cross cluster json

Security-Onion-Solutions · Sep 1, 2017 · 8ac650a · 8ac650a
1 parent bc90e74
commit 8ac650a
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 5 deletions.
diff --git a/bin/sosetup-elastic b/bin/sosetup-elastic
@@ -1050,7 +1050,7 @@ else
 	if [ $SERVER -eq 1 ]; then
 	    	ELSA_ACTION_CONFIRM="- Configure Elastic stack.\n"
 	else
-    		ELSA_ACTION_CONFIRM="- Configure Elastic stack cross cluster.\n"
+    		ELSA_ACTION_CONFIRM="- Configure Elastic stack cross cluster search.\n"
 
 		# Ask if they want to update the SERVER and restart Apache
 #		TEXT="Would you like to automatically update the ELSA server?\n\
@@ -1960,10 +1960,13 @@ function SERVER_QUEUE() {
 # Send all queued commands to server
 #########################################
 if [ $SERVER -ne 1 ] && [ "$ELSA" = "YES" ]; then
-	echo "echo Match User $SSH_USERNAME >> /etc/ssh/sshd_config" >> $SOSETUPSCP
-	echo "echo '   GatewayPorts clientspecified' >> /etc/ssh/sshd_config" >> $SOSETUPSCP
-	echo "sudo service ssh restart" >> $SOSETUPSCP
-	echo "sudo ufw allow proto tcp from 172.18.0.0/24 to 172.18.0.1 port 50000" >> $SOSETUPSCP
+cat << EOF >> $SOSETUPSCP
+echo Match User $SSH_USERNAME >> /etc/ssh/sshd_config
+echo '   GatewayPorts clientspecified' >> /etc/ssh/sshd_config
+service ssh restart
+ufw allow proto tcp from 172.18.0.0/24 to 172.18.0.1 port 50000
+curl -XPUT http://localhost:9200/_cluster/settings -d'{"persistent": {"search": {"remote": {"sensor1": {"seeds": ["172.18.0.1:50000"]}}}}}'
+EOF
 fi
 
 if [ "$SERVERNAME" != "localhost" ]; then

diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+securityonion-setup (20120912-0ubuntu0securityonion243) trusty; urgency=medium
+
+  * cross cluster json 
+
+ -- Doug Burks <[email protected]>  Fri, 01 Sep 2017 16:05:53 -0400
+
 securityonion-setup (20120912-0ubuntu0securityonion242) trusty; urgency=medium
 
   * fix autossh 

diff --git a/debian/patches/cross-cluster-json b/debian/patches/cross-cluster-json
@@ -0,0 +1,54 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-setup (20120912-0ubuntu0securityonion243) trusty; urgency=medium
+ .
+   * cross cluster json
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-setup-20120912.orig/bin/sosetup-elastic
++++ securityonion-setup-20120912/bin/sosetup-elastic
+@@ -1050,7 +1050,7 @@ else
+ 	if [ $SERVER -eq 1 ]; then
+ 	    	ELSA_ACTION_CONFIRM="- Configure Elastic stack.\n"
+ 	else
+-    		ELSA_ACTION_CONFIRM="- Configure Elastic stack cross cluster.\n"
++    		ELSA_ACTION_CONFIRM="- Configure Elastic stack cross cluster search.\n"
+
+ 		# Ask if they want to update the SERVER and restart Apache
+ #		TEXT="Would you like to automatically update the ELSA server?\n\
+@@ -1960,10 +1960,13 @@ function SERVER_QUEUE() {
+ # Send all queued commands to server
+ #########################################
+ if [ $SERVER -ne 1 ] && [ "$ELSA" = "YES" ]; then
+-	echo "echo Match User $SSH_USERNAME >> /etc/ssh/sshd_config" >> $SOSETUPSCP
+-	echo "echo '   GatewayPorts clientspecified' >> /etc/ssh/sshd_config" >> $SOSETUPSCP
+-	echo "sudo service ssh restart" >> $SOSETUPSCP
+-	echo "sudo ufw allow proto tcp from 172.18.0.0/24 to 172.18.0.1 port 50000" >> $SOSETUPSCP
++cat << EOF >> $SOSETUPSCP
++echo Match User $SSH_USERNAME >> /etc/ssh/sshd_config
++echo '   GatewayPorts clientspecified' >> /etc/ssh/sshd_config
++service ssh restart
++ufw allow proto tcp from 172.18.0.0/24 to 172.18.0.1 port 50000
++curl -XPUT http://localhost:9200/_cluster/settings -d'{"persistent": {"search": {"remote": {"sensor1": {"seeds": ["172.18.0.1:50000"]}}}}}'
++EOF
+ fi
+
+ if [ "$SERVERNAME" != "localhost" ]; then
diff --git a/debian/patches/series b/debian/patches/series
@@ -230,3 +230,4 @@ skip-sosetup-network-when-passing-from-sosetup-to-sosetup-elastic
 check-for-sosetup-elastic-and-optelasticsrc-before-offering-Experimental-option
 add-initial-support-for-elastic-cross-cluster-search
 fix-autossh
+cross-cluster-json