From afe7ddb48099a7a5685c681e0fcabfc49a59220d Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Thu, 17 Jun 2021 15:51:53 -0400
Subject: [PATCH] Remove passwords from soctopus templates since these are the
 basis for elastalert rules, which will use the user/pass at the elastalert
 global config level

---
 salt/soctopus/files/templates/es-generic.template | 6 ------
 salt/soctopus/files/templates/generic.template    | 6 ------
 salt/soctopus/files/templates/osquery.template    | 6 ------
 3 files changed, 18 deletions(-)

diff --git a/salt/soctopus/files/templates/es-generic.template b/salt/soctopus/files/templates/es-generic.template
index 9b5ace95a..8183a5af4 100644
--- a/salt/soctopus/files/templates/es-generic.template
+++ b/salt/soctopus/files/templates/es-generic.template
@@ -1,13 +1,7 @@
 {% set ES = salt['pillar.get']('global:managerip', '') %}
-{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
-{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
 
 alert: modules.so.playbook-es.PlaybookESAlerter
 elasticsearch_host: "{{ ES }}:9200"
-{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
-elasticsearch_user: "{{ ES_USER }}"
-elasticsearch_pass: "{{ ES_PASS }}"
-{% endif %}
 play_title: ""
 play_url: "https://{{ ES }}/playbook/issues/6000"
 sigma_level: ""
diff --git a/salt/soctopus/files/templates/generic.template b/salt/soctopus/files/templates/generic.template
index d3736f894..c3733db2c 100644
--- a/salt/soctopus/files/templates/generic.template
+++ b/salt/soctopus/files/templates/generic.template
@@ -1,15 +1,9 @@
 {% set es = salt['pillar.get']('global:url_base', '') %}
-{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
-{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
 
 alert:
 - "modules.so.playbook-es.PlaybookESAlerter"
 
 elasticsearch_host: "{{ es }}:9200"
-{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
-elasticsearch_user: "{{ ES_USER }}"
-elasticsearch_pass: "{{ ES_PASS }}"
-{% endif %}
 play_title: ""
 play_id: ""
 event.module: "playbook"
diff --git a/salt/soctopus/files/templates/osquery.template b/salt/soctopus/files/templates/osquery.template
index 328a7e275..f937de5ea 100644
--- a/salt/soctopus/files/templates/osquery.template
+++ b/salt/soctopus/files/templates/osquery.template
@@ -1,15 +1,9 @@
 {% set es = salt['pillar.get']('global:url_base', '') %}
-{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
-{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
 
 alert:
 - "modules.so.playbook-es.PlaybookESAlerter"
  
 elasticsearch_host: "{{ es }}:9200"
-{% if salt['pillar.get']('elasticsearch:auth:enabled') is sameas true %}
-elasticsearch_user: "{{ ES_USER }}"
-elasticsearch_pass: "{{ ES_PASS }}"
-{% endif %}
 play_title: ""
 event.module: "playbook"
 event.dataset: "alert"