CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/2.4/dev' into iptables

Browse Source
This commit is contained in:
m0duspwnens
2023-07-26 16:32:03 -04:00
parent 373298430b 4a18eb02f3
commit fe9b934af6
12 changed files with 1071 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files

851
salt/desktop/packages.sls
View File

@@ -1,170 +1,279 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{# we only want this state to run it is CentOS #} {# we only want this state to run it is CentOS #}
{% if GLOBALS.os == 'Rocky' %} {% if GLOBALS.os == 'OEL' %}
desktop_packages: desktop_packages:
pkg.installed: pkg.installed:
- pkgs: - pkgs:
- ModemManager
- ModemManager-glib
- NetworkManager - NetworkManager
- NetworkManager-adsl - NetworkManager-adsl
- NetworkManager-bluetooth - NetworkManager-bluetooth
- NetworkManager-l2tp-gnome - NetworkManager-config-server
- NetworkManager-libreswan-gnome - NetworkManager-libnm
- NetworkManager-openconnect-gnome
- NetworkManager-openvpn-gnome
- NetworkManager-ppp
- NetworkManager-pptp-gnome
- NetworkManager-team - NetworkManager-team
- NetworkManager-tui - NetworkManager-tui
- NetworkManager-wifi - NetworkManager-wifi
- NetworkManager-wwan - NetworkManager-wwan
- PackageKit
- PackageKit-command-not-found
- PackageKit-glib
- PackageKit-gstreamer-plugin - PackageKit-gstreamer-plugin
- aajohan-comfortaa-fonts - PackageKit-gtk3-module
- abattis-cantarell-fonts
- acl
- alsa-ucm
- alsa-utils
- anaconda
- anaconda-install-env-deps
- anaconda-live
- at
- attr
- audit - audit
- audit-libs
- authselect - authselect
- authselect-libs
- avahi
- avahi-glib
- avahi-libs
- baobab
- basesystem - basesystem
- bash
- bash-completion
- bc - bc
- blktrace - bcache-tools
- bluez - bluez
- bluez-libs
- bluez-obexd
- bolt - bolt
- bpftool
- bzip2 - bzip2
- bzip2-libs
- c-ares
- ca-certificates
- cairo
- cairo-gobject
- cairomm
- checkpolicy
- cheese
- cheese-libs
- chkconfig - chkconfig
- chromium - chrome-gnome-shell
- chrony - clutter
- cinnamon - clutter-gst3
- cinnamon-control-center - clutter-gtk
- cinnamon-screensaver - cogl
- cockpit - color-filesystem
- coreutils - colord
- cpio - colord-gtk
- cronie - colord-libs
- crontabs - conmon
- crypto-policies - cups
- crypto-policies-scripts - cups-client
- cryptsetup - cups-filesystem
- curl - cups-filters
- cyrus-sasl-plain - cups-filters-libs
- dbus - cups-ipptool
- cups-libs
- cups-pk-helper
- dconf
- dejavu-sans-fonts - dejavu-sans-fonts
- dejavu-sans-mono-fonts - dejavu-sans-mono-fonts
- dejavu-serif-fonts - dejavu-serif-fonts
- dnf - desktop-file-utils
- dnf-plugins-core - evolution-data-server
- dos2unix - evolution-data-server-langpacks
- dosfstools - firefox
- dracut-config-rescue - flac-libs
- dracut-live - flashrom
- dsniff - flatpak
- e2fsprogs - flatpak-libs
- ed - flatpak-selinux
- efi-filesystem - flatpak-session-helper
- efibootmgr - fontconfig
- efivar-libs - fonts-filesystem
- eom - foomatic
- ethtool - foomatic-db
- f36-backgrounds-extras-gnome - foomatic-db-filesystem
- f36-backgrounds-gnome - foomatic-db-ppds
- f37-backgrounds-extras-gnome - freetype
- f37-backgrounds-gnome - fuse
- file - fuse-common
- filesystem - fuse-libs
- firewall-config - fuse-overlayfs
- firewalld - fuse3
- fprintd-pam - fuse3-libs
- git - fwupd
- glibc - fwupd-plugin-flashrom
- glibc-all-langpacks - gcr
- gcr-base
- gd
- gdbm-libs
- gdisk
- gdk-pixbuf2
- gdk-pixbuf2-modules
- gdm
- gedit
- geoclue2
- geoclue2-libs
- geocode-glib
- gettext
- gettext-libs
- ghostscript
- ghostscript-tools-fonts
- ghostscript-tools-printing
- giflib
- glx-utils
- gmp
- gnome-autoar
- gnome-bluetooth
- gnome-bluetooth-libs
- gnome-calculator - gnome-calculator
- gnome-characters
- gnome-classic-session
- gnome-color-manager
- gnome-control-center
- gnome-control-center-filesystem
- gnome-desktop3
- gnome-disk-utility - gnome-disk-utility
- gnome-font-viewer
- gnome-initial-setup
- gnome-keyring
- gnome-keyring-pam
- gnome-logs
- gnome-menus
- gnome-online-accounts
- gnome-remote-desktop
- gnome-screenshot - gnome-screenshot
- gnome-session
- gnome-session-wayland-session
- gnome-session-xsession
- gnome-settings-daemon
- gnome-shell
- gnome-shell-extension-apps-menu
- gnome-shell-extension-background-logo
- gnome-shell-extension-common
- gnome-shell-extension-desktop-icons
- gnome-shell-extension-launch-new-instance
- gnome-shell-extension-places-menu
- gnome-shell-extension-window-list
- gnome-software
- gnome-system-monitor - gnome-system-monitor
- gnome-terminal - gnome-terminal
- gnupg2 - gnome-terminal-nautilus
- gnome-tour
- gnome-user-docs
- gnome-video-effects
- gobject-introspection
- gom
- google-droid-sans-fonts
- google-noto-cjk-fonts-common
- google-noto-emoji-color-fonts - google-noto-emoji-color-fonts
- google-noto-fonts-common
- google-noto-sans-cjk-ttc-fonts - google-noto-sans-cjk-ttc-fonts
- google-noto-sans-gurmukhi-fonts - google-noto-sans-gurmukhi-fonts
- google-noto-sans-sinhala-vf-fonts - google-noto-sans-sinhala-vf-fonts
- google-noto-serif-cjk-ttc-fonts - google-noto-serif-cjk-ttc-fonts
- grub2-common - gpgme
- grub2-pc-modules - gpm-libs
- grub2-tools - graphene
- grub2-tools-efi - graphite2
- grub2-tools-extra - gsettings-desktop-schemas
- grub2-tools-minimal - gsm
- grubby - gsound
- gspell
- gstreamer1
- gstreamer1-plugins-bad-free - gstreamer1-plugins-bad-free
- gstreamer1-plugins-base
- gstreamer1-plugins-good - gstreamer1-plugins-good
- gstreamer1-plugins-good-gtk
- gstreamer1-plugins-ugly-free - gstreamer1-plugins-ugly-free
- gtk-update-icon-cache
- gtk3
- gtk4
- gtkmm30
- gtksourceview4
- gutenprint
- gutenprint-cups
- gutenprint-doc
- gutenprint-libs
- gvfs
- gvfs-client
- gvfs-fuse
- gvfs-goa
- gvfs-gphoto2 - gvfs-gphoto2
- gvfs-mtp - gvfs-mtp
- gvfs-smb - gvfs-smb
- hostname - gzip
- hyperv-daemons - harfbuzz
- ibus-anthy - harfbuzz-icu
- ibus-hangul - hdparm
- ibus-libpinyin - hicolor-icon-theme
- ibus-libzhuyin - highcontrast-icon-theme
- ibus-m17n - hplip-common
- ibus-typing-booster - hplip-libs
- imsettings-systemd - hunspell
- initial-setup-gui - hunspell-en
- initscripts - hunspell-en-GB
- hunspell-en-US
- hunspell-filesystem
- hyphen
- ibus
- ibus-gtk3
- ibus-libs
- ibus-setup
- iio-sensor-proxy
- ima-evm-utils
- inih
- initscripts-rename-device - initscripts-rename-device
- iproute - initscripts-service
- iproute-tc - iso-codes
- iprutils - jansson
- iputils - jbig2dec-libs
- irqbalance - jbigkit-libs
- iwl100-firmware
- iwl1000-firmware
- iwl105-firmware
- iwl135-firmware
- iwl2000-firmware
- iwl2030-firmware
- iwl3160-firmware
- iwl5000-firmware
- iwl5150-firmware
- iwl6000g2a-firmware
- iwl6000g2b-firmware
- iwl6050-firmware
- iwl7260-firmware
- jomolhari-fonts - jomolhari-fonts
- jose
- jq
- json-c
- json-glib
- julietaula-montserrat-fonts - julietaula-montserrat-fonts
- kbd - kbd
- kernel - kbd-misc
- kernel-modules
- kernel-modules-extra
- kernel-tools
- kexec-tools
- khmer-os-system-fonts - khmer-os-system-fonts
- kmod-kvdo - langpacks-core-en
- kpatch - langpacks-core-font-en
- kpatch-dnf - langpacks-en
- ledmon - lcms2
- less - libICE
- libSM
- libX11
- libX11-common
- libX11-xcb
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont2
- libXft
- libXi
- libXinerama
- libXmu
- libXpm
- libXrandr
- libXrender
- libXres
- libXt
- libXtst
- libXv
- libXxf86dga
- libXxf86vm
- libappstream-glib
- liberation-fonts-common
- liberation-mono-fonts - liberation-mono-fonts
- liberation-sans-fonts - liberation-sans-fonts
- liberation-serif-fonts - liberation-serif-fonts
- libertas-sd8787-firmware - libertas-sd8787-firmware
- libstoragemgmt - libglvnd-gles
- libsysfs - libglvnd-glx
- lightdm - libglvnd-opengl
- linux-firmware - libgnomekbd
- logrotate - libgomp
- libgphoto2
- lockdev
- lohit-assamese-fonts - lohit-assamese-fonts
- lohit-bengali-fonts - lohit-bengali-fonts
- lohit-devanagari-fonts - lohit-devanagari-fonts
@@ -173,138 +282,454 @@ desktop_packages:
- lohit-odia-fonts - lohit-odia-fonts
- lohit-tamil-fonts - lohit-tamil-fonts
- lohit-telugu-fonts - lohit-telugu-fonts
- lshw - mesa-dri-drivers
- lsof - mesa-filesystem
- lsscsi - mesa-libEGL
- lvm2 - mesa-libGL
- mailcap - mesa-libgbm
- man-db - mesa-libglapi
- man-pages - mesa-libxatracker
- mcelog - mesa-vulkan-drivers
- mdadm
- memtest86+
- metacity
- microcode_ctl - microcode_ctl
- mlocate - mobile-broadband-provider-info
- mozilla-filesystem
- mpfr
- mpg123-libs
- mtdev
- mtr - mtr
- nano - nautilus
- ncurses - nautilus-extensions
- nemo-fileroller - oracle-backgrounds
- nemo-image-converter - oracle-indexhtml
- nemo-preview - oracle-logos
- net-tools - pcaudiolib
- netronome-firmware - pinentry
- ngrep - pinentry-gnome3
- nm-connection-editor
- nmap-ncat
- nvme-cli
- open-vm-tools-desktop
- openssh-clients
- openssh-server
- p11-kit
- paktype-naskh-basic-fonts
- parole
- parted
- passwd
- pciutils
- pinfo - pinfo
- pipewire - pipewire
- pipewire-alsa - pipewire-alsa
- pipewire-gstreamer - pipewire-gstreamer
- pipewire-jack-audio-connection-kit - pipewire-jack-audio-connection-kit
- pipewire-libs
- pipewire-pulseaudio - pipewire-pulseaudio
- pipewire-utils - pipewire-utils
- pixman
- plymouth - plymouth
- plymouth-core-libs
- plymouth-graphics-libs
- plymouth-plugin-label
- plymouth-plugin-two-step
- plymouth-scripts
- plymouth-system-theme
- plymouth-theme-spinner
- policycoreutils - policycoreutils
- powerline - policycoreutils-python-utils
- ppp
- prefixdevname
- procps-ng
- psacct
- pt-sans-fonts - pt-sans-fonts
- python3-libselinux - pulseaudio-libs
- python3-scapy - pulseaudio-libs-glib2
- qemu-guest-agent - pulseaudio-utils
- quota - sane-airscan
- realmd - sane-backends
- redshift-gtk - sane-backends-drivers-cameras
- rocky-backgrounds
- rocky-release
- rootfiles
- rpm
- rpm-plugin-audit
- rsync
- rsyslog
- rsyslog-gnutls
- rsyslog-gssapi
- rsyslog-relp
- salt-minion
- sane-backends-drivers-scanners - sane-backends-drivers-scanners
- selinux-policy-targeted - sane-backends-libs
- setroubleshoot
- setup
- sg3_utils
- sg3_utils-libs
- shadow-utils
- sil-abyssinica-fonts - sil-abyssinica-fonts
- sil-nuosu-fonts - sil-nuosu-fonts
- sil-padauk-fonts - sil-padauk-fonts
- slick-greeter
- slick-greeter-cinnamon
- smartmontools - smartmontools
- smc-meera-fonts - smc-meera-fonts
- sos - snappy
- sound-theme-freedesktop
- soundtouch
- speech-dispatcher
- speech-dispatcher-espeak-ng
- speex
- spice-vdagent - spice-vdagent
- ssldump - switcheroo-control
- sssd
- sssd-common
- sssd-kcm
- stix-fonts
- strace
- sudo
- symlinks - symlinks
- syslinux - system-config-printer-libs
- systemd - system-config-printer-udev
- systemd-udev - taglib
- tar
- tcpdump - tcpdump
- tcpflow - thai-scalable-fonts-common
- teamd
- thai-scalable-waree-fonts - thai-scalable-waree-fonts
- time - totem
- tmux - totem-pl-parser
- tmux-powerline - totem-video-thumbnailer
- transmission - tpm2-tools
- tpm2-tss
- tracer-common
- tracker
- tracker-miners
- tree - tree
- tuned - tuned
- twolame-libs
- tzdata
- udisks2
- udisks2-iscsi
- udisks2-lvm2
- unzip - unzip
- upower
- urw-base35-bookman-fonts
- urw-base35-c059-fonts
- urw-base35-d050000l-fonts
- urw-base35-fonts
- urw-base35-fonts-common
- urw-base35-gothic-fonts
- urw-base35-nimbus-mono-ps-fonts
- urw-base35-nimbus-roman-fonts
- urw-base35-nimbus-sans-fonts
- urw-base35-p052-fonts
- urw-base35-standard-symbols-ps-fonts
- urw-base35-z003-fonts
- usb_modeswitch - usb_modeswitch
- usb_modeswitch-data
- usbutils - usbutils
- util-linux - usermode
- util-linux-user - userspace-rcu
- vdo - vdo
- vim-enhanced - vulkan-loader
- vim-minimal - wavpack
- vim-powerline - webkit2gtk3
- virt-what - webkit2gtk3-jsc
- wget - webrtc-audio-processing
- whois - wireless-regdb
- which
- wireplumber - wireplumber
- wireshark - wireplumber-libs
- woff2
- words - words
- wpa_supplicant
- wpebackend-fdo
- xdg-dbus-proxy
- xdg-desktop-portal
- xdg-desktop-portal-gnome
- xdg-desktop-portal-gtk
- xdg-user-dirs
- xdg-user-dirs-gtk - xdg-user-dirs-gtk
- xed - xdg-utils
- xfsdump - xkeyboard-config
- xfsprogs - xorg-x11-drv-evdev
- xreader - xorg-x11-drv-fbdev
- yum - xorg-x11-drv-libinput
- zip - xorg-x11-drv-vmware
- xorg-x11-drv-wacom
- xorg-x11-drv-wacom-serial-support
- xorg-x11-server-Xorg
- xorg-x11-server-Xwayland
- xorg-x11-server-common
- xorg-x11-server-utils
- xorg-x11-utils
- xorg-x11-xauth
- xorg-x11-xinit
- xorg-x11-xinit-session
#
# - aajohan-comfortaa-fonts
# - abattis-cantarell-fonts
# - acl
# - alsa-ucm
# - alsa-utils
# - anaconda
# - anaconda-install-env-deps
# - at
# - attr
# - audit
# - authselect
# - basesystem
# - bash
# - bash-completion
# - bc
# - blktrace
# - bluez
# - bolt
# - bpftool
# - bzip2
# - chkconfig
# - chromium
# - chrony
# - cockpit
# - coreutils
# - cpio
# - cronie
# - crontabs
# - crypto-policies
# - crypto-policies-scripts
# - cryptsetup
# - curl
# - cyrus-sasl-plain
# - dbus
# - dejavu-sans-fonts
# - dejavu-sans-mono-fonts
# - dejavu-serif-fonts
# - dnf
# - dnf-plugins-core
# - dos2unix
# - dosfstools
# - dracut-config-rescue
# - dracut-live
# - dsniff
# - e2fsprogs
# - ed
# - efibootmgr
# - efi-filesystem
# - efivar-libs
# - eom
# - ethtool
# - file
# - filesystem
# - firewall-config
# - firewalld
# - fprintd-pam
# - gdm
# - git
# - glibc
# - glibc-all-langpacks
# - gnome-autoar
# - gnome-bluetooth
# - gnome-bluetooth-libs
# - gnome-calculator
# - gnome-characters
# - gnome-color-manager
# - gnome-control-center
# - gnome-desktop3
# - gnome-disk-utility
# - gnome-font-viewer
# - gnome-initial-setup
# - gnome-keyring
# - gnome-keyring-pam
# - gnome-logs
# - gnome-menus
# - gnome-online-accounts
# - gnome-remote-desktop
# - gnome-screenshot
# - gnome-session
# - gnome-session-wayland-session
# - gnome-session-xsession
# - gnome-settings-daemon
# - gnome-shell
# - gnome-software
# - gnome-system-monitor
# - gnome-terminal
# - gnome-terminal-nautilus
# - gnome-tour
# - gnupg2
# - google-noto-emoji-color-fonts
# - google-noto-sans-cjk-ttc-fonts
# - google-noto-sans-gurmukhi-fonts
# - google-noto-sans-sinhala-vf-fonts
# - google-noto-serif-cjk-ttc-fonts
# - grub2-common
# - grub2-pc-modules
# - grub2-tools
# - grub2-tools-efi
# - grub2-tools-extra
# - grub2-tools-minimal
# - grubby
# - gstreamer1-plugins-bad-free
# - gstreamer1-plugins-good
# - gstreamer1-plugins-ugly-free
# - gvfs-gphoto2
# - gvfs-mtp
# - gvfs-smb
# - hostname
# - hyperv-daemons
# - ibus-anthy
# - ibus-hangul
# - ibus-libpinyin
# - ibus-libzhuyin
# - ibus-m17n
# - ibus-typing-booster
# - imsettings-systemd
# - initial-setup-gui
# - initscripts
# - initscripts-rename-device
# - iproute
# - iproute-tc
# - iprutils
# - iputils
# - irqbalance
# - iwl1000-firmware
# - iwl100-firmware
# - iwl105-firmware
# - iwl135-firmware
# - iwl2000-firmware
# - iwl2030-firmware
# - iwl3160-firmware
# - iwl5000-firmware
# - iwl5150-firmware
# - iwl6000g2a-firmware
# - iwl6000g2b-firmware
# - iwl6050-firmware
# - iwl7260-firmware
# - jomolhari-fonts
# - julietaula-montserrat-fonts
# - kbd
# - kernel
# - kernel-modules
# - kernel-modules-extra
# - kernel-tools
# - kexec-tools
# - khmer-os-system-fonts
# - kmod-kvdo
# - ledmon
# - less
# - liberation-mono-fonts
# - liberation-sans-fonts
# - liberation-serif-fonts
# - libertas-sd8787-firmware
# - libstoragemgmt
# - libsysfs
# - lightdm
# - linux-firmware
# - logrotate
# - lohit-assamese-fonts
# - lohit-bengali-fonts
# - lohit-devanagari-fonts
# - lohit-gujarati-fonts
# - lohit-kannada-fonts
# - lohit-odia-fonts
# - lohit-tamil-fonts
# - lohit-telugu-fonts
# - lshw
# - lsof
# - lsscsi
# - lvm2
# - mailcap
# - man-db
# - man-pages
# - mcelog
# - mdadm
# - memtest86+
# - metacity
# - microcode_ctl
# - mlocate
# - mtr
# - nano
# - ncurses
# - netronome-firmware
# - net-tools
# - NetworkManager
# - NetworkManager-adsl
# - NetworkManager-bluetooth
# - NetworkManager-l2tp-gnome
# - NetworkManager-libreswan-gnome
# - NetworkManager-openconnect-gnome
# - NetworkManager-openvpn-gnome
# - NetworkManager-ppp
# - NetworkManager-pptp-gnome
# - NetworkManager-team
# - NetworkManager-tui
# - NetworkManager-wifi
# - NetworkManager-wwan
# - ngrep
# - nmap-ncat
# - nm-connection-editor
# - nvme-cli
# - openssh-clients
# - openssh-server
# - open-vm-tools-desktop
# - p11-kit
# - PackageKit-gstreamer-plugin
# - paktype-naskh-basic-fonts
# - parole
# - parted
# - passwd
# - pciutils
# - pinfo
# - pipewire
# - pipewire-alsa
# - pipewire-gstreamer
# - pipewire-jack-audio-connection-kit
# - pipewire-pulseaudio
# - pipewire-utils
# - plymouth
# - policycoreutils
# - powerline
# - ppp
# - prefixdevname
# - procps-ng
# - psacct
# - pt-sans-fonts
# - python3-libselinux
# - python3-scapy
# - qemu-guest-agent
# - quota
# - realmd
# - redshift-gtk
# - rootfiles
# - rpm
# - rpm-plugin-audit
# - rsync
# - rsyslog
# - rsyslog-gnutls
# - rsyslog-gssapi
# - rsyslog-relp
# - salt-minion
# - sane-backends-drivers-scanners
# - selinux-policy-targeted
# - setroubleshoot
# - setup
# - sg3_utils
# - sg3_utils-libs
# - shadow-utils
# - sil-abyssinica-fonts
# - sil-nuosu-fonts
# - sil-padauk-fonts
# - slick-greeter
# - slick-greeter-cinnamon
# - smartmontools
# - smc-meera-fonts
# - sos
# - spice-vdagent
# - ssldump
# - sssd
# - sssd-common
# - sssd-kcm
# - stix-fonts
# - strace
# - sudo
# - symlinks
# - syslinux
# - systemd
# - systemd-udev
# - tar
# - tcpdump
# - tcpflow
# - teamd
# - thai-scalable-waree-fonts
# - time
# - tmux
# - tmux-powerline
# - transmission
# - tree
# - tuned
# - unzip
# - usb_modeswitch
# - usbutils
# - util-linux
# - util-linux-user
# - vdo
# - vim-enhanced
# - vim-minimal
# - vim-powerline
# - virt-what
# - wget
# - which
# - whois
# - wireplumber
# - wireshark
# - words
# - xdg-user-dirs-gtk
# - xed
# - xfsdump
# - xfsprogs
# - xreader
# - yum
# - zip
#
{% else %} {% else %}
desktop_packages_os_fail: desktop_packages_os_fail:
test.fail_without_changes: test.fail_without_changes:
- comment: 'SO desktop can only be installed on Rocky' - comment: 'SO desktop can only be installed on Oracle Linux'
{% endif %} {% endif %}

4
salt/desktop/remove_gui.sls
View File

@@ -1,7 +1,7 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{# we only want this state to run it is CentOS #} {# we only want this state to run it is CentOS #}
{% if GLOBALS.os == 'Rocky' %} {% if GLOBALS.os == 'OEL' %}
remove_graphical_target: remove_graphical_target:
file.symlink: file.symlink:
@@ -12,6 +12,6 @@ remove_graphical_target:
{% else %} {% else %}
desktop_trusted-ca_os_fail: desktop_trusted-ca_os_fail:
test.fail_without_changes: test.fail_without_changes:
- comment: 'SO Desktop can only be installed on Rocky' - comment: 'SO Desktop can only be installed on Oracle Linux'
{% endif %} {% endif %}

28
salt/desktop/trusted-ca.sls
View File

@@ -1,33 +1,7 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{# we only want this state to run it is CentOS #} {# we only want this state to run it is CentOS #}
{% if GLOBALS.os == 'Rocky' %} {% if GLOBALS.os == 'OEL' %}
{% set global_ca_text = [] %}
{% set global_ca_server = [] %}
{% set manager = GLOBALS.manager %}
{% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
{% for host in x509dict %}
{% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import', 'eval'] %}
{% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
{% do global_ca_server.append(host) %}
{% endif %}
{% endfor %}
{% set trusttheca_text = global_ca_text[0] %}
{% set ca_server = global_ca_server[0] %}
trusted_ca:
x509.pem_managed:
- name: /etc/pki/ca-trust/source/anchors/ca.crt
- text: {{ trusttheca_text }}
update_ca_certs:
cmd.run:
- name: update-ca-trust
- onchanges:
- x509: trusted_ca
{% elif GLOBALS.os == 'CentOS Stream' %}
{% set global_ca_text = [] %} {% set global_ca_text = [] %}
{% set global_ca_server = [] %} {% set global_ca_server = [] %}

4
salt/desktop/xwindows.sls
View File

@@ -1,7 +1,7 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
{# we only want this state to run it is CentOS #} {# we only want this state to run it is CentOS #}
{% if GLOBALS.os == 'Rocky' %} {% if GLOBALS.os == 'OEL' %}
include: include:
- desktop.packages - desktop.packages
@@ -18,6 +18,6 @@ graphical_target:
desktop_xwindows_os_fail: desktop_xwindows_os_fail:
test.fail_without_changes: test.fail_without_changes:
- comment: 'SO Desktop can only be installed on Rocky' - comment: 'SO Desktop can only be installed on Oracle Linux'
{% endif %} {% endif %}

7
salt/elasticagent/enabled.sls
View File

@@ -33,19 +33,22 @@ so-elastic-agent:
{% endif %} {% endif %}
- binds: - binds:
- /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro - /opt/so/conf/elastic-agent/elastic-agent.yml:/usr/share/elastic-agent/elastic-agent.yml:ro
- /etc/pki/tls/certs/intca.crt:/etc/pki/tls/certs/intca.crt:ro
- /nsm:/nsm:ro - /nsm:/nsm:ro
{% if DOCKER.containers['so-elastic-agent'].custom_bind_mounts %} {% if DOCKER.containers['so-elastic-agent'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-elastic-agent'].custom_bind_mounts %} {% for BIND in DOCKER.containers['so-elastic-agent'].custom_bind_mounts %}
- {{ BIND }} - {{ BIND }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if DOCKER.containers['so-elastic-agent'].extra_env %}
- environment: - environment:
- FLEET_CA=/etc/pki/tls/certs/intca.crt
{% if DOCKER.containers['so-elastic-agent'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-elastic-agent'].extra_env %} {% for XTRAENV in DOCKER.containers['so-elastic-agent'].extra_env %}
- {{ XTRAENV }} - {{ XTRAENV }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
- watch:
- file: create-elastic-agent-config
delete_so-elastic-agent_so-status.disabled: delete_so-elastic-agent_so-status.disabled:
file.uncomment: file.uncomment:

2
salt/elasticagent/files/elastic-agent.yml.jinja
View File

@@ -11,7 +11,7 @@ outputs:
- 'https://{{ GLOBALS.hostname }}:9200' - 'https://{{ GLOBALS.hostname }}:9200'
username: '{{ ES_USER }}' username: '{{ ES_USER }}'
password: '{{ ES_PASS }}' password: '{{ ES_PASS }}'
ssl.verification_mode: none ssl.verification_mode: full
output_permissions: {} output_permissions: {}
agent: agent:
download: download:

1
salt/elasticfleet/defaults.yaml
View File

@@ -28,6 +28,7 @@ elasticfleet:
- aws - aws
- azure - azure
- cloudflare - cloudflare
- endpoint
- fim - fim
- github - github
- google_workspace - google_workspace

394
salt/elasticsearch/defaults.yaml
View File

@@ -81,6 +81,8 @@ elasticsearch:
managed: true managed: true
composed_of: composed_of:
- "so-data-streams-mappings" - "so-data-streams-mappings"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
- "so-logs-mappings" - "so-logs-mappings"
- "so-logs-settings" - "so-logs-settings"
priority: 225 priority: 225
@@ -1312,6 +1314,398 @@ elasticsearch:
name: elastic_agent name: elastic_agent
managed_by: security_onion managed_by: security_onion
managed: true managed: true
so-logs-endpoint.alerts:
index_sorting: False
index_template:
index_patterns:
- "logs-endpoint.alerts-*"
template:
settings:
index:
number_of_replicas: 0
mapping:
total_fields:
limit: 5000
sort:
field: "@timestamp"
order: desc
composed_of:
- "event-mappings"
- "logs-endpoint.alerts@custom"
- "logs-endpoint.alerts@package"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta:
package:
name: elastic_agent
managed_by: security_onion
managed: true
so-logs-endpoint.events.api:
index_sorting: False
index_template:
index_patterns:
- "logs-endpoint.events.api-*"
template:
settings:
index:
number_of_replicas: 0
mapping:
total_fields:
limit: 5000
sort:
field: "@timestamp"
order: desc
composed_of:
- "event-mappings"
- "logs-endpoint.events.api@custom"
- "logs-endpoint.events.api@package"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta:
package:
name: elastic_agent
managed_by: security_onion
managed: true
so-logs-endpoint.events.file:
index_sorting: False
index_template:
index_patterns:
- "logs-endpoint.events.file-*"
template:
settings:
index:
number_of_replicas: 0
mapping:
total_fields:
limit: 5000
sort:
field: "@timestamp"
order: desc
composed_of:
- "event-mappings"
- "logs-endpoint.events.file@custom"
- "logs-endpoint.events.file@package"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta:
package:
name: elastic_agent
managed_by: security_onion
managed: true
so-logs-endpoint.events.library:
index_sorting: False
index_template:
index_patterns:
- "logs-endpoint.events.library-*"
template:
settings:
index:
number_of_replicas: 0
mapping:
total_fields:
limit: 5000
sort:
field: "@timestamp"
order: desc
composed_of:
- "event-mappings"
- "logs-endpoint.events.library@custom"
- "logs-endpoint.events.library@package"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta:
package:
name: elastic_agent
managed_by: security_onion
managed: true
so-logs-endpoint.events.network:
index_sorting: False
index_template:
index_patterns:
- "logs-endpoint.events.network-*"
template:
settings:
index:
number_of_replicas: 0
mapping:
total_fields:
limit: 5000
sort:
field: "@timestamp"
order: desc
composed_of:
- "event-mappings"
- "logs-endpoint.events.network@custom"
- "logs-endpoint.events.network@package"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta:
package:
name: elastic_agent
managed_by: security_onion
managed: true
so-logs-endpoint.events.process:
index_sorting: False
index_template:
index_patterns:
- "logs-endpoint.events.process-*"
template:
settings:
index:
number_of_replicas: 0
mapping:
total_fields:
limit: 5000
sort:
field: "@timestamp"
order: desc
composed_of:
- "event-mappings"
- "logs-endpoint.events.process@custom"
- "logs-endpoint.events.process@package"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta:
package:
name: elastic_agent
managed_by: security_onion
managed: true
so-logs-endpoint.events.registry:
index_sorting: False
index_template:
index_patterns:
- "logs-endpoint.events.registry-*"
template:
settings:
index:
number_of_replicas: 0
mapping:
total_fields:
limit: 5000
sort:
field: "@timestamp"
order: desc
composed_of:
- "event-mappings"
- "logs-endpoint.events.registry@custom"
- "logs-endpoint.events.registry@package"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta:
package:
name: elastic_agent
managed_by: security_onion
managed: true
so-logs-endpoint.events.security:
index_sorting: False
index_template:
index_patterns:
- "logs-endpoint.events.security-*"
template:
settings:
index:
number_of_replicas: 0
mapping:
total_fields:
limit: 5000
sort:
field: "@timestamp"
order: desc
composed_of:
- "event-mappings"
- "logs-endpoint.events.security@custom"
- "logs-endpoint.events.security@package"
- "so-fleet_globals-1"
- "so-fleet_agent_id_verification-1"
priority: 501
data_stream:
hidden: false
allow_custom_routing: false
policy:
phases:
hot:
min_age: 0ms
actions:
set_priority:
priority: 100
rollover:
max_age: 30d
max_primary_shard_size: 50gb
cold:
min_age: 30d
actions:
set_priority:
priority: 0
delete:
min_age: 365d
actions:
delete: {}
_meta:
package:
name: elastic_agent
managed_by: security_onion
managed: true
so-logs-elastic_agent.filebeat: so-logs-elastic_agent.filebeat:
index_sorting: False index_sorting: False
index_template: index_template:

4
salt/elasticsearch/files/ingest/.fleet_final_pipeline-1
View File

@@ -72,8 +72,8 @@
{ "set": { "ignore_failure": true, "field": "event.module", "value": "elastic_agent" } }, { "set": { "ignore_failure": true, "field": "event.module", "value": "elastic_agent" } },
{ "split": { "if": "ctx.event?.dataset != null && ctx.event.dataset.contains('.')", "field": "event.dataset", "separator": "\\.", "target_field": "module_temp" } }, { "split": { "if": "ctx.event?.dataset != null && ctx.event.dataset.contains('.')", "field": "event.dataset", "separator": "\\.", "target_field": "module_temp" } },
{ "set": { "if": "ctx.module_temp != null", "override": true, "field": "event.module", "value": "{{module_temp.0}}" } }, { "set": { "if": "ctx.module_temp != null", "override": true, "field": "event.module", "value": "{{module_temp.0}}" } },
{ "split": { "if": "ctx.event?.dataset != null && ctx.event.dataset.contains('.')", "field": "event.dataset", "separator": "\\.", "target_field": "dataset_tag_temp" } }, { "gsub": { "if": "ctx.event?.dataset != null && ctx.event.dataset.contains('.')", "field": "event.dataset", "pattern": "^[^.]*.", "replacement": "", "target_field": "dataset_tag_temp" } },
{ "append": { "if": "ctx.dataset_tag_temp != null", "field": "tags", "value": "{{dataset_tag_temp.1}}" } }, { "append": { "if": "ctx.dataset_tag_temp != null", "field": "tags", "value": "{{dataset_tag_temp}}" } },
{ "set": { "if": "ctx.network?.direction == 'egress'", "override": true, "field": "network.initiated", "value": "true" } }, { "set": { "if": "ctx.network?.direction == 'egress'", "override": true, "field": "network.initiated", "value": "true" } },
{ "set": { "if": "ctx.network?.direction == 'ingress'", "override": true, "field": "network.initiated", "value": "false" } }, { "set": { "if": "ctx.network?.direction == 'ingress'", "override": true, "field": "network.initiated", "value": "false" } },
{ "set": { "if": "ctx.network?.type == 'ipv4'", "override": true, "field": "destination.ipv6", "value": "false" } }, { "set": { "if": "ctx.network?.type == 'ipv4'", "override": true, "field": "destination.ipv6", "value": "false" } },

16
salt/elasticsearch/templates/component/elastic-agent/so-fleet_agent_id_verification-1.json
View File

@@ -9,6 +9,10 @@
"properties": { "properties": {
"event": { "event": {
"properties": { "properties": {
"agent_id": {
"ignore_above": 1024,
"type": "keyword"
},
"agent_id_status": { "agent_id_status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword"
@@ -18,6 +22,18 @@
"type": "date" "type": "date"
} }
} }
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
},
"network.initiated": {
"ignore_above": 1024,
"type": "keyword"
},
"destination.ipv6": {
"ignore_above": 1024,
"type": "keyword"
} }
} }
} }

8
salt/firewall/defaults.yaml
View File

@@ -999,6 +999,14 @@ firewall:
portgroups: portgroups:
- elasticsearch_node - elasticsearch_node
- elasticsearch_rest - elasticsearch_rest
managersearch:
portgroups:
- elasticsearch_node
- elasticsearch_rest
standalone:
portgroups:
- elasticsearch_node
- elasticsearch_rest
dockernet: dockernet:
portgroups: portgroups:
- elasticsearch_node - elasticsearch_node

2
salt/nginx/files/nav_layer_playbook.json
View File

@@ -3,7 +3,7 @@
"versions": { "versions": {
"attack": "11", "attack": "11",
"navigator": "4.8.4", "navigator": "4.8.4",
"layer": "4.3" "layer": "4.4"
}, },
"domain": "enterprise-attack", "domain": "enterprise-attack",
"description": "", "description": "",