From 2fab00458b0ddcd1fa083584a8c77dfb3bb207f1 Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 30 Jul 2020 10:23:00 -0400 Subject: [PATCH 1/4] Add randomized play secrets for Cortex + TheHive --- setup/so-functions | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 5d5c9f585..2f1ea7198 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -875,8 +875,10 @@ generate_passwords(){ FLEETPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) FLEETJWT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) HIVEKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) + HIVEPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) CORTEXKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) CORTEXORGUSERKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) + CORTEXPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) SENSORONIKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) } @@ -1027,12 +1029,14 @@ manager_static() { " hiveuser: $WEBUSER"\ " hivepassword: '$WEBPASSWD1'"\ " hivekey: $HIVEKEY"\ + " hiveplaysecret: $HIVEPLAYSECRET"\ " cortexuser: $WEBUSER"\ " cortexpassword: '$WEBPASSWD1'"\ " cortexkey: $CORTEXKEY"\ " cortexorgname: SecurityOnion"\ - " cortexorguser: $WEBUSER"\ + " cortexorguser: soadmin"\ " cortexorguserkey: $CORTEXORGUSERKEY"\ + " cortexplaysecret: $CORTEXPLAYSECRET"\ " fleet_custom_hostname: "\ " fleet_manager: False"\ " fleet_node: False"\ From b6a053070f7d99d325cb655f941f07a3950e008d Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 30 Jul 2020 10:25:07 -0400 Subject: [PATCH 2/4] Change TheHive play secret --- salt/thehive/etc/application.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/thehive/etc/application.conf b/salt/thehive/etc/application.conf index f06c3f7c6..8aaf7a9a5 100644 --- a/salt/thehive/etc/application.conf +++ b/salt/thehive/etc/application.conf @@ -1,10 +1,11 @@ {%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %} {%- set CORTEXKEY = salt['pillar.get']('static:cortexorguserkey', '') %} +{%- set HIVEPLAYSECRET = salt['pillar.get']('static:hiveplaysecret', '') %} # Secret Key # The secret key is used to secure cryptographic functions. # WARNING: If you deploy your application on several servers, make sure to use the same key. -play.http.secret.key="letsdewdis" +play.http.secret.key="{{ HIVEPLAYSECRET }}" play.http.context=/thehive/ search.uri = "http://{{ MANAGERIP }}:9400" # Elasticsearch From c58ee8a37daf366646464ec2f8c0b99ecb363ce9 Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 30 Jul 2020 10:25:53 -0400 Subject: [PATCH 3/4] Add Cortex play secret --- salt/thehive/etc/cortex-application.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/thehive/etc/cortex-application.conf b/salt/thehive/etc/cortex-application.conf index b9cbe20cc..c8e96ee3e 100644 --- a/salt/thehive/etc/cortex-application.conf +++ b/salt/thehive/etc/cortex-application.conf @@ -1,4 +1,5 @@ {%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %} +{%- set CORTEXPLAYSECRET = salt['pillar.get']('static:cortexplaysecret', '') %} # Secret Key # The secret key is used to secure cryptographic functions. From 4282930f0838019a0bea2d0fed1045e5c6c729d9 Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 30 Jul 2020 10:26:49 -0400 Subject: [PATCH 4/4] Update cortex-application.conf --- salt/thehive/etc/cortex-application.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/thehive/etc/cortex-application.conf b/salt/thehive/etc/cortex-application.conf index c8e96ee3e..c7e52d954 100644 --- a/salt/thehive/etc/cortex-application.conf +++ b/salt/thehive/etc/cortex-application.conf @@ -4,7 +4,7 @@ # Secret Key # The secret key is used to secure cryptographic functions. # WARNING: If you deploy your application on several servers, make sure to use the same key. -play.http.secret.key="letsdewdis" +play.http.secret.key="{{ CORTEXPLAYSECRET }}" play.http.context=/cortex/ search.uri = "http://{{ MANAGERIP }}:9400"