CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: CSEC_PUBLIC:bda83a47a2f2f45af528e5da823b76aef34603a4
Branches Tags
CSEC_PUBLIC:master CSEC_PUBLIC:2.4/dev CSEC_PUBLIC:idstools-refactor CSEC_PUBLIC:reyesj2/advilm CSEC_PUBLIC:bravo CSEC_PUBLIC:jertel/wip CSEC_PUBLIC:certtest CSEC_PUBLIC:TOoSmOotH-patch-2 CSEC_PUBLIC:reyesj2-patch-2 CSEC_PUBLIC:TOoSmOotH-patch-1 CSEC_PUBLIC:delta CSEC_PUBLIC:salt300616 CSEC_PUBLIC:2.4/main CSEC_PUBLIC:2.4.190 CSEC_PUBLIC:foxtrot CSEC_PUBLIC:2.4/playbooklocalrepo CSEC_PUBLIC:2.4.170 CSEC_PUBLIC:hotfix/2.4.150 CSEC_PUBLIC:kaffytaffy CSEC_PUBLIC:2.3/main CSEC_PUBLIC:dev CSEC_PUBLIC:kilo CSEC_PUBLIC:sysusers CSEC_PUBLIC:feature/users
CSEC_PUBLIC:2.4.190-20251024 CSEC_PUBLIC:2.4.180-20250916 CSEC_PUBLIC:2.4.170-20250812 CSEC_PUBLIC:2.4.160-20250625 CSEC_PUBLIC:2.4.160-20250615 CSEC_PUBLIC:2.4.150-20250522 CSEC_PUBLIC:2.4.150-20250512 CSEC_PUBLIC:2.4.141-20250331 CSEC_PUBLIC:2.4.140-20250324 CSEC_PUBLIC:2.4.130-20250311 CSEC_PUBLIC:2.4.120-20250212 CSEC_PUBLIC:2.4.111-20241217 CSEC_PUBLIC:2.4.110-20241010 CSEC_PUBLIC:2.4.110-20241004 CSEC_PUBLIC:2.4.100-20240903 CSEC_PUBLIC:2.4.100-20240829 CSEC_PUBLIC:2.4.90-20240729 CSEC_PUBLIC:2.4.80-20240624 CSEC_PUBLIC:2.4.80-20240625 CSEC_PUBLIC:2.4.70-20240529 CSEC_PUBLIC:2.3.300-20240401 CSEC_PUBLIC:2.4.60-20240320 CSEC_PUBLIC:2.3.290-20240229 CSEC_PUBLIC:2.4.50-20240220 CSEC_PUBLIC:2.4.40-20240116 CSEC_PUBLIC:2.4.30-20231228 CSEC_PUBLIC:2.4.30-20231219 CSEC_PUBLIC:2.4.30-20231204 CSEC_PUBLIC:2.3.280-20231128 CSEC_PUBLIC:2.4.30-20231121 CSEC_PUBLIC:2.4.30-20231117 CSEC_PUBLIC:2.4.30-20231113 CSEC_PUBLIC:2.4.20-20231012 CSEC_PUBLIC:2.4.20-20231006 CSEC_PUBLIC:2.3.270-1006 CSEC_PUBLIC:2.4.10-202030821 CSEC_PUBLIC:2.4.10-20230815 CSEC_PUBLIC:2.4.5-20230807 CSEC_PUBLIC:2.4.5 CSEC_PUBLIC:2.4.4-20230728 CSEC_PUBLIC:2.4.3-20230711 CSEC_PUBLIC:2.3.260-20230620 CSEC_PUBLIC:2.4.2-20230531 CSEC_PUBLIC:2.3.250-20230519 CSEC_PUBLIC:2.3.240-20220426 CSEC_PUBLIC:2.4.1-20230424 CSEC_PUBLIC:2.3.230-20230417 CSEC_PUBLIC:2.4.0-20230328 CSEC_PUBLIC:2.3.220-20230301 CSEC_PUBLIC:2.3.220-20230224 CSEC_PUBLIC:2.3.210-20230202 CSEC_PUBLIC:2.3.200-20230113 CSEC_PUBLIC:2.3.190-20221207 CSEC_PUBLIC:2.3.190-20221205 CSEC_PUBLIC:2.3.182-20221109 CSEC_PUBLIC:2.3.181-20221021 CSEC_PUBLIC:2.3.180-20221014 CSEC_PUBLIC:2.3.170-20220922 CSEC_PUBLIC:2.3.160-20220829 CSEC_PUBLIC:2.3.150-20220820 CSEC_PUBLIC:2.3.140-20220812 CSEC_PUBLIC:2.3.140-20220719 CSEC_PUBLIC:2.3.140-20220718 CSEC_PUBLIC:2.3.130-20220607 CSEC_PUBLIC:2.3.120 CSEC_PUBLIC:2.3.110-20220407 CSEC_PUBLIC:2.3.110-20220405 CSEC_PUBLIC:2.3.110-20220401 CSEC_PUBLIC:2.3.110-20220309 CSEC_PUBLIC:2.3.100-20220301 CSEC_PUBLIC:2.3.100-20220203 CSEC_PUBLIC:2.3.100-20220202 CSEC_PUBLIC:2.3.100 CSEC_PUBLIC:2.3.91 CSEC_PUBLIC:2.3.90-20211213 CSEC_PUBLIC:2.3.90-20211210 CSEC_PUBLIC:2.3.90-20211206 CSEC_PUBLIC:2.3.90-AIRGAPFIX CSEC_PUBLIC:2.3.90-WAZUH CSEC_PUBLIC:2.3.90 CSEC_PUBLIC:2.3.80 CSEC_PUBLIC:2.3.70-WAZUH CSEC_PUBLIC:2.3.70-GRAFANA CSEC_PUBLIC:2.3.70-CURATOR CSEC_PUBLIC:2.3.70 CSEC_PUBLIC:2.3.61MSEARCH CSEC_PUBLIC:2.3.61STENODOCKER CSEC_PUBLIC:2.3.61 CSEC_PUBLIC:2.3.60CURATORAUTH CSEC_PUBLIC:2.3.60FBPIPELINE CSEC_PUBLIC:2.3.60HEAVYNODE CSEC_PUBLIC:2.3.60ECS CSEC_PUBLIC:2.3.60 CSEC_PUBLIC:2.3.52 CSEC_PUBLIC:2.3.51 CSEC_PUBLIC:2.3.50GRIDFIX CSEC_PUBLIC:2.3.50 CSEC_PUBLIC:2.3.40 CSEC_PUBLIC:2.3.30 CSEC_PUBLIC:2.3.21 CSEC_PUBLIC:2.3.20 CSEC_PUBLIC:2.3.10 CSEC_PUBLIC:2.3.2 CSEC_PUBLIC:2.3.1 CSEC_PUBLIC:2.3.0 CSEC_PUBLIC:2.2.0-rc3 CSEC_PUBLIC:2.1.0-rc2 CSEC_PUBLIC:2.0.1-rc1.1 CSEC_PUBLIC:2.0.1-rc1 CSEC_PUBLIC:2.0.0-rc1 CSEC_PUBLIC:1.4.1 CSEC_PUBLIC:1.4.0 CSEC_PUBLIC:1.3.0 CSEC_PUBLIC:1.2.1-1 CSEC_PUBLIC:1.2.1 CSEC_PUBLIC:1.1.4 CSEC_PUBLIC:1.1.3 CSEC_PUBLIC:1.0.4 CSEC_PUBLIC:v1.0.3
...
compare: CSEC_PUBLIC:certtest
Branches Tags
CSEC_PUBLIC:2.4/dev CSEC_PUBLIC:idstools-refactor CSEC_PUBLIC:reyesj2/advilm CSEC_PUBLIC:bravo CSEC_PUBLIC:jertel/wip CSEC_PUBLIC:certtest CSEC_PUBLIC:TOoSmOotH-patch-2 CSEC_PUBLIC:reyesj2-patch-2 CSEC_PUBLIC:TOoSmOotH-patch-1 CSEC_PUBLIC:delta CSEC_PUBLIC:salt300616 CSEC_PUBLIC:2.4/main CSEC_PUBLIC:2.4.190 CSEC_PUBLIC:foxtrot CSEC_PUBLIC:2.4/playbooklocalrepo CSEC_PUBLIC:2.4.170 CSEC_PUBLIC:hotfix/2.4.150 CSEC_PUBLIC:kaffytaffy CSEC_PUBLIC:2.3/main CSEC_PUBLIC:master CSEC_PUBLIC:dev CSEC_PUBLIC:kilo CSEC_PUBLIC:sysusers CSEC_PUBLIC:feature/users
CSEC_PUBLIC:2.4.190-20251024 CSEC_PUBLIC:2.4.180-20250916 CSEC_PUBLIC:2.4.170-20250812 CSEC_PUBLIC:2.4.160-20250625 CSEC_PUBLIC:2.4.160-20250615 CSEC_PUBLIC:2.4.150-20250522 CSEC_PUBLIC:2.4.150-20250512 CSEC_PUBLIC:2.4.141-20250331 CSEC_PUBLIC:2.4.140-20250324 CSEC_PUBLIC:2.4.130-20250311 CSEC_PUBLIC:2.4.120-20250212 CSEC_PUBLIC:2.4.111-20241217 CSEC_PUBLIC:2.4.110-20241010 CSEC_PUBLIC:2.4.110-20241004 CSEC_PUBLIC:2.4.100-20240903 CSEC_PUBLIC:2.4.100-20240829 CSEC_PUBLIC:2.4.90-20240729 CSEC_PUBLIC:2.4.80-20240624 CSEC_PUBLIC:2.4.80-20240625 CSEC_PUBLIC:2.4.70-20240529 CSEC_PUBLIC:2.3.300-20240401 CSEC_PUBLIC:2.4.60-20240320 CSEC_PUBLIC:2.3.290-20240229 CSEC_PUBLIC:2.4.50-20240220 CSEC_PUBLIC:2.4.40-20240116 CSEC_PUBLIC:2.4.30-20231228 CSEC_PUBLIC:2.4.30-20231219 CSEC_PUBLIC:2.4.30-20231204 CSEC_PUBLIC:2.3.280-20231128 CSEC_PUBLIC:2.4.30-20231121 CSEC_PUBLIC:2.4.30-20231117 CSEC_PUBLIC:2.4.30-20231113 CSEC_PUBLIC:2.4.20-20231012 CSEC_PUBLIC:2.4.20-20231006 CSEC_PUBLIC:2.3.270-1006 CSEC_PUBLIC:2.4.10-202030821 CSEC_PUBLIC:2.4.10-20230815 CSEC_PUBLIC:2.4.5-20230807 CSEC_PUBLIC:2.4.5 CSEC_PUBLIC:2.4.4-20230728 CSEC_PUBLIC:2.4.3-20230711 CSEC_PUBLIC:2.3.260-20230620 CSEC_PUBLIC:2.4.2-20230531 CSEC_PUBLIC:2.3.250-20230519 CSEC_PUBLIC:2.3.240-20220426 CSEC_PUBLIC:2.4.1-20230424 CSEC_PUBLIC:2.3.230-20230417 CSEC_PUBLIC:2.4.0-20230328 CSEC_PUBLIC:2.3.220-20230301 CSEC_PUBLIC:2.3.220-20230224 CSEC_PUBLIC:2.3.210-20230202 CSEC_PUBLIC:2.3.200-20230113 CSEC_PUBLIC:2.3.190-20221207 CSEC_PUBLIC:2.3.190-20221205 CSEC_PUBLIC:2.3.182-20221109 CSEC_PUBLIC:2.3.181-20221021 CSEC_PUBLIC:2.3.180-20221014 CSEC_PUBLIC:2.3.170-20220922 CSEC_PUBLIC:2.3.160-20220829 CSEC_PUBLIC:2.3.150-20220820 CSEC_PUBLIC:2.3.140-20220812 CSEC_PUBLIC:2.3.140-20220719 CSEC_PUBLIC:2.3.140-20220718 CSEC_PUBLIC:2.3.130-20220607 CSEC_PUBLIC:2.3.120 CSEC_PUBLIC:2.3.110-20220407 CSEC_PUBLIC:2.3.110-20220405 CSEC_PUBLIC:2.3.110-20220401 CSEC_PUBLIC:2.3.110-20220309 CSEC_PUBLIC:2.3.100-20220301 CSEC_PUBLIC:2.3.100-20220203 CSEC_PUBLIC:2.3.100-20220202 CSEC_PUBLIC:2.3.100 CSEC_PUBLIC:2.3.91 CSEC_PUBLIC:2.3.90-20211213 CSEC_PUBLIC:2.3.90-20211210 CSEC_PUBLIC:2.3.90-20211206 CSEC_PUBLIC:2.3.90-AIRGAPFIX CSEC_PUBLIC:2.3.90-WAZUH CSEC_PUBLIC:2.3.90 CSEC_PUBLIC:2.3.80 CSEC_PUBLIC:2.3.70-WAZUH CSEC_PUBLIC:2.3.70-GRAFANA CSEC_PUBLIC:2.3.70-CURATOR CSEC_PUBLIC:2.3.70 CSEC_PUBLIC:2.3.61MSEARCH CSEC_PUBLIC:2.3.61STENODOCKER CSEC_PUBLIC:2.3.61 CSEC_PUBLIC:2.3.60CURATORAUTH CSEC_PUBLIC:2.3.60FBPIPELINE CSEC_PUBLIC:2.3.60HEAVYNODE CSEC_PUBLIC:2.3.60ECS CSEC_PUBLIC:2.3.60 CSEC_PUBLIC:2.3.52 CSEC_PUBLIC:2.3.51 CSEC_PUBLIC:2.3.50GRIDFIX CSEC_PUBLIC:2.3.50 CSEC_PUBLIC:2.3.40 CSEC_PUBLIC:2.3.30 CSEC_PUBLIC:2.3.21 CSEC_PUBLIC:2.3.20 CSEC_PUBLIC:2.3.10 CSEC_PUBLIC:2.3.2 CSEC_PUBLIC:2.3.1 CSEC_PUBLIC:2.3.0 CSEC_PUBLIC:2.2.0-rc3 CSEC_PUBLIC:2.1.0-rc2 CSEC_PUBLIC:2.0.1-rc1.1 CSEC_PUBLIC:2.0.1-rc1 CSEC_PUBLIC:2.0.0-rc1 CSEC_PUBLIC:1.4.1 CSEC_PUBLIC:1.4.0 CSEC_PUBLIC:1.3.0 CSEC_PUBLIC:1.2.1-1 CSEC_PUBLIC:1.2.1 CSEC_PUBLIC:1.1.4 CSEC_PUBLIC:1.1.3 CSEC_PUBLIC:1.0.4 CSEC_PUBLIC:v1.0.3

4 Commits
bda83a47a2 ... certtest

Author SHA1 Message Date
Josh Patterson
7b4d471d7e cert expire test 2025-12-01 12:02:55 -05:00
Josh Patterson
36a6a59d55 renew certs 7 days before expire 2025-12-01 11:54:10 -05:00
Mike Reeves
875de88cb4 Merge pull request #15271 from Security-Onion-Solutions/TOoSmOotH-patch-2 
Add JA4D option to config.zeek.ja4
 2025-12-01 10:03:12 -05:00
Mike Reeves
63bb44886e Add JA4D option to config.zeek.ja4 2025-12-01 10:00:42 -05:00
6 changed files with 43 additions and 41 deletions
Expand all files Collapse all files

12
salt/ca/files/signing_policies.conf
View File

@@ -10,7 +10,7 @@ x509_signing_policies:
- keyUsage: "digitalSignature, nonRepudiation" - keyUsage: "digitalSignature, nonRepudiation"
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- days_valid: 820 - days_valid: 9
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/
registry: registry:
- minions: '*' - minions: '*'
@@ -24,7 +24,7 @@ x509_signing_policies:
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- extendedKeyUsage: serverAuth - extendedKeyUsage: serverAuth
- days_valid: 820 - days_valid: 9
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/
managerssl: managerssl:
- minions: '*' - minions: '*'
@@ -38,7 +38,7 @@ x509_signing_policies:
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- extendedKeyUsage: serverAuth - extendedKeyUsage: serverAuth
- days_valid: 820 - days_valid: 9
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/
influxdb: influxdb:
- minions: '*' - minions: '*'
@@ -52,7 +52,7 @@ x509_signing_policies:
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- extendedKeyUsage: serverAuth - extendedKeyUsage: serverAuth
- days_valid: 820 - days_valid: 9
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/
elasticfleet: elasticfleet:
- minions: '*' - minions: '*'
@@ -65,7 +65,7 @@ x509_signing_policies:
- keyUsage: "digitalSignature, nonRepudiation" - keyUsage: "digitalSignature, nonRepudiation"
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- days_valid: 820 - days_valid: 9
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/
kafka: kafka:
- minions: '*' - minions: '*'
@@ -79,5 +79,5 @@ x509_signing_policies:
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- extendedKeyUsage: "serverAuth, clientAuth" - extendedKeyUsage: "serverAuth, clientAuth"
- days_valid: 820 - days_valid: 9
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/

4
salt/ca/init.sls
View File

@@ -39,8 +39,8 @@ pki_public_ca_crt:
- extendedkeyUsage: "serverAuth, clientAuth" - extendedkeyUsage: "serverAuth, clientAuth"
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid:always, issuer - authorityKeyIdentifier: keyid:always, issuer
- days_valid: 3650 - days_valid: 11
- days_remaining: 0 - days_remaining: 7
- backup: True - backup: True
- replace: False - replace: False
- require: - require:

14
salt/kafka/ssl.sls
View File

@@ -44,8 +44,8 @@ kafka_client_crt:
- signing_policy: kafka - signing_policy: kafka
- private_key: /etc/pki/kafka-client.key - private_key: /etc/pki/kafka-client.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -92,8 +92,8 @@ kafka_crt:
- signing_policy: kafka - signing_policy: kafka
- private_key: /etc/pki/kafka.key - private_key: /etc/pki/kafka.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -153,8 +153,8 @@ kafka_logstash_crt:
- signing_policy: kafka - signing_policy: kafka
- private_key: /etc/pki/kafka-logstash.key - private_key: /etc/pki/kafka-logstash.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -198,4 +198,4 @@ kafka_logstash_pkcs12_perms:
test.fail_without_changes: test.fail_without_changes:
- name: {{sls}}_state_not_allowed - name: {{sls}}_state_not_allowed
{% endif %} {% endif %}

4
salt/nginx/enabled.sls
View File

@@ -64,8 +64,8 @@ managerssl_crt:
- private_key: /etc/pki/managerssl.key - private_key: /etc/pki/managerssl.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- subjectAltName: "DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}, DNS:{{ GLOBALS.url_base }}" - subjectAltName: "DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}, DNS:{{ GLOBALS.url_base }}"
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:

48
salt/ssl/init.sls
View File

@@ -84,8 +84,8 @@ influxdb_crt:
- private_key: /etc/pki/influxdb.key - private_key: /etc/pki/influxdb.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -123,8 +123,8 @@ redis_crt:
- signing_policy: registry - signing_policy: registry
- private_key: /etc/pki/redis.key - private_key: /etc/pki/redis.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -165,8 +165,8 @@ etc_elasticfleet_crt:
- private_key: /etc/pki/elasticfleet-server.key - private_key: /etc/pki/elasticfleet-server.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- subjectAltName: DNS:{{ GLOBALS.hostname }},DNS:{{ GLOBALS.url_base }},IP:{{ GLOBALS.node_ip }}{% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %},DNS:{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(',DNS:') }}{% endif %} - subjectAltName: DNS:{{ GLOBALS.hostname }},DNS:{{ GLOBALS.url_base }},IP:{{ GLOBALS.node_ip }}{% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %},DNS:{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(',DNS:') }}{% endif %}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -222,8 +222,8 @@ etc_elasticfleet_logstash_crt:
- private_key: /etc/pki/elasticfleet-logstash.key - private_key: /etc/pki/elasticfleet-logstash.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- subjectAltName: DNS:{{ GLOBALS.hostname }},DNS:{{ GLOBALS.url_base }},IP:{{ GLOBALS.node_ip }}{% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %},DNS:{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(',DNS:') }}{% endif %} - subjectAltName: DNS:{{ GLOBALS.hostname }},DNS:{{ GLOBALS.url_base }},IP:{{ GLOBALS.node_ip }}{% if ELASTICFLEETMERGED.config.server.custom_fqdn | length > 0 %},DNS:{{ ELASTICFLEETMERGED.config.server.custom_fqdn | join(',DNS:') }}{% endif %}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -283,8 +283,8 @@ etc_elasticfleetlumberjack_crt:
- private_key: /etc/pki/elasticfleet-lumberjack.key - private_key: /etc/pki/elasticfleet-lumberjack.key
- CN: {{ GLOBALS.node_ip }} - CN: {{ GLOBALS.node_ip }}
- subjectAltName: DNS:{{ GLOBALS.hostname }} - subjectAltName: DNS:{{ GLOBALS.hostname }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -350,8 +350,8 @@ etc_elasticfleet_agent_crt:
- signing_policy: elasticfleet - signing_policy: elasticfleet
- private_key: /etc/pki/elasticfleet-agent.key - private_key: /etc/pki/elasticfleet-agent.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -412,8 +412,8 @@ etc_filebeat_crt:
- private_key: /etc/pki/filebeat.key - private_key: /etc/pki/filebeat.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -483,8 +483,8 @@ registry_crt:
- signing_policy: registry - signing_policy: registry
- private_key: /etc/pki/registry.key - private_key: /etc/pki/registry.key
- CN: {{ GLOBALS.manager }} - CN: {{ GLOBALS.manager }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -521,8 +521,8 @@ regkeyperms:
- private_key: /etc/pki/elasticsearch.key - private_key: /etc/pki/elasticsearch.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -582,8 +582,8 @@ conf_filebeat_crt:
- private_key: /opt/so/conf/filebeat/etc/pki/filebeat.key - private_key: /opt/so/conf/filebeat/etc/pki/filebeat.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -636,8 +636,8 @@ chownfilebeatp8:
- private_key: /etc/pki/elasticsearch.key - private_key: /etc/pki/elasticsearch.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:
@@ -686,8 +686,8 @@ elasticfleet_kafka_crt:
- private_key: /etc/pki/elasticfleet-kafka.key - private_key: /etc/pki/elasticfleet-kafka.key
- CN: {{ GLOBALS.hostname }} - CN: {{ GLOBALS.hostname }}
- subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }} - subjectAltName: DNS:{{ GLOBALS.hostname }}, IP:{{ GLOBALS.node_ip }}
- days_remaining: 0 - days_remaining: 7
- days_valid: 820 - days_valid: 9
- backup: True - backup: True
- timeout: 30 - timeout: 30
- retry: - retry:

2
salt/zeek/files/config.zeek.ja4
View File

@@ -11,6 +11,8 @@ export {
option JA4S_enabled: bool = F; option JA4S_enabled: bool = F;
option JA4S_raw: bool = F; option JA4S_raw: bool = F;
option JA4D_enabled: bool = F;
option JA4H_enabled: bool = F; option JA4H_enabled: bool = F;
option JA4H_raw: bool = F; option JA4H_raw: bool = F;