mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
Compare commits
5 Commits
55e3a2c6b6
...
bravo
| Author | SHA1 | Date | |
|---|---|---|---|
|
545060103a | ||
|
|
e010b5680a | ||
|
|
8620d3987e | ||
|
|
aed27fa111 | ||
|
|
36a6a59d55 |
@@ -40,7 +40,7 @@ pki_public_ca_crt:
|
||||
- subjectKeyIdentifier: hash
|
||||
- authorityKeyIdentifier: keyid:always, issuer
|
||||
- days_valid: 3650
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- backup: True
|
||||
- replace: False
|
||||
- require:
|
||||
|
||||
@@ -44,7 +44,7 @@ kafka_client_crt:
|
||||
- signing_policy: kafka
|
||||
- private_key: /etc/pki/kafka-client.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -92,7 +92,7 @@ kafka_crt:
|
||||
- signing_policy: kafka
|
||||
- private_key: /etc/pki/kafka.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -153,7 +153,7 @@ kafka_logstash_crt:
|
||||
- signing_policy: kafka
|
||||
- private_key: /etc/pki/kafka-logstash.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -198,4 +198,4 @@ kafka_logstash_pkcs12_perms:
|
||||
test.fail_without_changes:
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
@@ -64,7 +64,7 @@ managerssl_crt:
|
||||
- private_key: /etc/pki/managerssl.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- subjectAltName: "DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}, DNS:{{ GLOBALS.url_base }}"
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
|
||||
@@ -84,7 +84,7 @@ influxdb_crt:
|
||||
- private_key: /etc/pki/influxdb.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -123,7 +123,7 @@ redis_crt:
|
||||
- signing_policy: registry
|
||||
- private_key: /etc/pki/redis.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -165,7 +165,7 @@ etc_elasticfleet_crt:
|
||||
- private_key: /etc/pki/elasticfleet-server.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- subjectAltName: DNS:{{ GLOBALS.hostname }},DNS:{{ GLOBALS.url_base }},IP:{{ GLOBALS.node_ip }}{% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %},DNS:{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(',DNS:') }}{% endif %}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -222,7 +222,7 @@ etc_elasticfleet_logstash_crt:
|
||||
- private_key: /etc/pki/elasticfleet-logstash.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- subjectAltName: DNS:{{ GLOBALS.hostname }},DNS:{{ GLOBALS.url_base }},IP:{{ GLOBALS.node_ip }}{% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %},DNS:{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(',DNS:') }}{% endif %}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -283,7 +283,7 @@ etc_elasticfleetlumberjack_crt:
|
||||
- private_key: /etc/pki/elasticfleet-lumberjack.key
|
||||
- CN: {{ GLOBALS.node_ip }}
|
||||
- subjectAltName: DNS:{{ GLOBALS.hostname }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -350,7 +350,7 @@ etc_elasticfleet_agent_crt:
|
||||
- signing_policy: elasticfleet
|
||||
- private_key: /etc/pki/elasticfleet-agent.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -412,7 +412,7 @@ etc_filebeat_crt:
|
||||
- private_key: /etc/pki/filebeat.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -483,7 +483,7 @@ registry_crt:
|
||||
- signing_policy: registry
|
||||
- private_key: /etc/pki/registry.key
|
||||
- CN: {{ GLOBALS.manager }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -521,7 +521,7 @@ regkeyperms:
|
||||
- private_key: /etc/pki/elasticsearch.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -582,7 +582,7 @@ conf_filebeat_crt:
|
||||
- private_key: /opt/so/conf/filebeat/etc/pki/filebeat.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -636,7 +636,7 @@ chownfilebeatp8:
|
||||
- private_key: /etc/pki/elasticsearch.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
@@ -686,7 +686,7 @@ elasticfleet_kafka_crt:
|
||||
- private_key: /etc/pki/elasticfleet-kafka.key
|
||||
- CN: {{ GLOBALS.hostname }}
|
||||
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
|
||||
- days_remaining: 0
|
||||
- days_remaining: 7
|
||||
- days_valid: 820
|
||||
- backup: True
|
||||
- timeout: 30
|
||||
|
||||
@@ -1604,16 +1604,21 @@ proxy_validate() {
|
||||
|
||||
reserve_group_ids() {
|
||||
# This is a hack to fix OS from taking group IDs that we need
|
||||
logCmd "groupadd -g 920 docker"
|
||||
logCmd "groupadd -g 928 kratos"
|
||||
logCmd "groupadd -g 930 elasticsearch"
|
||||
logCmd "groupadd -g 931 logstash"
|
||||
logCmd "groupadd -g 932 kibana"
|
||||
logCmd "groupadd -g 933 elastalert"
|
||||
logCmd "groupadd -g 937 zeek"
|
||||
logCmd "groupadd -g 938 salt"
|
||||
logCmd "groupadd -g 939 socore"
|
||||
logCmd "groupadd -g 940 suricata"
|
||||
logCmd "groupadd -g 948 elastic-agent-pr"
|
||||
logCmd "groupadd -g 949 elastic-agent"
|
||||
logCmd "groupadd -g 941 stenographer"
|
||||
logCmd "groupadd -g 945 ossec"
|
||||
logCmd "groupadd -g 946 cyberchef"
|
||||
logCmd "groupadd -g 947 elastic-fleet"
|
||||
logCmd "groupadd -g 960 kafka"
|
||||
}
|
||||
|
||||
reserve_ports() {
|
||||
|
||||
@@ -682,6 +682,8 @@ if ! [[ -f $install_opt_file ]]; then
|
||||
fi
|
||||
info "Reserving ports"
|
||||
reserve_ports
|
||||
info "Reserving group ids"
|
||||
reserve_group_ids
|
||||
info "Setting Paths"
|
||||
# Set the paths
|
||||
set_path
|
||||
@@ -840,7 +842,10 @@ if ! [[ -f $install_opt_file ]]; then
|
||||
if [[ $monints ]]; then
|
||||
configure_network_sensor
|
||||
fi
|
||||
info "Reserving ports"
|
||||
reserve_ports
|
||||
info "Reserving group ids"
|
||||
reserve_group_ids
|
||||
# Set the version
|
||||
mark_version
|
||||
# Disable the setup from prompting at login
|
||||
|
||||
Reference in New Issue
Block a user