CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

docker binds requires

Browse Source
This commit is contained in:
m0duspwnens
2021-10-21 15:24:55 -04:00
parent 8784d65023
commit f93c6146f5
5 changed files with 33 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/ca/init.sls
View File

@@ -24,8 +24,9 @@ pki_private_key:
- x509: /etc/pki/ca.crt - x509: /etc/pki/ca.crt
{%- endif %} {%- endif %}
/etc/pki/ca.crt: pki_public_ca_crt:
x509.certificate_managed: x509.certificate_managed:
- name: /etc/pki/ca.crt
- signing_private_key: /etc/pki/ca.key - signing_private_key: /etc/pki/ca.key
- CN: {{ manager }} - CN: {{ manager }}
- C: US - C: US
@@ -66,4 +67,4 @@ cakeyperms:
test.fail_without_changes: test.fail_without_changes:
- name: {{sls}}_state_not_allowed - name: {{sls}}_state_not_allowed
{% endif %} {% endif %}

4
salt/domainstats/init.sls
View File

@@ -53,6 +53,8 @@ so-domainstats:
- user: domainstats - user: domainstats
- binds: - binds:
- /opt/so/log/domainstats:/var/log/domain_stats - /opt/so/log/domainstats:/var/log/domain_stats
- require:
- file: dstatslogdir
append_so-domainstats_so-status.conf: append_so-domainstats_so-status.conf:
file.append: file.append:
@@ -65,4 +67,4 @@ append_so-domainstats_so-status.conf:
test.fail_without_changes: test.fail_without_changes:
- name: {{sls}}_state_not_allowed - name: {{sls}}_state_not_allowed
{% endif %} {% endif %}

4
salt/elastalert/init.sls
View File

@@ -122,6 +122,10 @@ so-elastalert:
- {{MANAGER_URL}}:{{MANAGER_IP}} - {{MANAGER_URL}}:{{MANAGER_IP}}
- require: - require:
- cmd: wait_for_elasticsearch - cmd: wait_for_elasticsearch
- file: elastarules
- file: elastalogdir
- file: elastacustmodulesdir
- file: elastaconf
- watch: - watch:
- file: elastaconf - file: elastaconf

21
salt/elasticsearch/init.sls
View File

@@ -15,7 +15,8 @@
{% from 'allowed_states.map.jinja' import allowed_states %} {% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls in allowed_states %} {% if sls in allowed_states %}
include:
- ssl
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -280,6 +281,24 @@ so-elasticsearch:
- file: esyml - file: esyml
- file: esingestconf - file: esingestconf
- file: so-elasticsearch-pipelines-file - file: so-elasticsearch-pipelines-file
- require:
- file: esyml
- file: eslog4jfile
- file: nsmesdir
- file: eslogdir
- file: cacertz
- file: /etc/pki/elasticsearch.crt
- file: /etc/pki/elasticsearch.key
- file: elasticp12perms
{% if ismanager %}
- file: pki_public_ca_crt
{% else %}
- file: trusttheca
{% endif %}
{% if salt['pillar.get']('elasticsearch:auth:enabled', False) %}
- cmd: auth_users_roles_inode
- cmd: auth_users_inode
{% endif %}
append_so-elasticsearch_so-status.conf: append_so-elasticsearch_so-status.conf:
file.append: file.append:

3
salt/ssl/init.sls
View File

@@ -30,6 +30,9 @@
{% set ca_server = global_ca_server[0] %} {% set ca_server = global_ca_server[0] %}
{% endif %} {% endif %}
include:
- ca
# Trust the CA # Trust the CA
trusttheca: trusttheca:
x509.pem_managed: x509.pem_managed: