SALT ( Port Scan Attack Detector ) Tutorial
Q : How to configure salt
Q : Step by Step PSAD Configure
SALT : it's a automation tool like ceph, puppet , ansible
Hostname : linuxtopic.com
IP = 172.17.20.100
Step 1. A
Add Repository
A. Ubuntu 14.4 :
a. Run the following command to import the SaltStack repository key:
#wget -O - https://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
b. Save the following file to /etc/apt/sources.list.d/saltstack.list:
deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main
c. Then update repository.
apt-get update
B Ubuntu 16.4 :a. Run the following command to import the SaltStack repository key:
wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
b. Add the following line in /etc/apt/sources.list.d/saltstack.list:
deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main
c. Then update repository.
apt-get update
Step 1. B
Run the following commands to install the SaltStack repository and key:
C. CentOS7 & rhel7 :
sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el7.noarch.rpm
D. CentOS6 & rhel6 :
sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el6.noarch.rpm
Step 2
Salt general installation process is as follows:
a.Make sure that your Salt minions can find the salt master.
b..Install the Salt minion on each system that you want to manage.
c.Accept the Salt minion key after the Salt minion connects.
Step 3
Salt
Master installation and configuration:
ubuntu 14&16 :
sudo apt-get install
salt-master
Rhel/CentOS 6&7:
sudo yum install
salt-master
Step 4
Salt master configuration
file:
vi /etc/salt/master
Edit the following lines:
#interface: 0.0.0.0
(uncomment and put your system ip address)
#publish_port: 4505
(uncomment the line)
#user: root
(uncomment the line)
#ret_port: 4506
(uncomment the line)
#pidfile:
/var/run/salt-master.pid (uncomment the line)
#pki_dir:
/etc/salt/pki/master (uncomment the line)
#cachedir:
/var/cache/salt/master (uncomment the line)
#pidfile:
/var/run/salt-master.pid (uncomment the line)
#verify_env: True
(uncomment the line)
#keep_jobs: 24
(uncomment the line)
#sock_dir:
/var/run/salt/master (uncomment the line)
#file_roots:
(uncomment the line)
# base:
(uncomment the line)
# - /srv/salt/
(uncomment the line)
Save and exit
Step 5
Start
salt-master service:
Ubuntu 14 and
centos/rhel6:
sudo service
salt-master start
Ubuntu 16 and
Centos/Rhel7
systemctl start
salt-master.service
Step 6
Salt-Minion
Installation And Configuration:
Ubuntu 14 & 16:
sudo apt-get install
salt-minion
Centos 6 & 7 :
sudo yum install
salt-minion
Step 7
Salt master configuration
file:
vi /etc/salt/minion
Uncomment & edit the
following lines:
master: (master ip address"172.17.20.100" or domain name )
user: root
id: (xyz)
........
....... Save and Exit
S
Step 8
Start the service of salt minion
service salt-minion start (ubuntu14 & centos6)
systemctl start salt-minion.service (ubuntu16 & centos7)
Step 9
Create Directory In Master System:
mkdir -p /srv/salt
Now Check the minion request on master system:
salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys: xyz
Rejected Keys:
Accept Minion key by command:
salt-key -A
Now connection is establish between master and minion.
Step 10
Automation type of salt:
1. CLI Module (salt bash command if you have execute limited job perform)
2. State Module ( If you have to perform multiple jobs on minions.)
CLI Module:
In this module you can perform single task on minion like you want to create directory ram on minion so
salt ‘*’ cmd.run ‘ mkdir /tmp/ram’
Here ‘*’ = all minion
Note: if you want to execute on single minion so you have mention its client id . If you want on xyz client so you will e execute
salt xyz cmd.run ‘mkdir /tmp/ram’
you want execute ifconfig common on every minion
salt ‘*’ cmd.run ‘ifconfig’
Step 11
Package installation on minion:-
salt ‘*’ pkg.install vim
State Module:-
In this phase of automation
you can perform multiple task on minions. You can make own cookbook
for you project.
Needs for salt state module.
1. Yaml Langaguge
2. Create /srv/salt directory
to store your project cookbook
3. Knowldge of salt state
function (file, git, apache, firewall etc)
Note: You have add .sls
extension in your salt cookbook.
I
am showing you example of psad cookbook.
1.Firstly go the /srv/salt
directory:
2.And create psad.sls file.
3. Open file with ant text
editor (i am using vim)
# vim psad.sls
psad:
pkg:
- installed
- show_changes: True
function1:
file.replace:
- name: /etc/psad/psad.conf
- pattern: 'EMAIL_ADDRESSES root@localhost;'
- repl: 'EMAIL_ADDRESSES prashant.gupta@digivalet.com;'
- show_changes: True
function2:
file.replace:
- name: /etc/psad/psad.conf
- pattern: '/var/log/messages'
- repl: '/var/log/kern.log'
- show_changes: True
function3:
file.replace:
- name: /etc/psad/psad.conf
- pattern: 'EMAIL_LIMIT 0;'
- repl: 'EMAIL_LIMIT 1;'
- show_changes: True
function4:
file.replace:
- name: /etc/psad/psad.conf
- pattern: 'IMPORT_OLD_SCANS N;'
- repl: 'IMPORT_OLD_SCANS Y;'
- show_changes: True
function5:
file.replace:
- name: /etc/psad/psad.conf
- pattern: 'ENABLE_AUTO_IDS N;'
- repl: 'ENABLE_AUTO_IDS Y;'
- show_changes: True
function6:
file.replace:
- name: /etc/psad/psad.conf
- pattern: 'AUTO_IDS_DANGER_LEVEL 5;'
- repl: 'AUTO_IDS_DANGER_LEVEL 3;'
- show_changes: True
function7:
file.replace:
- name: /etc/psad/psad.conf
- pattern: 'AUTO_BLOCK_TIMEOUT 3600;'
- repl: 'AUTO_BLOCK_TIMEOUT 86400;'
- show_changes: True
service1:
service.running:
- name: psad
Save and Exit file.
Now your PSAD project successfully install and configure..
Some Reference:
https://docs.saltstack.com/en/latest/
If we done any changes in minion except adding master id in vi/etc/salt/minion path what to do to retain as it is..
ReplyDelete