CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-24 09:53:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,145 Commits 19 Branches 120 Tags
d3d11ff67b876704d43cb4ae450a9ba2e2382f4d
Commit Graph

3494 Commits

Author SHA1 Message Date
Masaya-A
d3d11ff67b Delete some directories 
Delete some directories that should not be handled by common-rotate.
 2021-01-20 13:42:20 +09:00
Masaya-A
b2b221fa46 Specify the file name for Suricata 
stats.log will be rotated by surirotate
 2021-01-20 13:20:04 +09:00
Masaya-A
e20891ac44 Fix spacing 2021-01-20 13:10:33 +09:00
Masaya-A
8cca792a8f To avoid lots of "[stenoloss.sh] <defunct>" 2021-01-20 12:16:17 +09:00
Masaya-A
5dad143c42 Need full path in order to work on cron 2021-01-20 12:14:09 +09:00
Jason Ertel
71e0014115 Wrap parenthesis around correlation filter to allow additional filtering 2021-01-19 17:51:23 -05:00
Jason Ertel
d91913e58e Redirect tcpreplay warnings to dev null when running so-test 2021-01-18 21:42:50 -05:00
Mike Reeves
12aa4033b6 Fix soup in case airgap is in the hostname 2021-01-18 18:08:34 -05:00
Jason Ertel
2006677a22 Add default customization file (Blank) 2021-01-15 20:08:27 -05:00
Jason Ertel
0af6afa216 Add method for making adjustments to the SOC UI 2021-01-15 16:26:06 -05:00
William Wernert
432d231a0e [fix] Don't use set -e since we depend on non-zero exit codes for this function 2021-01-15 13:52:10 -05:00
William Wernert
9726ff9ce6 [fix] Correct logic for verbose flag 2021-01-15 13:39:12 -05:00
Mike Reeves
9cf63545bc Merge pull request #2640 from Masaya-A/influxdb/strengthen 
Disable weak cipher suites from influxdb
 2021-01-15 10:50:21 -05:00
William Wernert
ed129bcf1f [fix] Add verbose flag so that so-monitor-add only sees necessary information 2021-01-15 09:25:04 -05:00
Jason Ertel
07b5f1d23e Rename functions to avoid naming conflict with setup vars 2021-01-15 08:55:30 -05:00
Masaya-A
0d93b15a63 Disable weak cipher suites from influxdb 
The default config of influxdb enables use of some weak cipher suites such as RC4 and 3DES(SWEET32).
To disable them, a list of enabled ciphers added into influxdb.conf.
 2021-01-15 11:47:04 +09:00
William Wernert
dbe22f901d [fix] Add jinja raw block to so-common 2021-01-14 14:54:37 -05:00
William Wernert
ebc5a4314a [feat] Add salt logs to log rotation config 2021-01-14 13:43:00 -05:00
William Wernert
0db439df1e Merge branch 'dev' into feature/setup 2021-01-14 13:06:32 -05:00
William Wernert
82c7832d60 [fix] Fix indent in valid_hostname 2021-01-14 12:58:21 -05:00
Jason Ertel
9d0dca05b1 Adjusted logic on so-tcpreplay to handle init for standalone/eval nodes 2021-01-13 22:29:58 -05:00
Jason Ertel
ea1ab75072 Refactored so-common node type checks for improved readability; Updated so-tcpreplay to support distributed grids 2021-01-13 12:42:54 -05:00
William Wernert
4dc3a6aa35 [refactor] Standardize list inputs to comma separated 2021-01-13 11:36:20 -05:00
m0duspwnens
df590bfd23 pillarize disk freespace for steno https://github.com/Security-Onion-Solutions/securityonion/issues/2095 2021-01-13 11:09:38 -05:00
Mike Reeves
2950779d91 Fix stralka rule update 2021-01-13 09:57:12 -05:00
m0duspwnens
225ed1c14a change suriloss and zeekloss to be more similar code style 2021-01-12 16:39:19 -05:00
William Wernert
332c6877b8 [fix] Add extra arg to printf instead of using echo 2021-01-12 11:01:25 -05:00
William Wernert
ef7a934b9d [feat] Add functions for input validation 2021-01-12 11:01:04 -05:00
m0duspwnens
6ea1a83afe resolve some issues with the zeekloss script https://github.com/Security-Onion-Solutions/securityonion/issues/2590 2021-01-11 14:10:08 -05:00
Jason Ertel
bc8e200919 Continued retry implementation for salt-key acceptance; improve timestamp coverage in setup 2021-01-10 02:34:46 -05:00
Jason Ertel
63047b4b85 Add retry logic around salt key acceptance during setup 2021-01-10 00:57:43 -05:00
Josh Patterson
d2848b9985 Merge pull request #2561 from Security-Onion-Solutions/automation/so-status 
add description for exit code 99
 2021-01-07 11:24:14 -05:00
m0duspwnens
83e7493691 add description for exit code 99 2021-01-07 11:23:39 -05:00
Josh Patterson
d287dd2412 Merge pull request #2557 from Security-Onion-Solutions/automation/so-status 
Automation/so status
 2021-01-07 09:07:12 -05:00
m0duspwnens
a5735e6654 return 99 if setup is running 2021-01-06 20:14:42 -05:00
m0duspwnens
ae7c0a26be add a quiet mode to so-status for automation testing 2021-01-06 18:46:21 -05:00
Wes Lambert
7f64d57111 Reserve port for Wazuh API and check if port is already in use 2021-01-06 14:37:28 -05:00
Wes Lambert
e7db1a99bd Set @timestamp to winlog.systemTime 2021-01-06 14:37:28 -05:00
Mike Reeves
7d25e8a08b Remove ERSPAN so log doesn't show a warning 2021-01-06 14:37:28 -05:00
Masaya-A
d37023e0f5 Make yum removing unneeded packages 
Reference: https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/2020-09-03/finding/V-204452
 2021-01-06 14:37:28 -05:00
weslambert
c864cc607f Remove multiple old so-yara-update cron jobs, if needed 2021-01-06 14:37:27 -05:00
weslambert
958635b012 Remove old Strelka cron job 2021-01-06 14:37:27 -05:00
Jason Ertel
7dcd934269 so-fleet-setup doesn't need an interactive terminal to run, remove 'it' 2021-01-06 14:37:27 -05:00
Jason Ertel
bedbd39b82 tcpreplay doesn't need an interactive terminal to run, remove 'it' 2021-01-06 14:37:27 -05:00
Jason Ertel
7d97e3590c Redirect tcpreplay init output to file 2021-01-06 14:37:27 -05:00
Jason Ertel
10d04f760d Use manager internal IP for intra-service comms 2021-01-06 14:37:26 -05:00
Jason Ertel
fb28faa4e3 Monitor interface will not always be bond0 - pull correct value from pillar; Replay test data after automated test installations complete. 2021-01-06 14:37:26 -05:00
weslambert
36ae09ac4a Merge pull request #2545 from Security-Onion-Solutions/fix/wazuh_port_reservation 
Reserve port for Wazuh API and check if port is already in use
 2021-01-06 11:49:23 -05:00
Wes Lambert
875908dc90 Set @timestamp to winlog.systemTime 2021-01-06 16:47:35 +00:00
Wes Lambert
f2b677bfcb Reserve port for Wazuh API and check if port is already in use 2021-01-06 15:52:10 +00:00