From f1e015edcfe12d87e59b4a6d4d90e91b81d323ac Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 2 May 2019 16:53:19 -0400 Subject: [PATCH] Add content trust to all modules --- salt/bro/init.sls | 12 ++++++++++++ salt/common/init.sls | 17 +++++++++++++++++ salt/curator/init.sls | 5 +++++ salt/elastalert/init.sls | 6 ++++++ salt/elasticsearch/init.sls | 18 ++++++++++++++++++ salt/filebeat/init.sls | 5 +++++ salt/fleet/init.sls | 10 ++++++++-- salt/hive/init.sls | 30 +++++++++++++++++++++++------- salt/idstools/init.sls | 7 +++++-- salt/kibana/init.sls | 6 ++++++ salt/logstash/init.sls | 5 +++++ salt/master/init.sls | 6 ++++++ salt/mysql/init.sls | 6 ++++++ salt/pcap/init.sls | 6 ++++++ salt/redis/init.sls | 6 ++++++ salt/soctopus/init.sls | 3 +-- salt/suricata/init.sls | 6 ++++++ salt/wazuh/init.sls | 6 ++++++ 18 files changed, 147 insertions(+), 13 deletions(-) diff --git a/salt/bro/init.sls b/salt/bro/init.sls index 285762a71..eada1103c 100644 --- a/salt/bro/init.sls +++ b/salt/bro/init.sls @@ -90,8 +90,14 @@ localbrosync: - group: 939 - template: jinja +so-communitybroimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-communitybro:HH1.0.3 + so-bro: docker_container.running: + - require: + - so-communitybroimage - image: soshybridhunter/so-communitybro:HH1.0.3 - privileged: True - binds: @@ -117,8 +123,14 @@ localbrosync: - group: 939 - template: jinja +so-broimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-bro:HH1.0.6 + so-bro: docker_container.running: + - require: + - so-broimage - image: soshybridhunter/so-bro:HH1.0.6 - privileged: True - binds: diff --git a/salt/common/init.sls b/salt/common/init.sls index b9f6c3a44..059c9efea 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -101,8 +101,13 @@ nginxtmp: - makedirs: True # Start the core docker +so-coreimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-core:HH1.0.7 + so-core: docker_container.running: + - require: so-coreimage - image: soshybridhunter/so-core:HH1.0.7 - hostname: so-core - user: socore @@ -155,8 +160,14 @@ tgrafconf: - template: jinja - source: salt://common/telegraf/etc/telegraf.conf +so-telegrafimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-telegraf:HH1.0.7 + so-telegraf: docker_container.running: + - require: + - so-telegrafimage - image: soshybridhunter/so-telegraf:HH1.0.7 - environment: - HOST_PROC=/host/proc @@ -210,8 +221,14 @@ influxdbconf: - template: jinja - source: salt://common/influxdb/etc/influxdb.conf +so-influximage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-influxdb:HH1.0.7 + so-influxdb: docker_container.running: + - require: + - so-influximage - image: soshybridhunter/so-influxdb:HH1.0.7 - hostname: influxdb - environment: diff --git a/salt/curator/init.sls b/salt/curator/init.sls index adbf4f6b0..7e6f01544 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -112,9 +112,14 @@ curdel: - month: '*' - dayweek: '*' +so-curatorimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-curator:HH1.0.3 so-curator: docker_container.running: + - require: + - so-curatorimage - image: soshybridhunter/so-curator:HH1.0.3 - hostname: curator - name: so-curator diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index 28722fe01..298a56523 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -79,8 +79,14 @@ elastarules: # - group: 939 # - template: jinja +so-elastalertimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-elastalert:HH1.0.3 + so-elastalert: docker_container.running: + - require: + - so-elastalertimage - image: soshybridhunter/so-elastalert:HH1.0.3 - hostname: elastalert - name: so-elastalert diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 693cb3de0..3c6337afc 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -90,8 +90,14 @@ eslogdir: - group: 939 - makedirs: True +so-elasticsearchimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-elasticsearch:HH1.0.6 + so-elasticsearch: docker_container.running: + - require: + - so-elasticsearchimage - image: soshybridhunter/so-elasticsearch:HH1.0.6 - hostname: elasticsearch - name: so-elasticsearch @@ -143,8 +149,14 @@ freqlogdir: - group: 935 - makedirs: True +so-freqimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-freqserver:HH1.0.3 + so-freq: docker_container.running: + - require: + - so-freqimage - image: soshybridhunter/so-freqserver:HH1.0.3 - hostname: freqserver - name: so-freqserver @@ -179,8 +191,14 @@ dstatslogdir: - group: 939 - makedirs: True +so-domainstatsimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-domainstats:HH1.0.3 + so-domainstats: docker_container.running: + - require: + - so-domainstatsimage - image: soshybridhunter/so-domainstats:HH1.0.3 - hostname: domainstats - name: so-domainstats diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index 1396b34fb..d8abb6470 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -49,9 +49,14 @@ filebeatconfsync: # - name: /opt/so/conf/filebeat/etc/pki/filebeat.key # - source: salt://filebeat/files/filebeat.key +so-filebeatimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-filebeat:HH1.0.6 so-filebeat: docker_container.running: + - require: + - so-filebeatimage - image: soshybridhunter/so-filebeat:HH1.0.6 - hostname: so-filebeat - user: root diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls index 9986d40a9..2ec83502b 100644 --- a/salt/fleet/init.sls +++ b/salt/fleet/init.sls @@ -30,12 +30,12 @@ fleetlogdir: - user: 939 - group: 939 - makedirs: True - + fleetsetupscript: file.managed: - name: /opt/so/conf/fleet/so-fleet-setup.sh - source: salt://fleet/so-fleet-setup.sh - + osquerypackageswebpage: file.managed: - name: /opt/so/conf/fleet/packages/index.html @@ -59,8 +59,14 @@ fleetdbpriv: - user: fleetdbuser - host: 172.17.0.0/255.255.0.0 +so-fleetimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-fleet:HH1.0.6 + so-fleet: docker_container.running: + - require: + - so-fleetimage - image: soshybridhunter/so-fleet:HH1.0.6 - hostname: so-fleet - port_bindings: diff --git a/salt/hive/init.sls b/salt/hive/init.sls index 371e790de..0fff5f488 100644 --- a/salt/hive/init.sls +++ b/salt/hive/init.sls @@ -30,8 +30,14 @@ hiveesdata: - user: 939 - group: 939 +so-thehive-esimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-thehive-es:HH1.0.7 + so-thehive-es: docker_container.running: + - require: + - so-thehive-esimage - image: soshybridhunter/so-thehive-es:HH1.0.7 - hostname: so-thehive-es - name: so-thehive-es @@ -60,16 +66,26 @@ so-thehive-es: # Install Cortex -so-cortex: - docker_container.running: - - image: thehiveproject/cortex:latest - - hostname: so-cortex - - name: so-cortex - - port_bindings: - - 0.0.0.0:9001:9001 +#so-corteximage: +# cmd.run: +# - name: docker pull --disable-content-trust=false soshybridhunter/so-cortex:HH1.0.3 + +#so-cortex: +# docker_container.running: +# - image: thehiveproject/cortex:latest +# - hostname: so-cortex +# - name: so-cortex +# - port_bindings: +# - 0.0.0.0:9001:9001 + +so-thehiveimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-thehive:HH1.0.7 so-thehive: docker_container.running: + - require: + - so-thehiveimage - image: soshybridhunter/so-thehive:HH1.0.7 - hostname: so-thehive - name: so-thehive diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls index 62a338769..17de745fb 100644 --- a/salt/idstools/init.sls +++ b/salt/idstools/init.sls @@ -48,11 +48,14 @@ ruleslink: - name: /opt/so/saltstack/salt/suricata/rules - target: /opt/so/rules/nids -toosmooth/so-idstools:test2: - docker_image.present +so-idstoolsimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-idstools:HH1.0.3 so-idstools: docker_container.running: + - require: + - so-idstoolsimage - image: soshybridhunter/so-idstools:HH1.0.3 - hostname: so-idstools - user: socore diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index 050582c82..f1015410e 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -54,9 +54,15 @@ synckibanacustom: # File.Recurse for custom saved dashboards +so-kibanaimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-kibana:HH1.0.7 + # Start the kibana docker so-kibana: docker_container.running: + - require: + - so-kibanaimage - image: soshybridhunter/so-kibana:HH1.0.7 - hostname: kibana - user: kibana diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index a583338ce..eff920150 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -146,9 +146,14 @@ lslogdir: - makedirs: True # Add the container +so-logstashimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-logstash:HH1.0.6 so-logstash: docker_container.running: + - require: + - so-logstashimage - image: soshybridhunter/so-logstash:HH1.0.6 - hostname: so-logstash - name: so-logstash diff --git a/salt/master/init.sls b/salt/master/init.sls index 8f20ef69f..b6d240863 100644 --- a/salt/master/init.sls +++ b/salt/master/init.sls @@ -46,9 +46,15 @@ acngcopyconf: - name: /opt/so/conf/aptcacher-ng/etc/acng.conf - source: salt://master/files/acng/acng.conf +so-acngimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-acng:HH1.0.7 + # Install the apt-cacher-ng container so-aptcacherng: docker_container.running: + - require: + - so-acngimage - image: soshybridhunter/so-acng:HH1.0.7 - hostname: so-acng - port_bindings: diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls index b1e875578..f956a37bc 100644 --- a/salt/mysql/init.sls +++ b/salt/mysql/init.sls @@ -48,8 +48,14 @@ mysqldatadir: - group: 939 - makedirs: True +so-mysqlimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-mysql:HH1.0.7 + so-mysql: docker_container.running: + - require: + - so-mysqlimage - image: soshybridhunter/so-mysql:HH1.0.7 - hostname: so-mysql - user: socore diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index 26fdf2910..bb381cb10 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -85,8 +85,14 @@ stenolog: - group: 941 - makedirs: True +so-stenoimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-steno:HH1.0.3 + so-steno: docker_container.running: + - require: + - so-stenoimage - image: soshybridhunter/so-steno:HH1.0.3 - network_mode: host - privileged: True diff --git a/salt/redis/init.sls b/salt/redis/init.sls index 6dfbb473d..369f39966 100644 --- a/salt/redis/init.sls +++ b/salt/redis/init.sls @@ -47,8 +47,14 @@ redisconfsync: toosmooth/so-redis:test2: docker_image.present +so-redisimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-redis:HH1.0.7 + so-redis: docker_container.running: + - require: + - so-redisimage - image: soshybridhunter/so-redis:HH1.0.7 - hostname: so-redis - user: socore diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index 5041d4f16..0cd30d3ef 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -18,8 +18,7 @@ soctopussync: # - name: docker pull --disable-content-trust=false so-soctopus:HH1.0.8 so-soctopus: - docker_container.run: - - onlyif: docker pull --disable-content-trust=false soshybridhunter/so-soctopus:HH1.0.9 + docker_container.running: - image: soshybridhunter/so-soctopus:HH1.0.9 - hostname: soctopus - name: so-soctopus diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index a37ac153d..0453988f0 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -70,8 +70,14 @@ suriconfigsync: - group: 940 - template: jinja +so-suricataimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-suricata:HH1.0.8 + so-suricata: docker_container.running: + - require: + - so-suricataimage - image: soshybridhunter/so-suricata:HH1.0.8 - privileged: True - environment: diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index 4e5c136b5..eb0fa5cb9 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -56,8 +56,14 @@ wazuhagentregister: - mode: 755 - template: jinja +so-wazuhimage: + cmd.run: + - name: docker pull --disable-content-trust=false soshybridhunter/so-wazuh:HH1.0.7 + so-wazuh: docker_container.running: + - require: + - so-wazuhimage - image: soshybridhunter/so-wazuh:HH1.0.7 - hostname: {{HOSTNAME}}-wazuh-manager - name: so-wazuh