CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Additional so-user sync adjustments

Browse Source
This commit is contained in:
Jason Ertel
2021-06-01 14:45:01 -04:00
parent 7a59bee315
commit 2a2247e1da
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
salt/common/tools/sbin/so-user
View File

@@ -42,6 +42,8 @@ databasePath=${KRATOS_DB_PATH:-/opt/so/conf/kratos/db/db.sqlite}
bcryptRounds=${BCRYPT_ROUNDS:-12} bcryptRounds=${BCRYPT_ROUNDS:-12}
elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users} elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users}
elasticRolesFile=${ELASTIC_ROLES_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users_roles} elasticRolesFile=${ELASTIC_ROLES_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users_roles}
esUID=${ELASTIC_UID:-930}
esGID=${ELASTIC_GID:-930}
function fail() { function fail() {
msg=$1 msg=$1
@@ -132,7 +134,7 @@ function createElasticTmpFile() {
tmpFile=${filename}.tmp tmpFile=${filename}.tmp
truncate -s 0 "$tmpFile" truncate -s 0 "$tmpFile"
chmod 600 "$tmpFile" chmod 600 "$tmpFile"
chown elasticsearch:elasticsearch "$tmpFile" chown "${esUID}:${esGID}" "$tmpFile"
echo "$tmpFile" echo "$tmpFile"
} }
@@ -195,8 +197,6 @@ function syncElastic() {
jq -r '.user + ":" + .data.hashed_password' \ jq -r '.user + ":" + .data.hashed_password' \
>> "$usersFileTmp" >> "$usersFileTmp"
[[ $? != 0 ]] && fail "Unable to read credential hashes from database" [[ $? != 0 ]] && fail "Unable to read credential hashes from database"
mv -f "$usersFileTmp" "$elasticUsersFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile"
# Generate the new users_roles file # Generate the new users_roles file
@@ -207,11 +207,16 @@ function syncElastic() {
sqlite3 "$databasePath" \ sqlite3 "$databasePath" \
>> "$rolesFileTmp" >> "$rolesFileTmp"
[[ $? != 0 ]] && fail "Unable to read credential IDs from database" [[ $? != 0 ]] && fail "Unable to read credential IDs from database"
mv -f "$rolesFileTmp" "$elasticRolesFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticRolesFile"
else else
info "Database file does not exist yet, skipping users export" info "Database file does not exist yet, skipping users export"
fi fi
# Move the temp files over onto the final files
mv -f "$usersFileTmp" "$elasticUsersFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile"
mv -f "$rolesFileTmp" "$elasticRolesFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticRolesFile"
} }
function syncAll() { function syncAll() {