CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9861 from Security-Onion-Solutions/somefixes2

Browse Source 
Somefixes2
This commit is contained in:
Josh Patterson
2023-02-27 13:14:08 -05:00
committed by GitHub
parent dd8f6a460b 44ed48033c
commit fb5aad34e0
2 changed files with 28 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
salt/firewall/containers.map.jinja
View File

@@ -22,9 +22,8 @@
'so-strelka-manager', 'so-strelka-manager',
'so-strelka-filestream' 'so-strelka-filestream'
] %} ] %}
{% endif %}
{% if GLOBALS.role == 'so-manager' or GLOBALS.role == 'so-standalone' or GLOBALS.role == 'so-managersearch' %} {% elif GLOBALS.role == 'so-manager' or GLOBALS.role == 'so-standalone' or GLOBALS.role == 'so-managersearch' %}
{% set NODE_CONTAINERS = [ {% set NODE_CONTAINERS = [
'so-curator', 'so-curator',
'so-dockerregistry', 'so-dockerregistry',
@@ -47,17 +46,15 @@
'so-strelka-manager', 'so-strelka-manager',
'so-strelka-filestream' 'so-strelka-filestream'
] %} ] %}
{% endif %}
{% if GLOBALS.role == 'so-searchnode' %} {% elif GLOBALS.role == 'so-searchnode' %}
{% set NODE_CONTAINERS = [ {% set NODE_CONTAINERS = [
'so-elasticsearch', 'so-elasticsearch',
'so-logstash', 'so-logstash',
'so-nginx' 'so-nginx'
] %} ] %}
{% endif %}
{% if GLOBALS.role == 'so-heavynode' %} {% elif GLOBALS.role == 'so-heavynode' %}
{% set NODE_CONTAINERS = [ {% set NODE_CONTAINERS = [
'so-curator', 'so-curator',
'so-elasticsearch', 'so-elasticsearch',
@@ -71,9 +68,8 @@
'so-strelka-manager', 'so-strelka-manager',
'so-strelka-filestream' 'so-strelka-filestream'
] %} ] %}
{% endif %}
{% if GLOBALS.role == 'so-import' %} {% elif GLOBALS.role == 'so-import' %}
{% set NODE_CONTAINERS = [ {% set NODE_CONTAINERS = [
'so-dockerregistry', 'so-dockerregistry',
'so-elasticsearch', 'so-elasticsearch',
@@ -85,17 +81,22 @@
'so-nginx', 'so-nginx',
'so-soc' 'so-soc'
] %} ] %}
{% endif %}
{% if GLOBALS.role == 'so-receiver' %} {% elif GLOBALS.role == 'so-receiver' %}
{% set NODE_CONTAINERS = [ {% set NODE_CONTAINERS = [
'so-logstash', 'so-logstash',
'so-redis', 'so-redis',
] %} ] %}
{% endif %}
{% if GLOBALS.role == 'so-idh' %} {% elif GLOBALS.role == 'so-idh' %}
{% set NODE_CONTAINERS = [ {% set NODE_CONTAINERS = [
'so-idh', 'so-idh',
] %} ] %}
{% elif GLOBALS.role == 'so-sensor' %}
{% set NODE_CONTAINERS = [] %}
{% else %}
{% set NODE_CONTAINERS = [] %}
{% endif %} {% endif %}

20
salt/firewall/init.sls
View File

@@ -1,11 +1,6 @@
{% from 'allowed_states.map.jinja' import allowed_states %} {% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls in allowed_states %} {% if sls in allowed_states %}
disable_firewalld:
service.dead:
- name: firewalld
- enable: False
create_sysconfig_iptables: create_sysconfig_iptables:
file.touch: file.touch:
- name: /etc/sysconfig/iptables - name: /etc/sysconfig/iptables
@@ -18,10 +13,25 @@ iptables_config:
- source: salt://firewall/iptables.jinja - source: salt://firewall/iptables.jinja
- template: jinja - template: jinja
disable_firewalld:
service.dead:
- name: firewalld
- enable: False
- require:
- file: iptables_config
iptables_restore: iptables_restore:
cmd.run: cmd.run:
- name: iptables-restore < /etc/sysconfig/iptables - name: iptables-restore < /etc/sysconfig/iptables
enable_firewalld:
service.running:
- name: firewalld
- enable: True
- onfail:
- file: iptables_config
- cmd: iptables_restore
{% else %} {% else %}
{{sls}}_state_not_allowed: {{sls}}_state_not_allowed: