CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ensure role file exists before ES state is run

Browse Source
This commit is contained in:
Jason Ertel
2021-09-02 15:45:47 -04:00
parent 10126bb7ef
commit c4d402d8b4
1 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
salt/common/tools/sbin/so-user
View File

@@ -150,6 +150,23 @@ function createElasticFile() {
chown "${esUID}:${esGID}" "$filename"
}
function ensureRoleFileExists() {
if [ ! -f "$elasticRolesFile" ]; then
echo "Creating new roles file: $elasticRolesFile"
rolesTmpFile="${elasticRolesFile}.tmp"
createElasticFile "${rolesTmpFile}"
authPillarJson=$(lookup_salt_value "auth" "elasticsearch" "pillar" "json")
syncElasticSystemRole "$authPillarJson" "so_elastic_user" "superuser" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_kibana_user" "superuser" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_logstash_user" "superuser" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_beats_user" "superuser" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_collector" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_agent" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "monitoring_user" "$rolesTmpFile"
mv "${rolesTmpFile}" "${elasticRolesFile}"
fi
}
function syncElasticSystemUser() {
json=$1
userid=$2
@@ -179,6 +196,8 @@ function syncElasticSystemRole() {
function syncElastic() {
echo "Syncing users between SOC and Elastic..."
ensureRoleFileExists
usersTmpFile="${elasticUsersFile}.tmp"
createElasticFile "${usersTmpFile}"
@@ -263,19 +282,7 @@ function adjustUserRole() {
identityId=$(findIdByEmail "$email")
[[ ${identityId} == "" ]] && fail "User not found"
if [ ! -f "$filename" ]; then
rolesTmpFile="${elasticRolesFile}.tmp"
createElasticFile "${rolesTmpFile}"
authPillarJson=$(lookup_salt_value "auth" "elasticsearch" "pillar" "json")
syncElasticSystemRole "$authPillarJson" "so_elastic_user" "superuser" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_kibana_user" "superuser" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_logstash_user" "superuser" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_beats_user" "superuser" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_collector" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_agent" "$rolesTmpFile"
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "monitoring_user" "$rolesTmpFile"
mv "${rolesTmpFile}" "${elasticRolesFile}"
fi
ensureRoleFileExists
filename="$elasticRolesFile"
grep "$role:" "$elasticRolesFile" | grep "$email" && hasRole=1