CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

SSL modifications

Browse Source
This commit is contained in:
Mike Reeves
2021-12-09 13:07:00 -05:00
parent 892899b7f9
commit a7f0d81555
3 changed files with 3 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/allowed_states.map.jinja
View File

@@ -50,7 +50,6 @@
'learn' 'learn'
], ],
'so-heavynode': [ 'so-heavynode': [
'ca',
'ssl', 'ssl',
'nginx', 'nginx',
'telegraf', 'telegraf',
@@ -80,7 +79,6 @@
'docker_clean' 'docker_clean'
], ],
'so-fleet': [ 'so-fleet': [
'ca',
'ssl', 'ssl',
'nginx', 'nginx',
'telegraf', 'telegraf',
@@ -157,7 +155,6 @@
'learn' 'learn'
], ],
'so-node': [ 'so-node': [
'ca',
'ssl', 'ssl',
'nginx', 'nginx',
'telegraf', 'telegraf',
@@ -191,7 +188,6 @@
'learn' 'learn'
], ],
'so-sensor': [ 'so-sensor': [
'ca',
'ssl', 'ssl',
'telegraf', 'telegraf',
'firewall', 'firewall',

4
salt/top.sls
View File

@@ -63,7 +63,6 @@ base:
'*_sensor and G@saltversion:{{saltversion}}': '*_sensor and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- ca
- ssl - ssl
- sensoroni - sensoroni
- telegraf - telegraf
@@ -298,7 +297,6 @@ base:
'*_searchnode and G@saltversion:{{saltversion}}': '*_searchnode and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- ca
- ssl - ssl
- sensoroni - sensoroni
- nginx - nginx
@@ -391,7 +389,6 @@ base:
'*_heavynode and G@saltversion:{{saltversion}}': '*_heavynode and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- ca
- ssl - ssl
- sensoroni - sensoroni
- nginx - nginx
@@ -433,7 +430,6 @@ base:
'*_fleet and G@saltversion:{{saltversion}}': '*_fleet and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- ca
- ssl - ssl
- sensoroni - sensoroni
- nginx - nginx

6
setup/so-functions
View File

@@ -77,7 +77,7 @@ accept_salt_key_remote() {
echo "Accept the key remotely on the manager" >> "$setup_log" 2>&1 echo "Accept the key remotely on the manager" >> "$setup_log" 2>&1
# Delete the key just in case. # Delete the key just in case.
$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -d "$MINION_ID" -y $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -d "$MINION_ID" -y
salt-call state.apply ca >> /dev/null 2>&1 salt-call state.show_top >> /dev/null 2>&1
$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -a "$MINION_ID" -y $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -a "$MINION_ID" -y
} }
@@ -2345,13 +2345,13 @@ salt_checkin() {
;; ;;
*) *)
{ {
salt-call state.apply ca; #salt-call state.apply ca;
salt-call state.apply ssl; salt-call state.apply ssl;
} >> "$setup_log" 2>&1 } >> "$setup_log" 2>&1
;; ;;
esac esac
{ {
salt-call state.apply ca; #salt-call state.apply ca;
salt-call state.apply ssl; salt-call state.apply ssl;
salt-call saltutil.sync_modules; salt-call saltutil.sync_modules;
} >> "$setup_log" 2>&1 } >> "$setup_log" 2>&1