mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-08 22:01:50 +02:00
acc9b8062e
Removes all Strelka container salt states and infrastructure references, replaced by the native fileanalyze module in sensoroni. Removed: - salt/strelka/ directory (all container states, configs, tools) - Docker container definitions for 6 Strelka containers - Firewall rules for strelka_frontend - Container references in containers.map.jinja - top.sls and allowed_states references to strelka/strelka.manager - so-minion add_strelka_to_minion() function and call sites - so-deny strelka_frontend entry - Logstash strelka bind mount - Logrotate strelka config - Telegraf strelka file monitoring - so-sensor-clean strelka cleanup - so-image-common strelka container images Kept (still needed): - Elasticsearch index/ingest pipeline (ingests fileanalyze output) - Elastic agent/fleet log collection config - SOC strelkaengine (YARA rule management) - Kibana saved objects (dashboards)
100 lines
3.8 KiB
YAML
100 lines
3.8 KiB
YAML
docker:
|
|
gateway:
|
|
description: Gateway for the default docker interface.
|
|
helpLink: docker
|
|
advanced: True
|
|
range:
|
|
description: Default docker IP range for containers.
|
|
helpLink: docker
|
|
advanced: True
|
|
ulimits:
|
|
description: |
|
|
Default ulimit settings applied to all containers via the Docker daemon. Each entry specifies a resource name (e.g. nofile, memlock, core, nproc) with soft and hard limits. Individual container ulimits override these defaults. Valid resource names include: cpu, fsize, data, stack, core, rss, nproc, nofile, memlock, as, locks, sigpending, msgqueue, nice, rtprio, rttime.
|
|
forcedType: "[]{}"
|
|
syntax: json
|
|
advanced: True
|
|
helpLink: docker.html
|
|
uiElements:
|
|
- field: name
|
|
label: Resource Name
|
|
required: True
|
|
regex: ^(cpu|fsize|data|stack|core|rss|nproc|nofile|memlock|as|locks|sigpending|msgqueue|nice|rtprio|rttime)$
|
|
regexFailureMessage: You must enter a valid ulimit name (cpu, fsize, data, stack, core, rss, nproc, nofile, memlock, as, locks, sigpending, msgqueue, nice, rtprio, rttime).
|
|
- field: soft
|
|
label: Soft Limit
|
|
forcedType: int
|
|
- field: hard
|
|
label: Hard Limit
|
|
forcedType: int
|
|
containers:
|
|
so-dockerregistry: &dockerOptions
|
|
final_octet:
|
|
description: Last octet of the container IP address.
|
|
helpLink: docker
|
|
readonly: True
|
|
advanced: True
|
|
global: True
|
|
port_bindings:
|
|
description: List of port bindings for the container.
|
|
helpLink: docker
|
|
advanced: True
|
|
multiline: True
|
|
forcedType: "[]string"
|
|
custom_bind_mounts:
|
|
description: List of custom local volume bindings.
|
|
advanced: True
|
|
helpLink: docker
|
|
multiline: True
|
|
forcedType: "[]string"
|
|
extra_hosts:
|
|
description: List of additional host entries for the container.
|
|
advanced: True
|
|
helpLink: docker
|
|
multiline: True
|
|
forcedType: "[]string"
|
|
extra_env:
|
|
description: List of additional ENV entries for the container.
|
|
advanced: True
|
|
helpLink: docker
|
|
multiline: True
|
|
forcedType: "[]string"
|
|
ulimits:
|
|
description: |
|
|
Ulimit settings for the container. Each entry specifies a resource name (e.g. nofile, memlock, core, nproc) with optional soft and hard limits. Valid resource names include: cpu, fsize, data, stack, core, rss, nproc, nofile, memlock, as, locks, sigpending, msgqueue, nice, rtprio, rttime.
|
|
advanced: True
|
|
helpLink: docker.html
|
|
forcedType: "[]{}"
|
|
syntax: json
|
|
uiElements:
|
|
- field: name
|
|
label: Resource Name
|
|
required: True
|
|
regex: ^(cpu|fsize|data|stack|core|rss|nproc|nofile|memlock|as|locks|sigpending|msgqueue|nice|rtprio|rttime)$
|
|
regexFailureMessage: You must enter a valid ulimit name (cpu, fsize, data, stack, core, rss, nproc, nofile, memlock, as, locks, sigpending, msgqueue, nice, rtprio, rttime).
|
|
- field: soft
|
|
label: Soft Limit
|
|
forcedType: int
|
|
- field: hard
|
|
label: Hard Limit
|
|
forcedType: int
|
|
so-elastic-fleet: *dockerOptions
|
|
so-elasticsearch: *dockerOptions
|
|
so-influxdb: *dockerOptions
|
|
so-kibana: *dockerOptions
|
|
so-kratos: *dockerOptions
|
|
so-hydra: *dockerOptions
|
|
so-logstash: *dockerOptions
|
|
so-nginx: *dockerOptions
|
|
so-nginx-fleet-node: *dockerOptions
|
|
so-redis: *dockerOptions
|
|
so-sensoroni: *dockerOptions
|
|
so-soc: *dockerOptions
|
|
so-elastalert: *dockerOptions
|
|
so-elastic-fleet-package-registry: *dockerOptions
|
|
so-idh: *dockerOptions
|
|
so-elastic-agent: *dockerOptions
|
|
so-telegraf: *dockerOptions
|
|
so-suricata: *dockerOptions
|
|
so-zeek: *dockerOptions
|
|
so-kafka: *dockerOptions
|