CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

merge with 2.4.120, fix merge conflicts

Browse Source
This commit is contained in:
m0duspwnens
2024-10-25 15:09:38 -04:00
parent 0476585370 a76a2d8e9f
commit feb700393e
520 changed files with 12109 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
setup/so-functions
View File

@@ -42,9 +42,19 @@ logCmd() {
### End Logging Section ###
airgap_rules() {
# Copy the rules for suricata if using Airgap
# Copy the rules for detections if using Airgap
mkdir -p /nsm/rules
cp -Rv /root/SecurityOnion/agrules/* /nsm/rules/
logCmd "rsync -av /root/SecurityOnion/agrules/ /nsm/rules/"
# Copy over the securityonion-resources repo
logCmd "rsync -av /root/SecurityOnion/agrules/securityonion-resources /nsm/"
}
airgap_detection_summaries() {
# Copy summaries over to SOC and checkout the correct branch
logCmd "rsync -av --chown=socore:socore /nsm/securityonion-resources /opt/so/conf/soc/ai_summary_repos"
logCmd "git config --global --add safe.directory /opt/so/conf/soc/ai_summary_repos/securityonion-resources"
logCmd "git -C /opt/so/conf/soc/ai_summary_repos/securityonion-resources checkout generated-summaries-published"
}
add_admin_user() {
@@ -832,7 +842,7 @@ create_manager_pillars() {
create_repo() {
title "Create the repo directory"
logCmd "dnf -y install yum-utils createrepo"
logCmd "dnf -y install yum-utils createrepo_c"
logCmd "createrepo /nsm/repo"
}
@@ -1365,8 +1375,8 @@ create_global() {
echo " registry_host: '$HOSTNAME'" >> $global_pillar_file
echo " endgamehost: '$ENDGAMEHOST'" >> $global_pillar_file
if [ "$install_type" = 'EVAL' ]; then
echo " pcapengine: SURICATA" >> $global_pillar_file
if [[ $is_standalone || $is_eval ]]; then
echo " pcapengine: SURICATA" >> $global_pillar_file
fi
}
@@ -1429,7 +1439,7 @@ make_some_dirs() {
mkdir -p $local_salt_dir/salt/firewall/portgroups
mkdir -p $local_salt_dir/salt/firewall/ports
for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni soc docker zeek suricata nginx telegraf logstash soc manager kratos idstools idh elastalert stig global kafka;do
for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni soc docker zeek suricata nginx telegraf logstash soc manager kratos idstools idh elastalert stig global kafka versionlock; do
mkdir -p $local_salt_dir/pillar/$THEDIR
touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls
touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls
@@ -1849,11 +1859,10 @@ repo_sync_local() {
if [[ ! $is_airgap ]]; then
curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
retry 5 60 "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" >> "$setup_log" 2>&1 || fail_setup
# After the download is complete run createrepo
create_repo
fi
else
# Add the proper repos for unsupported stuff
echo "Adding Repos"