CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
28dfdbf06dc6de143716e94fd9c3432799e1421f
securityonion/salt/firewall/defaults.yaml
m0duspwnens 28dfdbf06d securityonion_desktop is just desktop
2023-08-09 08:51:39 -04:00

1405 lines
36 KiB
YAML
Raw Blame History

firewall:
hostgroups:
analyst: []
anywhere:
- 0.0.0.0/0
beats_endpoint: []
beats_endpoint_ssl: []
dockernet: []
elastic_agent_endpoint: []
elasticsearch_rest: []
endgame: []
eval: []
fleet: []
heavynode: []
idh: []
import: []
localhost:
- 127.0.0.1
manager: []
managersearch: []
receiver: []
searchnode: []
self: []
sensor: []
standalone: []
strelka_frontend: []
syslog: []
desktop: []
customhostgroup0: []
customhostgroup1: []
customhostgroup2: []
customhostgroup3: []
customhostgroup4: []
customhostgroup5: []
customhostgroup6: []
customhostgroup7: []
customhostgroup8: []
customhostgroup9: []
portgroups:
all:
tcp:
- '0:65535'
udp:
- '0:65535'
beats_5044:
tcp:
- 5044
udp: []
beats_5644:
tcp:
- 5644
udp: []
beats_5066:
tcp:
- 5066
udp: []
beats_5056:
tcp:
- 5056
udp: []
docker_registry:
tcp:
- 5000
udp: []
elasticsearch_node:
tcp:
- 9300
udp: []
elasticsearch_rest:
tcp:
- 9200
udp: []
elastic_agent_control:
tcp:
- 8220
udp: []
elastic_agent_data:
tcp:
- 5055
udp: []
elastic_agent_update:
tcp:
- 8443
udp: []
endgame:
tcp:
- 3765
udp: []
influxdb:
tcp:
- 8086
udp: []
kibana:
tcp:
- 5601
udp: []
localrules:
tcp:
- 7788
udp: []
mysql:
tcp:
- 3306
udp: []
nginx:
tcp:
- 80
- 443
udp: []
playbook:
tcp:
- 3000
udp: []
redis:
tcp:
- 6379
- 9696
salt_manager:
tcp:
- 4505
- 4506
udp: []
sensoroni:
tcp:
- 443
udp: []
ssh:
tcp:
- 22
udp: []
strelka_frontend:
tcp:
- 57314
udp: []
syslog:
tcp:
- 514
udp:
- 514
yum:
tcp:
- 443
udp: []
customportgroup0:
tcp: []
udp: []
customportgroup1:
tcp: []
udp: []
customportgroup2:
tcp: []
udp: []
customportgroup3:
tcp: []
udp: []
customportgroup4:
tcp: []
udp: []
customportgroup5:
tcp: []
udp: []
customportgroup6:
tcp: []
udp: []
customportgroup7:
tcp: []
udp: []
customportgroup8:
tcp: []
udp: []
customportgroup9:
tcp: []
udp: []
role:
eval:
chain:
DOCKER-USER:
hostgroups:
eval:
portgroups:
- playbook
- mysql
- kibana
- redis
- influxdb
- elasticsearch_rest
- elasticsearch_node
- localrules
sensor:
portgroups:
- beats_5044
- beats_5644
searchnode:
portgroups:
- redis
- elasticsearch_node
heavynode:
portgroups:
- redis
- elasticsearch_node
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
elasticsearch_rest:
portgroups:
- elasticsearch_rest
elastic_agent_endpoint:
portgroups:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
strelka_frontend:
portgroups:
- strelka_frontend
analyst:
portgroups:
- nginx
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
self:
portgroups:
- syslog
syslog:
portgroups:
- syslog
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
fleet:
chain:
DOCKER-USER:
hostgroups:
sensor:
portgroups:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
elastic_agent_endpoint:
portgroups:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
standalone:
portgroups:
- salt_manager
sensor:
portgroups:
- salt_manager
searchnode:
portgroups:
- salt_manager
heavynode:
portgroups:
- salt_manager
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
manager:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- playbook
- mysql
- kibana
- redis
- influxdb
- elasticsearch_rest
- elasticsearch_node
- docker_registry
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- localrules
- sensoroni
fleet:
portgroups:
- elasticsearch_rest
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- beats_5056
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
idh:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
sensor:
portgroups:
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- yum
- docker_registry
- influxdb
- sensoroni
searchnode:
portgroups:
- redis
- elasticsearch_rest
- elasticsearch_node
- beats_5644
- yum
- docker_registry
- influxdb
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
heavynode:
portgroups:
- redis
- elasticsearch_rest
- elasticsearch_node
- beats_5644
- yum
- docker_registry
- influxdb
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
receiver:
portgroups:
- yum
- docker_registry
- influxdb
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
elasticsearch_rest:
portgroups:
- elasticsearch_rest
elastic_agent_endpoint:
portgroups:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
endgame:
portgroups:
- endgame
desktop:
portgroups:
- yum
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
fleet:
portgroups:
- salt_manager
idh:
portgroups:
- salt_manager
localhost:
portgroups:
- all
sensor:
portgroups:
- salt_manager
searchnode:
portgroups:
- salt_manager
heavynode:
portgroups:
- salt_manager
receiver:
portgroups:
- salt_manager
desktop:
portgroups:
- salt_manager
self:
portgroups:
- syslog
syslog:
portgroups:
- syslog
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
managersearch:
chain:
DOCKER-USER:
hostgroups:
managersearch:
portgroups:
- playbook
- mysql
- kibana
- redis
- influxdb
- elasticsearch_rest
- elasticsearch_node
- docker_registry
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- localrules
- sensoroni
fleet:
portgroups:
- elasticsearch_rest
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- beats_5056
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
idh:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
sensor:
portgroups:
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- yum
- docker_registry
- influxdb
- sensoroni
searchnode:
portgroups:
- redis
- elasticsearch_rest
- elasticsearch_node
- yum
- docker_registry
- influxdb
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
heavynode:
portgroups:
- redis
- elasticsearch_rest
- elasticsearch_node
- yum
- docker_registry
- influxdb
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
receiver:
portgroups:
- yum
- docker_registry
- influxdb
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
elasticsearch_rest:
portgroups:
- elasticsearch_rest
elastic_agent_endpoint:
portgroups:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
endgame:
portgroups:
- endgame
desktop:
portgroups:
- yum
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
fleet:
portgroups:
- salt_manager
idh:
portgroups:
- salt_manager
localhost:
portgroups:
- all
sensor:
portgroups:
- salt_manager
searchnode:
portgroups:
- salt_manager
heavynode:
portgroups:
- salt_manager
receiver:
portgroups:
- salt_manager
desktop:
portgroups:
- salt_manager
self:
portgroups:
- syslog
syslog:
portgroups:
- syslog
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
standalone:
chain:
DOCKER-USER:
hostgroups:
localhost:
portgroups:
- all
standalone:
portgroups:
- playbook
- mysql
- kibana
- redis
- influxdb
- elasticsearch_rest
- elasticsearch_node
- docker_registry
- sensoroni
- yum
- beats_5044
- beats_5644
- beats_5056
- redis
- elasticsearch_node
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- endgame
- strelka_frontend
- localrules
fleet:
portgroups:
- elasticsearch_rest
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- beats_5056
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
idh:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
sensor:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- beats_5044
- beats_5644
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
searchnode:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- redis
- elasticsearch_rest
- elasticsearch_node
heavynode:
portgroups:
- docker_registry
- influxdb
- sensoroni
- yum
- redis
- elasticsearch_rest
- elasticsearch_node
receiver:
portgroups:
- yum
- docker_registry
- influxdb
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
- sensoroni
analyst:
portgroups:
- nginx
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
elasticsearch_rest:
portgroups:
- elasticsearch_rest
elastic_agent_endpoint:
portgroups:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
endgame:
portgroups:
- endgame
strelka_frontend:
portgroups:
- strelka_frontend
desktop:
portgroups:
- yum
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
fleet:
portgroups:
- salt_manager
idh:
portgroups:
- salt_manager
localhost:
portgroups:
- all
standalone:
portgroups:
- salt_manager
sensor:
portgroups:
- salt_manager
searchnode:
portgroups:
- salt_manager
heavynode:
portgroups:
- salt_manager
receiver:
portgroups:
- salt_manager
desktop:
portgroups:
- salt_manager
self:
portgroups:
- syslog
syslog:
portgroups:
- syslog
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
searchnode:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- elasticsearch_node
- elasticsearch_rest
managersearch:
portgroups:
- elasticsearch_node
- elasticsearch_rest
standalone:
portgroups:
- elasticsearch_node
- elasticsearch_rest
dockernet:
portgroups:
- elasticsearch_node
- elasticsearch_rest
elasticsearch_rest:
portgroups:
- elasticsearch_rest
searchnode:
portgroups:
- elasticsearch_node
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
self:
portgroups:
- syslog
syslog:
portgroups:
- syslog
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
sensor:
chain:
DOCKER-USER:
hostgroups:
strelka_frontend:
portgroups:
- strelka_frontend
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
self:
portgroups:
- syslog
syslog:
portgroups:
- syslog
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
heavynode:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- elasticsearch_node
- elasticsearch_rest
managersearch:
portgroups:
- elasticsearch_node
- elasticsearch_rest
standalone:
portgroups:
- elasticsearch_node
- elasticsearch_rest
dockernet:
portgroups:
- elasticsearch_node
- elasticsearch_rest
elasticsearch_rest:
portgroups:
- elasticsearch_rest
self:
portgroups:
- syslog
- elasticsearch_node
- elasticsearch_rest
strelka_frontend:
portgroups:
- strelka_frontend
syslog:
portgroups:
- syslog
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
import:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
- kibana
- redis
- influxdb
- elasticsearch_rest
- elasticsearch_node
- elastic_agent_control
- localrules
sensor:
portgroups:
- beats_5044
- beats_5644
searchnode:
portgroups:
- redis
- elasticsearch_node
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
elasticsearch_rest:
portgroups:
- elasticsearch_rest
elastic_agent_endpoint:
portgroups:
- elastic_agent_control
- elastic_agent_data
- elastic_agent_update
analyst:
portgroups:
- nginx
desktop:
portgroups:
- yum
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
receiver:
chain:
DOCKER-USER:
hostgroups:
fleet:
portgroups:
- beats_5056
sensor:
portgroups:
- beats_5044
- beats_5644
- elastic_agent_data
searchnode:
portgroups:
- redis
- beats_5644
self:
portgroups:
- redis
- beats_5644
beats_endpoint:
portgroups:
- beats_5044
beats_endpoint_ssl:
portgroups:
- beats_5644
endgame:
portgroups:
- endgame
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups:
- ssh
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
self:
portgroups:
- syslog
syslog:
portgroups:
- syslog
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
idh:
chain:
DOCKER-USER:
hostgroups:
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
INPUT:
hostgroups:
anywhere:
portgroups: []
dockernet:
portgroups:
- all
localhost:
portgroups:
- all
manager:
portgroups:
- openssh
managersearch:
portgroups:
- openssh
standalone:
portgroups:
- openssh
customhostgroup0:
portgroups: []
customhostgroup1:
portgroups: []
customhostgroup2:
portgroups: []
customhostgroup3:
portgroups: []
customhostgroup4:
portgroups: []
customhostgroup5:
portgroups: []
customhostgroup6:
portgroups: []
customhostgroup7:
portgroups: []
customhostgroup8:
portgroups: []
customhostgroup9:
portgroups: []
Reference in New Issue View Git Blame Copy Permalink