enabled/disable kibana in ui

2025-12-07 09:42:46 +01:00 · 2023-05-09 16:46:48 -04:00
parent 6909d3ed14
commit ec7bcd9b0c
17 changed files with 240 additions and 166 deletions
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -3,7 +3,6 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 {% set KIBANA = salt['pillar.get']('kibana:enabled', True) %}
 {% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %}
 {% set CURATOR = salt['pillar.get']('curator:enabled', True) %}
 {% set REDIS = salt['pillar.get']('redis:enabled', True) %}
@@ -232,7 +231,7 @@
    {% do allowed_states.append('elasticsearch.auth') %}
  {% endif %}
-  {% if KIBANA and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
+  {% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
    {% do allowed_states.append('kibana') %}
    {% do allowed_states.append('kibana.secrets') %}
  {% endif %}
--- a/salt/kibana/config.map.jinja
+++ b/salt/kibana/config.map.jinja
@@ -1,18 +0,0 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 {% import_yaml 'kibana/defaults.yaml' as KIBANACONFIG with context %}
 {% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
 {% do KIBANACONFIG.kibana.config.server.update({'publicBaseUrl': 'https://' ~ GLOBALS.url_base ~ '/kibana'}) %}
 {% do KIBANACONFIG.kibana.config.elasticsearch.update({'hosts': ['https://' ~ GLOBALS.manager ~ ':9200']}) %}
 {% do KIBANACONFIG.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass')}) %}
 {% do KIBANACONFIG.kibana.config.xpack.fleet.update({'registryUrl': 'http://' ~ GLOBALS.manager_ip ~ ':8080'}) %}
 {% if salt['pillar.get']('kibana:secrets') %}
  {% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey']}}) %}
  {% do KIBANACONFIG.kibana.config.xpack.security.update({'encryptionKey': pillar['kibana']['secrets']['security']['encryptionKey']}) %}
  {% do KIBANACONFIG.kibana.config.xpack.update({'reporting': {'encryptionKey': pillar['kibana']['secrets']['reporting']['encryptionKey']}}) %}
 {% endif %}
 {% set KIBANACONFIG = salt['pillar.get']('kibana:config', default=KIBANACONFIG.kibana.config, merge=True) %}
--- a/salt/kibana/config.sls
+++ b/salt/kibana/config.sls
@@ -0,0 +1,93 @@
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states %}
 {%   from 'vars/globals.map.jinja' import GLOBALS %}
 {%   import_yaml 'kibana/defaults.yaml' as default_settings %}
 {%   from 'kibana/map.jinja' import KIBANAMERGED %}
 # Add ES Group
 kibanasearchgroup:
  group.present:
    - name: kibana
    - gid: 932
 # Add ES user
 kibana:
  user.present:
    - uid: 932
    - gid: 932
    - home: /opt/so/conf/kibana
    - createhome: False
 # Drop the correct nginx config based on role
 kibanaconfdir:
  file.directory:
    - name: /opt/so/conf/kibana/etc
    - user: 932
    - group: 939
    - makedirs: True
 kibana_sbin:
  file.recurse:
    - name: /usr/sbin
    - source: salt://kibana/tools/sbin
    - user: 932
    - group: 939
    - file_mode: 755
 kibana_sbin_jinja:
  file.recurse:
    - name: /usr/sbin
    - source: salt://kibana/tools/sbin_jinja
    - user: 932
    - group: 939 
    - file_mode: 755
    - template: jinja
    - defaults:
      GLOBALS: {{ GLOBALS }}
 kibanaconfig:
  file.managed:
    - name: /opt/so/conf/kibana/etc/kibana.yml
    - source: salt://kibana/etc/kibana.yml.jinja
    - user: 932
    - group: 939
    - mode: 660
    - template: jinja
    - defaults:
        KIBANACONFIG: {{ KIBANAMERGED.config }}
    - show_changes: False
 kibanalogdir:
  file.directory:
    - name: /opt/so/log/kibana
    - user: 932
    - group: 939
    - makedirs: True
 kibanacustdashdir:
  file.directory:
    - name: /opt/so/conf/kibana/customdashboards
    - user: 932
    - group: 939
    - makedirs: True
 synckibanacustom:
  file.recurse:
    - name: /opt/so/conf/kibana/customdashboards
    - source: salt://kibana/custom
    - user: 932
    - group: 939
 {% else %}
 {{sls}}_state_not_allowed:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
 {% endif %}
--- a/salt/kibana/defaults.yaml
+++ b/salt/kibana/defaults.yaml
@@ -1,5 +1,5 @@
 kibana:
-  enabled: True
+  enabled: False
  config:
    server:
      name: kibana
@@ -32,4 +32,4 @@ kibana:
        kibanaServer:
          hostname: localhost
      fleet:
-        registryUrl: ""
+        registryUrl: ""
--- a/salt/kibana/disabled.sls
+++ b/salt/kibana/disabled.sls
@@ -0,0 +1,27 @@
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states %}
 include:
  - kibana.sostatus
 so-kibana:
  docker_container.absent:
    - force: True
 so-kibana_so-status.disabled:
  file.comment:
    - name: /opt/so/conf/so-status/so-status.conf
    - regex: ^so-kibana$
 {% else %}
 {{sls}}_state_not_allowed:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
 {% endif %}
--- a/salt/kibana/enabled.sls
+++ b/salt/kibana/enabled.sls
@@ -0,0 +1,48 @@
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states %}
 {%   from 'docker/docker.map.jinja' import DOCKER %}
 {%   from 'vars/globals.map.jinja' import GLOBALS %}
 include:
  - kibana.config
  - kibana.sostatus
 # Start the kibana docker
 so-kibana:
  docker_container.running:
    - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kibana:{{ GLOBALS.so_version }}
    - hostname: kibana
    - user: kibana
    - networks:
      - sobridge:
        - ipv4_address: {{ DOCKER.containers['so-kibana'].ip }}
    - environment:
      - ELASTICSEARCH_HOST={{ GLOBALS.manager }}
      - ELASTICSEARCH_PORT=9200
      - MANAGER={{ GLOBALS.manager }}
    - extra_hosts:
      - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
    - binds:
      - /opt/so/conf/kibana/etc:/usr/share/kibana/config:rw
      - /opt/so/log/kibana:/var/log/kibana:rw
      - /opt/so/conf/kibana/customdashboards:/usr/share/kibana/custdashboards:ro
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    - port_bindings:
      {% for BINDING in DOCKER.containers['so-kibana'].port_bindings %}
      - {{ BINDING }}
      {% endfor %}
    - watch:
      - file: kibanaconfig
 {% else %}
 {{sls}}_state_not_allowed:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
 {% endif %}
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -3,125 +3,14 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
-{% from 'allowed_states.map.jinja' import allowed_states %}
+{% from 'kibana/map.jinja' import KIBANAMERGED %}
 {% if sls in allowed_states %}
 {% from 'docker/docker.map.jinja' import DOCKER %}
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 {% import_yaml 'kibana/defaults.yaml' as default_settings %}
 {% set KIBANA_SETTINGS = salt['grains.filter_by'](default_settings, default='kibana', merge=salt['pillar.get']('kibana', {})) %}
 {% from 'kibana/config.map.jinja' import KIBANACONFIG with context %}
 # Add ES Group
 kibanasearchgroup:
  group.present:
    - name: kibana
    - gid: 932
 # Add ES user
 kibana:
  user.present:
    - uid: 932
    - gid: 932
    - home: /opt/so/conf/kibana
    - createhome: False
 # Drop the correct nginx config based on role
 kibanaconfdir:
  file.directory:
    - name: /opt/so/conf/kibana/etc
    - user: 932
    - group: 939
    - makedirs: True
 kibana_sbin:
  file.recurse:
    - name: /usr/sbin
    - source: salt://kibana/tools/sbin
    - user: 932
    - group: 939
    - file_mode: 755
 kibana_sbin_jinja:
  file.recurse:
    - name: /usr/sbin
    - source: salt://kibana/tools/sbin_jinja
    - user: 932
    - group: 939 
    - file_mode: 755
    - template: jinja
    - defaults:
      GLOBALS: {{ GLOBALS }}
 kibanaconfig:
  file.managed:
    - name: /opt/so/conf/kibana/etc/kibana.yml
    - source: salt://kibana/etc/kibana.yml.jinja
    - user: 932
    - group: 939
    - mode: 660
    - template: jinja
    - defaults:
        KIBANACONFIG: {{ KIBANACONFIG }}
    - show_changes: False
 kibanalogdir:
  file.directory:
    - name: /opt/so/log/kibana
    - user: 932
    - group: 939
    - makedirs: True
 kibanacustdashdir:
  file.directory:
    - name: /opt/so/conf/kibana/customdashboards
    - user: 932
    - group: 939
    - makedirs: True
 synckibanacustom:
  file.recurse:
    - name: /opt/so/conf/kibana/customdashboards
    - source: salt://kibana/custom
    - user: 932
    - group: 939
 # Start the kibana docker
 so-kibana:
  docker_container.running:
    - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kibana:{{ GLOBALS.so_version }}
    - hostname: kibana
    - user: kibana
    - networks:
      - sobridge:
        - ipv4_address: {{ DOCKER.containers['so-kibana'].ip }}
    - environment:
      - ELASTICSEARCH_HOST={{ GLOBALS.manager }}
      - ELASTICSEARCH_PORT=9200
      - MANAGER={{ GLOBALS.manager }}
    - extra_hosts:
      - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
    - binds:
      - /opt/so/conf/kibana/etc:/usr/share/kibana/config:rw
      - /opt/so/log/kibana:/var/log/kibana:rw
      - /opt/so/conf/kibana/customdashboards:/usr/share/kibana/custdashboards:ro
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    - port_bindings:
      {% for BINDING in DOCKER.containers['so-kibana'].port_bindings %}
      - {{ BINDING }}
      {% endfor %}
    - watch:
      - file: kibanaconfig
 append_so-kibana_so-status.conf:
  file.append:
    - name: /opt/so/conf/so-status/so-status.conf
    - text: so-kibana
 include:
 {% if KIBANAMERGED.enabled %}
  - kibana.enabled
  - kibana.so_config_load
  - kibana.so_securitySolution_load
  - kibana.so_dashboard_load
 {% else %}
-
+  - kibana.disabled
 {{sls}}_state_not_allowed:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
 {% endif %}
--- a/salt/kibana/map.jinja
+++ b/salt/kibana/map.jinja
@@ -0,0 +1,23 @@
 {# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
   or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
   https://securityonion.net/license; you may not use this file except in compliance with the
   Elastic License 2.0. #}
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 {% import_yaml 'kibana/defaults.yaml' as KIBANADEFAULTS with context %}
 {% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
 {% do KIBANADEFAULTS.kibana.config.server.update({'publicBaseUrl': 'https://' ~ GLOBALS.url_base ~ '/kibana'}) %}
 {% do KIBANADEFAULTS.kibana.config.elasticsearch.update({'hosts': ['https://' ~ GLOBALS.manager ~ ':9200']}) %}
 {% do KIBANADEFAULTS.kibana.config.elasticsearch.update({'username': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:user'), 'password': salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass')}) %}
 {% do KIBANADEFAULTS.kibana.config.xpack.fleet.update({'registryUrl': 'http://' ~ GLOBALS.manager_ip ~ ':8080'}) %}
 {% if salt['pillar.get']('kibana:secrets') %}
  {% do KIBANADEFAULTS.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey']}}) %}
  {% do KIBANADEFAULTS.kibana.config.xpack.security.update({'encryptionKey': pillar['kibana']['secrets']['security']['encryptionKey']}) %}
  {% do KIBANADEFAULTS.kibana.config.xpack.update({'reporting': {'encryptionKey': pillar['kibana']['secrets']['reporting']['encryptionKey']}}) %}
 {% endif %}
 {% set KIBANAMERGED = salt['pillar.get']('kibana', default=KIBANADEFAULTS.kibana, merge=True) %}
--- a/salt/kibana/so_config_load.sls
+++ b/salt/kibana/so_config_load.sls
@@ -4,7 +4,7 @@
 # Elastic License 2.0.
 include:
-  - kibana
+  - kibana.enabled
 config_saved_objects:
  file.managed:
--- a/salt/kibana/so_dashboard_load.sls
+++ b/salt/kibana/so_dashboard_load.sls
@@ -5,7 +5,7 @@
 {% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
 include:
-  - kibana
+  - kibana.enabled
 dashboard_saved_objects_template:
  file.managed:
--- a/salt/kibana/so_savedobjects_defaults.sls
+++ b/salt/kibana/so_savedobjects_defaults.sls
@@ -4,7 +4,7 @@
 # Elastic License 2.0.
 include:
-  - kibana
+  - kibana.enabled
  - kibana.so_config_load
  - kibana.so_securitySolution_load
  - kibana.so_dashboard_load
--- a/salt/kibana/so_securitySolution_load.sls
+++ b/salt/kibana/so_securitySolution_load.sls
@@ -4,7 +4,7 @@
 # Elastic License 2.0.
 include:
-  - kibana
+  - kibana.enabled
 securitySolution_saved_objects:
  file.managed:
--- a/salt/kibana/soc_kibana.yaml
+++ b/salt/kibana/soc_kibana.yaml
@@ -1,4 +1,7 @@
 kibana:
  enabled: 
    description: You can enable or disable Kibana.
    helpLink: kibana.html
  config:
    elasticsearch:
      requestTimeout:
--- a/salt/kibana/sostatus.sls
+++ b/salt/kibana/sostatus.sls
@@ -0,0 +1,21 @@
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states %}
 append_so-kibana_so-status.conf:
  file.append:
    - name: /opt/so/conf/so-status/so-status.conf
    - text: so-kibana
    - unless: grep -q so-kibana /opt/so/conf/so-status/so-status.conf
 {% else %}
 {{sls}}_state_not_allowed:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
 {% endif %}
--- a/salt/manager/tools/sbin/so-minion
+++ b/salt/manager/tools/sbin/so-minion
@@ -216,7 +216,7 @@ function add_sensor_to_minion() {
 	echo "    af-packet:" >> $PILLARFILE
 	echo "      threads: '$CORECOUNT'" >> $PILLARFILE
 	echo "pcap:" >> $PILLARFILE
-	echo "    enabled: True" >> $PILLARFILE
+	echo "  enabled: True" >> $PILLARFILE
 	echo "  " >> $PILLARFILE
 }
--- a/salt/pcap/sostatus.sls
+++ b/salt/pcap/sostatus.sls
@@ -1,7 +1,7 @@
-{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-   or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-   https://securityonion.net/license; you may not use this file except in compliance with the
+# https://securityonion.net/license; you may not use this file except in compliance with the
-   Elastic License 2.0. #}
+# Elastic License 2.0.
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states %}
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -3,7 +3,6 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 {% set KIBANA = salt['pillar.get']('kibana:enabled', True) %}
 {% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %}
 {% set REDIS = salt['pillar.get']('redis:enabled', True) %}
 {% set STRELKA = salt['pillar.get']('strelka:enabled', '0') %}
@@ -74,10 +73,8 @@ base:
    - healthcheck
    - mysql
    - elasticsearch
    {%- if KIBANA %}
    - elastic-fleet-package-registry
-    - kibana.so_savedobjects_defaults
+    - kibana
    {%- endif %}
    - pcap
    - suricata
    - zeek
@@ -120,10 +117,8 @@ base:
    {%- if REDIS %}
    - redis
    {%- endif %}
    {%- if KIBANA %}
    - elastic-fleet-package-registry
-    - kibana.so_savedobjects_defaults
+    - kibana
    {%- endif %}
    - curator
    - elastalert
    - utility
@@ -158,10 +153,8 @@ base:
    {%- if REDIS %}
    - redis
    {%- endif %}
    {%- if KIBANA %}
    - elastic-fleet-package-registry
-    - kibana.so_savedobjects_defaults
+    - kibana
    {%- endif %}
    - pcap
    - suricata
    - zeek
@@ -216,10 +209,8 @@ base:
    - redis
    {%- endif %}
    - curator
    {%- if KIBANA %}
    - elastic-fleet-package-registry
-    - kibana.so_savedobjects_defaults
+    - kibana
    {%- endif %}
    - elastalert
    - utility
    - soctopus
@@ -269,10 +260,8 @@ base:
    - suricata.manager
    - pcap
    - elasticsearch
    {%- if KIBANA %}
    - elastic-fleet-package-registry
-    - kibana.so_savedobjects_defaults
+    - kibana
    {%- endif %}
    - utility
    - suricata
    - zeek