CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Only sync web users if teh sqlite db exists

Browse Source
This commit is contained in:
Jason Ertel
2021-06-01 10:26:33 -04:00
parent c4ae8c3418
commit ed8c85df2b
1 changed files with 26 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
salt/common/tools/sbin/so-user
View File

@@ -185,29 +185,33 @@ function syncElastic() {
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_collector" "$rolesFileTmp"
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_agent" "$rolesFileTmp"
# Generate the new users file
echo "select '{\"user\":\"' || ici.identifier || '\", \"data\":' || ic.config || '}'" \
"from identity_credential_identifiers ici, identity_credentials ic " \
"where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
"order by ici.identifier;" | \
sqlite3 "$databasePath" | \
jq -r '.user + ":" + .data.hashed_password' \
>> "$usersFileTmp"
[[ $? != 0 ]] && fail "Unable to read credential hashes from database"
mv -f "$usersFileTmp" "$elasticUsersFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile"
if [[ -f "$databasePath" ]]; then
# Generate the new users file
echo "select '{\"user\":\"' || ici.identifier || '\", \"data\":' || ic.config || '}'" \
"from identity_credential_identifiers ici, identity_credentials ic " \
"where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
"order by ici.identifier;" | \
sqlite3 "$databasePath" | \
jq -r '.user + ":" + .data.hashed_password' \
>> "$usersFileTmp"
[[ $? != 0 ]] && fail "Unable to read credential hashes from database"
mv -f "$usersFileTmp" "$elasticUsersFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile"
# Generate the new users_roles file
echo "select 'superuser:' || ici.identifier " \
"from identity_credential_identifiers ici, identity_credentials ic " \
"where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
"order by ici.identifier;" | \
sqlite3 "$databasePath" \
>> "$rolesFileTmp"
[[ $? != 0 ]] && fail "Unable to read credential IDs from database"
mv -f "$rolesFileTmp" "$elasticRolesFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticRolesFile"
# Generate the new users_roles file
echo "select 'superuser:' || ici.identifier " \
"from identity_credential_identifiers ici, identity_credentials ic " \
"where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
"order by ici.identifier;" | \
sqlite3 "$databasePath" \
>> "$rolesFileTmp"
[[ $? != 0 ]] && fail "Unable to read credential IDs from database"
mv -f "$rolesFileTmp" "$elasticRolesFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticRolesFile"
else
info "Database file does not exist yet, skipping users export"
fi
}
function syncAll() {