CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-24 21:42:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,939 Commits 42 Branches 123 Tags
3/dev
Commit Graph

99 Commits

Author SHA1 Message Date
Josh Patterson
c2c5aea244 ensure bool sliders for each state:enabled annotation 2026-03-19 12:35:38 -04:00
Josh Patterson
74ad2990a7 Merge remote-tracking branch 'origin/3/dev' into delta 2026-03-18 13:05:02 -04:00
Josh Patterson
e19e83bebb allow user defined ulimits 2026-03-18 10:38:15 -04:00
Doug Burks
930985b770 update helpLink references for new documentation 2026-03-18 09:46:45 -04:00
Josh Patterson
2349750e13 DOCKER to DOCKERMERGED 2026-03-17 16:19:02 -04:00
Josh Patterson
00986dc2fd Merge remote-tracking branch 'origin/delta' into customulimit 2026-03-17 16:04:09 -04:00
Mike Reeves
2d97dfc8a1 Add customizable ulimit settings for all Docker containers 
Add ulimits as a configurable advanced setting for every container,
allowing customization through the web UI. Move hardcoded ulimits
from elasticsearch and zeek into defaults.yaml and fix elasticsearch
ulimits that were incorrectly nested under the environment key.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-17 15:10:42 -04:00
Josh Patterson
4dc377c99f DOCKER to DOCKERMERGED 2026-03-17 15:06:06 -04:00
reyesj2
4c6ff0641b fix kafka state 2026-01-21 12:47:58 -06:00
Josh Patterson
00fbc1c259 add back individual signing policies 2026-01-12 09:25:15 -05:00
Josh Patterson
b9ff1704b0 the great ssl refactor 2025-12-11 17:30:06 -05:00
Josh Patterson
36a6a59d55 renew certs 7 days before expire 2025-12-01 11:54:10 -05:00
Josh Patterson
77f88371b8 manage default and local in separate states 2025-04-23 08:30:37 -04:00
reyesj2
df31c349b0 update annotations 2025-04-14 12:32:31 -05:00
reyesj2
759d5f76cd fix kafka external access slow to establish initial connection 2025-04-14 12:32:22 -05:00
reyesj2
9459bf8a27 allow larger kafka log files before forcing rollover 2025-04-11 14:41:32 -05:00
reyesj2
2cb002668f restrict count of kafka log files 2025-04-11 12:32:49 -05:00
reyesj2
6fe240de45 remove whitespaces then check for empty string as password 2025-04-11 10:42:45 -05:00
reyesj2
ecd7da540a skip user entries that don't have password configured 2025-04-11 10:21:46 -05:00
reyesj2
1429226667 nest default value for external_access under kafka:config 2025-04-10 15:55:17 -05:00
reyesj2
96c56297ce external access via user/pass 2025-04-09 22:08:13 -05:00
reyesj2
cf1335dd84 searchnode logstash-kafka cert generation 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-20 11:31:33 -04:00
reyesj2
5d322ebc0b Allow searchnodes to run kafka.ssl state for kafka-logstash cert generation 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-12 14:45:11 -04:00
reyesj2
4182ff66a0 rearrange kafka pillar, declutters SOC ui 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-11 16:37:16 -04:00
reyesj2
4a88dedcb8 Fixin kafka.ssl state and include name for kafka_user 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 16:18:46 -04:00
reyesj2
d5faf535c3 Only interact with logstash configuration when Kafka pipeline is enabled otherwise leave it default 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:36:44 -04:00
reyesj2
8e1edd1d91 split Kafka ssl from ssl/init. Certs won't be generated until Kafka is enabled. Also runs some clean up for old Kafka certs 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:32:43 -04:00
reyesj2
d791b23838 Generate new Kafka truststore 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-10 11:29:09 -04:00
reyesj2
81ce762250 delete commented block 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-24 14:06:48 -04:00
reyesj2
cb727bf48d remove unused sbin_jinja from kafka config 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-24 13:45:13 -04:00
reyesj2
2eea671857 more precise wording in kafka annotation 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-20 16:16:55 -04:00
reyesj2
73acfbf864 update kafka annotations 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-20 16:02:45 -04:00
reyesj2
4d1f2c2bc1 fix kafka elastic fleet output policy setup 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-14 23:04:08 -04:00
reyesj2
4e50dabc56 refix typos 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-14 23:03:06 -04:00
reyesj2
8f8ece2b34 Only comment out so-kafka from so-status when it exists & only run ensure_default_pipeline when Kafka is configured 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-13 15:50:34 -04:00
reyesj2
19bfd5beca fix kafka nodeid assignment to increment correctly 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-13 12:16:39 -04:00
reyesj2
f372b0907b Use kafka:password for kafka certs 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 15:41:10 -04:00
reyesj2
e8106befe9 Append '-securityonion' to all Security Onion related Kafka topics. Adjust logstash to ingest all topics ending in '-securityonion' to avoid having to manually list topic names 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 12:05:16 -04:00
reyesj2
b7eebad2a5 Update Kafka self reset & add initial Kafka wrapper scripts to build out 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-12 11:01:40 -04:00
reyesj2
628893fd5b remove redundant 'kafka_' from annotations & defaults 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-11 11:56:21 -04:00
reyesj2
ca7b89c308 Added Kafka reset to SOC UI. Incase of changing an active broker to a controller topics may become unavailable. Resolving this would require manual intervention. This option allows running a reset to start from a clean slate to then configure cluster to desired state before reenabling Kafka as global pipeline. 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-11 11:21:13 -04:00
reyesj2
284c1be85f Update Kafka controller(s) via SOC UI 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-10 11:08:54 -04:00
reyesj2
fb1d4fdd3c update license 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-04 12:33:51 -04:00
reyesj2
2e85a28c02 Remove so-kafka-clusterid script, created during soup 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-02 18:25:59 -04:00
reyesj2
dbb99d0367 Remove bad config 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-30 15:10:15 -04:00
reyesj2
386be4e746 WIP: Manage Kafka nodes pillar role value 
This way when kafka_controllers is updated the pillar value gets updated and any non-controllers get updated to revert to 'broker' only role.
 Needs more testing when a new controller joins in this manner Kafka errors due to cluster metadata being out of sync. One solution is to remove /nsm/kafka/data/__cluster_metadata-0/quorum-state and restart cluster. Alternative is working with Kafka cli tools to inform cluster of new voter, likely best option but requires a wrapper script of some sort to be created for updating cluster in-place.
Easiest option is to have all receivers join grid and then configure Kafka with specific controllers via SOC UI prior to enabling Kafka. This way Kafka cluster comes up in the desired configuration with no need for immediately modifying cluster

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 16:48:39 -04:00
reyesj2
d9ec556061 Update some annotations and defaults 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-29 16:41:02 -04:00
reyesj2
382cd24a57 Small changes needed for using new Kafka docker image + added Kafka logging output to /opt/so/log/kafka/ 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-22 13:39:21 -04:00
reyesj2
91f8b1fef7 Set default replication factor back to Kafka default 
If replication factor is > 1 Kafka will fail to start until another broker is added
  - For internal automated testing purposes a Standalone will be utilized

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-22 13:35:09 -04:00
reyesj2
dff609d829 Add basic read-only metric collection from Kafka 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:13:09 -04:00