From f7eacc2b05c17c0b72d4956f3df54e07ef20cfc2 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Tue, 23 Jun 2020 18:47:23 +0000
Subject: [PATCH] Add FW config for Strelka frontend

---
 files/firewall/hostgroups.local.yaml       | 6 +++++-
 salt/common/tools/sbin/so-allow            | 8 ++++++++
 salt/firewall/assigned_hostgroups.map.yaml | 5 ++++-
 salt/firewall/portgroups.yaml              | 5 ++++-
 4 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/files/firewall/hostgroups.local.yaml b/files/firewall/hostgroups.local.yaml
index 9d2c4c0c7..27ad40f6e 100644
--- a/files/firewall/hostgroups.local.yaml
+++ b/files/firewall/hostgroups.local.yaml
@@ -44,6 +44,10 @@ firewall:
       ips:
         delete:
         insert:
+    strelka_frontend:
+      ips:
+        delete:
+        insert:
     syslog:
       ips:
         delete:
@@ -59,4 +63,4 @@ firewall:
     wazuh_authd:
       ips:
         delete:
-        insert:
\ No newline at end of file
+        insert:
diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow
index 82d25c25e..d273cfce5 100755
--- a/salt/common/tools/sbin/so-allow
+++ b/salt/common/tools/sbin/so-allow
@@ -38,6 +38,11 @@ do
             FULLROLE="beats_endpoint"
             SKIP=1
             ;;
+	f)
+	    FULLROLE="strelka_frontend"
+            SKIP=1
+            ;;
+
         i)  IP=$OPTARG
             ;;
         o)
@@ -72,6 +77,7 @@ if [ "$SKIP" -eq 0 ]; then
     echo ""
     echo "[a] - Analyst - ports 80/tcp and 443/tcp"
     echo "[b] - Logstash Beat - port 5044/tcp"
+    echo "[f] - Strelka frontend - port 57314/tcp"
     echo "[o] - Osquery endpoint - port 8090/tcp"
     echo "[s] - Syslog device - 514/tcp/udp"
     echo "[w] - Wazuh agent - port 1514/tcp/udp"
@@ -86,6 +92,8 @@ if [ "$SKIP" -eq 0 ]; then
         FULLROLE=analyst
     elif [ "$ROLE" == "b" ]; then
         FULLROLE=beats_endpoint
+    elif [ "$ROLE" == "f" ]; then
+        FULLROLE=strelka_frontend
     elif [ "$ROLE" == "o" ]; then
         FULLROLE=osquery_endpoint
     elif [ "$ROLE" == "w" ]; then
diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml
index beda399e7..ea7b23afb 100644
--- a/salt/firewall/assigned_hostgroups.map.yaml
+++ b/salt/firewall/assigned_hostgroups.map.yaml
@@ -52,6 +52,9 @@ role:
           osquery_endpoint:
             portgroups:
               - {{ portgroups.fleet_api }}
+          strelka_frontend:
+            portgroups:
+              - {{ portgroups.strelka_frontend }}
           syslog:
             portgroups:
               - {{ portgroups.syslog }}
@@ -466,4 +469,4 @@ role:
               - {{ portgroups.all }}
           localhost:
             portgroups:
-              - {{ portgroups.all }}
\ No newline at end of file
+              - {{ portgroups.all }}
diff --git a/salt/firewall/portgroups.yaml b/salt/firewall/portgroups.yaml
index 94dace60f..2f3d5032a 100644
--- a/salt/firewall/portgroups.yaml
+++ b/salt/firewall/portgroups.yaml
@@ -74,6 +74,9 @@ firewall:
       ssh:
         tcp:
           - 22
+      strelka_frontend:
+        tcp:
+          - 57314
       syslog:
         tcp:
           - 514
@@ -89,4 +92,4 @@ firewall:
           - 55000
       wazuh_authd:
         tcp:
-          - 1515
\ No newline at end of file
+          - 1515