CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

send-file and import-file security

Browse Source 
Encrypt the file with a passphrase before sending and decrypt the file with the same passphrase before importing.
This commit is contained in:
Corey Ogburn
2023-06-02 13:12:37 -06:00
parent 1b7095fa81
commit 451a4784a1
1 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
salt/soc/files/bin/salt-relay.sh
View File

@@ -184,9 +184,17 @@ function send_file() {
log "Node: $node" log "Node: $node"
log "Cleanup: $cleanup" log "Cleanup: $cleanup"
response=$($CMD_PREFIX salt-cp -C "$node" "$from" "$to") log "encrypting..."
gpg --passphrase "infected" --batch --symmetric --cipher-algo AES256 "$from"
fromgpg="$from.gpg"
log "sending..."
response=$($CMD_PREFIX salt-cp -C "$node" "$fromgpg" "$to")
exit_code=$? exit_code=$?
rm -f "$fromgpg"
log Response:$'\n'"$response" log Response:$'\n'"$response"
log "Exit Code: $exit_code" log "Exit Code: $exit_code"
@@ -211,6 +219,12 @@ function import_file() {
log "File: $file" log "File: $file"
log "Importer: $importer" log "Importer: $importer"
filegpg="$file.gpg"
log "decrypting..."
gpg --passphrase "infected" --batch --decrypt "$filegpg" > "$file"
log "importing..."
case $importer in case $importer in
pcap) pcap)
response=$($CMD_PREFIX "salt '$node' cmd.run 'so-import-pcap $file'") response=$($CMD_PREFIX "salt '$node' cmd.run 'so-import-pcap $file'")
@@ -226,7 +240,7 @@ function import_file() {
;; ;;
esac esac
rm "$file" rm "$file" "$filegpg"
log Response:$'\n'"$response" log Response:$'\n'"$response"
log "Exit Code: $exit_code" log "Exit Code: $exit_code"