CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

account for salt 3004 adding new chars to random.get_str

Browse Source
This commit is contained in:
m0duspwnens
2022-01-14 17:23:29 -05:00
parent 02ce5c3236
commit a46a740170
2 changed files with 15 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/ca/init.sls
View File

@@ -45,12 +45,6 @@ pki_public_ca_crt:
attempts: 5 attempts: 5
interval: 30 interval: 30
x509_pem_entries:
module.run:
- mine.send:
- name: x509.get_pem_entries
- glob_path: /etc/pki/ca.crt
cakeyperms: cakeyperms:
file.managed: file.managed:
- replace: False - replace: False

25
salt/elasticsearch/auth.sls
View File

@@ -1,11 +1,16 @@
{% from 'allowed_states.map.jinja' import allowed_states %} {% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls in allowed_states %} {% if sls in allowed_states %}
{% set so_elastic_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', salt['random.get_str'](72)) %} {% set DIGITS = "1234567890" %}
{% set so_kibana_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass', salt['random.get_str'](72)) %} {% set LOWERCASE = "qwertyuiopasdfghjklzxcvbnm" %}
{% set so_logstash_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', salt['random.get_str'](72)) %} {% set UPPERCASE = "QWERTYUIOPASDFGHJKLZXCVBNM" %}
{% set so_beats_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_beats_user:pass', salt['random.get_str'](72)) %} {% set SYMBOLS = "~!@#$%^&*()-_=+[]|;:,.<>?" %}
{% set so_monitor_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_monitor_user:pass', salt['random.get_str'](72)) %} {% set CHARS = DIGITS~LOWERCASE~UPPERCASE~SYMBOLS %}
{% set so_elastic_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
{% set so_kibana_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
{% set so_logstash_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
{% set so_beats_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_beats_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
{% set so_monitor_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_monitor_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
{% set auth_enabled = salt['pillar.get']('elasticsearch:auth:enabled', False) %} {% set auth_enabled = salt['pillar.get']('elasticsearch:auth:enabled', False) %}
elastic_auth_pillar: elastic_auth_pillar:
@@ -20,19 +25,19 @@ elastic_auth_pillar:
users: users:
so_elastic_user: so_elastic_user:
user: so_elastic user: so_elastic
pass: {{ so_elastic_user_pass }} pass: "{{ so_elastic_user_pass }}"
so_kibana_user: so_kibana_user:
user: so_kibana user: so_kibana
pass: {{ so_kibana_user_pass }} pass: "{{ so_kibana_user_pass }}"
so_logstash_user: so_logstash_user:
user: so_logstash user: so_logstash
pass: {{ so_logstash_user_pass }} pass: "{{ so_logstash_user_pass }}"
so_beats_user: so_beats_user:
user: so_beats user: so_beats
pass: {{ so_beats_user_pass }} pass: "{{ so_beats_user_pass }}"
so_monitor_user: so_monitor_user:
user: so_monitor user: so_monitor
pass: {{ so_monitor_user_pass }} pass: "{{ so_monitor_user_pass }}"
- show_changes: False - show_changes: False
{% else %} {% else %}