diff --git a/salt/master/files/add_minion.sh b/salt/master/files/add_minion.sh new file mode 100755 index 000000000..220317193 --- /dev/null +++ b/salt/master/files/add_minion.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +# This script adds pillar and schedule files securely + +MINION=$1 + + echo "Adding $1" + cp /tmp/$MINION/pillar/$MINION.sls /opt/so/saltstack/pillar/minions/ + cp /tmp/$MINION/schedules/* /opt/so/saltstack/salt/patch/os/schedules/ + rm -rf /tmp/$MINION \ No newline at end of file diff --git a/setup/so-functions b/setup/so-functions index 97680365d..15fdfd3bd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -81,7 +81,7 @@ add_soremote_user_master() { $ADDUSER --uid 947 --gid 947 soremote # Set the password for soremote that we got during setup - echo soremote:$REMOTEPASS1 | chpasswd --crypt-method=SHA512 + echo soremote:$SOREMOTEPASS1 | chpasswd --crypt-method=SHA512 } @@ -352,8 +352,12 @@ copy_minion_tmp_files() { fi else echo "scp pillar and salt files in $TMP to master /opt/so/saltstack" - scp -prv -i /root/.ssh/so.key $TMP/pillar/* soremote@$MSRV:/opt/so/saltstack/pillar >> $SETUPLOG 2>&1 - scp -prv -i /root/.ssh/so.key $TMP/salt/* soremote@$MSRV:/opt/so/saltstack/salt >> $SETUPLOG 2>&1 + ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/pillar >> $SETUPLOG 2>&1 + ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/schedules >> $SETUPLOG 2>&1 + scp -prv -i /root/.ssh/so.key $TMP/pillar/minions/* soremote@$MSRV:/tmp/$MINION_ID/pillar/ >> $SETUPLOG 2>&1 + scp -prv -i /root/.ssh/so.key $TMP/salt/patch/os/schedules/* soremote@$MSRV:/tmp/$MINION_ID/schedules >> $SETUPLOG 2>&1 + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/salt/master/files/add_minion.sh $MINION_ID >> $SETUPLOG 2>&1 + fi } @@ -1578,6 +1582,7 @@ update_sudoers() { echo "soremote ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers + echo "soremote ALL=(ALL) NOPASSWD:/opt/so/salt/master/files/add_minion.sh" | tee -a /etc/sudoers else echo "User soremote already granted sudo privileges" fi diff --git a/setup/so-whiptail b/setup/so-whiptail index 00862292c..29ff43be5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -140,7 +140,7 @@ whiptail_create_soremote_user() { whiptail_create_soremote_user_password1() { - REMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \ + SOREMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \ "Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3) local exitstatus=$? @@ -150,7 +150,7 @@ whiptail_create_soremote_user_password1() { whiptail_create_soremote_user_password2() { - REMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \ + SOREMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \ "Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3) local exitstatus=$?