diff --git a/salt/common/tools/sbin/so-cortex-user-add b/salt/common/tools/sbin/so-cortex-user-add
index 531872d80..43126f709 100755
--- a/salt/common/tools/sbin/so-cortex-user-add
+++ b/salt/common/tools/sbin/so-cortex-user-add
@@ -47,7 +47,7 @@ resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type:
if [[ "$resp" =~ \"status\":\"Ok\" ]]; then
echo "Successfully added user to Cortex."
else
- echo "Failed to add user to Cortex."
+ echo "Unable to add user to Cortex; user might already exist."
exit 2
fi
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-cortex-user-enable b/salt/common/tools/sbin/so-cortex-user-enable
new file mode 100755
index 000000000..63cd2f089
--- /dev/null
+++ b/salt/common/tools/sbin/so-cortex-user-enable
@@ -0,0 +1,56 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+. /usr/sbin/so-common
+
+usage() {
+ echo "Usage: $0 "
+ echo ""
+ echo "Enables or disables a user in Cortex."
+ exit 1
+}
+
+if [ $# -ne 2 ]; then
+ usage
+fi
+
+USER=$1
+
+CORTEX_KEY=$(lookup_pillar cortexkey)
+CORTEX_IP=$(lookup_pillar managerip)
+CORTEX_USER=$USER
+
+case "${2^^}" in
+ FALSE | NO | 0)
+ CORTEX_STATUS=Locked
+ ;;
+ TRUE | YES | 1)
+ CORTEX_STATUS=Ok
+ ;;
+ *)
+ usage
+ ;;
+esac
+
+resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }")
+if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then
+ echo "Successfully updated user in Cortex."
+else
+ echo "Failed to update user in Cortex."
+ exit 2
+fi
+
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-fleet-user-add b/salt/common/tools/sbin/so-fleet-user-add
index bb6d756cd..9637aa63c 100755
--- a/salt/common/tools/sbin/so-fleet-user-add
+++ b/salt/common/tools/sbin/so-fleet-user-add
@@ -53,6 +53,6 @@ MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PASS fleet -
if [[ $? -eq 0 ]]; then
echo "Successfully added user to Fleet."
else
- echo "Failed to add user to Fleet."
+ echo "Unable to add user to Fleet; user might already exist."
exit 2
fi
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-fleet-user-enable b/salt/common/tools/sbin/so-fleet-user-enable
new file mode 100755
index 000000000..0ea826391
--- /dev/null
+++ b/salt/common/tools/sbin/so-fleet-user-enable
@@ -0,0 +1,57 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+. /usr/sbin/so-common
+
+usage() {
+ echo "Usage: $0 "
+ echo ""
+ echo "Enables or disables a user in Fleet."
+ exit 1
+}
+
+if [ $# -ne 2 ]; then
+ usage
+fi
+
+USER=$1
+
+MYSQL_PASS=$(lookup_pillar_secret mysql)
+FLEET_IP=$(lookup_pillar fleet_ip)
+FLEET_USER=$USER
+
+case "${2^^}" in
+ FALSE | NO | 0)
+ FLEET_STATUS=0
+ ;;
+ TRUE | YES | 1)
+ FLEET_STATUS=1
+ ;;
+ *)
+ usage
+ ;;
+esac
+
+MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PASS fleet -e \
+ "UPDATE users SET enabled=$FLEET_STATUS WHERE username='$FLEET_USER'" 2>&1)
+
+if [[ $? -eq 0 ]]; then
+ echo "Successfully updated user in Fleet."
+else
+ echo "Failed to update user in Fleet."
+ exit 2
+fi
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-thehive-user-add b/salt/common/tools/sbin/so-thehive-user-add
index 0867ad766..0c9553abc 100755
--- a/salt/common/tools/sbin/so-thehive-user-add
+++ b/salt/common/tools/sbin/so-thehive-user-add
@@ -46,7 +46,6 @@ resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type:
if [[ "$resp" =~ \"status\":\"Ok\" ]]; then
echo "Successfully added user to TheHive."
else
- echo "Failed to add user to TheHive."
- echo $resp
+ echo "Unable to add user to TheHive; user might already exist."
exit 2
fi
diff --git a/salt/common/tools/sbin/so-thehive-user-enable b/salt/common/tools/sbin/so-thehive-user-enable
new file mode 100755
index 000000000..f439b93b8
--- /dev/null
+++ b/salt/common/tools/sbin/so-thehive-user-enable
@@ -0,0 +1,57 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+. /usr/sbin/so-common
+
+usage() {
+ echo "Usage: $0 "
+ echo ""
+ echo "Enables or disables a user in thehive."
+ exit 1
+}
+
+if [ $# -ne 2 ]; then
+ usage
+fi
+
+USER=$1
+
+THEHIVE_KEY=$(lookup_pillar hivekey)
+THEHIVE_IP=$(lookup_pillar managerip)
+THEHIVE_USER=$USER
+
+case "${2^^}" in
+ FALSE | NO | 0)
+ THEHIVE_STATUS=Locked
+ ;;
+ TRUE | YES | 1)
+ THEHIVE_STATUS=Ok
+ ;;
+ *)
+ usage
+ ;;
+esac
+
+resp=$(curl -sk -XPATCH -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" "https://$THEHIVE_IP/thehive/api/user/${THEHIVE_USER}" -d "{\"status\":\"${THEHIVE_STATUS}\" }")
+if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then
+ echo "Successfully updated user in thehive."
+else
+ echo "Failed to update user in thehive."
+ echo "$resp"
+ exit 2
+fi
+
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index f4a53efa7..4616be3f5 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -179,9 +179,9 @@ case "${operation}" in
validateEmail "$email"
createUser "$email"
echo "Successfully added new user to SOC"
- check_container thehive && echo $password | so-thehive-user-add "$email"
- check_container cortex && echo $password | so-cortex-user-add "$email"
- check_container fleet && echo $password | so-fleet-user-add "$email"
+ check_container thehive && (echo $password | so-thehive-user-add "$email" || so-thehive-user-enable "$email" true)
+ check_container cortex && (echo $password | so-cortex-user-add "$email" || so-cortex-user-enable "$email" true)
+ check_container fleet && (echo $password | so-fleet-user-add "$email" || so-fleet-user-enable "$email" true)
;;
"list")
@@ -202,7 +202,10 @@ case "${operation}" in
[[ "$email" == "" ]] && fail "Email address must be provided"
deleteUser "$email"
- echo "Successfully deleted user"
+ echo "Successfully deleted user"
+ check_container thehive && so-thehive-user-enable "$email" false
+ check_container cortex && so-cortex-user-enable "$email" false
+ check_container fleet && so-fleet-user-enable "$email" false
;;
"validate")
diff --git a/salt/common/tools/sbin/so-user-disable b/salt/common/tools/sbin/so-user-disable
new file mode 100755
index 000000000..293f57525
--- /dev/null
+++ b/salt/common/tools/sbin/so-user-disable
@@ -0,0 +1,2 @@
+#!/bin/bash
+so-user delete $*
\ No newline at end of file