CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-17 14:33:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

add mine function to signing_policies.conf. no longer need to check if mine in ca during manager install

Browse Source
This commit is contained in:
m0duspwnens
2021-12-28 15:19:06 -05:00
parent 67a9f4d22e
commit 2a5b4ef276
2 changed files with 3 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/ca/files/signing_policies.conf
View File

@@ -1,3 +1,6 @@
mine_functions:
x509.get_pem_entries: [/etc/pki/ca.crt]
x509_signing_policies:
filebeat:
- minions: '*'

8
setup/so-functions
View File

@@ -1438,14 +1438,6 @@ generate_ca() {
echo " Confirming existence of the CA certificate"
openssl x509 -in /etc/pki/ca.crt -noout -subject -issuer -dates
echo "Confirming salt mine now contains the certificate";
salt-call mine.get "$MINION_ID" x509.get_pem_entries | grep -E 'BEGIN CERTIFICATE|END CERTIFICATE';
if [ $? -eq 0 ]; then
echo "CA in mine"
else
echo "CA not in mine"
fi
} >> "$setup_log" 2>&1
}