CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Initial pass at synchronizing users file

Browse Source
This commit is contained in:
Jason Ertel
2021-05-24 15:48:05 -04:00
parent 409eea677d
commit 8c6489a49a
2 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
salt/common/tools/sbin/so-user
View File

@@ -40,6 +40,7 @@ email=$2
kratosUrl=${KRATOS_URL:-http://127.0.0.1:4434} kratosUrl=${KRATOS_URL:-http://127.0.0.1:4434}
databasePath=${KRATOS_DB_PATH:-/opt/so/conf/kratos/db/db.sqlite} databasePath=${KRATOS_DB_PATH:-/opt/so/conf/kratos/db/db.sqlite}
bcryptRounds=${BCRYPT_ROUNDS:-12} bcryptRounds=${BCRYPT_ROUNDS:-12}
extractedHashFile=${EXTRACTED_HASH_FILE:-/opt/so/conf/elasticsearch/users}
function fail() { function fail() {
msg=$1 msg=$1
@@ -108,15 +109,19 @@ function updatePassword() {
if [[ -n $identityId ]]; then if [[ -n $identityId ]]; then
# Generate password hash # Generate password hash
passwordHash=$(echo "${password}" | htpasswd -niBC $bcryptRounds SOUSER) | cut -c 11- passwordHash=$(echo "${password}" | htpasswd -niBC $bcryptRounds SOUSER)
passwordHash="\$2a${passwordHash} passwordHash=$(echo "$passwordHash" | cut -c 11-)
passwordHash="\$2a${passwordHash}"
# Update DB with new hash # Update DB with new hash
echo "update identity_credentials set config=CAST('{\"hashed_password\":\"${passwordHash}\"}' as BLOB) where identity_id=${identityId};" | sqlite3 "$databasePath" echo "update identity_credentials set config=CAST('{\"hashed_password\":\"${passwordHash}\"}' as BLOB) where identity_id=${identityId};" | sqlite3 "$databasePath"
[[ $? != 0 ]] && fail "Unable to update password" [[ $? != 0 ]] && fail "Unable to update password"
fi fi
} }
function extractHashes() {
echo "select ici.identifier || ':' || json_extract(ic.config, '$.hashed_password') from identity_credential_identifiers ici, identity_credentials ic where ici.identity_credential_id=ic.id and json_extract(ic.config, '$.hashed_password') is not null order by ici.identifier" | sqlite3 "$databasePath" > "$extractedHashFile"
}
function listUsers() { function listUsers() {
response=$(curl -Ss -L ${kratosUrl}/identities) response=$(curl -Ss -L ${kratosUrl}/identities)
[[ $? != 0 ]] && fail "Unable to communicate with Kratos" [[ $? != 0 ]] && fail "Unable to communicate with Kratos"
@@ -208,6 +213,7 @@ case "${operation}" in
validateEmail "$email" validateEmail "$email"
updatePassword updatePassword
createUser "$email" createUser "$email"
extractHashes
echo "Successfully added new user to SOC" echo "Successfully added new user to SOC"
check_container thehive && echo $password | so-thehive-user-add "$email" check_container thehive && echo $password | so-thehive-user-add "$email"
check_container fleet && echo $password | so-fleet-user-add "$email" check_container fleet && echo $password | so-fleet-user-add "$email"
@@ -223,6 +229,7 @@ case "${operation}" in
[[ "$email" == "" ]] && fail "Email address must be provided" [[ "$email" == "" ]] && fail "Email address must be provided"
updateUser "$email" updateUser "$email"
extractHashes
echo "Successfully updated user" echo "Successfully updated user"
;; ;;
@@ -231,6 +238,7 @@ case "${operation}" in
[[ "$email" == "" ]] && fail "Email address must be provided" [[ "$email" == "" ]] && fail "Email address must be provided"
updateStatus "$email" 'active' updateStatus "$email" 'active'
extractHashes
echo "Successfully enabled user" echo "Successfully enabled user"
check_container thehive && so-thehive-user-enable "$email" true check_container thehive && so-thehive-user-enable "$email" true
check_container fleet && so-fleet-user-enable "$email" true check_container fleet && so-fleet-user-enable "$email" true
@@ -241,6 +249,7 @@ case "${operation}" in
[[ "$email" == "" ]] && fail "Email address must be provided" [[ "$email" == "" ]] && fail "Email address must be provided"
updateStatus "$email" 'locked' updateStatus "$email" 'locked'
extractHashes
echo "Successfully disabled user" echo "Successfully disabled user"
check_container thehive && so-thehive-user-enable "$email" false check_container thehive && so-thehive-user-enable "$email" false
check_container fleet && so-fleet-user-enable "$email" false check_container fleet && so-fleet-user-enable "$email" false
@@ -251,11 +260,17 @@ case "${operation}" in
[[ "$email" == "" ]] && fail "Email address must be provided" [[ "$email" == "" ]] && fail "Email address must be provided"
deleteUser "$email" deleteUser "$email"
extractHashes
echo "Successfully deleted user" echo "Successfully deleted user"
check_container thehive && so-thehive-user-enable "$email" false check_container thehive && so-thehive-user-enable "$email" false
check_container fleet && so-fleet-user-enable "$email" false check_container fleet && so-fleet-user-enable "$email" false
;; ;;
"sync")
extractHashes
echo "Synchronization complete"
;;
"validate") "validate")
validateEmail "$email" validateEmail "$email"
updatePassword updatePassword

2
salt/elasticsearch/init.sls
View File

@@ -202,6 +202,8 @@ so-elasticsearch:
- binds: - binds:
- /opt/so/conf/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro - /opt/so/conf/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
- /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro - /opt/so/conf/elasticsearch/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro
- /opt/so/conf/elasticsearch/users:/usr/share/elasticsearch/config/users:ro
- /opt/so/conf/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles:ro
- /nsm/elasticsearch:/usr/share/elasticsearch/data:rw - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw
- /opt/so/log/elasticsearch:/var/log/elasticsearch:rw - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw
- /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro