CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
92e238aa10361366912d9cd891baa9e174ae3a82
securityonion/salt/common/tools/sbin/so-zeek-logs
Doug Burks b06e9e8477 add new zeek opcua logs to so-zeek-logs
2022-11-26 18:44:28 -05:00

146 lines
4.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
local_salt_dir=/opt/so/saltstack/local
zeek_logs_enabled() {
echo "zeeklogs:" > $local_salt_dir/pillar/zeeklogs.sls
echo " enabled:" >> $local_salt_dir/pillar/zeeklogs.sls
for BLOG in "${BLOGS[@]}"; do
echo " - $BLOG" | tr -d '"' >> $local_salt_dir/pillar/zeeklogs.sls
done
}
whiptail_manager_adv_service_zeeklogs() {
BLOGS=$(whiptail --title "so-zeek-logs" --checklist "Please select logs to send:" 24 78 12 \
"conn" "" ON \
"dce_rpc" "" ON \
"dhcp" "" ON \
"dnp3" "" ON \
"dns" "" ON \
"dpd" "" ON \
"files" "" ON \
"ftp" "" ON \
"http" "" ON \
"intel" "" ON \
"irc" "" ON \
"kerberos" "" ON \
"modbus" "" ON \
"notice" "" ON \
"ntlm" "" ON \
"pe" "" ON \
"radius" "" ON \
"rfb" "" ON \
"rdp" "" ON \
"sip" "" ON \
"smb_files" "" ON \
"smb_mapping" "" ON \
"smtp" "" ON \
"snmp" "" ON \
"software" "" ON \
"ssh" "" ON \
"ssl" "" ON \
"syslog" "" ON \
"tunnel" "" ON \
"weird" "" ON \
"mysql" "" ON \
"socks" "" ON \
"x509" "" ON \
"bacnet" "" ON \
"bacnet_discovery" "" ON \
"bacnet_property" "" ON \
"bsap_ip_header" "" ON \
"bsap_ip_rdb" "" ON \
"bsap_ip_unknown" "" ON \
"bsap_serial_header" "" ON \
"bsap_serial_rdb" "" ON \
"bsap_serial_rdb_ext" "" ON \
"bsap_serial_unknown" "" ON \
"cip" "" ON \
"cip_identity" "" ON \
"cip_io" "" ON \
"cotp" "" ON \
"dnp3_objects" "" ON \
"ecat_aoe_info" "" ON \
"ecat_arp_info" "" ON \
"ecat_coe_info" "" ON \
"ecat_dev_info" "" ON \
"ecat_foe_info" "" ON \
"ecat_log_address" "" ON \
"ecat_registers" "" ON \
"ecat_soe_info" "" ON \
"enip" "" ON \
"modbus_detailed" "" ON \
"modbus_mask_write_register" "" ON \
"modbus_read_write_multiple_registers" "" ON \
"opcua_binary" "" ON \
"opcua_binary_activate_session" "" ON \
"opcua_binary_activate_session_client_software_cert" "" ON \
"opcua_binary_activate_session_diagnostic_info" "" ON \
"opcua_binary_activate_session_locale_id" "" ON \
"opcua_binary_browse" "" ON \
"opcua_binary_browse_description" "" ON \
"opcua_binary_browse_diagnostic_info" "" ON \
"opcua_binary_browse_request_continuation_point" "" ON \
"opcua_binary_browse_response_references" "" ON \
"opcua_binary_browse_result" "" ON \
"opcua_binary_create_session" "" ON \
"opcua_binary_create_session_discovery" "" ON \
"opcua_binary_create_session_endpoints" "" ON \
"opcua_binary_create_session_user_token" "" ON \
"opcua_binary_create_subscription" "" ON \
"opcua_binary_diag_info_detail" "" ON \
"opcua_binary_get_endpoints" "" ON \
"opcua_binary_get_endpoints_description" "" ON \
"opcua_binary_get_endpoints_discovery" "" ON \
"opcua_binary_get_endpoints_locale_id" "" ON \
"opcua_binary_get_endpoints_profile_uri" "" ON \
"opcua_binary_get_endpoints_user_token" "" ON \
"opcua_binary_opensecure_channel" "" ON \
"opcua_binary_read" "" ON \
"opcua_binary_read_array_dims" "" ON \
"opcua_binary_read_array_dims_link" "" ON \
"opcua_binary_read_diagnostic_info" "" ON \
"opcua_binary_read_extension_object" "" ON \
"opcua_binary_read_extension_object_link" "" ON \
"opcua_binary_read_nodes_to_read" "" ON \
"opcua_binary_read_results" "" ON \
"opcua_binary_read_results_link" "" ON \
"opcua_binary_read_status_code" "" ON \
"opcua_binary_read_variant_data" "" ON \
"opcua_binary_read_variant_data_link" "" ON \
"opcua_binary_status_code_detail" "" ON \
"profinet" "" ON \
"profinet_dce_rpc" "" ON \
"profinet_debug" "" ON \
"s7comm" "" ON \
"s7comm_plus" "" ON \
"s7comm_read_szl" "" ON \
"s7comm_upload_download" "" ON \
"stun" "" ON \
"stun_nat" "" ON \
"tds" "" ON \
"tds_rpc" "" ON \
"tds_sql_batch" "" ON \
"wireguard" "" ON 3>&1 1>&2 2>&3 )
local exitstatus=$?
IFS=' ' read -ra BLOGS <<< "$BLOGS"
return $exitstatus
}
whiptail_manager_adv_service_zeeklogs
return_code=$?
case $return_code in
1)
whiptail --title "so-zeek-logs" --msgbox "Cancelling. No changes have been made." 8 75
;;
255)
whiptail --title "so-zeek-logs" --msgbox "Whiptail error occured, exiting." 8 75
;;
*)
zeek_logs_enabled
;;
esac
Reference in New Issue View Git Blame Copy Permalink