dont allow $ to be used for elasticsearch:auth or kibana:secrets - https://github.com/Security-Onion-Solutions/securityonion/issues/7233

2025-12-06 17:22:49 +01:00 · 2022-02-18 13:13:56 -05:00
parent 87a5e64f12
commit cb55af4c1c
2 changed files with 2 additions and 2 deletions
--- a/salt/elasticsearch/auth.sls
+++ b/salt/elasticsearch/auth.sls
@@ -4,7 +4,7 @@
  {% set DIGITS = "1234567890" %}
  {% set LOWERCASE = "qwertyuiopasdfghjklzxcvbnm" %}
  {% set UPPERCASE = "QWERTYUIOPASDFGHJKLZXCVBNM" %}
-  {% set SYMBOLS = "~!@#$^&*()-_=+[]|;:,.<>?" %}
+  {% set SYMBOLS = "~!@#^&*()-_=+[]|;:,.<>?" %}
  {% set CHARS = DIGITS~LOWERCASE~UPPERCASE~SYMBOLS %}
  {% set so_elastic_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
  {% set so_kibana_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
--- a/salt/kibana/secrets.sls
+++ b/salt/kibana/secrets.sls
@@ -4,7 +4,7 @@
  {% set DIGITS = "1234567890" %}
  {% set LOWERCASE = "qwertyuiopasdfghjklzxcvbnm" %}
  {% set UPPERCASE = "QWERTYUIOPASDFGHJKLZXCVBNM" %}
-  {% set SYMBOLS = "~!@#$^&*()-_=+[]|;:,.<>?" %}
+  {% set SYMBOLS = "~!@#^&*()-_=+[]|;:,.<>?" %}
  {% set CHARS = DIGITS~LOWERCASE~UPPERCASE~SYMBOLS %}
  {% set kibana_encryptedSavedObjects_encryptionKey = salt['pillar.get']('kibana:secrets:encryptedSavedObjects:encryptionKey', salt['random.get_str'](72, chars=CHARS)) %}
  {% set kibana_security_encryptionKey = salt['pillar.get']('kibana:secrets:security:encryptionKey', salt['random.get_str'](72, chars=CHARS)) %}