From 186defe0e2f2a9bff06c83dbf4ff4c40990667f1 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Mon, 15 Jul 2019 15:39:43 -0400
Subject: [PATCH] Core Module - Add htpasswd love

---
 salt/common/init.sls                   |  2 ++
 salt/common/nginx/nginx.conf.so-master | 10 ++++++++++
 salt/common/tools/sbin/so-user-add     | 17 +++++++++++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 salt/common/tools/sbin/so-user-add

diff --git a/salt/common/init.sls b/salt/common/init.sls
index 49008c9e7..c344dbb68 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -41,9 +41,11 @@ sensorpkgs:
       {% if grains['os'] != 'CentOS' %}
       - python-docker
       - python-m2crypto
+      - apache2-utils
       {% else %}
       - net-tools
       - tcpdump
+      - httpd-tools
       {% endif %}
 
 # Always keep these packages up to date
diff --git a/salt/common/nginx/nginx.conf.so-master b/salt/common/nginx/nginx.conf.so-master
index 89a5a1300..6e512b191 100644
--- a/salt/common/nginx/nginx.conf.so-master
+++ b/salt/common/nginx/nginx.conf.so-master
@@ -88,6 +88,8 @@ http {
     #    }
 
         location /grafana/ {
+          auth_basic            “Security Onion”;
+          auth_basic_user_file  /opt/so/conf/nginx/.htpasswd;
 	  rewrite /grafana/(.*) /$1 break;
           proxy_pass http://{{ masterip }}:3000/;
           proxy_read_timeout    90;
@@ -100,6 +102,8 @@ http {
         }
 
         location /kibana/ {
+          auth_basic            “Security Onion”;
+          auth_basic_user_file  /opt/so/conf/nginx/.htpasswd;
 	  rewrite /kibana/(.*) /$1 break;
           proxy_pass http://{{ masterip }}:5601/;
           proxy_read_timeout    90;
@@ -126,6 +130,8 @@ http {
 
         location /fleet/ {
 	  rewrite /fleet/(.*) /$1 break;
+          auth_basic            “Security Onion”;
+          auth_basic_user_file  /opt/so/conf/nginx/.htpasswd;
           proxy_pass https://{{ masterip }}:8080/;
           proxy_read_timeout    90;
           proxy_connect_timeout 90;
@@ -137,6 +143,8 @@ http {
         }
 
         location /thehive/ {
+          auth_basic            “Security Onion”;
+          auth_basic_user_file  /opt/so/conf/nginx/.htpasswd;
           proxy_pass http://{{ masterip }}:9000/thehive/;
           proxy_read_timeout    90;
           proxy_connect_timeout 90;
@@ -160,6 +168,8 @@ http {
         }
 
         location /sensoroni/ {
+          auth_basic            “Security Onion”;
+          auth_basic_user_file  /opt/so/conf/nginx/.htpasswd;
           proxy_pass http://{{ masterip }}:9822/;
           proxy_read_timeout    90;
           proxy_connect_timeout 90;
diff --git a/salt/common/tools/sbin/so-user-add b/salt/common/tools/sbin/so-user-add
new file mode 100644
index 000000000..930e02d7d
--- /dev/null
+++ b/salt/common/tools/sbin/so-user-add
@@ -0,0 +1,17 @@
+#!/bin/bash
+USERNAME=$1
+
+# Make sure a username is provided
+[ $# -eq 0 ] && { echo "Usage: $0 username"; exit 1; }
+
+# If the file is there already lets create it otherwise add the user
+if [ ! -f /opt/so/conf/nginx/.htpasswd ]; then
+
+  # Create the password file
+  htpasswd -c /opt/so/conf/nginx/.htpasswd $USERNAME
+
+else
+
+  htpasswd /opt/so/conf/nginx/.htpasswd $USERNAME
+
+fi