CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 10:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Support multiple elastic system users

Browse Source
This commit is contained in:
Jason Ertel
2021-05-28 14:49:43 -04:00
parent 4e8dc0e3b9
commit b8a10f2e86
2 changed files with 47 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
salt/common/tools/sbin/so-common
View File

@@ -252,6 +252,7 @@ lookup_salt_value() {
key=$1 key=$1
group=$2 group=$2
kind=$3 kind=$3
output=${4:-newline_values_only}
if [ -z "$kind" ]; then if [ -z "$kind" ]; then
kind=pillar kind=pillar
@@ -261,7 +262,7 @@ lookup_salt_value() {
group=${group}: group=${group}:
fi fi
salt-call --no-color ${kind}.get ${group}${key} --out=newline_values_only salt-call --no-color ${kind}.get ${group}${key} --out=${output}
} }
lookup_pillar() { lookup_pillar() {

51
salt/common/tools/sbin/so-user
View File

@@ -136,17 +136,56 @@ function createElasticTmpFile() {
echo "$tmpFile" echo "$tmpFile"
} }
function syncElasticSystemUser() {
json=$1
userid=$2
usersFile=$3
user=$(echo "$json" | jq -r ".local.users.$userid.user")
pass=$(echo "$json" | jq -r ".local.users.$userid.pass")
[[ -z "$user" || -z "$pass" ]] && fail "Elastic auth credentials for system user '$userid' are missing"
hash=$(hashPassword "$pass")
echo "${user}:${hash}" >> "$usersFile"
}
function syncElasticSystemRole() {
json=$1
userid=$2
role=$3
rolesFile=$4
user=$(echo "$json" | jq -r ".local.users.$userid.user")
[[ -z "$user" ]] && fail "Elastic auth credentials for system user '$userid' are missing"
echo "${role}:${user}" >> "$rolesFile"
}
function syncElastic() { function syncElastic() {
usersFileTmp=$(createElasticTmpFile "${elasticUsersFile}") usersFileTmp=$(createElasticTmpFile "${elasticUsersFile}")
rolesFileTmp=$(createElasticTmpFile "${elasticRolesFile}") rolesFileTmp=$(createElasticTmpFile "${elasticRolesFile}")
sysUser=$(lookup_pillar "auth:user" "elasticsearch") authPillarJson=$(lookup_salt_value "auth" "elasticsearch" "pillar" "json")
sysPass=$(lookup_pillar "auth:pass" "elasticsearch")
[[ -z "$sysUser" || -z "$sysPass" ]] && fail "Elastic auth credentials for system user are missing" syncElasticSystemUser "$authPillarJson" "so_elastic_user" "$usersFileTmp"
sysHash=$(hashPassword "$sysPass") syncElasticSystemRole "$authPillarJson" "so_elastic_user" "superuser" "$rolesFileTmp"
syncElasticSystemUser "$authPillarJson" "so_kibana_user" "$usersFileTmp"
syncElasticSystemRole "$authPillarJson" "so_kibana_user" "kibana_system" "$rolesFileTmp"
syncElasticSystemUser "$authPillarJson" "so_logstash_user" "$usersFileTmp"
syncElasticSystemRole "$authPillarJson" "so_logstash_user" "logstash_system" "$rolesFileTmp"
syncElasticSystemUser "$authPillarJson" "so_beats_user" "$usersFileTmp"
syncElasticSystemRole "$authPillarJson" "so_beats_user" "beats_system" "$rolesFileTmp"
syncElasticSystemUser "$authPillarJson" "so_monitor_user" "$usersFileTmp"
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_collector" "$rolesFileTmp"
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_agent" "$rolesFileTmp"
# Generate the new users file # Generate the new users file
echo "${sysUser}:${sysHash}" >> "$usersFileTmp"
echo "select '{\"user\":\"' || ici.identifier || '\", \"data\":' || ic.config || '}'" \ echo "select '{\"user\":\"' || ici.identifier || '\", \"data\":' || ic.config || '}'" \
"from identity_credential_identifiers ici, identity_credentials ic " \ "from identity_credential_identifiers ici, identity_credentials ic " \
"where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \ "where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
@@ -159,7 +198,7 @@ function syncElastic() {
[[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile" [[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile"
# Generate the new users_roles file # Generate the new users_roles file
echo "superuser:${sysUser}" >> "$rolesFileTmp"
echo "select 'superuser:' || ici.identifier " \ echo "select 'superuser:' || ici.identifier " \
"from identity_credential_identifiers ici, identity_credentials ic " \ "from identity_credential_identifiers ici, identity_credentials ic " \
"where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \ "where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \