filebeat

5 years ago · 0c65407388
6 changed files with 34 additions and 2 deletions
--- a/scripts/services/Mistborn-scirius.service
+++ b/scripts/services/Mistborn-scirius.service
@ -15,9 +15,13 @@ ExecStartPre=/opt/mistborn/scripts/wrappers/mistborn_docker.sh scirius docker-co
 # Start container when unit is started
 ExecStart=/opt/mistborn/scripts/wrappers/mistborn_docker.sh scirius docker-compose -f /opt/mistborn/extra/scirius.yml up --build
 # Suricata
 ExecStartPost=/opt/mistborn/scripts/wrappers/mistborn_docker.sh scirius /opt/mistborn/scripts/services/scirius/suricata_start.sh
 # Stop container when unit is stopped
 ExecStop=/opt/mistborn/scripts/wrappers/mistborn_docker.sh scirius docker-compose -f /opt/mistborn/extra/scirius.yml down
 # Post stop
 ExecStopPost=-/opt/mistborn/scripts/wrappers/mistborn_docker.sh scirius /opt/mistborn/scripts/services/scirius/suricata_stop.sh
 [Install]
 WantedBy=Mistborn-base.service
--- a/scripts/services/Mistborn-wazuh.service
+++ b/scripts/services/Mistborn-wazuh.service
@ -18,9 +18,8 @@ ExecStart=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh docker-compose
 ExecStartPost=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh /opt/mistborn/scripts/services/wazuh/agent.sh
 ExecStartPost=-/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh /opt/mistborn/scripts/services/wazuh/agent_start.sh
 # Stop container when unit is stopped
 ExecStop=-/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh /opt/mistborn/scripts/services/wazuh/agent_stop.sh
 ExecStop=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh docker-compose -f /opt/mistborn/extra/wazuh.yml down
-
+ExecStopPost=-/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh /opt/mistborn/scripts/services/wazuh/agent_stop.sh
 [Install]
 WantedBy=Mistborn-base.service
--- a/scripts/services/scirius/files/filebeat.docker.yml
+++ b/scripts/services/scirius/files/filebeat.docker.yml
@ -0,0 +1,17 @@
 filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false
 filebeat.autodiscover:
  providers:
    - type: docker
      hints.enabled: true
 processors:
 - add_cloud_metadata: ~
 output.elasticsearch:
  hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
  username: '${ELASTICSEARCH_USERNAME:}'
  password: '${ELASTICSEARCH_PASSWORD:}'
--- a/scripts/services/scirius/init.sh
+++ b/scripts/services/scirius/init.sh
@ -54,3 +54,7 @@ fi
 # sudo cp ./scripts/conf/20-suricata.conf /etc/rsyslog.d/
 # sudo chown root:root /etc/rsyslog.d/20-suricata.conf
 # sudo systemctl restart rsyslog
 IFACE=$(ip -o -4 route show to default | awk 'NR==1{print $5}')
 sudo sed -i "s/eth0/${IFACE}/g" /etc/suricata/suricata.yml
 sudo sed -i "s/eth0/${IFACE}/g" /etc/default/suricata
--- a/scripts/services/scirius/suricata_start.sh
+++ b/scripts/services/scirius/suricata_start.sh
@ -0,0 +1,4 @@
 #!/bin/bash
 systemctl start suricata
 systemctl enable suricata
--- a/scripts/services/scirius/suricata_stop.sh
+++ b/scripts/services/scirius/suricata_stop.sh
@ -0,0 +1,4 @@
 #!/bin/bash
 systemctl stop suricata
 systemctl disable suricata