CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove preconfigured zeeklog + create it during setup

Browse Source
This commit is contained in:
William Wernert
2020-09-28 15:12:36 -04:00
parent 66b7678df8
commit f782299281
4 changed files with 42 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
pillar/zeeklogs.sls
View File

@@ -1,42 +0,0 @@
zeeklogs:
enabled:
- conn
- dce_rpc
- dhcp
- dhcpv6
- dnp3
- dns
- dpd
- files
- ftp
- http
- intel
- irc
- kerberos
- modbus
- mqtt
- notice
- ntlm
- openvpn
- pe
- radius
- rfb
- rdp
- signatures
- sip
- smb_files
- smb_mapping
- smtp
- snmp
- software
- ssh
- ssl
- syslog
- telnet
- tunnel
- weird
- mysql
- socks
- x509
disabled:

92
setup/so-functions
View File

@@ -1111,8 +1111,6 @@ manager_pillar() {
" kratoskey: $KRATOSKEY"\
"" >> "$pillar_file"
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$pillar_file" >> "$setup_log" 2>&1
}
manager_global() {
@@ -1318,8 +1316,6 @@ elasticsearch_pillar() {
" lsheap: $NODE_LS_HEAP_SIZE"\
"" >> "$pillar_file"
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$pillar_file" >> "$setup_log" 2>&1
}
parse_install_username() {
@@ -1339,9 +1335,6 @@ patch_pillar() {
" splay: 300"\
"" >> "$pillar_file"
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$pillar_file" >> "$setup_log" 2>&1
}
patch_schedule_os_new() {
@@ -1364,8 +1357,6 @@ patch_schedule_os_new() {
done
done
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$OSPATCHSCHEDULE" >> "$setup_log" 2>&1
}
print_salt_state_apply() {
@@ -1738,8 +1729,6 @@ sensor_pillar() {
echo " hnsensor: $HNSENSOR" >> "$pillar_file"
fi
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$pillar_file" >> "$setup_log" 2>&1
}
set_default_log_size() {
@@ -2023,7 +2012,7 @@ es_heapsize() {
zeek_logs_enabled() {
echo "Enabling Zeek Logs" >> "$setup_log" 2>&1
local zeeklogs_pillar=./pillar/zeeklogs.sls
local zeeklogs_pillar=$local_salt_dir/pillar/zeeklogs.sls
printf '%s\n'\
"zeeklogs:"\
@@ -2035,44 +2024,44 @@ zeek_logs_enabled() {
done
elif [ "$install_type" == "EVAL" ] || [ "$install_type" == "IMPORT" ]; then
printf '%s\n'\
" - conn"\
" - dce_rpc"\
" - dhcp"\
" - dhcpv6"\
" - dnp3"\
" - dns"\
" - dpd"\
" - files"\
" - ftp"\
" - http"\
" - intel"\
" - irc"\
" - kerberos"\
" - modbus"\
" - mqtt"\
" - notice"\
" - ntlm"\
" - openvpn"\
" - pe"\
" - radius"\
" - rfb"\
" - rdp"\
" - signatures"\
" - sip"\
" - smb_files"\
" - smb_mapping"\
" - smtp"\
" - snmp"\
" - software"\
" - ssh"\
" - ssl"\
" - syslog"\
" - telnet"\
" - tunnel"\
" - weird"\
" - mysql"\
" - socks"\
" - x509" >> "$zeeklogs_pillar"
" - conn"\
" - dce_rpc"\
" - dhcp"\
" - dhcpv6"\
" - dnp3"\
" - dns"\
" - dpd"\
" - files"\
" - ftp"\
" - http"\
" - intel"\
" - irc"\
" - kerberos"\
" - modbus"\
" - mqtt"\
" - notice"\
" - ntlm"\
" - openvpn"\
" - pe"\
" - radius"\
" - rfb"\
" - rdp"\
" - signatures"\
" - sip"\
" - smb_files"\
" - smb_mapping"\
" - smtp"\
" - snmp"\
" - software"\
" - ssh"\
" - ssl"\
" - syslog"\
" - telnet"\
" - tunnel"\
" - weird"\
" - mysql"\
" - socks"\
" - x509" >> "$zeeklogs_pillar"
# Disable syslog log by default
else
printf '%s\n'\
@@ -2114,7 +2103,4 @@ zeek_logs_enabled() {
" - socks"\
" - x509" >> "$zeeklogs_pillar"
fi
printf '%s\n' '----' >> "$setup_log" 2>&1
cat "$zeeklogs_pillar" >> "$setup_log" 2>&1
}

1
setup/so-setup
View File

@@ -617,6 +617,7 @@ fi
salt-call state.apply -l info suricata >> $setup_log 2>&1
set_progress_str 67 "$(print_salt_state_apply 'zeek')"
zeek_logs_enabled >> $setup_log 2>&1
salt-call state.apply -l info zeek >> $setup_log 2>&1
fi

2
setup/so-variables
View File

@@ -54,8 +54,10 @@ export percentage_str='Getting started'
export DEBIAN_FRONTEND=noninteractive
export default_salt_dir=/opt/so/saltstack/default
mkdir -p "$default_salt_dir"
export local_salt_dir=/opt/so/saltstack/local
mkdir -p "$local_salt_dir"
SCRIPTDIR=$(cd "$(dirname "$0")" && pwd)
export SCRIPTDIR