CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

SSL Issue 79 - Reduce valid time

Browse Source
This commit is contained in:
Mike Reeves
2019-10-21 17:04:18 -04:00
parent 776cc89520
commit 792cc7d4c4
2 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/ca/files/signing_policies.conf
View File

@@ -10,7 +10,7 @@ x509_signing_policies:
- keyUsage: "digitalSignature, nonRepudiation" - keyUsage: "digitalSignature, nonRepudiation"
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- days_valid: 3000 - days_valid: 820
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/
registry: registry:
- minions: '*' - minions: '*'
@@ -23,7 +23,7 @@ x509_signing_policies:
- keyUsage: "critical keyEncipherment" - keyUsage: "critical keyEncipherment"
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- days_valid: 3000 - days_valid: 820
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/
masterssl: masterssl:
- minions: '*' - minions: '*'
@@ -36,7 +36,7 @@ x509_signing_policies:
- keyUsage: "critical keyEncipherment" - keyUsage: "critical keyEncipherment"
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- days_valid: 3000 - days_valid: 820
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/
influxdb: influxdb:
- minions: '*' - minions: '*'
@@ -49,7 +49,7 @@ x509_signing_policies:
- keyUsage: "critical keyEncipherment" - keyUsage: "critical keyEncipherment"
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- days_valid: 3000 - days_valid: 820
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/
fleet: fleet:
- minions: '*' - minions: '*'
@@ -62,5 +62,5 @@ x509_signing_policies:
- keyUsage: "critical keyEncipherment" - keyUsage: "critical keyEncipherment"
- subjectKeyIdentifier: hash - subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always - authorityKeyIdentifier: keyid,issuer:always
- days_valid: 3000 - days_valid: 820
- copypath: /etc/pki/issued_certs/ - copypath: /etc/pki/issued_certs/

14
salt/ssl/init.sls
View File

@@ -25,7 +25,7 @@ m2cryptopkgs:
- public_key: /etc/pki/influxdb.key - public_key: /etc/pki/influxdb.key
- CN: {{ master }} - CN: {{ master }}
- days_remaining: 0 - days_remaining: 0
- days_valid: 3650 - days_valid: 820
- backup: True - backup: True
- managed_private_key: - managed_private_key:
name: /etc/pki/influxdb.key name: /etc/pki/influxdb.key
@@ -42,7 +42,7 @@ m2cryptopkgs:
- public_key: /etc/pki/filebeat.key - public_key: /etc/pki/filebeat.key
- CN: {{ master }} - CN: {{ master }}
- days_remaining: 0 - days_remaining: 0
- days_valid: 3650 - days_valid: 820
- backup: True - backup: True
- managed_private_key: - managed_private_key:
name: /etc/pki/filebeat.key name: /etc/pki/filebeat.key
@@ -75,7 +75,7 @@ fbcrtlink:
- public_key: /etc/pki/registry.key - public_key: /etc/pki/registry.key
- CN: {{ master }} - CN: {{ master }}
- days_remaining: 0 - days_remaining: 0
- days_valid: 3650 - days_valid: 820
- backup: True - backup: True
- managed_private_key: - managed_private_key:
name: /etc/pki/registry.key name: /etc/pki/registry.key
@@ -90,7 +90,7 @@ fbcrtlink:
- public_key: /etc/pki/masterssl.key - public_key: /etc/pki/masterssl.key
- CN: {{ master }} - CN: {{ master }}
- days_remaining: 0 - days_remaining: 0
- days_valid: 3650 - days_valid: 820
- backup: True - backup: True
- managed_private_key: - managed_private_key:
name: /etc/pki/masterssl.key name: /etc/pki/masterssl.key
@@ -103,7 +103,7 @@ fbcrtlink:
- CN: {{ master }} - CN: {{ master }}
- bits: 4096 - bits: 4096
- days_remaining: 0 - days_remaining: 0
- days_valid: 3650 - days_valid: 820
- backup: True - backup: True
/etc/pki/fleet.crt: /etc/pki/fleet.crt:
@@ -112,7 +112,7 @@ fbcrtlink:
- CN: {{ master }} - CN: {{ master }}
- subjectAltName: DNS:{{ master }},IP:{{ masterip }} - subjectAltName: DNS:{{ master }},IP:{{ masterip }}
- days_remaining: 0 - days_remaining: 0
- days_valid: 3650 - days_valid: 820
- backup: True - backup: True
- managed_private_key: - managed_private_key:
name: /etc/pki/fleet.key name: /etc/pki/fleet.key
@@ -135,7 +135,7 @@ fbcertdir:
- public_key: /opt/so/conf/filebeat/etc/pki/filebeat.key - public_key: /opt/so/conf/filebeat/etc/pki/filebeat.key
- CN: {{ master }} - CN: {{ master }}
- days_remaining: 0 - days_remaining: 0
- days_valid: 3650 - days_valid: 820
- backup: True - backup: True
- managed_private_key: - managed_private_key:
name: /opt/so/conf/filebeat/etc/pki/filebeat.key name: /opt/so/conf/filebeat/etc/pki/filebeat.key