CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-06-16 15:18:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b8f9a9a311dc8a3e340974cde45a68013066670d
securityonion/salt/firewall/soc_firewall.yaml
T
Mike Reeves b8f9a9a311 regex for hostgroups
2023-04-27 15:08:01 -04:00

456 lines
12 KiB
YAML
Raw Blame History

firewall:
hostgroups:
analyst: &hostgroupsettings
description: List of IP or CIDR blocks to allow access to this hostgroup.
helplink: firewall.html
multiline: True
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
regexFailureMessage: You must enter a valid IP address or CIDR.
anywhere: &hostgroupsettingsadv
description: List of IP or CIDR blocks to allow access to this hostgroup.
helplink: firewall.html
multiline: True
advanced: True
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
regexFailureMessage: You must enter a valid IP address or CIDR.
beats_endpoint: *hostgroupsettings
beats_endpoint_ssl: *hostgroupsettings
dockernet: *hostgroupsettingsadv
elastic_agent_endpoint: *hostgroupsettings
elasticsearch_rest: *hostgroupsettingsadv
endgame: *hostgroupsettingsadv
eval: *hostgroupsettings
fleet: *hostgroupsettings
heavynodes: *hostgroupsettings
idh: *hostgroupsettings
localhost: *hostgroupsettingsadv
manager: *hostgroupsettings
receivers: *hostgroupsettings
searchnodes: *hostgroupsettings
securityonion_desktops: *hostgroupsettings
self: *hostgroupsettingsadv
sensors: *hostgroupsettings
standalone: *hostgroupsettings
strelka_frontend: *hostgroupsettings
syslog: *hostgroupsettings
customhostgroup1: &customhostgroupsettings
description: List of IP or CIDR blocks to allow to this hostgroup.
helpLink: firewall.html
advanced: True
regex: ^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?)?$
regexFailureMessage: You must enter a valid IP address or CIDR.
customhostgroup2: *customhostgroupsettings
customhostgroup3: *customhostgroupsettings
customhostgroup4: *customhostgroupsettings
customhostgroup5: *customhostgroupsettings
customhostgroup6: *customhostgroupsettings
customhostgroup7: *customhostgroupsettings
customhostgroup8: *customhostgroupsettings
customhostgroup9: *customhostgroupsettings
customhostgroup10: *customhostgroupsettings
portgroups:
all:
tcp: &tcpsettings
description: List of TCP ports for this port group.
helplink: firewall.html
advanced: True
multiline: True
udp: &udpsettings
description: List of UDP ports for this port group.
helplink: firewall.html
advanced: True
multiline: True
agrules:
tcp: *tcpsettings
udp: *udpsettings
beats_5044:
tcp: *tcpsettings
udp: *udpsettings
beats_5644:
tcp: *tcpsettings
udp: *udpsettings
beats_5066:
tcp: *tcpsettings
udp: *udpsettings
beats_5056:
tcp: *tcpsettings
udp: *udpsettings
docker_registry:
tcp: *tcpsettings
udp: *udpsettings
elasticsearch_node:
tcp: *tcpsettings
udp: *udpsettings
elasticsearch_rest:
tcp: *tcpsettings
udp: *udpsettings
elastic_agent_control:
tcp: *tcpsettings
udp: *udpsettings
elastic_agent_data:
tcp: *tcpsettings
udp: *udpsettings
endgame:
tcp: *tcpsettings
udp: *udpsettings
influxdb:
tcp: *tcpsettings
udp: *udpsettings
kibana:
tcp: *tcpsettings
udp: *udpsettings
mysql:
tcp: *tcpsettings
udp: *udpsettings
nginx:
tcp: *tcpsettings
udp: *udpsettings
playbook:
tcp: *tcpsettings
udp: *udpsettings
redis:
tcp: *tcpsettings
udp: *udpsettings
salt_manager:
tcp: *tcpsettings
udp: *udpsettings
sensoroni:
tcp: *tcpsettings
udp: *udpsettings
ssh:
tcp: *tcpsettings
udp: *udpsettings
strelka_frontend:
tcp: *tcpsettings
udp: *udpsettings
syslog:
tcp: *tcpsettings
udp: *udpsettings
yum:
tcp: *tcpsettings
udp: *udpsettings
role:
eval:
chain:
DOCKER-USER:
hostgroups:
eval:
portgroups: &portgroupsdocker
description: Portgroups to add access to the docker containers for this role.
advanced: True
multiline: True
helpLink: firewall.html
sensors:
portgroups: *portgroupsdocker
searchnodes:
portgroups: *portgroupsdocker
heavynodes:
portgroups: *portgroupsdocker
self:
portgroups: *portgroupsdocker
beats_endpoint:
portgroups: *portgroupsdocker
beats_endpoint_ssl:
portgroups: *portgroupsdocker
elasticsearch_rest:
portgroups: *portgroupsdocker
elastic_agent_endpoint:
portgroups: *portgroupsdocker
strelka_frontend:
portgroups: *portgroupsdocker
syslog:
portgroups: *portgroupsdocker
analyst:
portgroups: *portgroupsdocker
INPUT:
hostgroups:
anywhere:
portgroups: &portgroupshost
description: Portgroups to add access to the host.
advacned: True
multiline: True
helpLink
dockernet:
portgroups:
localhost:
portgroups:
fleet:
chain:
DOCKER-USER:
hostgroups:
sensors:
portgroups:
elastic_agent_endpoint:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
standalone:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
manager:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
self:
portgroups:
syslog:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
elasticsearch_rest:
portgroups:
elastic_agent_endpoint:
portgroups:
endgame:
portgroups:
analyst:
portgroups:
custom1:
portgroups:
custom2:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
managersearch:
chain:
DOCKER-USER:
hostgroups:
managersearch:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
self:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
elasticsearch_rest:
portgroups:
elastic_agent_endpoint:
portgroups:
endgame:
portgroups:
syslog:
portgroups:
analyst:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
standalone:
chain:
DOCKER-USER:
hostgroups:
localhost:
portgroups:
standalone:
portgroups:
fleet:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
self:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
elasticsearch_rest:
portgroups:
elastic_agent_endpoint:
portgroups:
endgame:
portgroups:
strelka_frontend:
portgroups:
syslog:
portgroups:
analyst:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
fleet:
portgroups:
localhost:
portgroups:
standalone:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
heavynodes:
portgroups:
searchnode:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
dockernet:
portgroups:
elasticsearch_rest:
portgroups:
searchnodes:
portgroups:
self:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
sensor:
chain:
DOCKER-USER:
hostgroups:
self:
portgroups:
strelka_frontend:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
heavynode:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
dockernet:
portgroups:
elasticsearch_rest:
portgroups:
self:
portgroups:
strelka_frontend:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
import:
chain:
DOCKER-USER:
hostgroups:
manager:
portgroups:
sensors:
portgroups:
searchnodes:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
elasticsearch_rest:
portgroups:
elastic_agent_endpoint:
portgroups:
analyst:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
receiver:
chain:
DOCKER-USER:
hostgroups:
sensors:
portgroups:
searchnodes:
portgroups:
self:
portgroups:
syslog:
portgroups:
beats_endpoint:
portgroups:
beats_endpoint_ssl:
portgroups:
endgame:
portgroups:
INPUT:
hostgroups:
anywhere:
portgroups:
dockernet:
portgroups:
localhost:
portgroups:
Reference in New Issue View Git Blame Copy Permalink