mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
135 lines
2.6 KiB
Plaintext
135 lines
2.6 KiB
Plaintext
# Trust the CA
|
|
trusttheca:
|
|
file.absent:
|
|
- name: /etc/ssl/certs/intca.crt
|
|
|
|
removefbcertdir:
|
|
file.absent:
|
|
- name: /etc/pki/filebeat.crt
|
|
- onlyif: "[ -d /etc/pki/filebeat.crt ]"
|
|
|
|
removefbp8dir:
|
|
file.absent:
|
|
- name: /etc/pki/filebeat.p8
|
|
- onlyif: "[ -d /etc/pki/filebeat.p8 ]"
|
|
|
|
removeesp12dir:
|
|
file.absent:
|
|
- name: /etc/pki/elasticsearch.p12
|
|
- onlyif: "[ -d /etc/pki/elasticsearch.p12 ]"
|
|
|
|
influxdb_key:
|
|
file.absent:
|
|
- name: /etc/pki/influxdb.key
|
|
|
|
influxdb_crt:
|
|
file.absent:
|
|
- name: /etc/pki/influxdb.crt
|
|
|
|
{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %}
|
|
redis_key:
|
|
file.absent:
|
|
- name: /etc/pki/redis.key
|
|
|
|
redis_crt:
|
|
file.absent:
|
|
- name: /etc/pki/redis.crt
|
|
{% endif %}
|
|
|
|
{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
|
|
etc_filebeat_key:
|
|
file.absent:
|
|
- name: /etc/pki/filebeat.key
|
|
|
|
etc_filebeat_crt:
|
|
file.absent:
|
|
- name: /etc/pki/filebeat.crt
|
|
|
|
{% if grains.role not in ['so-heavynode', 'so-receiver'] %}
|
|
filebeatdir:
|
|
file.absent:
|
|
- name: /opt/so/saltstack/local/salt/filebeat/files
|
|
|
|
registry_key:
|
|
file.absent:
|
|
- name: /etc/pki/registry.key
|
|
|
|
registry_crt:
|
|
file.absent:
|
|
- name: /etc/pki/registry.crt
|
|
|
|
{% endif %}
|
|
|
|
{% if grains.role not in ['so-receiver'] %}
|
|
/etc/pki/elasticsearch.key:
|
|
file.absent: []
|
|
|
|
/etc/pki/elasticsearch.crt:
|
|
file.absent: []
|
|
|
|
remove_elasticsearch.p12:
|
|
file.absent:
|
|
- name: /etc/pki/elasticsearch.p12
|
|
|
|
managerssl_key:
|
|
file.absent:
|
|
- name: /etc/pki/managerssl.key
|
|
|
|
managerssl_crt:
|
|
file.absent:
|
|
- name: /etc/pki/managerssl.crt
|
|
|
|
{% endif %}
|
|
|
|
fleet_key:
|
|
file.absent:
|
|
- name: /etc/pki/fleet.key
|
|
|
|
fleet_crt:
|
|
file.absent:
|
|
- name: /etc/pki/fleet.crt
|
|
|
|
{% endif %}
|
|
|
|
{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import', 'so-receiver'] %}
|
|
|
|
fbcertdir:
|
|
file.absent:
|
|
- name: /opt/so/conf/filebeat/etc/pki
|
|
|
|
{% endif %}
|
|
|
|
{% if grains['role'] == 'so-fleet' %}
|
|
|
|
managerssl_key:
|
|
file.absent:
|
|
- name: /etc/pki/managerssl.key
|
|
|
|
managerssl_crt:
|
|
file.absent:
|
|
- name: /etc/pki/managerssl.crt
|
|
|
|
fleet_key:
|
|
file.absent:
|
|
- name: /etc/pki/fleet.key
|
|
|
|
fleet_crt:
|
|
file.absent:
|
|
- name: /etc/pki/fleet.crt
|
|
|
|
{% endif %}
|
|
|
|
{% if grains['role'] == 'so-node' %}
|
|
|
|
/etc/pki/elasticsearch.key:
|
|
file.absent: []
|
|
|
|
/etc/pki/elasticsearch.crt:
|
|
file.absent: []
|
|
|
|
remove_elastic.p12:
|
|
file.absent:
|
|
- name: /etc/pki/elasticsearch.p12
|
|
|
|
{%- endif %}
|