CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace duplicate random generator with common function

Browse Source
This commit is contained in:
Jason Ertel
2020-12-11 13:22:13 -05:00
parent 2f2867804a
commit eb735c7289
5 changed files with 28 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/common/tools/sbin/so-common
View File

@@ -135,3 +135,8 @@ fail() {
echo "Exiting." echo "Exiting."
exit 1 exit 1
} }
get_random_value() {
length=${1:-20}
head -c 5000 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1
}

8
salt/common/tools/sbin/soup
View File

@@ -212,8 +212,8 @@ rc1_to_rc2() {
sed -i "/^global:/a \\$line" /opt/so/saltstack/local/pillar/global.sls; sed -i "/^global:/a \\$line" /opt/so/saltstack/local/pillar/global.sls;
# Adding play values to the global.sls # Adding play values to the global.sls
local HIVEPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) local HIVEPLAYSECRET=$(get_random_value)
local CORTEXPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) local CORTEXPLAYSECRET=$(get_random_value)
sed -i "/^global:/a \\ hiveplaysecret: $HIVEPLAYSECRET" /opt/so/saltstack/local/pillar/global.sls; sed -i "/^global:/a \\ hiveplaysecret: $HIVEPLAYSECRET" /opt/so/saltstack/local/pillar/global.sls;
sed -i "/^global:/a \\ cortexplaysecret: $CORTEXPLAYSECRET" /opt/so/saltstack/local/pillar/global.sls; sed -i "/^global:/a \\ cortexplaysecret: $CORTEXPLAYSECRET" /opt/so/saltstack/local/pillar/global.sls;
@@ -275,8 +275,8 @@ rc3_to_2.3.0() {
sed -i 's/playbook:/playbook_db:/' /opt/so/saltstack/local/pillar/secrets.sls sed -i 's/playbook:/playbook_db:/' /opt/so/saltstack/local/pillar/secrets.sls
{ {
echo "playbook_admin: $(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)" echo "playbook_admin: $(get_random_value)"
echo "playbook_automation: $(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)" echo "playbook_automation: $(get_random_value)"
} >> /opt/so/saltstack/local/pillar/secrets.sls } >> /opt/so/saltstack/local/pillar/secrets.sls
} }

3
salt/playbook/files/playbook_db_init.sh
View File

@@ -1,11 +1,12 @@
#!/bin/bash #!/bin/bash
# {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%} # {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
# {%- set admin_pass = salt['pillar.get']('secrets:playbook_admin', None) %} # {%- set admin_pass = salt['pillar.get']('secrets:playbook_admin', None) %}
. /usr/sbin/so-common
default_salt_dir=/opt/so/saltstack/default default_salt_dir=/opt/so/saltstack/default
# Generate salt + hash for admin user # Generate salt + hash for admin user
admin_salt=$(tr -dc "a-zA-Z0-9" < /dev/urandom | fold -w 32 | head -n 1) admin_salt=$(get_random_value 32)
admin_stage1_hash=$(echo -n '{{ admin_pass }}' | sha1sum | awk '{print $1}') admin_stage1_hash=$(echo -n '{{ admin_pass }}' | sha1sum | awk '{print $1}')
admin_hash=$(echo -n "${admin_salt}${admin_stage1_hash}" | sha1sum | awk '{print $1}') admin_hash=$(echo -n "${admin_salt}${admin_stage1_hash}" | sha1sum | awk '{print $1}')
sed -i "s/ADMIN_HASH/${admin_hash}/g" $default_salt_dir/salt/playbook/files/playbook_db_init.sql sed -i "s/ADMIN_HASH/${admin_hash}/g" $default_salt_dir/salt/playbook/files/playbook_db_init.sql

32
setup/so-functions
View File

@@ -954,22 +954,22 @@ fleet_pillar() {
generate_passwords(){ generate_passwords(){
# Generate Random Passwords for Things # Generate Random Passwords for Things
MYSQLPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) MYSQLPASS=$(get_random_value)
PLAYBOOKDBPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) PLAYBOOKDBPASS=$(get_random_value)
PLAYBOOKADMINPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) PLAYBOOKADMINPASS=$(get_random_value)
PLAYBOOKAUTOMATIONPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) PLAYBOOKAUTOMATIONPASS=$(get_random_value)
FLEETPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) FLEETPASS=$(get_random_value)
FLEETJWT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) FLEETJWT=$(get_random_value)
GRAFANAPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) GRAFANAPASS=$(get_random_value)
if [[ "$THEHIVE" == "1" ]]; then if [[ "$THEHIVE" == "1" ]]; then
HIVEKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) HIVEKEY=$(get_random_value)
HIVEPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) HIVEPLAYSECRET=$(get_random_value)
CORTEXKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) CORTEXKEY=$(get_random_value)
CORTEXORGUSERKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) CORTEXORGUSERKEY=$(get_random_value)
CORTEXPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) CORTEXPLAYSECRET=$(get_random_value)
fi fi
SENSORONIKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) SENSORONIKEY=$(get_random_value)
KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) KRATOSKEY=$(get_random_value)
} }
get_redirect() { get_redirect() {
@@ -1272,8 +1272,8 @@ minio_generate_keys() {
local charSet="[:graph:]" local charSet="[:graph:]"
ACCESS_KEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1) ACCESS_KEY=$(get_random_value)
ACCESS_SECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 40 | head -n 1) ACCESS_SECRET=$(get_random_value 40)
} }

2
setup/so-variables
View File

@@ -12,7 +12,7 @@ export num_cpu_cores
readarray -t cpu_core_list <<< "$(grep "processor" /proc/cpuinfo | grep -v "KVM" | awk '{print $3}')" readarray -t cpu_core_list <<< "$(grep "processor" /proc/cpuinfo | grep -v "KVM" | awk '{print $3}')"
export cpu_core_list export cpu_core_list
random_uid=$(</dev/urandom tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) random_uid=$(get_random_value 16)
export random_uid export random_uid
node_es_port=9200 node_es_port=9200