postgres updates

salt/postgres/files/init-db.sh

@@ -17,6 +17,7 @@ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-E
         END IF;
     END
     \$\$;
+    GRANT ALL ON SCHEMA public TO "$SO_POSTGRES_USER";
     GRANT ALL PRIVILEGES ON DATABASE "$POSTGRES_DB" TO "$SO_POSTGRES_USER";
     -- Lock the SOC database down at the connect layer; PUBLIC gets CONNECT
     -- by default, which would let per-minion telegraf roles open sessions

salt/soc/defaults.yaml

@@ -1523,8 +1523,11 @@ soc:
           saltstackDir: /opt/so/saltstack
           bypassEnabled: false
         postgres:
-          database: securityonion
           host: ""
+          port: 5432
+          sslMode: "allow"
+          database: securityonion
+          user: ""
           password: ""
         salt:
           queueDir: /opt/sensoroni/queue

salt/soc/soc_soc.yaml

@@ -472,14 +472,18 @@ soc:
             description: Port of the PostgreSQL server used by SOC.
             global: True
             advanced: True
-          user:
-            description: Username used by SOC to authenticate to the PostgreSQL server.
+          sslMode:
+            description: "Use encrypted connections to the PostgreSQL server. Must be one of the following values: disable, allow, prefer, require, verify-ca, verify-full.  Defaults to allow."
             global: True
             advanced: True
           database:
             description: Database used by SOC to authenticate to the PostgreSQL server.
             global: True
             advanced: True
+          user:
+            description: Username used by SOC to authenticate to the PostgreSQL server.
+            global: True
+            advanced: True
           password:
             description: Password used by SOC to authenticate to the PostgreSQL server.
             global: True