CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

quote ES_PASS due to new characters in random string for elasticsearch:auth pw generation

Browse Source
This commit is contained in:
m0duspwnens
2022-01-19 11:55:25 -05:00
parent 55a262646c
commit 4d078046d6
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/common/tools/sbin/so-import-evtx
View File

@@ -21,7 +21,7 @@
{%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
{%- set URLBASE = salt['pillar.get']('global:url_base') %}
{% set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
{% set ES_PW = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
{% set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
INDEX_DATE=$(date +'%Y.%m.%d')
RUNID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)
@@ -42,7 +42,7 @@ function evtx2es() {
EVTX=$1
HASH=$2
ES_PW=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch")
ES_PASS=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch")
ES_USER=$(lookup_pillar "auth:users:so_elastic_user:user" "elasticsearch")
docker run --rm \
@@ -51,7 +51,7 @@ function evtx2es() {
{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} \
--host {{ MANAGERIP }} --scheme https \
--index so-beats-$INDEX_DATE --pipeline import.wel \
--login $ES_USER --pwd $ES_PW \
--login $ES_USER --pwd "$ES_PASS" \
"/tmp/$RUNID.evtx" >> $LOG_FILE 2>&1
docker run --rm \

4
salt/curator/files/curator.yml
View File

@@ -19,8 +19,8 @@ client:
- {{elasticsearch}}
port: 9200
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
username: {{ ES_USER }}
password: {{ ES_PASS }}
username: "{{ ES_USER }}"
password: "{{ ES_PASS }}"
{%- endif %}
url_prefix:
use_ssl: True

4
salt/elastalert/defaults.yaml
View File

@@ -22,8 +22,8 @@ elastalert:
verify_certs: false
#es_send_get_body_as: GET
{%- if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
es_username: {{ ES_USER }}
es_password: {{ ES_PASS }}
es_username: "{{ ES_USER }}"
es_password: "{{ ES_PASS }}"
{%- endif %}
writeback_index: elastalert_status
alert_time_limit: