CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core Module - Add htpasswd love

Browse Source
This commit is contained in:
Mike Reeves
2019-07-15 15:39:43 -04:00
parent 9ba5f67828
commit 186defe0e2
3 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/common/init.sls
View File

@@ -41,9 +41,11 @@ sensorpkgs:
{% if grains['os'] != 'CentOS' %} {% if grains['os'] != 'CentOS' %}
- python-docker - python-docker
- python-m2crypto - python-m2crypto
- apache2-utils
{% else %} {% else %}
- net-tools - net-tools
- tcpdump - tcpdump
- httpd-tools
{% endif %} {% endif %}
# Always keep these packages up to date # Always keep these packages up to date

10
salt/common/nginx/nginx.conf.so-master
View File

@@ -88,6 +88,8 @@ http {
# } # }
location /grafana/ { location /grafana/ {
auth_basic “Security Onion”;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
rewrite /grafana/(.*) /$1 break; rewrite /grafana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:3000/; proxy_pass http://{{ masterip }}:3000/;
proxy_read_timeout 90; proxy_read_timeout 90;
@@ -100,6 +102,8 @@ http {
} }
location /kibana/ { location /kibana/ {
auth_basic “Security Onion”;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
rewrite /kibana/(.*) /$1 break; rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:5601/; proxy_pass http://{{ masterip }}:5601/;
proxy_read_timeout 90; proxy_read_timeout 90;
@@ -126,6 +130,8 @@ http {
location /fleet/ { location /fleet/ {
rewrite /fleet/(.*) /$1 break; rewrite /fleet/(.*) /$1 break;
auth_basic “Security Onion”;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
proxy_pass https://{{ masterip }}:8080/; proxy_pass https://{{ masterip }}:8080/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -137,6 +143,8 @@ http {
} }
location /thehive/ { location /thehive/ {
auth_basic “Security Onion”;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
proxy_pass http://{{ masterip }}:9000/thehive/; proxy_pass http://{{ masterip }}:9000/thehive/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -160,6 +168,8 @@ http {
} }
location /sensoroni/ { location /sensoroni/ {
auth_basic “Security Onion”;
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
proxy_pass http://{{ masterip }}:9822/; proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;

17
salt/common/tools/sbin/so-user-add Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
USERNAME=$1
# Make sure a username is provided
[ $# -eq 0 ] && { echo "Usage: $0 username"; exit 1; }
# If the file is there already lets create it otherwise add the user
if [ ! -f /opt/so/conf/nginx/.htpasswd ]; then
# Create the password file
htpasswd -c /opt/so/conf/nginx/.htpasswd $USERNAME
else
htpasswd /opt/so/conf/nginx/.htpasswd $USERNAME
fi