CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-10 14:51:56 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,973 Commits 30 Branches 125 Tags
2dfa83dd7da1ec2a0cb87aef8a9cabdc42fc0161
Commit Graph

336 Commits

Author SHA1 Message Date
Mike Reeves
868cd11874 Add so-postgres Salt states and integration wiring 
Phase 1 of the PostgreSQL central data platform:
- Salt states: init, enabled, disabled, config, ssl, auth, sostatus
- TLS via SO CA-signed certs with postgresql.conf template
- Two-tier auth: postgres superuser + so_postgres application user
- Firewall restricts port 5432 to manager-only (HA-ready)
- Wired into top.sls, pillar/top.sls, allowed_states, firewall
  containers map, docker defaults, CA signing policies, and setup
  scripts for all manager-type roles
 2026-04-08 10:58:52 -04:00
Josh Patterson
614537998a remove curator.disabled from top 2026-03-16 16:44:11 -04:00
Josh Patterson
b3ed54633f cleanup steno. sensor run pcap.cleanup 2026-03-10 16:09:32 -04:00
Jason Ertel
71839bc87f remove steno 2026-03-06 15:45:36 -05:00
Josh Patterson
9960db200c Merge remote-tracking branch 'origin/2.4/dev' into bravo 2025-12-11 17:30:43 -05:00
Josh Patterson
b9ff1704b0 the great ssl refactor 2025-12-11 17:30:06 -05:00
DefensiveDepth
1b55642c86 Refactor rules location 2025-11-18 09:58:14 -05:00
DefensiveDepth
ded520c2c1 Merge remote-tracking branch 'origin/2.4/dev' into idstools-refactor 2025-09-17 10:42:43 -04:00
DefensiveDepth
a77157391c remove idstools 2025-09-17 10:42:05 -04:00
reyesj2
24be2f869b enable stig on fleet nodes 2025-08-20 12:08:50 -05:00
Josh Patterson
26d7ceebb2 libvirt.images requires scripts from hypervisor state 2025-05-02 11:30:35 -04:00
Josh Patterson
285d73d526 enable/disable soqemussh. allow for pw to be set 2025-04-18 14:07:32 -04:00
Josh Patterson
445afca6ee use vrt 2025-04-03 13:44:13 -04:00
Josh Patterson
4165b33995 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-03-27 15:34:39 -04:00
Josh Patterson
1d058729e5 break out manager from non manager 2025-03-27 13:27:34 -04:00
Josh Patterson
f9bf4e4130 Merge remote-tracking branch 'origin/2.4/dev' into vlb2 2025-03-27 11:26:32 -04:00
Josh Patterson
667e66bbef rename mine update and highstate state 2025-03-26 13:56:49 -04:00
Josh Patterson
55c815cae8 simplify highstate rerun when node_data pillar empty 2025-03-25 19:44:38 -04:00
Josh Patterson
79388af645 only managers need node_ips 2025-03-25 10:17:43 -04:00
Josh Patterson
8f40b66e3b update mine instead of failing highstate if no node_data 2025-03-24 19:49:24 -04:00
Josh Patterson
269919b980 run setup_hypervisor.setup_environment for mangerhype if needed 2025-03-18 09:39:49 -04:00
Josh Patterson
44a5b3b1e5 MANAGERHYPE setup is now complete! 2025-03-12 21:05:04 -04:00
Josh Patterson
b68f561e6f progress and hw tracking for soc hypervisor dynamic annotations 2025-02-21 09:50:01 -05:00
m0duspwnens
08bbeedbd7 add automatic NVMe device mounting for VMs with LVM support 2025-01-30 09:55:26 -05:00
m0duspwnens
213df68d04 merge with 120 dev and fix conflicts 2025-01-23 10:56:48 -05:00
m0duspwnens
17943ef0db add hypervisor state to hypervisor node 2025-01-18 08:24:50 -05:00
m0duspwnens
24eadf2507 add libvirt state to highstate for hypervisor. update allowed_states for libvirt 2025-01-16 17:46:20 -05:00
Jason Ertel
57a9992a3d Merge branch '2.4/dev' into jertel/wip 2024-11-11 10:06:44 -05:00
m0duspwnens
feb700393e merge with 2.4.120, fix merge conflicts 2024-10-25 15:09:38 -04:00
m0duspwnens
5fb660bc9a remove kernel bool option, just use list 2024-10-17 09:29:03 -04:00
Jason Ertel
523ff66389 connect work 2024-10-16 13:44:01 -04:00
reyesj2
385054b7b8 enable stig for so desktop 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-09-18 14:18:47 -04:00
m0duspwnens
9d2c5d54b0 hype changes 2024-08-07 10:43:53 -04:00
reyesj2
cf1335dd84 searchnode logstash-kafka cert generation 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-07-20 11:31:33 -04:00
reyesj2
268dcbe00b update receiver node allowed states 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-06-18 15:44:51 -04:00
reyesj2
2ad87bf1fe merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-08 16:30:45 -04:00
m0duspwnens
5e2e5b2724 Merge remote-tracking branch 'origin/2.4/dev' into orchit 2024-05-07 10:44:14 -04:00
m0duspwnens
dcc1f656ee predownload logstash and elastic for new searchnode and heavynode 2024-05-07 10:13:51 -04:00
Wes
5aa611302a Handle YARA rules for distributed deployments 2024-05-06 19:08:01 +00:00
reyesj2
58ebbfba20 Add kafka state to standalone highstate 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-05-01 13:03:14 -04:00
m0duspwnens
f514e5e9bb add kafka to receiver 2024-04-11 16:23:05 -04:00
m0duspwnens
780ad9eb10 add kafka to manager nodes 2024-04-02 15:50:25 -04:00
m0duspwnens
e25bc8efe4 Merge remote-tracking branch 'origin/reyesj2/kafka' into kaffytaffy 2024-04-02 13:36:47 -04:00
DefensiveDepth
d7ecad4333 Initial cut to remove Playbook and deps 2024-03-25 19:42:31 -04:00
reyesj2
446f1ffdf5 merge 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-03-25 13:55:48 -04:00
Josh Brower
1847e5c3c0 Enable nginx on Fleet Node 2024-01-28 11:37:18 -05:00
reyesj2
a73d78300a Add initial stig state 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-01-15 21:17:17 -05:00
Wes
aba5893965 Add disabled state for Curator 2023-12-18 20:50:49 +00:00
Wes
d203aec44a Remove Curator 2023-12-08 19:37:06 +00:00
reyesj2
8cf29682bb Update to merge in 2.4/dev 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2023-11-29 13:41:23 -05:00