CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

firewall rules for importpcap node

Browse Source
This commit is contained in:
m0duspwnens
2020-08-11 12:31:37 -04:00
parent f6a85ac852
commit ec62668eb7
3 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -499,6 +499,9 @@ role:
- {{ portgroups.influxdb }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
minion:
portgroups:
- {{ portgroups.docker_registry }}
sensor:
portgroups:
- {{ portgroups.beats_5044 }}

2
setup/so-functions
View File

@@ -1568,7 +1568,7 @@ set_initial_firewall_policy() {
$default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost minion "$MAINIP"
$default_salt_dir/pillar/data/addtotab.sh managertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
;;
'EVAL' | 'MANAGERSEARCH' | 'STANDALONE')
'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORTPCAP')
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost manager "$MAINIP"
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
$default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP"

2
setup/so-setup
View File

@@ -529,10 +529,8 @@ fi
set_progress_str 26 'Downloading containers from the internet'
fi
salt-call state.apply -l info registry >> $setup_log 2>&1
docker_seed_registry 2>> "$setup_log" # ~ 60% when finished
set_progress_str 60 "$(print_salt_state_apply 'manager')"
salt-call state.apply -l info manager >> $setup_log 2>&1