CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-26 14:37:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

change from default to local - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/749

Browse Source
This commit is contained in:
m0duspwnens
2020-05-26 11:59:00 -04:00
parent b24654002b
commit fafb469b5c
14 changed files with 71 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/common/tools/sbin/so-allow
+3 -1
View File
@@ -18,6 +18,8 @@
. /usr/sbin/so-common
default_salt_dir=/opt/so/saltstack/default
local_salt_dir=/opt/so/saltstack/local
SKIP=0
while getopts "abowi:" OPTION
@@ -84,7 +86,7 @@ echo "Adding $IP to the $FULLROLE role. This can take a few seconds"
$default_salt_dir/pillar/firewall/addfirewall.sh $FULLROLE $IP
# Check if Wazuh enabled
if grep -q -R "wazuh: 1" $default_salt_dir/pillar/*; then
if grep -q -R "wazuh: 1" $local_salt_dir/pillar/*; then
# If analyst, add to Wazuh AR whitelist
if [ "$FULLROLE" == "analyst" ]; then
WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
salt/common/tools/sbin/so-bro-logs
+4 -4
View File
@@ -1,12 +1,12 @@
#!/bin/bash
default_salt_dir=/opt/so/saltstack/default
local_salt_dir=/opt/so/saltstack/local
bro_logs_enabled() {
echo "brologs:" > $default_salt_dir/pillar/brologs.sls
echo " enabled:" >> $default_salt_dir/pillar/brologs.sls
echo "brologs:" > $local_salt_dir/pillar/brologs.sls
echo " enabled:" >> $local_salt_dir/pillar/brologs.sls
for BLOG in ${BLOGS[@]}; do
echo " - $BLOG" | tr -d '"' >> $default_salt_dir/pillar/brologs.sls
echo " - $BLOG" | tr -d '"' >> $local_salt_dir/pillar/brologs.sls
done
}
salt/common/tools/sbin/so-features-enable
+3 -3
View File
@@ -15,11 +15,11 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
. /usr/sbin/so-common
default_salt_dir=/opt/so/saltstack/default
local_salt_dir=/opt/so/saltstack/local
VERSION=$(grep soversion $default_salt_dir/pillar/static.sls | cut -d':' -f2|sed 's/ //g')
VERSION=$(grep soversion $local_salt_dir/pillar/static.sls | cut -d':' -f2|sed 's/ //g')
# Modify static.sls to enable Features
sed -i 's/features: False/features: True/' $default_salt_dir/pillar/static.sls
sed -i 's/features: False/features: True/' $local_salt_dir/pillar/static.sls
SUFFIX="-features"
TRUSTED_CONTAINERS=( \
"so-elasticsearch:$VERSION$SUFFIX" \
salt/common/tools/sbin/so-helix-apikey
+3 -3
View File
@@ -1,6 +1,6 @@
#!/bin/bash
default_salt_dir=/opt/so/saltstack/default
local_salt_dir=/opt/so/saltstack/local
got_root() {
@@ -13,13 +13,13 @@ got_root() {
}
got_root
if [ ! -f $default_salt_dir/pillar/fireeye/init.sls ]; then
if [ ! -f $local_salt_dir/pillar/fireeye/init.sls ]; then
echo "This is nto configured for Helix Mode. Please re-install."
exit
else
echo "Enter your Helix API Key: "
read APIKEY
sed -i "s/^ api_key.*/ api_key: $APIKEY/g" $default_salt_dir/pillar/fireeye/init.sls
sed -i "s/^ api_key.*/ api_key: $APIKEY/g" $local_salt_dir/pillar/fireeye/init.sls
docker stop so-logstash
docker rm so-logstash
echo "Restarting Logstash for updated key"