CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove inotify beacon due to it not functioning as documented; Add back so-user changes to sync upon so-user changes

Browse Source
This commit is contained in:
Jason Ertel
2021-06-03 15:15:35 -04:00
parent 58ae3479dc
commit 316035910f
3 changed files with 5 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/common/tools/sbin/so-user
View File

@@ -314,6 +314,7 @@ case "${operation}" in
validateEmail "$email" validateEmail "$email"
updatePassword updatePassword
createUser "$email" createUser "$email"
syncAll
echo "Successfully added new user to SOC" echo "Successfully added new user to SOC"
check_container thehive && echo $password | so-thehive-user-add "$email" check_container thehive && echo $password | so-thehive-user-add "$email"
check_container fleet && echo $password | so-fleet-user-add "$email" check_container fleet && echo $password | so-fleet-user-add "$email"
@@ -329,6 +330,7 @@ case "${operation}" in
[[ "$email" == "" ]] && fail "Email address must be provided" [[ "$email" == "" ]] && fail "Email address must be provided"
updateUser "$email" updateUser "$email"
syncAll
echo "Successfully updated user" echo "Successfully updated user"
;; ;;
@@ -337,6 +339,7 @@ case "${operation}" in
[[ "$email" == "" ]] && fail "Email address must be provided" [[ "$email" == "" ]] && fail "Email address must be provided"
updateStatus "$email" 'active' updateStatus "$email" 'active'
syncAll
echo "Successfully enabled user" echo "Successfully enabled user"
check_container thehive && so-thehive-user-enable "$email" true check_container thehive && so-thehive-user-enable "$email" true
check_container fleet && so-fleet-user-enable "$email" true check_container fleet && so-fleet-user-enable "$email" true
@@ -347,6 +350,7 @@ case "${operation}" in
[[ "$email" == "" ]] && fail "Email address must be provided" [[ "$email" == "" ]] && fail "Email address must be provided"
updateStatus "$email" 'locked' updateStatus "$email" 'locked'
syncAll
echo "Successfully disabled user" echo "Successfully disabled user"
check_container thehive && so-thehive-user-enable "$email" false check_container thehive && so-thehive-user-enable "$email" false
check_container fleet && so-fleet-user-enable "$email" false check_container fleet && so-fleet-user-enable "$email" false
@@ -357,6 +361,7 @@ case "${operation}" in
[[ "$email" == "" ]] && fail "Email address must be provided" [[ "$email" == "" ]] && fail "Email address must be provided"
deleteUser "$email" deleteUser "$email"
syncAll
echo "Successfully deleted user" echo "Successfully deleted user"
check_container thehive && so-thehive-user-enable "$email" false check_container thehive && so-thehive-user-enable "$email" false
check_container fleet && so-fleet-user-enable "$email" false check_container fleet && so-fleet-user-enable "$email" false

7
salt/manager/files/beacons.conf
View File

@@ -1,7 +0,0 @@
beacons:
watch_sqlite_db:
- files:
/opt/so/conf/kratos/db/db.sqlite:
mask:
- modify
- beacon_module: inotify

7
salt/manager/init.sls
View File

@@ -123,13 +123,6 @@ syncesusers:
- /opt/so/saltstack/local/salt/elasticsearch/files/users - /opt/so/saltstack/local/salt/elasticsearch/files/users
- /opt/so/saltstack/local/salt/elasticsearch/files/users_roles - /opt/so/saltstack/local/salt/elasticsearch/files/users_roles
beacons_config:
file.managed:
- name: /etc/salt/minion.d/beacons.conf
- source: salt://manager/files/beacons.conf
- onchanges_in:
- service: salt_minion_service
{% else %} {% else %}
{{sls}}_state_not_allowed: {{sls}}_state_not_allowed: