "$minion_type" >> $setup_log 2>&1
if [[ $is_manager || $is_helix || $is_import ]]; then if [[ $is_manager || $is_helix || $is_import ]]; then
set_progress_str 10 'Configuring Salt master' set_progress_str 9 'Configuring Salt master'
{ {
create_local_directories; create_local_directories;
addtotab_generate_templates; addtotab_generate_templates;
@@ -509,17 +509,22 @@ fi
firewall_generate_templates; firewall_generate_templates;
} >> $setup_log 2>&1 } >> $setup_log 2>&1
set_progress_str 11 'Updating sudoers file for soremote user' set_progress_str 10 'Updating sudoers file for soremote user'
update_sudoers >> $setup_log 2>&1 update_sudoers >> $setup_log 2>&1
set_progress_str 12 'Generating manager global pillar' set_progress_str 11 'Generating manager global pillar'
#minio_generate_keys #minio_generate_keys
manager_global >> $setup_log 2>&1 manager_global >> $setup_log 2>&1
set_progress_str 13 'Generating manager pillar' set_progress_str 12 'Generating manager pillar'
manager_pillar >> $setup_log 2>&1 manager_pillar >> $setup_log 2>&1
fi fi
if [[ $is_sensor || $is_import ]]; then
set_progress_str 13 'Generating zeeklogs pillar'
zeek_logs_enabled >> $setup_log 2>&1
fi
set_progress_str 16 'Running first Salt checkin' set_progress_str 16 'Running first Salt checkin'
salt_firstcheckin >> $setup_log 2>&1 salt_firstcheckin >> $setup_log 2>&1
@@ -617,6 +622,7 @@ fi
salt-call state.apply -l info suricata >> $setup_log 2>&1 salt-call state.apply -l info suricata >> $setup_log 2>&1
set_progress_str 67 "$(print_salt_state_apply 'zeek')" set_progress_str 67 "$(print_salt_state_apply 'zeek')"
zeek_logs_enabled >> $setup_log 2>&1
salt-call state.apply -l info zeek >> $setup_log 2>&1 salt-call state.apply -l info zeek >> $setup_log 2>&1
fi fi

2
setup/so-variables
View File

@@ -54,8 +54,10 @@ export percentage_str='Getting started'
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
export default_salt_dir=/opt/so/saltstack/default export default_salt_dir=/opt/so/saltstack/default
mkdir -p "$default_salt_dir"
export local_salt_dir=/opt/so/saltstack/local export local_salt_dir=/opt/so/saltstack/local
mkdir -p "$local_salt_dir"
SCRIPTDIR=$(cd "$(dirname "$0")" && pwd) SCRIPTDIR=$(cd "$(dirname "$0")" && pwd)
export SCRIPTDIR export SCRIPTDIR