From f3f531afd2d2c5a3a641e8b252f235b581f7c97f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 6 Mar 2018 09:41:46 -0500 Subject: [PATCH] Bro Salt Module - add file syncs --- salt/bro/files/local.bro | 2 +- salt/bro/files/node.cfg | 22 ++++++++++--- salt/bro/init.sls | 69 ++++++++++++++++++++++++++-------------- salt/top.sls | 1 + 4 files changed, 66 insertions(+), 28 deletions(-) diff --git a/salt/bro/files/local.bro b/salt/bro/files/local.bro index 89d3b9808..f17a4c611 100644 --- a/salt/bro/files/local.bro +++ b/salt/bro/files/local.bro @@ -122,7 +122,7 @@ @load securityonion/shellshock ############################# -## End SO Scrips Section ## +## End SO Scripts Section ## ############################# ############################# diff --git a/salt/bro/files/node.cfg b/salt/bro/files/node.cfg index c9a0a5665..461c84ad9 100644 --- a/salt/bro/files/node.cfg +++ b/salt/bro/files/node.cfg @@ -1,19 +1,33 @@ -{%- set interface = salt['pillar.get'](sensor:interface) %} -{%- set lbprocs = salt['pillar.get'](sensor:lbprocs) %} +{%- set interface = salt['pillar.get']('sensor:interface', '') %} + +{%- if salt['pillar.get']('sensor:bro_pins')|length > 1 %} +{%- if salt['pillar.get']('sensor:bro_proxies'|length > 1) %} + {%- set proxies = salt['pillar.get']('sensor:bro_proxies') %} +{%- else %} + {%- set proxies = (salt['pillar.get']('sensor:bro_pins')|length/10)|round(0, 'ceil')|int %} +{%- endif %} [manager] type=manager host=localhost -[proxy] +{%- for demproxies in range(proxies) %} +[proxy-{{ demproxies }}] type=proxy host=localhost -[sotest-eth1] +[worker-1] type=worker host=localhost interface=af_packet::{{ interface }} lb_method=custom +{%- if salt['pillar.get']('sensor:bro_lbprocs'|length > 1) %} lb_procs={{ lbprocs }} +{%- else %} +lb_procs={{ salt['pillar.get']('sensor:bro_pins')|length }} +{%- endif %} +{%- if salt['pillar.get']('sensor:bro_pins'|length > 1) %} +pin_cpus={{ salt['pillar.get']('sensor:bro_pins')|join(", ") }} +{%- endif %} af_packet_fanout_id=23 af_packet_fanout_mode=AF_Packet::FANOUT_HASH af_packet_buffer_size=128*1024*1024 diff --git a/salt/bro/init.sls b/salt/bro/init.sls index cca953e7b..6fedeb668 100644 --- a/salt/bro/init.sls +++ b/salt/bro/init.sls @@ -6,30 +6,53 @@ bro: - gid: 937 - home: /home/bro -file.directory: - - name: /opt/so/conf/bro - - user: 937 - - group: 939 +# Create some directories +bropolicydir: + file.directory: + - name: /opt/so/conf/bro/policy + - user: 937 + - group: 939 + - makedirs: True -file.directory: - - name: /opt/so/conf/bro/policy - - user: 937 - - group: 939 +# Sync the policies +bropolicysync: + file.recurse: + - name: /opt/so/conf/bro/policy + - source: salt://bro/policy + - user: 937 + - group: 939 + - template: jinja +# Sync local.bro +localbrosync: + file.managed: + - name: /opt/so/conf/bro/local.bro + - source: salt://bro/files/local.bro + - user: 937 + - group: 939 + - template: jinja + +# Sync node.cfg +nodecfgsync: + file.managed: + - name: /opt/so/conf/bro/node.cfg + - source: salt://bro/files/node.config + - user: 937 + - group: 939 + - template: jinja + # Add the container -so-bro: - dockerng.running: - - image: {{ dockerrepo }}/so-bro:{{ broversion }} - - hostname: bro - - user: bro - - priviledged: true - - binds: - - /nsm/bro/logs:/nsm/bro/logs:rw - - /nsm/bro/spool:/nsm/bro/spool:rw - - /opt/so/conf/bro/etc:/opt/bro/etc:ro - - /opt/so/conf/bro/etc/node.cfg:/opt/bro/etc/node.cfg:ro - - /opt/so/conf/share/bro:/opt/bro/share/bro:ro - - network_mode: host - -# Add Bro cron +#so-bro: +# dockerng.running: +# - image: {{ dockerrepo }}/so-bro:{{ broversion }} +# - hostname: bro +# - user: bro +# - priviledged: true +# - binds: +# - /nsm/bro/logs:/nsm/bro/logs:rw +# - /nsm/bro/spool:/nsm/bro/spool:rw +# - /opt/so/conf/bro/etc:/opt/bro/etc:ro +# - /opt/so/conf/bro/etc/node.cfg:/opt/bro/etc/node.cfg:ro +# - /opt/so/conf/share/bro:/opt/bro/share/bro:ro +# - network_mode: host diff --git a/salt/top.sls b/salt/top.sls index 896d4b800..71d7c15d7 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -3,6 +3,7 @@ base: - common - pcap - suricata + - bro 'G@role:eval': - common