CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-11 15:22:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,977 Commits 31 Branches 125 Tags
1ffdcab3bee688783eff845be2f2e6b787cabb8f
Commit Graph

11607 Commits

Author SHA1 Message Date
Mike Reeves
1ffdcab3be Add postgres adminPassword to SOC module config 
Injects the postgres superuser password from secrets pillar so
SOC can run schema migrations as admin before switching to the
app user for normal operations.
 2026-04-09 22:21:35 -04:00
Mike Reeves
da1045e052 Fix init-users.sh password escaping for special characters 
Use format() with %L for SQL literal escaping instead of raw
string interpolation. Also ALTER ROLE if user already exists
to keep password in sync with pillar.
 2026-04-09 21:52:20 -04:00
Mike Reeves
55be1f1119 Only add postgres module config on manager nodes 
Removed postgres from soc/defaults.yaml (shared by all nodes)
and moved it entirely into defaults.map.jinja, which only injects
the config when postgres auth pillar exists (manager-type nodes).
Sensors and other non-manager nodes will not have a postgres module
section in their sensoroni.json, so sensoroni won't try to connect.
 2026-04-09 21:09:43 -04:00
Mike Reeves
c1b1452bd9 Use manager IP for postgres hostUrl instead of container hostname 
SOC connects to postgres via the host network, not the Docker
bridge network, so it needs the manager's IP address rather than
the container hostname.
 2026-04-09 19:34:14 -04:00
Mike Reeves
2dfa83dd7d Wire postgres credentials into SOC module config 
- Create vars/postgres.map.jinja for postgres auth globals
- Add POSTGRES_GLOBALS to all manager-type role vars
  (manager, eval, standalone, managersearch, import)
- Add postgres module config to soc/defaults.yaml
- Inject so_postgres credentials from auth pillar into
  soc/defaults.map.jinja (conditional on auth pillar existing)
 2026-04-09 14:09:32 -04:00
Mike Reeves
b87af8ea3d Add postgres.auth to allowed_states 
Matches the elasticsearch.auth pattern where auth states use
the full sls path check and are explicitly listed.
 2026-04-09 12:39:46 -04:00
Mike Reeves
46e38d39bb Enable postgres by default 
Safe because postgres states are only applied to manager-type
nodes via top.sls and allowed_states.map.jinja.
 2026-04-09 12:23:47 -04:00
Mike Reeves
61bdfb1a4b Add daily PostgreSQL database backup 
- pg_dumpall piped through gzip, stored in /nsm/backup/
- Runs daily at 00:05 (4 minutes after config backup)
- 7-day retention matching existing config backup policy
- Skips gracefully if container isn't running
 2026-04-09 10:29:10 -04:00
Mike Reeves
358a2e6d3f Add so-postgres to container image pull list 
Add to both the import and default manager container lists so
the image gets downloaded during installation.
 2026-04-09 10:02:41 -04:00
Mike Reeves
762e73faf5 Add so-postgres host management scripts 
- so-postgres-manage: wraps docker exec for psql operations
  (sql, sqlfile, shell, dblist, userlist)
- so-postgres-start/stop/restart: standard container lifecycle
- Scripts installed to /usr/sbin via file.recurse in config.sls
 2026-04-09 09:55:42 -04:00
Mike Reeves
868cd11874 Add so-postgres Salt states and integration wiring 
Phase 1 of the PostgreSQL central data platform:
- Salt states: init, enabled, disabled, config, ssl, auth, sostatus
- TLS via SO CA-signed certs with postgresql.conf template
- Two-tier auth: postgres superuser + so_postgres application user
- Firewall restricts port 5432 to manager-only (HA-ready)
- Wired into top.sls, pillar/top.sls, allowed_states, firewall
  containers map, docker defaults, CA signing policies, and setup
  scripts for all manager-type roles
 2026-04-08 10:58:52 -04:00
Mike Reeves
5b3ca98b80 Fix JA4+ license link in soc_zeek.yaml 
Updated the license link in the JA4+ fingerprinting description.
 2026-04-06 10:12:37 -04:00
Mike Reeves
c91deb97b1 Update SOUP_BRANCH to use 3/main instead of 2.4/main 2026-03-31 15:07:23 -04:00
Josh Brower
c7e865aa1c Remove hardcoded index 2026-03-30 12:42:48 -04:00
Josh Patterson
922c008b11 ensure bool sliders soc 2026-03-27 15:02:54 -04:00
Mike Reeves
0a55592d7e Make AI adapter settings visible 
Changed 'advanced' field from True to False for AI adapters and available models.
 2026-03-26 09:37:39 -04:00
Josh Brower
9e53bd3f2d update yara template 2026-03-24 15:56:26 -04:00
Josh Brower
1f9bf45b66 Lowercase network transport 2026-03-24 11:24:59 -04:00
Mike Reeves
d4ac352b5a Enable clean option for Zeek configuration 2026-03-24 09:54:49 -04:00
Jorge Reyes
afcef1d0e7 Merge pull request #15661 from Security-Onion-Solutions/reyesj2-361 
update stig profile v1r3
 2026-03-23 18:09:33 -05:00
Josh Patterson
91b164b728 Merge pull request #15665 from Security-Onion-Solutions/delta 
allow negation in suricata address-group vars
 2026-03-23 17:34:21 -04:00
Josh Patterson
6a4501241d allow negation in suricata address-group vars 2026-03-23 17:24:12 -04:00
Josh Brower
7300513636 Remove hardcoded path 2026-03-23 16:26:56 -04:00
reyesj2
67162357a3 update stig profile v1r3 2026-03-23 14:04:48 -05:00
Jason Ertel
8ea97e4af3 Merge pull request #15658 from Security-Onion-Solutions/jertel/wip 
do not attempt to redirect to a source map after login
 2026-03-23 09:55:31 -04:00
Jason Ertel
2f9a2e15b3 do not attempt to redirect to a source map after login 2026-03-23 09:48:06 -04:00
Josh Brower
165e69cd11 Add support for websockets 2026-03-23 07:52:36 -04:00
Josh Patterson
f0f9de4b44 add status updates for pillar conversions 2026-03-20 16:12:10 -04:00
Josh Patterson
e857a8487a convert suricata pillar data yes/no to true/false 2026-03-20 15:35:44 -04:00
Josh Patterson
2186872317 update telegraf lower true/false 2026-03-20 09:19:22 -04:00
Josh Patterson
6e3986b0b0 set community-id annotation to advanced 2026-03-19 17:37:40 -04:00
Josh Patterson
2585bdd23f add more description to checksum-checks 2026-03-19 17:30:47 -04:00
Josh Patterson
ca588d2e78 new elastalert options advanced 2026-03-19 17:19:42 -04:00
Josh Patterson
f756ecb396 remove quotes from suricata af-packet config 2026-03-19 17:14:55 -04:00
Josh Patterson
82107f00a1 afpacket:checksum-checks yes/no options instead of true/false 2026-03-19 16:57:42 -04:00
Josh Patterson
5c53244b54 convert suricata config yes/no to true/false 2026-03-19 16:41:17 -04:00
Josh Patterson
3b269e8b82 Merge remote-tracking branch 'origin/3/dev' into delta 2026-03-19 15:14:06 -04:00
Josh Patterson
7ece93d7e0 ensure bool sliders telegraf 2026-03-19 15:12:47 -04:00
Josh Patterson
14d254e81b ensure bool sliders suricata 2026-03-19 15:02:45 -04:00
Josh Patterson
7af6efda1e ensure bool sliders strelka 2026-03-19 14:46:49 -04:00
Josh Patterson
ce972238fe ensure bool sliders sensoroni 2026-03-19 14:41:49 -04:00
Josh Patterson
442bd1499d ensure bool sliders for patch 2026-03-19 14:39:10 -04:00
Josh Patterson
30ea309dff ensure bool sliders for manager 2026-03-19 14:36:36 -04:00
Josh Patterson
bfeefeea2f ensure bool sliders for kratos 2026-03-19 14:36:05 -04:00
Josh Patterson
8251d56a96 ensure bool sliders for kibana 2026-03-19 14:24:13 -04:00
Josh Patterson
1b1e602716 ensure bool sliders for influxdb 2026-03-19 14:16:37 -04:00
Josh Patterson
034b1d045b ensure bool sliders for idh 2026-03-19 14:00:20 -04:00
Josh Patterson
20bf88b338 ensure bool sliders for elasticsearch 2026-03-19 13:52:40 -04:00
Josh Patterson
d3f819017b ensure bool sliders for elasticfleet config options 2026-03-19 13:13:26 -04:00
Josh Patterson
c92aedfff3 ensure bool sliders for elastalert config options 2026-03-19 13:06:32 -04:00