CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Only sync web users if teh sqlite db exists

Browse Source
This commit is contained in:
Jason Ertel
2021-06-01 10:26:33 -04:00
parent c4ae8c3418
commit ed8c85df2b
1 changed files with 26 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
salt/common/tools/sbin/so-user
View File

@@ -185,29 +185,33 @@ function syncElastic() {
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_collector" "$rolesFileTmp" syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_collector" "$rolesFileTmp"
syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_agent" "$rolesFileTmp" syncElasticSystemRole "$authPillarJson" "so_monitor_user" "remote_monitoring_agent" "$rolesFileTmp"
# Generate the new users file if [[ -f "$databasePath" ]]; then
echo "select '{\"user\":\"' || ici.identifier || '\", \"data\":' || ic.config || '}'" \ # Generate the new users file
"from identity_credential_identifiers ici, identity_credentials ic " \ echo "select '{\"user\":\"' || ici.identifier || '\", \"data\":' || ic.config || '}'" \
"where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \ "from identity_credential_identifiers ici, identity_credentials ic " \
"order by ici.identifier;" | \ "where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
sqlite3 "$databasePath" | \ "order by ici.identifier;" | \
jq -r '.user + ":" + .data.hashed_password' \ sqlite3 "$databasePath" | \
>> "$usersFileTmp" jq -r '.user + ":" + .data.hashed_password' \
[[ $? != 0 ]] && fail "Unable to read credential hashes from database" >> "$usersFileTmp"
mv -f "$usersFileTmp" "$elasticUsersFile" [[ $? != 0 ]] && fail "Unable to read credential hashes from database"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile" mv -f "$usersFileTmp" "$elasticUsersFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile"
# Generate the new users_roles file # Generate the new users_roles file
echo "select 'superuser:' || ici.identifier " \ echo "select 'superuser:' || ici.identifier " \
"from identity_credential_identifiers ici, identity_credentials ic " \ "from identity_credential_identifiers ici, identity_credentials ic " \
"where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \ "where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
"order by ici.identifier;" | \ "order by ici.identifier;" | \
sqlite3 "$databasePath" \ sqlite3 "$databasePath" \
>> "$rolesFileTmp" >> "$rolesFileTmp"
[[ $? != 0 ]] && fail "Unable to read credential IDs from database" [[ $? != 0 ]] && fail "Unable to read credential IDs from database"
mv -f "$rolesFileTmp" "$elasticRolesFile" mv -f "$rolesFileTmp" "$elasticRolesFile"
[[ $? != 0 ]] && fail "Unable to create users file: $elasticRolesFile" [[ $? != 0 ]] && fail "Unable to create users file: $elasticRolesFile"
else
info "Database file does not exist yet, skipping users export"
fi
} }
function syncAll() { function syncAll() {