CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

quote ES_PASS due to new characters in random string for elasticsearch:auth pw generation

Browse Source
This commit is contained in:
m0duspwnens
2022-01-19 11:55:25 -05:00
parent 55a262646c
commit 4d078046d6
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/common/tools/sbin/so-import-evtx
View File

@@ -21,7 +21,7 @@
{%- set MANAGERIP = salt['pillar.get']('global:managerip') -%} {%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
{%- set URLBASE = salt['pillar.get']('global:url_base') %} {%- set URLBASE = salt['pillar.get']('global:url_base') %}
{% set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} {% set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{% set ES_PW = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} {% set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
INDEX_DATE=$(date +'%Y.%m.%d') INDEX_DATE=$(date +'%Y.%m.%d')
RUNID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1) RUNID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)
@@ -42,7 +42,7 @@ function evtx2es() {
EVTX=$1 EVTX=$1
HASH=$2 HASH=$2
ES_PW=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch") ES_PASS=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch")
ES_USER=$(lookup_pillar "auth:users:so_elastic_user:user" "elasticsearch") ES_USER=$(lookup_pillar "auth:users:so_elastic_user:user" "elasticsearch")
docker run --rm \ docker run --rm \
@@ -51,7 +51,7 @@ function evtx2es() {
{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} \ {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} \
--host {{ MANAGERIP }} --scheme https \ --host {{ MANAGERIP }} --scheme https \
--index so-beats-$INDEX_DATE --pipeline import.wel \ --index so-beats-$INDEX_DATE --pipeline import.wel \
--login $ES_USER --pwd $ES_PW \ --login $ES_USER --pwd "$ES_PASS" \
"/tmp/$RUNID.evtx" >> $LOG_FILE 2>&1 "/tmp/$RUNID.evtx" >> $LOG_FILE 2>&1
docker run --rm \ docker run --rm \

4
salt/curator/files/curator.yml
View File

@@ -19,8 +19,8 @@ client:
- {{elasticsearch}} - {{elasticsearch}}
port: 9200 port: 9200
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} {%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
username: {{ ES_USER }} username: "{{ ES_USER }}"
password: {{ ES_PASS }} password: "{{ ES_PASS }}"
{%- endif %} {%- endif %}
url_prefix: url_prefix:
use_ssl: True use_ssl: True

4
salt/elastalert/defaults.yaml
View File

@@ -22,8 +22,8 @@ elastalert:
verify_certs: false verify_certs: false
#es_send_get_body_as: GET #es_send_get_body_as: GET
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %} {%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
es_username: {{ ES_USER }} es_username: "{{ ES_USER }}"
es_password: {{ ES_PASS }} es_password: "{{ ES_PASS }}"
{%- endif %} {%- endif %}
writeback_index: elastalert_status writeback_index: elastalert_status
alert_time_limit: alert_time_limit: