CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into issue/90

Browse Source
This commit is contained in:
m0duspwnens
2020-04-02 19:40:07 -04:00
parent 85cfe3244c 1b6222a04b
commit 4a920e317c
3 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/master/files/add_minion.sh Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
# This script adds pillar and schedule files securely
MINION=$1
echo "Adding $1"
cp /tmp/$MINION/pillar/$MINION.sls /opt/so/saltstack/pillar/minions/
cp /tmp/$MINION/schedules/* /opt/so/saltstack/salt/patch/os/schedules/
rm -rf /tmp/$MINION

11
setup/so-functions
View File

@@ -81,7 +81,7 @@ add_soremote_user_master() {
$ADDUSER --uid 947 --gid 947 soremote $ADDUSER --uid 947 --gid 947 soremote
# Set the password for soremote that we got during setup # Set the password for soremote that we got during setup
echo soremote:$REMOTEPASS1 | chpasswd --crypt-method=SHA512 echo soremote:$SOREMOTEPASS1 | chpasswd --crypt-method=SHA512
} }
@@ -352,8 +352,12 @@ copy_minion_tmp_files() {
fi fi
else else
echo "scp pillar and salt files in $TMP to master /opt/so/saltstack" echo "scp pillar and salt files in $TMP to master /opt/so/saltstack"
scp -prv -i /root/.ssh/so.key $TMP/pillar/* soremote@$MSRV:/opt/so/saltstack/pillar >> $SETUPLOG 2>&1 ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/pillar >> $SETUPLOG 2>&1
scp -prv -i /root/.ssh/so.key $TMP/salt/* soremote@$MSRV:/opt/so/saltstack/salt >> $SETUPLOG 2>&1 ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/schedules >> $SETUPLOG 2>&1
scp -prv -i /root/.ssh/so.key $TMP/pillar/minions/* soremote@$MSRV:/tmp/$MINION_ID/pillar/ >> $SETUPLOG 2>&1
scp -prv -i /root/.ssh/so.key $TMP/salt/patch/os/schedules/* soremote@$MSRV:/tmp/$MINION_ID/schedules >> $SETUPLOG 2>&1
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/salt/master/files/add_minion.sh $MINION_ID >> $SETUPLOG 2>&1
fi fi
} }
@@ -1578,6 +1582,7 @@ update_sudoers() {
echo "soremote ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers echo "soremote ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/salt/master/files/add_minion.sh" | tee -a /etc/sudoers
else else
echo "User soremote already granted sudo privileges" echo "User soremote already granted sudo privileges"
fi fi

4
setup/so-whiptail
View File

@@ -140,7 +140,7 @@ whiptail_create_soremote_user() {
whiptail_create_soremote_user_password1() { whiptail_create_soremote_user_password1() {
REMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \ SOREMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
"Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3) "Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -150,7 +150,7 @@ whiptail_create_soremote_user_password1() {
whiptail_create_soremote_user_password2() { whiptail_create_soremote_user_password2() {
REMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \ SOREMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
"Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3) "Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?