diff --git a/salt/postgres/files/init-db.sh b/salt/postgres/files/init-db.sh index 2187585da..d12bc4c9b 100644 --- a/salt/postgres/files/init-db.sh +++ b/salt/postgres/files/init-db.sh @@ -17,6 +17,7 @@ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-E END IF; END \$\$; + GRANT ALL ON SCHEMA public TO "$SO_POSTGRES_USER"; GRANT ALL PRIVILEGES ON DATABASE "$POSTGRES_DB" TO "$SO_POSTGRES_USER"; -- Lock the SOC database down at the connect layer; PUBLIC gets CONNECT -- by default, which would let per-minion telegraf roles open sessions diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 05cad494e..c9399eab4 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1523,8 +1523,11 @@ soc: saltstackDir: /opt/so/saltstack bypassEnabled: false postgres: - database: securityonion host: "" + port: 5432 + sslMode: "allow" + database: securityonion + user: "" password: "" salt: queueDir: /opt/sensoroni/queue diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index ad34c3bbf..b2ac6d175 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -472,14 +472,18 @@ soc: description: Port of the PostgreSQL server used by SOC. global: True advanced: True - user: - description: Username used by SOC to authenticate to the PostgreSQL server. + sslMode: + description: "Use encrypted connections to the PostgreSQL server. Must be one of the following values: disable, allow, prefer, require, verify-ca, verify-full. Defaults to allow." global: True advanced: True database: description: Database used by SOC to authenticate to the PostgreSQL server. global: True advanced: True + user: + description: Username used by SOC to authenticate to the PostgreSQL server. + global: True + advanced: True password: description: Password used by SOC to authenticate to the PostgreSQL server. global: True