CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve error scenarios for user sync; Ensure user sync runs before Elastic container starts

Browse Source
This commit is contained in:
Jason Ertel
2021-05-26 12:08:10 -04:00
parent ec2f8fe6c8
commit a6a4c03029
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/common/tools/sbin/so-user
View File

@@ -142,6 +142,7 @@ function syncElastic() {
sysUser=$(lookup_pillar "auth:user" "elasticsearch") sysUser=$(lookup_pillar "auth:user" "elasticsearch")
sysPass=$(lookup_pillar "auth:pass" "elasticsearch") sysPass=$(lookup_pillar "auth:pass" "elasticsearch")
[[ -z "$sysUser" || -z "$sysPass" ]] && fail "Elastic auth credentials for system user are missing"
sysHash=$(hashPassword "$sysPass") sysHash=$(hashPassword "$sysPass")
# Generate the new users file # Generate the new users file
@@ -153,7 +154,9 @@ function syncElastic() {
sqlite3 "$databasePath" | \ sqlite3 "$databasePath" | \
jq -r '.user + ":" + .data.hashed_password' \ jq -r '.user + ":" + .data.hashed_password' \
>> "$usersFileTmp" >> "$usersFileTmp"
[[ $? != 0 ]] && fail "Unable to read credential hashes from database"
mv -f "$usersFileTmp" "$elasticUsersFile" mv -f "$usersFileTmp" "$elasticUsersFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile"
# Generate the new users_roles file # Generate the new users_roles file
echo "superuser:${sysUser}" >> "$rolesFileTmp" echo "superuser:${sysUser}" >> "$rolesFileTmp"
@@ -163,7 +166,9 @@ function syncElastic() {
"order by ici.identifier;" | \ "order by ici.identifier;" | \
sqlite3 "$databasePath" \ sqlite3 "$databasePath" \
>> "$rolesFileTmp" >> "$rolesFileTmp"
[[ $? != 0 ]] && fail "Unable to read credential IDs from database"
mv -f "$rolesFileTmp" "$elasticRolesFile" mv -f "$rolesFileTmp" "$elasticRolesFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticRolesFile"
} }
function syncAll() { function syncAll() {

8
salt/elasticsearch/init.sls
View File

@@ -169,6 +169,14 @@ eslogdir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
# Must run before elasticsearch docker container is started!
syncesusers:
cmd.run:
- name: so-user sync
- creates:
- /opt/so/conf/elasticsearch/users
- /opt/so/conf/elasticsearch/users_roles
so-elasticsearch: so-elasticsearch:
docker_container.running: docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}