CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

verify crt and key differently in checkmine

Browse Source
This commit is contained in:
m0duspwnens
2023-10-18 15:53:12 -04:00
parent e58c1e189c
commit ac28e1b967
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/salt/engines/master/checkmine.py
View File

@@ -53,17 +53,20 @@ def start(interval=60):
ca_crt = x509[minion]['/etc/pki/ca.crt'] ca_crt = x509[minion]['/etc/pki/ca.crt']
log.debug('checkmine engine: found minion %s has ca_crt: %s' % (minion, ca_crt)) log.debug('checkmine engine: found minion %s has ca_crt: %s' % (minion, ca_crt))
# since the cert is defined, make sure it is valid # since the cert is defined, make sure it is valid
if not __salt__['x509.verify_private_key'](private_key='/etc/pki/ca.key', public_key='/etc/pki/ca.crt'): import salt.modules.x509_v2 as x509_v2
if not x509_v2.verify_private_key('/etc/pki/ca.key', '/etc/pki/ca.crt'):
log.error('checkmine engine: found minion %s does\'t have a valid ca_crt in the mine' % (minion)) log.error('checkmine engine: found minion %s does\'t have a valid ca_crt in the mine' % (minion))
log.error('checkmine engine: %s: ca_crt: %s' % (minion, ca_crt)) log.error('checkmine engine: %s: ca_crt: %s' % (minion, ca_crt))
mine_delete(minion, 'x509.get_pem_entries') mine_delete(minion, 'x509.get_pem_entries')
mine_update(minion) mine_update(minion)
continue
else: else:
log.debug('checkmine engine: found minion %s has a valid ca_crt in the mine' % (minion)) log.debug('checkmine engine: found minion %s has a valid ca_crt in the mine' % (minion))
except IndexError: except IndexError:
log.error('checkmine engine: found minion %s does\'t have a ca_crt in the mine' % (minion)) log.error('checkmine engine: found minion %s does\'t have a ca_crt in the mine' % (minion))
mine_delete(minion, 'x509.get_pem_entries') mine_delete(minion, 'x509.get_pem_entries')
mine_update(minion) mine_update(minion)
continue
# Update the mine if the ip in the mine doesn't match returned from manage.alived # Update the mine if the ip in the mine doesn't match returned from manage.alived
network_ip_addrs = __salt__['saltutil.runner']('mine.get', tgt=minion, fun='network.ip_addrs') network_ip_addrs = __salt__['saltutil.runner']('mine.get', tgt=minion, fun='network.ip_addrs')