CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10648 from Security-Onion-Solutions/jertel/fix-import

Browse Source 
use cluster-unique password for import encryption
This commit is contained in:
Jason Ertel
2023-06-23 09:40:26 -04:00
committed by GitHub
parent 7623dd20b9 b21b545756
commit d247c9d704
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/soc/files/bin/salt-relay.sh
View File

@@ -4,6 +4,8 @@
# https://securityonion.net/license; you may not use this file except in compliance with the # https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0. # Elastic License 2.0.
. /usr/sbin/so-common
PIPE_OWNER=${PIPE_OWNER:-socore} PIPE_OWNER=${PIPE_OWNER:-socore}
PIPE_GROUP=${PIPE_GROUP:-socore} PIPE_GROUP=${PIPE_GROUP:-socore}
SOC_PIPE=${SOC_PIPE:-/opt/so/conf/soc/salt/pipe} SOC_PIPE=${SOC_PIPE:-/opt/so/conf/soc/salt/pipe}
@@ -185,7 +187,8 @@ function send_file() {
log "Cleanup: $cleanup" log "Cleanup: $cleanup"
log "encrypting..." log "encrypting..."
response=$(gpg --passphrase "infected" --batch --symmetric --cipher-algo AES256 "$from") password=$(lookup_pillar_secret import_pass)
response=$(gpg --passphrase "$password" --batch --symmetric --cipher-algo AES256 "$from")
log Response:$'\n'"$response" log Response:$'\n'"$response"
fromgpg="$from.gpg" fromgpg="$from.gpg"
@@ -229,7 +232,8 @@ function import_file() {
filegpg="$file.gpg" filegpg="$file.gpg"
log "decrypting..." log "decrypting..."
decrypt_cmd="gpg --passphrase infected -o $file.tmp --batch --decrypt $filegpg" password=$(lookup_pillar_secret import_pass)
decrypt_cmd="gpg --passphrase $password -o $file.tmp --batch --decrypt $filegpg"
$CMD_PREFIX salt "$node" cmd.run "\"$decrypt_cmd\"" $CMD_PREFIX salt "$node" cmd.run "\"$decrypt_cmd\""
decrypt_code=$? decrypt_code=$?

2
setup/so-functions
View File

@@ -1296,6 +1296,7 @@ generate_passwords(){
KRATOSKEY=$(get_random_value) KRATOSKEY=$(get_random_value)
REDISPASS=$(get_random_value) REDISPASS=$(get_random_value)
SOCSRVKEY=$(get_random_value 64) SOCSRVKEY=$(get_random_value 64)
IMPORTPASS=$(get_random_value)
} }
generate_interface_vars() { generate_interface_vars() {
@@ -2102,6 +2103,7 @@ secrets_pillar(){
" playbook_admin: $PLAYBOOKADMINPASS"\ " playbook_admin: $PLAYBOOKADMINPASS"\
" playbook_automation: $PLAYBOOKAUTOMATIONPASS"\ " playbook_automation: $PLAYBOOKAUTOMATIONPASS"\
" playbook_automation_api_key: "\ " playbook_automation_api_key: "\
" import_pass: $IMPORTPASS"\
" influx_pass: $INFLUXPASS" > $local_salt_dir/pillar/secrets.sls " influx_pass: $INFLUXPASS" > $local_salt_dir/pillar/secrets.sls
fi fi
} }