CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-18 15:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

More hive remova

Browse Source
This commit is contained in:
Mike Reeves
2022-03-14 14:51:39 -04:00
parent ff30f572d7
commit b83fec6fd2
22 changed files with 14 additions and 914 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/common/tools/sbin/so-cortex-restart
View File

@@ -17,5 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-stop cortex $1
/usr/sbin/so-start thehive $1
echo "TheHive and its components are no longer part of Security Onion"

2
salt/common/tools/sbin/so-cortex-start
View File

@@ -17,4 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-start thehive $1
echo "TheHive and its components are no longer part of Security Onion"

2
salt/common/tools/sbin/so-cortex-stop
View File

@@ -17,4 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-stop cortex $1
echo "TheHive and its components are no longer part of Security Onion"

36
salt/common/tools/sbin/so-cortex-user-add
View File

@@ -17,38 +17,4 @@
. /usr/sbin/so-common
usage() {
echo "Usage: $0 <new-user-name>"
echo ""
echo "Adds a new user to Cortex. The new password will be read from STDIN."
exit 1
}
if [ $# -ne 1 ]; then
usage
fi
USER=$1
CORTEX_KEY=$(lookup_pillar cortexorguserkey)
CORTEX_API_URL="$(lookup_pillar url_base)/cortex/api"
CORTEX_ORG_NAME=$(lookup_pillar cortexorgname)
CORTEX_USER=$USER
# Read password for new user from stdin
test -t 0
if [[ $? == 0 ]]; then
echo "Enter new password:"
fi
read -rs CORTEX_PASS
# Create new user in Cortex
resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }")
if [[ "$resp" =~ \"status\":\"Ok\" ]]; then
echo "Successfully added user to Cortex."
else
echo "Unable to add user to Cortex; user might already exist."
echo $resp
exit 2
fi
echo "TheHive and its components are no longer part of Security Onion"

39
salt/common/tools/sbin/so-cortex-user-enable
View File

@@ -17,41 +17,4 @@
. /usr/sbin/so-common
usage() {
echo "Usage: $0 <user-name> <true|false>"
echo ""
echo "Enables or disables a user in Cortex."
exit 1
}
if [ $# -ne 2 ]; then
usage
fi
USER=$1
CORTEX_KEY=$(lookup_pillar cortexorguserkey)
CORTEX_API_URL="$(lookup_pillar url_base)/cortex/api"
CORTEX_USER=$USER
case "${2^^}" in
FALSE | NO | 0)
CORTEX_STATUS=Locked
;;
TRUE | YES | 1)
CORTEX_STATUS=Ok
;;
*)
usage
;;
esac
resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }")
if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then
echo "Successfully updated user in Cortex."
else
echo "Failed to update user in Cortex."
echo $resp
exit 2
fi
echo "TheHive and its components are no longer part of Security Onion"

3
salt/common/tools/sbin/so-thehive-es-restart
View File

@@ -17,5 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-stop thehive-es $1
/usr/sbin/so-start thehive $1
echo "TheHive and its components are no longer part of Security Onion"

2
salt/common/tools/sbin/so-thehive-es-start
View File

@@ -17,4 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-start thehive $1
echo "TheHive and its components are no longer part of Security Onion"

2
salt/common/tools/sbin/so-thehive-es-stop
View File

@@ -17,4 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-stop thehive-es $1
echo "TheHive and its components are no longer part of Security Onion"

2
salt/common/tools/sbin/so-thehive-restart
View File

@@ -17,4 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-restart thehive $1
echo "TheHive and its components are no longer part of Security Onion"

2
salt/common/tools/sbin/so-thehive-start
View File

@@ -17,4 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-start thehive $1
echo "TheHive and its components are no longer part of Security Onion"

2
salt/common/tools/sbin/so-thehive-stop
View File

@@ -17,4 +17,4 @@
. /usr/sbin/so-common
/usr/sbin/so-stop thehive $1
echo "TheHive and its components are no longer part of Security Onion"

36
salt/common/tools/sbin/so-thehive-user-add
View File

@@ -17,38 +17,4 @@
. /usr/sbin/so-common
usage() {
echo "Usage: $0 <new-user-name>"
echo ""
echo "Adds a new user to TheHive. The new password will be read from STDIN."
exit 1
}
if [ $# -ne 1 ]; then
usage
fi
USER=$1
THEHIVE_KEY=$(lookup_pillar hivekey)
THEHVIE_API_URL="$(lookup_pillar url_base)/thehive/api"
THEHIVE_USER=$USER
# Read password for new user from stdin
test -t 0
if [[ $? == 0 ]]; then
echo "Enter new password:"
fi
read -rs THEHIVE_PASS
check_password_and_exit "$THEHIVE_PASS"
# Create new user in TheHive
resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}")
if [[ "$resp" =~ \"status\":\"Ok\" ]]; then
echo "Successfully added user to TheHive"
else
echo "Unable to add user to TheHive; user might already exist"
echo $resp
exit 2
fi
echo "TheHive and its components are no longer part of Security Onion"

39
salt/common/tools/sbin/so-thehive-user-enable
View File

@@ -17,41 +17,4 @@
. /usr/sbin/so-common
usage() {
echo "Usage: $0 <user-name> <true|false>"
echo ""
echo "Enables or disables a user in TheHive."
exit 1
}
if [ $# -ne 2 ]; then
usage
fi
USER=$1
THEHIVE_KEY=$(lookup_pillar hivekey)
THEHVIE_API_URL="$(lookup_pillar url_base)/thehive/api"
THEHIVE_USER=$USER
case "${2^^}" in
FALSE | NO | 0)
THEHIVE_STATUS=Locked
;;
TRUE | YES | 1)
THEHIVE_STATUS=Ok
;;
*)
usage
;;
esac
resp=$(curl -sk -XPATCH -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user/${THEHIVE_USER}" -d "{\"status\":\"${THEHIVE_STATUS}\" }")
if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then
echo "Successfully updated user in TheHive"
else
echo "Failed to update user in TheHive"
echo "$resp"
exit 2
fi
echo "TheHive and its components are no longer part of Security Onion"

39
salt/common/tools/sbin/so-thehive-user-update
View File

@@ -17,41 +17,4 @@
. /usr/sbin/so-common
usage() {
echo "Usage: $0 <user-name>"
echo ""
echo "Update password for an existing TheHive user. The new password will be read from STDIN."
exit 1
}
if [ $# -ne 1 ]; then
usage
fi
USER=$1
THEHIVE_KEY=$(lookup_pillar hivekey)
THEHVIE_API_URL="$(lookup_pillar url_base)/thehive/api"
THEHIVE_USER=$USER
# Read password for new user from stdin
test -t 0
if [[ $? == 0 ]]; then
echo "Enter new password:"
fi
read -rs THEHIVE_PASS
if ! check_password "$THEHIVE_PASS"; then
echo "Password is invalid. Please exclude single quotes, double quotes, dollar signs, and backslashes from the password."
exit 2
fi
# Change password for user in TheHive
resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user/${THEHIVE_USER}/password/set" -d "{\"password\" : \"$THEHIVE_PASS\"}")
if [[ -z "$resp" ]]; then
echo "Successfully updated TheHive user password"
else
echo "Unable to update TheHive user password"
echo $resp
exit 2
fi
echo "TheHive and its components are no longer part of Security Onion"