CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

idh changes for web ui

Browse Source
This commit is contained in:
m0duspwnens
2023-03-22 09:38:40 -04:00
parent 1526a7de11
commit fdaf8e8c68
3 changed files with 45 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
salt/idh/defaults.yaml
View File

@@ -31,13 +31,13 @@ idh:
tcpbanner_1.keep_alive_probes: 11 tcpbanner_1.keep_alive_probes: 11
tcpbanner_1.keep_alive_interval: 300 tcpbanner_1.keep_alive_interval: 300
tcpbanner_1.keep_alive_idle: 300 tcpbanner_1.keep_alive_idle: 300
ftp.enabled: true ftp.enabled: false
ftp.port: 21 ftp.port: 21
ftp.banner: FTP server ready ftp.banner: FTP server ready
git.enabled: true git.enabled: false
git.port: 9418 git.port: 9418
http.banner: Apache/2.2.34 (Ubuntu) http.banner: Apache/2.2.34 (Ubuntu)
http.enabled: true http.enabled: false
http.port: 80 http.port: 80
http.skin: nasLogin http.skin: nasLogin
http.skinlist: http.skinlist:
@@ -45,7 +45,7 @@ idh:
name: basicLogin name: basicLogin
- desc: Synology NAS Login - desc: Synology NAS Login
name: nasLogin name: nasLogin
httpproxy.enabled: true httpproxy.enabled: false
httpproxy.port: 8080 httpproxy.port: 8080
httpproxy.skin: squid httpproxy.skin: squid
httpproxy.skinlist: httpproxy.skinlist:
@@ -53,36 +53,36 @@ idh:
name: squid name: squid
- desc: Microsoft ISA Server Web Proxy - desc: Microsoft ISA Server Web Proxy
name: ms-isa name: ms-isa
mssql.enabled: true mssql.enabled: false
mssql.version: '2012' mssql.version: '2012'
mssql.port: 1433 mssql.port: 1433
mysql.enabled: true mysql.enabled: false
mysql.port: 3306 mysql.port: 3306
mysql.banner: 5.5.43-0ubuntu0.14.04.1 mysql.banner: 5.5.43-0ubuntu0.14.04.1
ntp.enabled: true ntp.enabled: false
ntp.port: '123' ntp.port: 123
redis.enabled: true redis.enabled: false
redis.port: 6379 redis.port: 6379
sip.enabled: true sip.enabled: false
sip.port: 5060 sip.port: 5060
smb.auditfile: /var/log/samba-audit.log smb.auditfile: /var/log/samba-audit.log
smb.enabled: true smb.enabled: false
snmp.enabled: true snmp.enabled: false
snmp.port: 161 snmp.port: 161
ssh.enabled: true ssh.enabled: false
ssh.port: 22 ssh.port: 22
ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4 ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4
telnet.enabled: true telnet.enabled: false
telnet.port: '23' telnet.port: 23
telnet.banner: '' telnet.banner: ''
telnet.honeycreds: telnet.honeycreds:
- username: admin - username: admin
password: $pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA password: $pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA
- username: admin - username: admin
password: admin1 password: admin1
tftp.enabled: true tftp.enabled: false
tftp.port: 69 tftp.port: 69
vnc.enabled: true vnc.enabled: false
vnc.port: 5900 vnc.port: 5900
openssh: openssh:
enable: true enable: true

27
salt/idh/opencanary_config.map.jinja
View File

@@ -1,10 +1,33 @@
{% set idh_services = salt['pillar.get']('idh:services', []) %} {# this list of services is used to loop through and add fw rules if the service is enabled #}
{# smb is not in this list since it does not need any ports open #}
{% set idh_services = [
'ftp',
'git',
'http',
'httpproxy',
'mssql',
'mysql',
'ntp',
'redis',
'sip',
'snmp',
'ssh',
'telnet',
'tftp',
'vnc'
] %}
{% set IDH_PORTGROUPS = {} %} {% set IDH_PORTGROUPS = {} %}
{% import_yaml "idh/defaults.yaml" as IDHCONFIG with context %} {% import_yaml "idh/defaults.yaml" as IDHCONFIG with context %}
{% set OPENCANARYCONFIG = salt['pillar.get']('idh:opencanary:config', default=IDHCONFIG.idh.opencanary.config, merge=True) %} {% set OPENCANARYCONFIG = salt['pillar.get']('idh:opencanary:config', default=IDHCONFIG.idh.opencanary.config, merge=True) %}
{# update skinlist to skin.list to avoid issues with SOC UI config #}
{% set HTTPSKINLIST = OPENCANARYCONFIG.pop('http.skinlist') %}
{% set HTTPPROXYSKINLIST = OPENCANARYCONFIG.pop('httpproxy.skinlist') %}
{% do OPENCANARYCONFIG.update({'http.skin.list': HTTPSKINLIST}) %}
{% do OPENCANARYCONFIG.update({'httpproxy.skin.list': HTTPPROXYSKINLIST}) %}
{% set OPENSSH = salt['pillar.get']('idh:openssh', default=IDHCONFIG.idh.openssh, merge=True) %} {% set OPENSSH = salt['pillar.get']('idh:openssh', default=IDHCONFIG.idh.openssh, merge=True) %}
{% for service in idh_services %} {% for service in idh_services %}
@@ -13,7 +36,9 @@
{% else %} {% else %}
{% set proto = 'tcp' %} {% set proto = 'tcp' %}
{% endif %} {% endif %}
{% if OPENCANARYCONFIG[service ~ '.enabled'] %}
{% do IDH_PORTGROUPS.update({'idh_' ~ service: {proto: [OPENCANARYCONFIG[service ~ '.port']]}}) %} {% do IDH_PORTGROUPS.update({'idh_' ~ service: {proto: [OPENCANARYCONFIG[service ~ '.port']]}}) %}
{% endif %}
{% endfor %} {% endfor %}
{% do IDH_PORTGROUPS.update({'openssh': {'tcp': [OPENSSH.config.port]}}) %} {% do IDH_PORTGROUPS.update({'openssh': {'tcp': [OPENSSH.config.port]}}) %}

2
salt/idh/openssh/map.jinja
View File

@@ -1,4 +1,4 @@
{% import_yaml "idh/defaults/defaults.yaml" as idh_defaults with context %} {% import_yaml "idh/defaults.yaml" as idh_defaults with context %}
{% set openssh_map = salt['grains.filter_by']({ {% set openssh_map = salt['grains.filter_by']({
'Debian': { 'Debian': {