{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %} {% set WAZUH = salt['pillar.get']('global:wazuh', '0') %} {% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %} {% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %} {% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %} {% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %} {% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %} {% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %} {% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %} {% set FILEBEAT = salt['pillar.get']('filebeat:enabled', True) %} {% set KIBANA = salt['pillar.get']('kibana:enabled', True) %} {% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %} {% set CURATOR = salt['pillar.get']('curator:enabled', True) %} {% set REDIS = salt['pillar.get']('redis:enabled', True) %} {% set STRELKA = salt['pillar.get']('strelka:enabled', '0') %} {% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %} {% import_yaml 'salt/minion.defaults.yaml' as saltversion %} {% set saltversion = saltversion.salt.minion.version %} {# this is the list we are returning from this map file, it gets built below #} {% set allowed_states= [] %} {% if grains.saltversion | string == saltversion | string %} {% set allowed_states= salt['grains.filter_by']({ 'so-eval': [ 'salt.master', 'ca', 'ssl', 'registry', 'manager', 'nginx', 'telegraf', 'influxdb', 'grafana', 'soc', 'kratos', 'firewall', 'idstools', 'suricata.manager', 'healthcheck', 'pcap', 'suricata', 'utility', 'schedule', 'soctopus', 'tcpreplay', 'docker_clean', 'learn' ], 'so-heavynode': [ 'ssl', 'nginx', 'telegraf', 'firewall', 'pcap', 'suricata', 'healthcheck', 'schedule', 'tcpreplay', 'docker_clean' ], 'so-helixsensor': [ 'salt.master', 'ca', 'ssl', 'registry', 'telegraf', 'firewall', 'idstools', 'suricata.manager', 'zeek', 'redis', 'elasticsearch', 'logstash', 'schedule', 'tcpreplay', 'docker_clean' ], 'so-fleet': [ 'ssl', 'nginx', 'telegraf', 'firewall', 'mysql', 'redis', 'fleet', 'fleet.install_package', 'filebeat', 'schedule', 'docker_clean' ], 'so-idh': [ 'ssl', 'telegraf', 'firewall', 'fleet.install_package', 'filebeat', 'idh', 'schedule', 'docker_clean' ], 'so-import': [ 'salt.master', 'ca', 'ssl', 'registry', 'manager', 'nginx', 'soc', 'kratos', 'firewall', 'idstools', 'suricata.manager', 'pcap', 'utility', 'suricata', 'zeek', 'schedule', 'tcpreplay', 'docker_clean', 'learn' ], 'so-manager': [ 'salt.master', 'ca', 'ssl', 'registry', 'manager', 'nginx', 'telegraf', 'influxdb', 'grafana', 'soc', 'kratos', 'firewall', 'idstools', 'suricata.manager', 'utility', 'schedule', 'soctopus', 'docker_clean', 'learn' ], 'so-managersearch': [ 'salt.master', 'ca', 'ssl', 'registry', 'nginx', 'telegraf', 'influxdb', 'grafana', 'soc', 'kratos', 'firewall', 'manager', 'idstools', 'suricata.manager', 'utility', 'schedule', 'soctopus', 'docker_clean', 'learn' ], 'so-node': [ 'ssl', 'nginx', 'telegraf', 'firewall', 'schedule', 'docker_clean' ], 'so-standalone': [ 'salt.master', 'ca', 'ssl', 'registry', 'manager', 'nginx', 'telegraf', 'influxdb', 'grafana', 'soc', 'kratos', 'firewall', 'idstools', 'suricata.manager', 'pcap', 'suricata', 'healthcheck', 'utility', 'schedule', 'soctopus', 'tcpreplay', 'docker_clean', 'learn' ], 'so-sensor': [ 'ssl', 'telegraf', 'firewall', 'nginx', 'pcap', 'suricata', 'healthcheck', 'wazuh', 'filebeat', 'schedule', 'tcpreplay', 'docker_clean' ], 'so-receiver': [ 'ssl', 'telegraf', 'firewall', 'schedule', 'docker_clean' ], 'so-workstation': [ ], }, grain='role') %} {% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import', 'so-receiver'] %} {% do allowed_states.append('filebeat') %} {% endif %} {% if ((FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0) and grains.role in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone'] %} {% do allowed_states.append('mysql') %} {% endif %} {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-receiver'] %} {% do allowed_states.append('fleet.install_package') %} {% endif %} {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %} {% do allowed_states.append('fleet') %} {% endif %} {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-eval'] %} {% do allowed_states.append('redis') %} {% endif %} {%- if ZEEKVER != 'SURICATA' and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %} {% do allowed_states.append('zeek') %} {%- endif %} {% if STRELKA and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %} {% do allowed_states.append('strelka') %} {% endif %} {% if WAZUH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-receiver','so-idh']%} {% do allowed_states.append('wazuh') %} {% endif %} {% if ELASTICSEARCH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import'] %} {% do allowed_states.append('elasticsearch') %} {% endif %} {% if ELASTICSEARCH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %} {% do allowed_states.append('elasticsearch.auth') %} {% endif %} {% if KIBANA and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %} {% do allowed_states.append('kibana') %} {% do allowed_states.append('kibana.secrets') %} {% endif %} {% if grains.role in ['so-eval', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-manager'] %} {% do allowed_states.append('curator') %} {% endif %} {% if ELASTALERT and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %} {% do allowed_states.append('elastalert') %} {% endif %} {% if (PLAYBOOK !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %} {% do allowed_states.append('playbook') %} {% endif %} {% if (PLAYBOOK !=0) and grains.role in ['so-eval'] %} {% do allowed_states.append('redis') %} {% endif %} {% if (FREQSERVER !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %} {% do allowed_states.append('freqserver') %} {% endif %} {% if (DOMAINSTATS !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %} {% do allowed_states.append('domainstats') %} {% endif %} {% if LOGSTASH and grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-receiver'] %} {% do allowed_states.append('logstash') %} {% endif %} {% if REDIS and grains.role in ['so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode', 'so-receiver'] %} {% do allowed_states.append('redis') %} {% endif %} {% if grains.os == 'CentOS' %} {% if not ISAIRGAP %} {% do allowed_states.append('yum') %} {% endif %} {% do allowed_states.append('yum.packages') %} {% endif %} {# all nodes on the right salt version can run the following states #} {% do allowed_states.append('common') %} {% do allowed_states.append('patch.os.schedule') %} {% do allowed_states.append('motd') %} {% do allowed_states.append('salt.minion-check') %} {% do allowed_states.append('sensoroni') %} {% do allowed_states.append('salt.lasthighstate') %} {% endif %} {% if ISAIRGAP %} {% do allowed_states.append('airgap') %} {% endif %} {# all nodes can always run salt.minion state #} {% do allowed_states.append('salt.minion') %}