CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add FW config for Strelka frontend

Browse Source
This commit is contained in:
Wes Lambert
2020-06-23 18:47:23 +00:00
parent 685e3048ac
commit f7eacc2b05
4 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
files/firewall/hostgroups.local.yaml
View File

@@ -44,6 +44,10 @@ firewall:
ips:
delete:
insert:
strelka_frontend:
ips:
delete:
insert:
syslog:
ips:
delete:
@@ -59,4 +63,4 @@ firewall:
wazuh_authd:
ips:
delete:
insert:
insert:

8
salt/common/tools/sbin/so-allow
View File

@@ -38,6 +38,11 @@ do
FULLROLE="beats_endpoint"
SKIP=1
;;
f)
FULLROLE="strelka_frontend"
SKIP=1
;;
i) IP=$OPTARG
;;
o)
@@ -72,6 +77,7 @@ if [ "$SKIP" -eq 0 ]; then
echo ""
echo "[a] - Analyst - ports 80/tcp and 443/tcp"
echo "[b] - Logstash Beat - port 5044/tcp"
echo "[f] - Strelka frontend - port 57314/tcp"
echo "[o] - Osquery endpoint - port 8090/tcp"
echo "[s] - Syslog device - 514/tcp/udp"
echo "[w] - Wazuh agent - port 1514/tcp/udp"
@@ -86,6 +92,8 @@ if [ "$SKIP" -eq 0 ]; then
FULLROLE=analyst
elif [ "$ROLE" == "b" ]; then
FULLROLE=beats_endpoint
elif [ "$ROLE" == "f" ]; then
FULLROLE=strelka_frontend
elif [ "$ROLE" == "o" ]; then
FULLROLE=osquery_endpoint
elif [ "$ROLE" == "w" ]; then

5
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -52,6 +52,9 @@ role:
osquery_endpoint:
portgroups:
- {{ portgroups.fleet_api }}
strelka_frontend:
portgroups:
- {{ portgroups.strelka_frontend }}
syslog:
portgroups:
- {{ portgroups.syslog }}
@@ -466,4 +469,4 @@ role:
- {{ portgroups.all }}
localhost:
portgroups:
- {{ portgroups.all }}
- {{ portgroups.all }}

5
salt/firewall/portgroups.yaml
View File

@@ -74,6 +74,9 @@ firewall:
ssh:
tcp:
- 22
strelka_frontend:
tcp:
- 57314
syslog:
tcp:
- 514
@@ -89,4 +92,4 @@ firewall:
- 55000
wazuh_authd:
tcp:
- 1515
- 1515