CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

change perms on mysql

Browse Source
This commit is contained in:
m0duspwnens
2021-10-25 15:37:23 -04:00
parent ee7e714f43
commit 9a78d13bee
2 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/mysql/etc/mypass
View File

@@ -1,2 +1 @@
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
{{ MYSQLPASS }} {{ MYSQLPASS }}

24
salt/mysql/init.sls
View File

@@ -45,14 +45,24 @@ mysqlpiddir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
mysqletc: mysqlcnf:
file.recurse: file.managed:
- name: /opt/so/conf/mysql/etc - name: /opt/so/conf/mysql/etc/my.cnf
- source: salt://mysql/etc - source: salt://mysql/etc/my.cnf
- user: 939
- group: 939
- file_mode: 640
mysqlpass:
file.managed:
- name: /opt/so/conf/mysql/etc/mypass
- source: salt://mysql/etc/mypass
- user: 939 - user: 939
- group: 939 - group: 939
- template: jinja - template: jinja
- file_mode: 640 - file_mode: 640
- defaults:
MYSQLPASS: {{ MYSQLPASS }}
mysqllogdir: mysqllogdir:
file.directory: file.directory:
@@ -89,13 +99,15 @@ so-mysql:
- MYSQL_ROOT_HOST={{ MAINIP }} - MYSQL_ROOT_HOST={{ MAINIP }}
- MYSQL_ROOT_PASSWORD=/etc/mypass - MYSQL_ROOT_PASSWORD=/etc/mypass
- binds: - binds:
- /opt/so/conf/mysql/etc/:/etc/:ro - /opt/so/conf/mysql/etc/my.cnf:/etc/my.cnf:ro
- /opt/so/conf/mysql/etc/mypass:/etc/mypass
- /nsm/mysql:/var/lib/mysql:rw - /nsm/mysql:/var/lib/mysql:rw
- /opt/so/log/mysql:/var/log/mysql:rw - /opt/so/log/mysql:/var/log/mysql:rw
- watch: - watch:
- /opt/so/conf/mysql/etc - /opt/so/conf/mysql/etc
- require: - require:
- file: mysqletc - file: mysqlcnf
- file: mysqlpass
cmd.run: cmd.run:
- name: until nc -z {{ MAINIP }} 3306; do sleep 1; done - name: until nc -z {{ MAINIP }} 3306; do sleep 1; done
- timeout: 600 - timeout: 600