Merge pull request #501 from Security-Onion-Solutions/feature/auth

Renamed auth pillar to secrets pillar; removed remnants from old auth…

pillar/top.sls

@@ -21,7 +21,7 @@ base:
     - static
     - firewall.*
     - data.*
-    - auth #Shared secrets
+    - secrets
     - minions.{{ grains.id }}
 
   '*_master':
@@ -33,7 +33,7 @@ base:
     - firewall.*
     - data.*
     - brologs
-    - auth #Shared secrets
+    - secrets
     - logstash
     - logstash.eval
     - healthcheck.eval
@@ -63,5 +63,5 @@ base:
     - static
     - firewall.*
     - data.*
-    - auth #Shared secrets
+    - secrets
     - minions.{{ grains.id }}

salt/auth/init.sls

@@ -1,30 +0,0 @@
-{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
-{% set MASTER = salt['grains.get']('master') %}
-
-so-auth-api-dir:
-  file.directory:
-    - name: /opt/so/conf/auth/api
-    - user: 939
-    - group: 939
-    - makedirs: True
-
-so-auth-api:
-    docker_container.running:
-        - image: {{ MASTER }}:5000/soshybridhunter/so-auth-api:{{ VERSION }}
-        - hostname: so-auth-api
-        - name: so-auth-api
-        - environment:
-            - BASE_PATH: "/so-auth/api"
-            - AUTH_TOKEN_TIMEOUT: 32400
-        - binds:
-            - /opt/so/conf/auth/api:/data
-        - port_bindings:
-            - 0.0.0.0:5656:5656
-
-so-auth-ui:
-    docker_container.running:
-        - image: {{ MASTER }}:5000/soshybridhunter/so-auth-ui:{{ VERSION }}
-        - hostname: so-auth-ui
-        - name: so-auth-ui
-        - port_bindings:
-            - 0.0.0.0:4242:80

salt/common/nginx/index.html

@@ -1,163 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<title>Security Onion - Hybrid Hunter</title>
-<meta charset="utf-8">
-<meta name="viewport" content="width=device-width, initial-scale=1">
-<link rel="icon" type="image/png" href="favicon-32x32.png" sizes="32x32" />
-<link rel="icon" type="image/png" href="favicon-16x16.png" sizes="16x16" />
-<style>
-* {
-	box-sizing: border-box;
-	font-family: Arial, Helvetica, sans-serif;
-	padding-left: 30px;
-	padding-right: 30px;
-}
-
-body {
-	font-family: Arial, Helvetica, sans-serif;
-	background-color: #2a2a2a;
-
-}
-a {
-	color: #f2f2f2;
-	text-align: left;
-	padding: 0px;
-}
-
-.center-content {
-	margin: 0 auto;
-}
-
-.center-image {
-	display: block;
-	margin-left: auto;
-	margin-right: auto;
-	width: 50%;
-}
-
-/* Style the top navigation bar */
-.topnav {
-	overflow: hidden;
-	background-color: #333;
-	width: 1080px;
-	display: flex;
-	align-content: center;
-}
-
-/* Style the topnav links */
-.topnav a {
-	margin: auto;
-	color: #f2f2f2;
-	text-align: center;
-	padding: 14px 16px;
-	text-decoration: none;
-}
-
-/* Change color on hover */
-.topnav a:hover {
-	background-color: #ddd;
-	color: black;
-}
-
-/* Style the content */
-.content {
-	background-color: #2a2a2a;
-	padding: 10px;
-	padding-top: 20px;
-	padding-left: 60px;
-	color: #E3DBCC;
-	width: 1080px;
-}
-
-/* Style the footer */
-.footer {
-	background-color: #2a2a2a;
-	padding: 60px;
-	color: #E3DBCC;
-	width: 1080px;
-}
-
-</style>
-</head>
-<body>
-	<div class="center-content">
-		<div class="topnav center-content">
-			<a href="/so-auth/loginpage/create-user" target="_blank">Create New User</a>
-			<a href="/kibana/" target="_blank">Kibana</a>
-			<a href="/grafana/" target="_blank">Grafana</a>
-			<a href="/sensoroni/" target="_blank">Sensoroni</a>
-	  		<a href="/playbook/" target="_blank">Playbook</a>
-			<a href="/fleet/" target="_blank">Fleet</a>
-			<a href="/thehive/" target="_blank">TheHive</a>
-			<a href="/packages/" target="_blank">Osquery Packages</a>
-			<a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/FAQ" target="_blank">FAQ</a>
-			<a href="https://www.securityonionsolutions.com" target="_blank">Security Onion Solutions</a>
-			<a href="https://blog.securityonion.net" target="_blank">Blog</a>
-		</div>
-
-		<div class="content center-content">
-			<div style="text-align: center;">
-				<a href="https://securityonion.net">
-					<img style="border: none;" src="alpha_logo.jpg" alt="Security Onion" class="center-image" target="_blank">
-				</a>
-				<br/>
-			</div>
-			<p>
-				<div style="text-align: center;">
-					<h1>Hybrid Hunter Alpha 1.1.4 - Feature Parity Release</h1>
-				</div>
-				<br/>
-				<h2>Changes:</h2>
-				<ul>
-					<li>Added new in-house auth method [Security Onion Auth](https://github.com/Security-Onion-Solutions/securityonion-auth).</li>
-					<li>Web user creation is done via the browser now instead of so-user-add.</li>
-					<li>New Logstash pipeline setup. Now uses multiple pipelines.</li>
-					<li>New Master + Search node type and well as a Heavy Node type in the install.</li>
-					<li>Change all nodes to point to the docker registry on the Master. This cuts down on the calls to dockerhub.</li>
-					<li>Zeek 3.0.1</li>
-					<li>Elastic 6.8.6</li>
-					<li>New SO Start | Stop | Restart scripts for all components (eg. `so-playbook-restart`).</li>
-					<li>BPF support for Suricata (NIDS), Steno (PCAP) & Zeek ([Docs](https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/BPF)).</li>
-					<li>Updated Domain Stats & Frequency Server containers to Python3 & created new Salt states for them.</li>
-					<li>Added so-status script which gives an easy to read look at container status.</li>
-					<li>Manage threshold.conf for Suricata using the thresholding pillar.</li>
-					<li>The ISO now includes all the docker containers for faster install speeds.</li>
-					<li>You now set the password for the onion account during the iso install. This account is temporary and will be removed after so-setup.</li>
-					<li>Updated Helix parsers for better compatibility.</li>
-					<li>Updated telegraf docker to include curl and jq.</li>
-					<li>CVE-2020-0601 Zeek Detection Script.</li>
-					<li>ISO Install now prompts you to create a password for the onion user during imaging. This account gets disabled during setup.</li>
-					<li>Check out the <a href="https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/Hybrid-Hunter-Quick-Start-Guide" target="_blank">Hybrid Hunter Quick Start Guide</a>.</li>
-				</ul>
-	 		</p>
-		</div>
-
-		<div class="footer center-content">
-			<b>Disclaimer of Warranty</b>
-			<br/>
-			<small>
-				THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. 
-				EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM 
-				.AS IS. WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 
-				THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 
-				THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, 
-				YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-			</small>
-			<br/>
-			<br/>
-			<b>Limitation of Liability</b>
-			<br/>
-			<small>
-				IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, 
-				OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 
-				INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM 
-				(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES 
-				OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 
-				POSSIBILITY OF SUCH DAMAGES.
-			</small>
-			<br/>
-		</div>
-	</div>
-</body>
-</html>

salt/common/nginx/nginx.conf.so-fleet

@@ -86,14 +86,6 @@ http {
 
         }
 
-
-        error_page 401 = @error401;
-
-        location @error401 {
-          add_header    Set-Cookie "NSREDIRECT=http://{{ MAINIP }}$request_uri;Domain={{ MAINIP }};Path=/;Max-Age=60000";
-          return        302 http://{{ MAINIP }}/so-auth/loginpage/;
-        }
-
         error_page 404 /404.html;
             location = /40x.html {
         }

salt/common/tools/sbin/so-auth-restart

@@ -1,21 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-. /usr/sbin/so-common
-
-/usr/sbin/so-restart auth $1
-

salt/common/tools/sbin/so-auth-start

@@ -1,20 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-. /usr/sbin/so-common
-
-/usr/sbin/so-start auth $1

salt/common/tools/sbin/so-auth-stop

@@ -1,20 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-. /usr/sbin/so-common
-
-/usr/sbin/so-stop auth $1

salt/common/tools/sbin/so-elastic-download

@@ -2,8 +2,6 @@
 MASTER=MASTER
 VERSION="HH1.1.4"
 TRUSTED_CONTAINERS=( \
-"so-auth-api:$VERSION" \
-"so-auth-ui:$VERSION" \
 "so-core:$VERSION" \
 "so-thehive-cortex:$VERSION" \
 "so-curator:$VERSION" \

salt/common/tools/sbin/so-restart

@@ -32,6 +32,5 @@ fi
 case $1 in
    "cortex") docker stop so-thehive-cortex so-thehive && docker rm so-thehive-cortex so-thehive && salt-call state.apply hive queue=True;;
    "steno") docker stop so-steno && docker rm so-steno && salt-call state.apply pcap queue=True;;
-   "auth") docker stop so-auth-api; docker stop so-auth-ui; salt-call state.apply auth queue=True;;
    *)  docker stop so-$1 ; docker rm so-$1 ; salt-call state.apply $1 queue=True;;
 esac

salt/common/tools/sbin/so-start

@@ -32,16 +32,5 @@ fi
 case $1 in
    "all") salt-call state.highstate queue=True;;
    "steno") if docker ps | grep -q so-$1; then printf "\n$1 is already running!\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply pcap queue=True; fi ;; 
-   "auth") 
-      if docker ps | grep -q so-auth-api; then
-         if docker ps | grep -q so-auth-ui; then
-            printf "\n$1 is already running!\n\n"
-         else
-            docker rm so-auth-api >/dev/null 2>&1; docker rm so-auth-ui >/dev/null 2>&1; salt-call state.apply $1 queue=True
-         fi
-      else
-         docker rm so-auth-api >/dev/null 2>&1; docker rm so-auth-ui >/dev/null 2>&1; salt-call state.apply $1 queue=True
-      fi
-      ;;
    *) if docker ps | grep -q so-$1; then printf "\n$1 is already running\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply $1 queue=True; fi ;; 
 esac

salt/common/tools/sbin/so-stop

@@ -24,7 +24,6 @@ printf "Stopping $1...\n"
 echo $banner
 
 case $1 in
-    "auth") docker stop so-auth-api; docker rm so-auth-api; docker stop so-auth-ui; docker rm so-auth-ui ;;
     *) docker stop so-$1 ; docker rm so-$1 ;;
 esac
 

salt/fleet/init.sls

@@ -1,6 +1,6 @@
-{%- set MYSQLPASS = salt['pillar.get']('auth:mysql', None) -%}
-{%- set FLEETPASS = salt['pillar.get']('auth:fleet', None) -%}
-{%- set FLEETJWT = salt['pillar.get']('auth:fleet_jwt', None) -%}
+{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
+{%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
+{%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
 {% set MASTER = salt['grains.get']('master') %}
 {% set MAINIP = salt['pillar.get']('node:mainip') %}

salt/master/files/registry/scripts/so-docker-download

@@ -17,8 +17,6 @@ TRUSTED_CONTAINERS=( \
 "so-thehive-es:$VERSION" \
 "so-wazuh:$VERSION" \
 "so-kibana:$VERSION" \
-"so-auth-ui:$VERSION" \
-"so-auth-api:$VERSION" \
 "so-elastalert:$VERSION" \
 "so-navigator:$VERSION" \
 "so-filebeat:$VERSION" \

salt/mysql/etc/mypass

@@ -1,2 +1,2 @@
-{%- set MYSQLPASS = salt['pillar.get']('auth:mysql', None) -%}
+{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
 {{ MYSQLPASS }}

salt/mysql/init.sls

@@ -1,4 +1,4 @@
-{%- set MYSQLPASS = salt['pillar.get']('auth:mysql', None) %}
+{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
 {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.1.4') %}
 {% set MASTER = salt['grains.get']('master') %}

salt/top.sls

@@ -57,7 +57,6 @@ base:
     - soc
     - firewall
     - idstools
-    - auth #Shared secrets
     - salt.beacons
     {%- if FLEETMASTER or FLEETNODE %}
     - mysql
@@ -108,7 +107,6 @@ base:
     - master
     - idstools
     - redis
-    - auth #Shared secrets
     {%- if FLEETMASTER or FLEETNODE %}
     - mysql
     {%- endif %}
@@ -197,7 +195,6 @@ base:
     - firewall
     - sensor
     - master
-    - auth #Shared secrets
     {%- if FLEETMASTER or FLEETNODE %}
     - fleet.install_package
     {%- endif %}
@@ -213,7 +210,6 @@ base:
     - master
     - idstools
     - redis
-    - auth #Shared secrects
     {%- if FLEETMASTER or FLEETNODE %}
     - mysql
     {%- endif %}

setup/so-functions

@@ -101,17 +101,17 @@ add_web_user() {
   echo "Add user result: $?"
 }
 
-# Create an auth pillar so that passwords survive re-install
-auth_pillar(){
+# Create an secrets pillar so that passwords survive re-install
+secrets_pillar(){
 
-  if [ ! -f /opt/so/saltstack/pillar/auth.sls ]; then
-    echo "Creating Auth Pillar" >> $SETUPLOG 2>&1
+  if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
+    echo "Creating Secrets Pillar" >> $SETUPLOG 2>&1
     mkdir -p /opt/so/saltstack/pillar
-    echo "auth:" >> /opt/so/saltstack/pillar/auth.sls
-    echo "  mysql: $MYSQLPASS" >> /opt/so/saltstack/pillar/auth.sls
-    echo "  fleet: $FLEETPASS" >> /opt/so/saltstack/pillar/auth.sls
-    echo "  fleet_jwt: $FLEETJWT" >> /opt/so/saltstack/pillar/auth.sls
-    echo "  fleet_enroll-secret: False" >> /opt/so/saltstack/pillar/auth.sls
+    echo "secrets:" >> /opt/so/saltstack/pillar/secrets.sls
+    echo "  mysql: $MYSQLPASS" >> /opt/so/saltstack/pillar/secrets.sls
+    echo "  fleet: $FLEETPASS" >> /opt/so/saltstack/pillar/secrets.sls
+    echo "  fleet_jwt: $FLEETJWT" >> /opt/so/saltstack/pillar/secrets.sls
+    echo "  fleet_enroll-secret: False" >> /opt/so/saltstack/pillar/secrets.sls
   fi
 
 }
@@ -288,10 +288,10 @@ configure_minion() {
     echo "mysql.host: '$MAINIP'" >> /etc/salt/minion
     echo "mysql.port: 3306" >> /etc/salt/minion
     echo "mysql.user: 'root'" >> /etc/salt/minion
-    if [ ! -f /opt/so/saltstack/pillar/auth.sls ]; then
+    if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
       echo "mysql.pass: '$MYSQLPASS'" >> /etc/salt/minion
     else
-      OLDPASS=$(cat /opt/so/saltstack/pillar/auth.sls | grep mysql | awk {'print $2'})
+      OLDPASS=$(cat /opt/so/saltstack/pillar/secrets.sls | grep mysql | awk {'print $2'})
       echo "mysql.pass: '$OLDPASS'" >> /etc/salt/minion
     fi
   elif [ $TYPE == 'helix' ]; then
@@ -551,8 +551,6 @@ docker_seed_registry() {
   if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then
     TRUSTED_CONTAINERS=( \
     "so-acng:$VERSION" \
-    "so-auth-api:$VERSION" \
-    "so-auth-ui:$VERSION" \
     "so-core:$VERSION" \
     "so-thehive-cortex:$VERSION" \
     "so-curator:$VERSION" \

upgrade/so-update-functions

@@ -35,8 +35,6 @@ HOSTNAME=$(hostname)
 if [ $MASTERCHECK != 'so-helix' ]; then
     TRUSTED_CONTAINERS=( \
     "so-acng:$BUILD$UPDATEVERSION" \
-    "so-auth-api:$BUILD$UPDATEVERSION" \
-    "so-auth-ui:$BUILD$UPDATEVERSION" \
     "so-core:$BUILD$UPDATEVERSION" \
     "so-thehive-cortex:$BUILD$UPDATEVERSION" \
     "so-curator:$BUILD$UPDATEVERSION" \