CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve algorithm for determining if a user sync is necessary; Apply salt state in foreground to avoid collisions with setup salt states.

Browse Source
This commit is contained in:
Jason Ertel
2021-06-21 12:16:47 -04:00
parent 5298cb8cfb
commit 5e042bf4b8
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
salt/common/tools/sbin/so-user
View File

@@ -226,9 +226,9 @@ function syncElastic() {
mv "${rolesTmpFile}" "${elasticRolesFile}" mv "${rolesTmpFile}" "${elasticRolesFile}"
if [[ -z "$SKIP_STATE_APPLY" ]]; then if [[ -z "$SKIP_STATE_APPLY" ]]; then
echo "Elastic state will be re-applied to affected minions in the background." echo "Elastic state will be re-applied to affected minions. This may take several minutes..."
echo "Applying elastic state to elastic minions at $(date)" >> /opt/so/log/soc/sync.log 2>&1 echo "Applying elastic state to elastic minions at $(date)" >> /opt/so/log/soc/sync.log 2>&1
salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' state.apply elasticsearch queue=True >> /opt/so/log/soc/sync.log 2>&1 & salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' state.apply elasticsearch queue=True >> /opt/so/log/soc/sync.log 2>&1
fi fi
else else
echo "Newly generated users/roles files are incomplete; aborting." echo "Newly generated users/roles files are incomplete; aborting."
@@ -236,8 +236,9 @@ function syncElastic() {
} }
function syncAll() { function syncAll() {
if [[ -n "$STALE_MIN" && -f "$databasePath" ]]; then if [[ -f "$databasePath" && -f "$elasticUsersFile" ]]; then
staleCount=$(echo "select count(*) from identity_credentials where updated_at >= Datetime('now', '-${STALE_MIN} minutes');" \ usersFileAgeSecs=$((echo $(date +%s) - $(date +%s -r "$elasticUsersFile")))
staleCount=$(echo "select count(*) from identity_credentials where updated_at >= Datetime('now', '-${usersFileAgeSecs} seconds');" \
| sqlite3 "$databasePath") | sqlite3 "$databasePath")
if [[ "$staleCount" == "0" ]]; then if [[ "$staleCount" == "0" ]]; then
return 1 return 1

2
salt/soc/init.sls
View File

@@ -65,7 +65,7 @@ soccustom:
sosyncusers: sosyncusers:
cron.present: cron.present:
- user: root - user: root
- name: 'PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin STALE_MIN=1 /usr/sbin/so-user sync &>> /opt/so/log/soc/sync.log' - name: 'PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin /usr/sbin/so-user sync &>> /opt/so/log/soc/sync.log'
so-soc: so-soc:
docker_container.running: docker_container.running: