Core Module - Add htpasswd love

2025-12-06 17:22:49 +01:00 · 2019-07-15 15:39:43 -04:00
parent 9ba5f67828
commit 186defe0e2
3 changed files with 29 additions and 0 deletions
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -41,9 +41,11 @@ sensorpkgs:
      {% if grains['os'] != 'CentOS' %}
      - python-docker
      - python-m2crypto
+      - apache2-utils
      {% else %}
      - net-tools
      - tcpdump
+      - httpd-tools
      {% endif %}

 # Always keep these packages up to date
--- a/salt/common/nginx/nginx.conf.so-master
+++ b/salt/common/nginx/nginx.conf.so-master
@@ -88,6 +88,8 @@ http {
    #    }

        location /grafana/ {
+          auth_basic            “Security Onion”;
+          auth_basic_user_file  /opt/so/conf/nginx/.htpasswd;
 	  rewrite /grafana/(.*) /$1 break;
          proxy_pass http://{{ masterip }}:3000/;
          proxy_read_timeout    90;
@@ -100,6 +102,8 @@ http {
        }

        location /kibana/ {
+          auth_basic            “Security Onion”;
+          auth_basic_user_file  /opt/so/conf/nginx/.htpasswd;
 	  rewrite /kibana/(.*) /$1 break;
          proxy_pass http://{{ masterip }}:5601/;
          proxy_read_timeout    90;
@@ -126,6 +130,8 @@ http {

        location /fleet/ {
 	  rewrite /fleet/(.*) /$1 break;
+          auth_basic            “Security Onion”;
+          auth_basic_user_file  /opt/so/conf/nginx/.htpasswd;
          proxy_pass https://{{ masterip }}:8080/;
          proxy_read_timeout    90;
          proxy_connect_timeout 90;
@@ -137,6 +143,8 @@ http {
        }

        location /thehive/ {
+          auth_basic            “Security Onion”;
+          auth_basic_user_file  /opt/so/conf/nginx/.htpasswd;
          proxy_pass http://{{ masterip }}:9000/thehive/;
          proxy_read_timeout    90;
          proxy_connect_timeout 90;
@@ -160,6 +168,8 @@ http {
        }

        location /sensoroni/ {
+          auth_basic            “Security Onion”;
+          auth_basic_user_file  /opt/so/conf/nginx/.htpasswd;
          proxy_pass http://{{ masterip }}:9822/;
          proxy_read_timeout    90;
          proxy_connect_timeout 90;
--- a/salt/common/tools/sbin/so-user-add
+++ b/salt/common/tools/sbin/so-user-add
@@ -0,0 +1,17 @@
+#!/bin/bash
+USERNAME=$1
+
+# Make sure a username is provided
+[ $# -eq 0 ] && { echo "Usage: $0 username"; exit 1; }
+
+# If the file is there already lets create it otherwise add the user
+if [ ! -f /opt/so/conf/nginx/.htpasswd ]; then
+
+  # Create the password file
+  htpasswd -c /opt/so/conf/nginx/.htpasswd $USERNAME
+
+else
+
+  htpasswd /opt/so/conf/nginx/.htpasswd $USERNAME
+
+fi