CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
93ca7548f85544f972bdeaeb5c34b3f991f04f19
securityonion/salt/kibana/bin/so-kibana-config-load
Doug Burks 9991f0cf95 update Elastic to 8.4.3
2022-10-07 07:02:24 -04:00

108 lines
2.8 KiB
Bash
Raw Blame History

#!/bin/bash
{%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
{%- set ENDGAMEHOST = salt['pillar.get']('soc:endgamehost', 'ENDGAMEHOST') %}
. /usr/sbin/so-common
check_file() {
local file=$1
if [ ! -f "$file" ]; then
echo "File $file does not exist."
exit 1
fi
}
RETURN_CODE=0
import() {
local BASENAME=$(basename $1 | cut -d'.' -f1)
if [ ! -f "/opt/so/state/kibana_$BASENAME.txt" ]; then
local file=$1
ndjson_file=$(echo $file | sed -e "s/\.template$//")
# Copy template file
if [ "$file" != "$ndjson_file" ]; then
cp "$file" "$ndjson_file"
fi
# SOCtopus and Manager
if grep -lq 'PLACEHOLDER' "$ndjson_file"; then
sed -i "s/PLACEHOLDER/{{ MANAGER }}/g" "$ndjson_file"
fi
# Endgame
if grep -lq 'ENDGAMEHOST' "$ndjson_file"; then
sed -i "s/ENDGAMEHOST/{{ ENDGAMEHOST }}/g" "$ndjson_file"
fi
wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}"
RETURN_CODE=$?
SESSIONCOOKIE=$({{ ELASTICCURL }} -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
# Load saved objects
RESPONSE=$({{ ELASTICCURL }} -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@"$ndjson_file")
echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
if [[ "$RETURN_CODE" != "1" ]]; then
touch /opt/so/state/kibana_$BASENAME.txt
fi
else
exit $RETURN_CODE
fi
}
update() {
local BASENAME=$(basename $1 | cut -d'.' -f1)
if [ ! -f "/opt/so/state/kibana_$BASENAME.txt" ]; then
wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "{{ ELASTICCURL }}"
RETURN_CODE=$?
IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))'
for i in "${LINES[@]}"; do
RESPONSE=$({{ ELASTICCURL }} -X PUT "localhost:5601/api/saved_objects/config/8.4.3" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
done
if [[ "$RETURN_CODE" != "1" ]]; then
touch /opt/so/state/kibana_$BASENAME.txt
fi
else
exit $RETURN_CODE
fi
}
usage()
{
cat <<EOF
Security Onion Kibana Config Loader
Options:
-h This message
-i <filename> Import saved objects
-u <filename> Update saved objects
EOF
}
while getopts "h:i:u:" OPTION
do
case $OPTION in
h)
usage
exit 0
;;
i)
FILE=${OPTARG}
check_file $FILE
import $FILE
;;
u)
FILE=${OPTARG}
check_file $FILE
update $FILE
;;
*)
usage
exit 0
;;
esac
done
Reference in New Issue View Git Blame Copy Permalink