mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-07 09:42:46 +01:00
Replaced auth system with new identity management system.
This commit is contained in:
Jason Ertel
@@ -78,6 +78,29 @@ add_socore_user_notmaster() {
|
||||
|
||||
}
|
||||
|
||||
wait_for_identity_db_to_exist() {
|
||||
MAXATTEMPTS=30
|
||||
attempts=0
|
||||
while [[ $attempts -lt $MAXATTEMPTS ]]; do
|
||||
# Check and see if the DB file is in there
|
||||
if [ -f /opt/so/conf/kratos/db/db.sqlite ]; then
|
||||
echo "Database file exists at $(date)"
|
||||
attempts=$MAXATTEMPTS
|
||||
else
|
||||
echo "Identity database does not yet exist; waiting 5 seconds and will check again ($attempts/$MAXATTEMPTS)..."
|
||||
sleep 5
|
||||
attempts=$((attempts+1))
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
add_web_user() {
|
||||
wait_for_identity_db_to_exist
|
||||
echo "Attempting to add administrator user for web interface..."
|
||||
echo "$WEBPASSWD1" | /usr/sbin/so-user add $WEBUSER
|
||||
echo "Add user result: $?"
|
||||
}
|
||||
|
||||
# Create an auth pillar so that passwords survive re-install
|
||||
auth_pillar(){
|
||||
|
||||
@@ -219,6 +242,16 @@ check_socore_pass() {
|
||||
|
||||
}
|
||||
|
||||
check_web_pass() {
|
||||
|
||||
if [ $WEBPASSWD1 == $WEBPASSWD2 ]; then
|
||||
WPMATCH=yes
|
||||
else
|
||||
whiptail_passwords_dont_match
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
checkin_at_boot() {
|
||||
echo "Enabling checkin at boot" >> $SETUPLOG 2>&1
|
||||
echo "startup_states: highstate" >> /etc/salt/minion
|
||||
@@ -539,7 +572,8 @@ docker_seed_registry() {
|
||||
"so-navigator:$VERSION" \
|
||||
"so-playbook:$VERSION" \
|
||||
"so-redis:$VERSION" \
|
||||
"so-sensoroni:$VERSION" \
|
||||
"so-soc:$VERSION" \
|
||||
"so-kratos:$VERSION" \
|
||||
"so-soctopus:$VERSION" \
|
||||
"so-steno:$VERSION" \
|
||||
#"so-strelka:$VERSION" \
|
||||
@@ -556,7 +590,7 @@ docker_seed_registry() {
|
||||
"so-idstools:$VERSION" \
|
||||
"so-logstash:$VERSION" \
|
||||
"so-redis:$VERSION" \
|
||||
"so-sensoroni:$VERSION" \
|
||||
#"so-sensoroni:$VERSION" \
|
||||
"so-steno:$VERSION" \
|
||||
"so-suricata:$VERSION" \
|
||||
"so-telegraf:$VERSION" \
|
||||
@@ -651,6 +685,7 @@ generate_passwords(){
|
||||
CORTEXKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
|
||||
CORTEXORGUSERKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
|
||||
SENSORONIKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
|
||||
KRATOSKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
|
||||
}
|
||||
|
||||
get_filesystem_nsm(){
|
||||
@@ -690,6 +725,14 @@ get_main_ip() {
|
||||
|
||||
}
|
||||
|
||||
get_redirect() {
|
||||
whiptail_set_redirect_info
|
||||
whiptail_set_redirect
|
||||
if [ $REDIRECTINFO == 'OTHER' ]; then
|
||||
whiptail_set_redirect_host
|
||||
fi
|
||||
}
|
||||
|
||||
got_root() {
|
||||
|
||||
# Make sure you are root
|
||||
@@ -801,6 +844,18 @@ master_pillar() {
|
||||
echo " thehive: $THEHIVE" >> $PILLARFILE
|
||||
echo " playbook: $PLAYBOOK" >> $PILLARFILE
|
||||
echo "" >> $PILLARFILE
|
||||
echo "kratos:" >> $PILLARFILE
|
||||
if [[ $REDIRECTINFO == 'OTHER' ]]; then
|
||||
REDIRECTIT=$REDIRECT
|
||||
elif [[ $REDIRECTINFO == 'IP' ]]; then
|
||||
REDIRECTIT=$MAINIP
|
||||
elif [[ $REDIRECTINFO == 'HOSTNAME' ]]; then
|
||||
REDIRECTIT=$HOSTNAME
|
||||
fi
|
||||
echo " kratoskey: $KRATOSKEY" >> $PILLARFILE
|
||||
echo " redirect: $REDIRECTIT" >> $PILLARFILE
|
||||
echo "" >> $PILLARFILE
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -974,6 +1029,7 @@ saltify() {
|
||||
yum -y install wget https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
|
||||
cp /etc/yum.repos.d/salt-py3-latest.repo /etc/yum.repos.d/salt-py3-2019-2.repo
|
||||
sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-py3-2019-2.repo
|
||||
yum -y install sqlite3 argon2 curl jq openssl
|
||||
# Download Ubuntu Keys in case master updates = 1
|
||||
mkdir -p /opt/so/gpg
|
||||
wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
|
||||
@@ -1191,11 +1247,11 @@ EOF
|
||||
# Initialize the new repos
|
||||
apt-get update >> $SETUPLOG 2>&1
|
||||
if [ $OSVER != "xenial" ]; then
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto >> $SETUPLOG 2>&1
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
|
||||
apt-mark hold salt-minion salt-common
|
||||
else
|
||||
# Need to add python packages here
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto >> $SETUPLOG 2>&1
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
|
||||
apt-mark hold salt-minion salt-common
|
||||
fi
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user