CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

enable secureCookies, security.encryptionKey and reporting.encryptionKey - https://github.com/Security-Onion-Solutions/securityonion/issues/6146

Browse Source
This commit is contained in:
m0duspwnens
2021-11-10 16:05:40 -05:00
parent d110b63050
commit 7ebd861e32
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/kibana/config.map.jinja
View File

@@ -6,8 +6,10 @@
{% do KIBANACONFIG.kibana.config.xpack.update({'security': {'authc': {'providers': {'anonymous': {'anonymous1': {'order': 0, 'credentials': 'elasticsearch_anonymous_user'}}}}}}) %}
{% endif %}
{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
{% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey'] }}) %}
{% if salt['pillar.get']('kibana:secrets') %}
{% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey']}}) %}
{% do KIBANACONFIG.kibana.config.xpack.security.update({'encryptionKey': pillar['kibana']['secrets']['security']['encryptionKey']}) %}
{% do KIBANACONFIG.kibana.config.xpack.update({'reporting': {'encryptionKey': pillar['kibana']['secrets']['reporting']['encryptionKey']}}) %}
{% endif %}
{% set KIBANACONFIG = salt['pillar.get']('kibana:config', default=KIBANACONFIG.kibana.config, merge=True) %}

2
salt/kibana/defaults.yaml
View File

@@ -30,3 +30,5 @@ kibana:
xpack:
ml:
enabled: False
security:
secureCookies: True

6
salt/kibana/secrets.sls
View File

@@ -2,6 +2,8 @@
{% if sls in allowed_states %}
{% set kibana_encryptedSavedObjects_encryptionKey = salt['pillar.get']('kibana:secrets:encryptedSavedObjects:encryptionKey', salt['random.get_str'](72)) %}
{% set kibana_security_encryptionKey = salt['pillar.get']('kibana:secrets:security:encryptionKey', salt['random.get_str'](72)) %}
{% set kibana_reporting_encryptionKey = salt['pillar.get']('kibana:secrets:reporting:encryptionKey', salt['random.get_str'](72)) %}
kibana_pillar_directory:
file.directory:
@@ -17,6 +19,10 @@ kibana_secrets_pillar:
secrets:
encryptedSavedObjects:
encryptionKey: {{ kibana_encryptedSavedObjects_encryptionKey }}
security:
encryptionKey: {{ kibana_security_encryptionKey }}
reporting:
encryptionKey: {{ kibana_reporting_encryptionKey }}
- show_changes: False
{% else %}