CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix logic on password created in pillar and fix how me manage

Browse Source
This commit is contained in:
m0duspwnens
2021-05-28 18:28:53 -04:00
parent edf60f80f7
commit 3aad5a30e9
1 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
salt/elasticsearch/auth.sls
View File

@@ -1,3 +1,9 @@
{% set so_elastic_user_pass = salt['random.get_str'](20) %}
{% set so_kibana_user_pass = salt['random.get_str'](20) %}
{% set so_logstash_user_pass = salt['random.get_str'](20) %}
{% set so_beats_user_pass = salt['random.get_str'](20) %}
{% set so_monitor_user_pass = salt['random.get_str'](20) %}
elastic_auth_pillar:
file.managed:
- name: /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
@@ -8,24 +14,26 @@ elastic_auth_pillar:
users:
so_elastic_user:
user: so_elastic
pass: {{ salt['random.get_str'](20) }}
pass: {{ so_elastic_user_pass }}
so_kibana_user:
user: so_kibana
pass: {{ salt['random.get_str'](20) }}
pass: {{ so_kibana_user_pass }}
so_logstash_user:
user: so_logstash
pass: {{ salt['random.get_str'](20) }}
pass: {{ so_logstash_user_pass }}
so_beats_user:
user: so_beats
pass: {{ salt['random.get_str'](20) }}
pass: {{ so_beats_user_pass }}
so_monitor_user:
user: so_monitor
pass: {{ salt['random.get_str'](20) }}
pass: {{ so_monitor_user_pass }}
# since we are generating a random password, and we don't want that to happen everytime
# a highstate runs, we only manage the file each user isn't present in the file. if the
# pillar file doesn't exists, then the default vault provided to pillar.get should not
# be within the file either, so it should then be created
{% if salt['pillar.get']('elasticsearch:auth', False) %}
- unless:
{% for so_app_user in salt['pillar.get']('elasticsearch:auth:users', {'so_noapp_user': {'user': 'r@NDumu53Rd0NtDOoP'}}) %}
{% for so_app_user in salt['pillar.get']('elasticsearch:auth:users') %}
- grep {{ so_app_user.user }} /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
{% endfor%}
{% endif %}