diff --git a/salt/common/tools/sbin/so-elastic-auth-password-reset b/salt/common/tools/sbin/so-elastic-auth-password-reset
new file mode 100644
index 000000000..f7456e5e6
--- /dev/null
+++ b/salt/common/tools/sbin/so-elastic-auth-password-reset
@@ -0,0 +1,155 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+source $(dirname $0)/so-common
+require_manager
+
+user=$1
+elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users}
+elasticAuthPillarFile=${ELASTIC_AUTH_PILLAR_FILE:-/opt/so/saltstack/local/pillar/elasticsearch/auth.sls}
+
+if [[ $# -ne 1 ]]; then
+ echo "Usage: $0 "
+ echo ""
+ echo " where is one of the following:"
+ echo ""
+ echo " all: Reset the password for the so_elastic, so_kibana, so_logstash, so_beats, and so_monitor users"
+ echo " so_elastic: Reset the password for the so_elastic user"
+ echo " so_kibana: Reset the password for the so_kibana user"
+ echo " so_logstash: Reset the password for the so_logstash user"
+ echo " so_beats: Reset the password for the so_beats user"
+ echo " so_monitor: Reset the password for the so_monitor user"
+ echo ""
+ exit 1
+fi
+
+# function to create a lock so that the so-user sync cronjob can't run while this is running
+function lock() {
+ # Obtain file descriptor lock
+ exec 99>/var/tmp/so-user.lock || fail "Unable to create lock descriptor; if the system was not shutdown gracefully you may need to remove /var/tmp/so-user.lock manually."
+ flock -w 10 99 || fail "Another process is using so-user; if the system was not shutdown gracefully you may need to remove /var/tmp/so-user.lock manually."
+ trap 'rm -f /var/tmp/so-user.lock' EXIT
+}
+
+function unlock() {
+ rm -f /var/tmp/so-user.lock
+}
+
+function fail() {
+ msg=$1
+ echo "$1"
+ exit 1
+}
+
+function removeSingleUserPass() {
+ local user=$1
+ sed -i '/user: '"${user}"'/{N;/pass: /d}' "${elasticAuthPillarFile}"
+}
+
+function removeAllUserPass() {
+ local userList=("so_elastic" "so_kibana" "so_logstash" "so_beats" "so_monitor")
+
+ for u in ${userList[@]}; do
+ removeSingleUserPass "$u"
+ done
+}
+
+function removeElasticUsersFile() {
+ rm -f "$elasticUsersFile"
+}
+
+function createElasticAuthPillar() {
+ salt-call state.apply elasticsearch.auth queue=True
+}
+
+# this will disable highstate to prevent a highstate from starting while the script is running
+# will also disable salt.minion-state-apply-test allow so-salt-minion-check cronjob to restart salt-minion service incase
+function disableSaltStates() {
+ printf "\nDisabling salt.minion-state-apply-test and highstate from running.\n\n"
+ salt-call state.disable salt.minion-state-apply-test
+ salt-call state.disable highstate
+}
+
+function enableSaltStates() {
+ printf "\nEnabling salt.minion-state-apply-test and highstate.\n\n"
+ salt-call state.enable salt.minion-state-apply-test
+ salt-call state.enable highstate
+}
+
+function killAllSaltJobs() {
+ printf "\nKilling all running salt jobs.\n\n"
+ salt-call saltutil.kill_all_jobs
+}
+
+function soUserSync() {
+ # apply this state to update /opt/so/saltstack/local/salt/elasticsearch/curl.config on the manager
+ salt-call state.sls_id elastic_curl_config_distributed manager queue=True
+ salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' saltutil.kill_all_jobs
+ # apply this state to get the curl.config
+ salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' state.sls_id elastic_curl_config common queue=True
+ $(dirname $0)/so-user sync
+ printf "\nApplying logstash state to the appropriate nodes.\n\n"
+ salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' state.apply logstash queue=True
+ printf "\nApplying filebeat state to the appropriate nodes.\n\n"
+ salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode or G@role:so-sensor or G@role:so-fleet' state.apply filebeat queue=True
+ printf "\nApplying kibana state to the appropriate nodes.\n\n"
+ salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch' state.apply kibana queue=True
+ printf "\nApplying curator state to the appropriate nodes.\n\n"
+ salt -C 'G@role:so-standalone or G@role:so-eval or G@role:so-import or G@role:so-manager or G@role:so-managersearch or G@role:so-node or G@role:so-heavynode' state.apply curator queue=True
+}
+
+function highstateManager() {
+ killAllSaltJobs
+ printf "\nRunning highstate on the manager to finalize password reset.\n\n"
+ salt-call state.highstate -linfo queue=True
+}
+
+case "${user}" in
+
+ so_elastic | so_kibana | so_logstash | so_beats | so_monitor)
+ lock
+ killAllSaltJobs
+ disableSaltStates
+ removeSingleUserPass "$user"
+ createElasticAuthPillar
+ removeElasticUsersFile
+ unlock
+ soUserSync
+ enableSaltStates
+ highstateManager
+ ;;
+
+ all)
+ lock
+ killAllSaltJobs
+ disableSaltStates
+ removeAllUserPass
+ createElasticAuthPillar
+ removeElasticUsersFile
+ unlock
+ soUserSync
+ enableSaltStates
+ highstateManager
+ ;;
+
+ *)
+ fail "Unsupported user: $user"
+ ;;
+
+esac
+
+exit 0
diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check
index 0e420976c..381c5db9c 100755
--- a/salt/common/tools/sbin/so-salt-minion-check
+++ b/salt/common/tools/sbin/so-salt-minion-check
@@ -92,6 +92,10 @@ if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then
log "last highstate completed at `date -d @$LAST_HIGHSTATE_END`" I
log "checking if any jobs are running" I
logCmd "salt-call --local saltutil.running" I
+ log "ensure salt.minion-state-apply-test is enabled" I
+ logCmd "salt-call state.enable salt.minion-state-apply-test" I
+ log "ensure highstate is enabled" I
+ logCmd "salt-call state.enable highstate" I
log "killing all salt-minion processes" I
logCmd "pkill -9 -ef /usr/bin/salt-minion" I
log "starting salt-minion service" I
@@ -101,4 +105,4 @@ if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ)) ]; then
fi
else
log "system uptime only $((CURRENT_TIME-SYSTEM_START_TIME)) seconds does not meet $UPTIME_REQ second requirement." I
-fi
\ No newline at end of file
+fi
diff --git a/salt/elasticsearch/auth.sls b/salt/elasticsearch/auth.sls
index 2a0dd9f59..66e1826ba 100644
--- a/salt/elasticsearch/auth.sls
+++ b/salt/elasticsearch/auth.sls
@@ -33,7 +33,7 @@ elastic_auth_pillar:
so_monitor_user:
user: so_monitor
pass: {{ so_monitor_user_pass }}
-
+ - show_changes: False
{% else %}
{{sls}}_state_not_allowed:
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 75beb66c9..e5d7228dc 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -77,6 +77,7 @@ filebeatconf:
- defaults:
INPUTS: {{ salt['pillar.get']('filebeat:config:inputs', {}) }}
OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }}
+ - show_changes: False
# Filebeat module config file
filebeatmoduleconf:
@@ -87,6 +88,7 @@ filebeatmoduleconf:
- group: root
- mode: 640
- template: jinja
+ - show_changes: False
sodefaults_module_conf:
file.managed:
diff --git a/salt/soc/init.sls b/salt/soc/init.sls
index 46449b15d..9751a601a 100644
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -43,6 +43,7 @@ socconfig:
- group: 939
- mode: 600
- template: jinja
+ - show_changes: False
socmotd:
file.managed: