mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
102 lines
3.1 KiB
Bash
Executable File
102 lines
3.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
. /usr/sbin/so-common
|
|
|
|
SKIP=0
|
|
|
|
while getopts "abowi:" OPTION
|
|
do
|
|
case $OPTION in
|
|
|
|
h)
|
|
usage
|
|
exit 0
|
|
;;
|
|
a)
|
|
FULLROLE="analyst"
|
|
SKIP=1
|
|
;;
|
|
b)
|
|
FULLROLE="beats_endpoint"
|
|
SKIP=1
|
|
;;
|
|
i) IP=$OPTARG
|
|
;;
|
|
o)
|
|
FULLROLE="osquery_endpoint"
|
|
SKIP=1
|
|
;;
|
|
w)
|
|
FULLROLE="wazuh_endpoint"
|
|
SKIP=1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [ "$SKIP" -eq 0 ]; then
|
|
|
|
echo "This program allows you to add a firewall rule to allow connections from a new IP address."
|
|
echo ""
|
|
echo "Choose the role for the IP or Range you would like to add"
|
|
echo ""
|
|
echo "[a] - Analyst - ports 80/tcp and 443/tcp"
|
|
echo "[b] - Logstash Beat - port 5044/tcp"
|
|
echo "[o] - Osquery endpoint - port 8090/tcp"
|
|
echo "[w] - Wazuh endpoint - port 1514"
|
|
echo ""
|
|
echo "Please enter your selection (a - analyst, b - beats, o - osquery, w - wazuh):"
|
|
read ROLE
|
|
echo "Enter a single ip address or range to allow (example: 10.10.10.10 or 10.10.0.0/16):"
|
|
read IP
|
|
|
|
if [ "$ROLE" == "a" ]; then
|
|
FULLROLE=analyst
|
|
elif [ "$ROLE" == "b" ]; then
|
|
FULLROLE=beats_endpoint
|
|
elif [ "$ROLE" == "o" ]; then
|
|
FULLROLE=osquery_endpoint
|
|
elif [ "$ROLE" == "w" ]; then
|
|
FULLROLE=wazuh_endpoint
|
|
else
|
|
echo "I don't recognize that role"
|
|
exit 1
|
|
fi
|
|
|
|
fi
|
|
|
|
echo "Adding $IP to the $FULLROLE role. This can take a few seconds"
|
|
/opt/so/saltstack/pillar/firewall/addfirewall.sh $FULLROLE $IP
|
|
|
|
# Check if Wazuh enabled
|
|
if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
|
|
# If analyst, add to Wazuh AR whitelist
|
|
if [ "$FULLROLE" == "analyst" ]; then
|
|
WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
|
|
if ! grep -q "<white_list>$IP</white_list>" $WAZUH_MGR_CFG ; then
|
|
DATE=`date`
|
|
sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG
|
|
sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG
|
|
echo -e "<!--Address $IP added by /usr/sbin/so-allow on "$DATE"-->\n <global>\n <white_list>$IP</white_list>\n </global>\n</ossec_config>" >> $WAZUH_MGR_CFG
|
|
echo "Added whitelist entry for $IP in $WAZUH_MGR_CFG."
|
|
echo
|
|
echo "Restarting OSSEC Server..."
|
|
/usr/sbin/so-wazuh-restart
|
|
fi
|
|
fi
|
|
fi
|