From 75291446358b6769c246f7cc71389be3fc11464f Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 10 Apr 2020 17:27:50 -0400 Subject: [PATCH 1/2] secure config files --- salt/pcap/init.sls | 6 +++--- salt/soc/init.sls | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index 17162fb16..9cfb2b68f 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -69,9 +69,9 @@ sensoroniagentconf: file.managed: - name: /opt/so/conf/steno/sensoroni.json - source: salt://pcap/files/sensoroni.json - - user: root - - group: root - - mode: 644 + - user: stenographer + - group: stenographer + - mode: 600 - template: jinja stenoca: diff --git a/salt/soc/init.sls b/salt/soc/init.sls index 7e67d1202..f977cd161 100644 --- a/salt/soc/init.sls +++ b/salt/soc/init.sls @@ -28,6 +28,7 @@ socsync: - source: salt://soc/files/soc - user: 939 - group: 939 + - mode: 600 - template: jinja so-soc: @@ -78,6 +79,7 @@ kratossync: - source: salt://soc/files/kratos - user: 928 - group: 928 + - mode: 600 - template: jinja so-kratos: From 607ff1fd0d3cc34ae3680ca01d5ae7a31deeb63e Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 10 Apr 2020 17:48:28 -0400 Subject: [PATCH 2/2] secure config files --- salt/soc/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/soc/init.sls b/salt/soc/init.sls index f977cd161..bf133c36f 100644 --- a/salt/soc/init.sls +++ b/salt/soc/init.sls @@ -28,7 +28,7 @@ socsync: - source: salt://soc/files/soc - user: 939 - group: 939 - - mode: 600 + - file_mode: 600 - template: jinja so-soc: @@ -79,7 +79,7 @@ kratossync: - source: salt://soc/files/kratos - user: 928 - group: 928 - - mode: 600 + - file_mode: 600 - template: jinja so-kratos: