Added new soc-related saltstack files.

salt/soc/files/kratos/kratos.yaml

@@ -0,0 +1,78 @@
+{%- set WEBACCESS = salt['pillar.get']('kratos:redirect', '') -%}
+{%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
+
+selfservice:
+  strategies:
+    password:
+      enabled: true
+
+  verify:
+    return_to: https://{{ WEBACCESS }}/
+
+  logout:
+    redirect_to: https://{{ WEBACCESS }}/login/
+
+  login:
+    request_lifespan: 10m
+    after:
+      password:
+        -
+          job: session
+        -
+          job: redirect
+          config:
+            default_redirect_url: https://{{ WEBACCESS }}/
+            allow_user_defined_redirect: true
+
+  registration:
+    request_lifespan: 10m
+    after:
+      password:
+        -
+          job: verify
+        -
+          job: session
+        -
+          job: redirect
+          config:
+            default_redirect_url: https://{{ WEBACCESS }}/
+            allow_user_defined_redirect: true
+
+log:
+  level: debug
+  format: json
+
+secrets:
+  session:
+    - {{ KRATOSKEY }}
+
+urls:
+  login_ui: https://{{ WEBACCESS }}/login/
+  registration_ui: https://{{ WEBACCESS }}/login/
+  error_ui: https://{{ WEBACCESS }}/login/
+  profile_ui: https://{{ WEBACCESS }}/
+  verify_ui: https://{{ WEBACCESS }}/
+  mfa_ui: https://{{ WEBACCESS }}/
+
+  self:
+    public: https://{{ WEBACCESS }}/auth/
+    admin: https://{{ WEBACCESS }}/kratos/
+  default_return_to: https://{{ WEBACCESS }}/
+  whitelisted_return_to_domains:
+    - http://127.0.0.1
+
+hashers:
+  argon2:
+    parallelism: 2
+    memory: 16384
+    iterations: 3
+    salt_length: 16
+    key_length: 32
+
+identity:
+  traits:
+    default_schema_url: file:///kratos-conf/schema.json
+
+courier:
+  smtp:
+    connection_uri: smtps://{{ WEBACCESS }}:25

salt/soc/files/kratos/schema.json

@@ -0,0 +1,28 @@
+{
+    "$id": "securityonion.schema.json",
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "title": "Person",
+    "type": "object",
+    "properties": {
+      "email": {
+        "type": "string",
+        "format": "email",
+        "title": "E-Mail",
+        "minLength": 6,
+        "ory.sh/kratos": {
+          "credentials": {
+            "password": {
+              "identifier": true
+            }
+          },
+          "verification": {
+            "via": "email"
+          }
+        }
+      }
+    },
+    "required": [
+      "email"
+    ],
+    "additionalProperties": false
+  }

salt/soc/files/soc/changes.json

@@ -0,0 +1,23 @@
+{
+  "title": "Introducing Hybrid Hunter 1.2.1 Beta",
+  "changes": [
+    { "summary": "New authentication framework" },
+    { "summary": "New Logstash pipeline setup. Now uses multiple pipelines." },
+    { "summary": "New Master + Search node type and well as a Heavy Node type in the install." },
+    { "summary": "Change all nodes to point to the docker registry on the Master. This cuts down on the calls to dockerhub." },
+    { "summary": "Upgraded to Zeek 3.0" },
+    { "summary": "Upgraded to Elastic 7.6" },
+    { "summary": "New SO Start | Stop | Restart scripts for all components (eg. `so-playbook-restart`)." },
+    { "summary": "BPF support for Suricata (NIDS), Steno (PCAP) & Zeek (<a target='new' href='https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/BPF'>More Info</a>)." },
+    { "summary": "Updated Domain Stats & Frequency Server containers to Python3 & created new Salt states for them." },
+    { "summary": "Added so-status script which gives an easy to read look at container status." },
+    { "summary": "Manage threshold.conf for Suricata using the thresholding pillar." },
+    { "summary": "The ISO now includes all the docker containers for faster install speeds." },
+    { "summary": "You now set the password for the onion account during the iso install. This account is temporary and will be removed after so-setup." },
+    { "summary": "Updated Helix parsers for better compatibility." },
+    { "summary": "Updated telegraf docker to include curl and jq." },
+    { "summary": "CVE-2020-0601 Zeek Detection Script." },
+    { "summary": "ISO Install now prompts you to create a password for the onion user during imaging. This account gets disabled during setup." },
+    { "summary": "Check out the Hybrid Hunter Quick Start Guide." }
+  ]
+}

salt/soc/files/soc/soc.json

@@ -0,0 +1,26 @@
+{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
+{%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
+{
+  "logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
+  "server": {
+    "bindAddress": "0.0.0.0:9822",
+    "baseUrl": "/",
+    "maxPacketCount": 5000,
+    "htmlDir": "html",
+    "modules": {
+      "filedatastore": {
+        "jobDir": "jobs"
+      },
+      "securityonion": {
+        "elasticsearchHost": "http://{{ MASTERIP }}:9200",
+        "elasticsearchUsername": "",
+        "elasticsearchPassword": "",
+        "elasticsearchVerifyCert": false
+      },
+      "statickeyauth": {
+        "anonymousCidr": "172.17.0.0/24",
+        "apiKey": "{{ SENSORONIKEY }}"
+      }
+    }
+  }
+}