enable/disable soqemussh. allow for pw to be set

2026-04-25 22:17:49 +02:00 · 2025-04-18 14:07:32 -04:00
parent 0bcb6040c9
commit 285d73d526
8 changed files with 127 additions and 6 deletions
@@ -0,0 +1,5 @@
+vm:
+  user:
+    soqemussh:
+      enabled: False
+      passwordHash:
@@ -0,0 +1,25 @@
+{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+   or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+   https://securityonion.net/license; you may not use this file except in compliance with the
+   Elastic License 2.0. 
+   
+   Note: Per the Elastic License 2.0, the second limitation states:
+
+    "You may not move, change, disable, or circumvent the license key functionality
+     in the software, and you may not remove or obscure any functionality in the
+     software that is protected by the license key." #}
+
+{% if 'vrt' in salt['pillar.get']('features', []) %}
+
+{%   import_yaml 'vm/defaults.yaml' as VMDEFAULTS %}
+{%   set VMMERGED = salt['pillar.get']('vm', VMDEFAULTS.vm, merge=True) %}
+
+{% else %}
+
+{% do salt.log.error(
+  'Hypervisor nodes are a feature supported only for customers with a valid license.'
+  'Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com'
+  'for more information about purchasing a license to enable this feature.'
+) %}
+
+{% endif %}
@@ -0,0 +1,10 @@
+vm:
+  user:
+    soqemussh:
+      enabled:
+        description: Enable or disable the soqemussh user.
+        forcedType: bool
+      passwordHash:
+        description: 'Enter a SHA-512 password hash to set the soqemussh user password. Generate this hash by running the following command on the manager: `openssl passwd -6`'
+        forcedType: string
+        global: True
@@ -0,0 +1,35 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{% if 'vrt' in salt['pillar.get']('features', []) %}
+
+# Send highstate trigger event for VM deployment status tracking
+# so-salt-emit-vm-deployment-status sets event_tag = f'soc/dyanno/hypervisor/{status.lower()}'
+vm_highstate_trigger:
+  event.send:
+    - name: soc/dyanno/hypervisor/highstate triggered
+    - data:
+        status: Highstate Triggered
+        vm_name: {{ grains.id }}
+        hypervisor: {{ salt['grains.get']('salt-cloud:profile', '').split('-')[1] }}
+    - order: 1  # Ensure this runs early in the highstate process
+
+{% else %}
+
+{{sls}}_no_license_detected:
+  test.fail_without_changes:
+    - name: {{sls}}_no_license_detected
+    - comment:
+      - "Hypervisor nodes are a feature supported only for customers with a valid license.
+      Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com
+      for more information about purchasing a license to enable this feature."
+
+{% endif %}
@@ -0,0 +1,56 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."
+
+{% if 'vrt' in salt['pillar.get']('features', []) %}
+
+{%   from 'vm/map.jinja' import VMMERGED %}
+
+{%   if VMMERGED.user.soqemussh.enabled %}
+
+vm_user_soqemussh:
+  user.present:
+    - name: soqemussh
+    - shell: /bin/bash
+    - home: /home/soqemussh
+{%     if VMMERGED.user.soqemussh.passwordHash %}
+    - password: '{{ VMMERGED.user.soqemussh.passwordHash }}'
+{%     endif %}
+
+vm_user_soqemussh_home_directory:
+  file.directory:
+    - name: /home/soqemussh
+    - user: soqemussh
+    - group: soqemussh
+    - mode: 700
+    - recurse:
+      - user
+      - group
+
+{%   else %}
+
+vm_user_soqemussh:
+  user.absent:
+    - name: soqemussh
+    - force: True
+
+{%   endif %}
+
+{% else %}
+
+{{sls}}_no_license_detected:
+  test.fail_without_changes:
+    - name: {{sls}}_no_license_detected
+    - comment:
+      - "Hypervisor nodes are a feature supported only for customers with a valid license.
+      Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com
+      for more information about purchasing a license to enable this feature."
+
+{% endif %}