CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Setup - Change so passwords survive re-install

Browse Source
This commit is contained in:
Mike Reeves
2018-12-11 11:19:54 -05:00
parent 4c88f89835
commit 8c1a7b3e0c
4 changed files with 29 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pillar/top.sls
View File

@@ -10,6 +10,7 @@ base:
- static
- firewall.*
- data.*
- auth
'G@role:so-eval':
- masters.{{ grains.host }}
@@ -17,6 +18,7 @@ base:
- firewall.*
- data.*
- brologs
- auth
'G@role:so-node':
- nodes.{{ grains.host }}

4
salt/fleet/init.sls
View File

@@ -1,5 +1,5 @@
{%- set MYSQLPASS = salt['pillar.get']('master:mysqlpass', 'iwonttellyou') %}
{%- set FLEETPASS = salt['pillar.get']('master:fleetpass', 'bazinga') -%}
{%- set MYSQLPASS = salt['pillar.get']('auth:mysql', 'iwonttellyou') %}
{%- set FLEETPASS = salt['pillar.get']('auth:fleet', 'bazinga') -%}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
# Fleet Setup

4
salt/mysql/init.sls
View File

@@ -1,5 +1,5 @@
{%- set MYSQLPASS = salt['pillar.get']('master:mysqlpass', 'iwonttellyou') %}
{%- set FLEETPASS = salt['pillar.get']('master:fleetpass', 'bazinga') %}
{%- set MYSQLPASS = salt['pillar.get']('auth:mysql', 'iwonttellyou') %}
{%- set FLEETPASS = salt['pillar.get']('auth:fleet', 'bazinga') %}
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
# MySQL Setup
mysqlpkgs:

22
so-setup-network.sh
View File

@@ -91,6 +91,18 @@ add_socore_user_notmaster() {
#}
# Create an auth pillar so that passwords survive re-install
auth_pillar(){
if [ ! -f /opt/so/saltstack/pillar/auth.sls ]; then
echo "Creating Auth Pillar"
mkdir -p /opt/so/saltstack/pillar
echo "auth:" >> /opt/so/saltstack/pillar/auth.sls
echo " mysql: $MYSQLPASS" >> /opt/so/saltstack/pillar/auth.sls
echo " fleet: $FLEETPASS" >> /opt/so/saltstack/pillar/auth.sls
fi
}
# Enable Bro Logs
bro_logs_enabled() {
@@ -192,7 +204,12 @@ configure_minion() {
echo "mysql.host: '$MAINIP'" >> /etc/salt/minion
echo "mysql.port: 3306" >> /etc/salt/minion
echo "mysql.user: 'root'" >> /etc/salt/minion
if [ ! -f /opt/so/saltstack/pillar/auth.sls ]; then
echo "mysql.pass: '$MYSQLPASS'" >> /etc/salt/minion
else
OLDPASS=$(cat /opt/so/saltstack/pillar/auth.sls | grep mysql | awk {'print $2'})
echo "mysql.pass: '$OLDPASS'" >> /etc/salt/minion
fi
else
echo "master: $MSRV" > /etc/salt/minion
echo "id: $HOSTNAME" >> /etc/salt/minion
@@ -531,8 +548,8 @@ master_pillar() {
echo " es_port: $NODE_ES_PORT" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls
echo " log_size_limit: $LOG_SIZE_LIMIT" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls
echo " cur_close_days: $CURCLOSEDAYS" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls
echo " mysqlpass: $MYSQLPASS" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls
echo " fleetpass: $FLEETPASS" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls
#echo " mysqlpass: $MYSQLPASS" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls
#echo " fleetpass: $FLEETPASS" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls
}
@@ -1444,6 +1461,7 @@ if (whiptail_you_sure); then
# Last Chance to back out
whiptail_make_changes
generate_passwords
auth_pillar
clear_master
mkdir -p /nsm
get_filesystem_root