CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #56 from dlee35/master

Browse Source 
add firewall rule option for osquery
This commit is contained in:
Mike Reeves
2018-12-13 13:42:13 -05:00
committed by GitHub
parent 7fd2869159 fe56e171d4
commit fdd6bcdd6b
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pillar/firewall/osquery_endpoint.sls Normal file
View File

@@ -0,0 +1,3 @@
osquery_endpoint:
- 127.0.0.1

18
salt/firewall/init.sls
View File

@@ -10,7 +10,7 @@
{% elif grains['role'] == 'so-sensor'%} {% elif grains['role'] == 'so-sensor'%}
{%- set ip = salt['pillar.get']('sensor:mainip', '') %} {%- set ip = salt['pillar.get']('node:mainip', '') %}
{% endif %} {% endif %}
@@ -347,6 +347,22 @@ enable_standard_beats_5044_{{ip}}:
{% endfor %} {% endfor %}
# Allow OSQuery Endpoints to send their traffic
{% for ip in pillar.get('osquery_endpoint') %}
enable_standard_osquery_8080_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 8080
- position: 1
- save: True
{% endfor %}
# Allow Analysts # Allow Analysts
{% for ip in pillar.get('analyst') %} {% for ip in pillar.get('analyst') %}