mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
Add content trust to all modules
This commit is contained in:
Mike Reeves
@@ -90,8 +90,14 @@ localbrosync:
|
||||
- group: 939
|
||||
- template: jinja
|
||||
|
||||
so-communitybroimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-communitybro:HH1.0.3
|
||||
|
||||
so-bro:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-communitybroimage
|
||||
- image: soshybridhunter/so-communitybro:HH1.0.3
|
||||
- privileged: True
|
||||
- binds:
|
||||
@@ -117,8 +123,14 @@ localbrosync:
|
||||
- group: 939
|
||||
- template: jinja
|
||||
|
||||
so-broimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-bro:HH1.0.6
|
||||
|
||||
so-bro:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-broimage
|
||||
- image: soshybridhunter/so-bro:HH1.0.6
|
||||
- privileged: True
|
||||
- binds:
|
||||
|
||||
@@ -101,8 +101,13 @@ nginxtmp:
|
||||
- makedirs: True
|
||||
|
||||
# Start the core docker
|
||||
so-coreimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-core:HH1.0.7
|
||||
|
||||
so-core:
|
||||
docker_container.running:
|
||||
- require: so-coreimage
|
||||
- image: soshybridhunter/so-core:HH1.0.7
|
||||
- hostname: so-core
|
||||
- user: socore
|
||||
@@ -155,8 +160,14 @@ tgrafconf:
|
||||
- template: jinja
|
||||
- source: salt://common/telegraf/etc/telegraf.conf
|
||||
|
||||
so-telegrafimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-telegraf:HH1.0.7
|
||||
|
||||
so-telegraf:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-telegrafimage
|
||||
- image: soshybridhunter/so-telegraf:HH1.0.7
|
||||
- environment:
|
||||
- HOST_PROC=/host/proc
|
||||
@@ -210,8 +221,14 @@ influxdbconf:
|
||||
- template: jinja
|
||||
- source: salt://common/influxdb/etc/influxdb.conf
|
||||
|
||||
so-influximage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-influxdb:HH1.0.7
|
||||
|
||||
so-influxdb:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-influximage
|
||||
- image: soshybridhunter/so-influxdb:HH1.0.7
|
||||
- hostname: influxdb
|
||||
- environment:
|
||||
|
||||
@@ -112,9 +112,14 @@ curdel:
|
||||
- month: '*'
|
||||
- dayweek: '*'
|
||||
|
||||
so-curatorimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-curator:HH1.0.3
|
||||
|
||||
so-curator:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-curatorimage
|
||||
- image: soshybridhunter/so-curator:HH1.0.3
|
||||
- hostname: curator
|
||||
- name: so-curator
|
||||
|
||||
@@ -79,8 +79,14 @@ elastarules:
|
||||
# - group: 939
|
||||
# - template: jinja
|
||||
|
||||
so-elastalertimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-elastalert:HH1.0.3
|
||||
|
||||
so-elastalert:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-elastalertimage
|
||||
- image: soshybridhunter/so-elastalert:HH1.0.3
|
||||
- hostname: elastalert
|
||||
- name: so-elastalert
|
||||
|
||||
@@ -90,8 +90,14 @@ eslogdir:
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
so-elasticsearchimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-elasticsearch:HH1.0.6
|
||||
|
||||
so-elasticsearch:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-elasticsearchimage
|
||||
- image: soshybridhunter/so-elasticsearch:HH1.0.6
|
||||
- hostname: elasticsearch
|
||||
- name: so-elasticsearch
|
||||
@@ -143,8 +149,14 @@ freqlogdir:
|
||||
- group: 935
|
||||
- makedirs: True
|
||||
|
||||
so-freqimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-freqserver:HH1.0.3
|
||||
|
||||
so-freq:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-freqimage
|
||||
- image: soshybridhunter/so-freqserver:HH1.0.3
|
||||
- hostname: freqserver
|
||||
- name: so-freqserver
|
||||
@@ -179,8 +191,14 @@ dstatslogdir:
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
so-domainstatsimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-domainstats:HH1.0.3
|
||||
|
||||
so-domainstats:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-domainstatsimage
|
||||
- image: soshybridhunter/so-domainstats:HH1.0.3
|
||||
- hostname: domainstats
|
||||
- name: so-domainstats
|
||||
|
||||
@@ -49,9 +49,14 @@ filebeatconfsync:
|
||||
# - name: /opt/so/conf/filebeat/etc/pki/filebeat.key
|
||||
# - source: salt://filebeat/files/filebeat.key
|
||||
|
||||
so-filebeatimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-filebeat:HH1.0.6
|
||||
|
||||
so-filebeat:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-filebeatimage
|
||||
- image: soshybridhunter/so-filebeat:HH1.0.6
|
||||
- hostname: so-filebeat
|
||||
- user: root
|
||||
|
||||
@@ -30,12 +30,12 @@ fleetlogdir:
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
|
||||
fleetsetupscript:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/fleet/so-fleet-setup.sh
|
||||
- source: salt://fleet/so-fleet-setup.sh
|
||||
|
||||
|
||||
osquerypackageswebpage:
|
||||
file.managed:
|
||||
- name: /opt/so/conf/fleet/packages/index.html
|
||||
@@ -59,8 +59,14 @@ fleetdbpriv:
|
||||
- user: fleetdbuser
|
||||
- host: 172.17.0.0/255.255.0.0
|
||||
|
||||
so-fleetimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-fleet:HH1.0.6
|
||||
|
||||
so-fleet:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-fleetimage
|
||||
- image: soshybridhunter/so-fleet:HH1.0.6
|
||||
- hostname: so-fleet
|
||||
- port_bindings:
|
||||
|
||||
@@ -30,8 +30,14 @@ hiveesdata:
|
||||
- user: 939
|
||||
- group: 939
|
||||
|
||||
so-thehive-esimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-thehive-es:HH1.0.7
|
||||
|
||||
so-thehive-es:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-thehive-esimage
|
||||
- image: soshybridhunter/so-thehive-es:HH1.0.7
|
||||
- hostname: so-thehive-es
|
||||
- name: so-thehive-es
|
||||
@@ -60,16 +66,26 @@ so-thehive-es:
|
||||
|
||||
# Install Cortex
|
||||
|
||||
so-cortex:
|
||||
docker_container.running:
|
||||
- image: thehiveproject/cortex:latest
|
||||
- hostname: so-cortex
|
||||
- name: so-cortex
|
||||
- port_bindings:
|
||||
- 0.0.0.0:9001:9001
|
||||
#so-corteximage:
|
||||
# cmd.run:
|
||||
# - name: docker pull --disable-content-trust=false soshybridhunter/so-cortex:HH1.0.3
|
||||
|
||||
#so-cortex:
|
||||
# docker_container.running:
|
||||
# - image: thehiveproject/cortex:latest
|
||||
# - hostname: so-cortex
|
||||
# - name: so-cortex
|
||||
# - port_bindings:
|
||||
# - 0.0.0.0:9001:9001
|
||||
|
||||
so-thehiveimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-thehive:HH1.0.7
|
||||
|
||||
so-thehive:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-thehiveimage
|
||||
- image: soshybridhunter/so-thehive:HH1.0.7
|
||||
- hostname: so-thehive
|
||||
- name: so-thehive
|
||||
|
||||
@@ -48,11 +48,14 @@ ruleslink:
|
||||
- name: /opt/so/saltstack/salt/suricata/rules
|
||||
- target: /opt/so/rules/nids
|
||||
|
||||
toosmooth/so-idstools:test2:
|
||||
docker_image.present
|
||||
so-idstoolsimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-idstools:HH1.0.3
|
||||
|
||||
so-idstools:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-idstoolsimage
|
||||
- image: soshybridhunter/so-idstools:HH1.0.3
|
||||
- hostname: so-idstools
|
||||
- user: socore
|
||||
|
||||
@@ -54,9 +54,15 @@ synckibanacustom:
|
||||
|
||||
# File.Recurse for custom saved dashboards
|
||||
|
||||
so-kibanaimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-kibana:HH1.0.7
|
||||
|
||||
# Start the kibana docker
|
||||
so-kibana:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-kibanaimage
|
||||
- image: soshybridhunter/so-kibana:HH1.0.7
|
||||
- hostname: kibana
|
||||
- user: kibana
|
||||
|
||||
@@ -146,9 +146,14 @@ lslogdir:
|
||||
- makedirs: True
|
||||
|
||||
# Add the container
|
||||
so-logstashimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-logstash:HH1.0.6
|
||||
|
||||
so-logstash:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-logstashimage
|
||||
- image: soshybridhunter/so-logstash:HH1.0.6
|
||||
- hostname: so-logstash
|
||||
- name: so-logstash
|
||||
|
||||
@@ -46,9 +46,15 @@ acngcopyconf:
|
||||
- name: /opt/so/conf/aptcacher-ng/etc/acng.conf
|
||||
- source: salt://master/files/acng/acng.conf
|
||||
|
||||
so-acngimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-acng:HH1.0.7
|
||||
|
||||
# Install the apt-cacher-ng container
|
||||
so-aptcacherng:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-acngimage
|
||||
- image: soshybridhunter/so-acng:HH1.0.7
|
||||
- hostname: so-acng
|
||||
- port_bindings:
|
||||
|
||||
@@ -48,8 +48,14 @@ mysqldatadir:
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
so-mysqlimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-mysql:HH1.0.7
|
||||
|
||||
so-mysql:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-mysqlimage
|
||||
- image: soshybridhunter/so-mysql:HH1.0.7
|
||||
- hostname: so-mysql
|
||||
- user: socore
|
||||
|
||||
@@ -85,8 +85,14 @@ stenolog:
|
||||
- group: 941
|
||||
- makedirs: True
|
||||
|
||||
so-stenoimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-steno:HH1.0.3
|
||||
|
||||
so-steno:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-stenoimage
|
||||
- image: soshybridhunter/so-steno:HH1.0.3
|
||||
- network_mode: host
|
||||
- privileged: True
|
||||
|
||||
@@ -47,8 +47,14 @@ redisconfsync:
|
||||
toosmooth/so-redis:test2:
|
||||
docker_image.present
|
||||
|
||||
so-redisimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-redis:HH1.0.7
|
||||
|
||||
so-redis:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-redisimage
|
||||
- image: soshybridhunter/so-redis:HH1.0.7
|
||||
- hostname: so-redis
|
||||
- user: socore
|
||||
|
||||
@@ -18,8 +18,7 @@ soctopussync:
|
||||
# - name: docker pull --disable-content-trust=false so-soctopus:HH1.0.8
|
||||
|
||||
so-soctopus:
|
||||
docker_container.run:
|
||||
- onlyif: docker pull --disable-content-trust=false soshybridhunter/so-soctopus:HH1.0.9
|
||||
docker_container.running:
|
||||
- image: soshybridhunter/so-soctopus:HH1.0.9
|
||||
- hostname: soctopus
|
||||
- name: so-soctopus
|
||||
|
||||
@@ -70,8 +70,14 @@ suriconfigsync:
|
||||
- group: 940
|
||||
- template: jinja
|
||||
|
||||
so-suricataimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-suricata:HH1.0.8
|
||||
|
||||
so-suricata:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-suricataimage
|
||||
- image: soshybridhunter/so-suricata:HH1.0.8
|
||||
- privileged: True
|
||||
- environment:
|
||||
|
||||
@@ -56,8 +56,14 @@ wazuhagentregister:
|
||||
- mode: 755
|
||||
- template: jinja
|
||||
|
||||
so-wazuhimage:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false soshybridhunter/so-wazuh:HH1.0.7
|
||||
|
||||
so-wazuh:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-wazuhimage
|
||||
- image: soshybridhunter/so-wazuh:HH1.0.7
|
||||
- hostname: {{HOSTNAME}}-wazuh-manager
|
||||
- name: so-wazuh
|
||||
|
||||
Reference in New Issue
Block a user