Merge branch 'dev' into patch_2.3.3

salt/common/tools/sbin/so-common

@@ -48,6 +48,6 @@ check_container() {
 
 check_password() {
     local password=$1
-    echo "$password" | egrep -v "'|\"|\\\\" > /dev/null 2>&1
+    echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1
     return $?
 }

salt/common/tools/sbin/so-cortex-user-add

@@ -31,7 +31,7 @@ fi
 USER=$1
 
 CORTEX_KEY=$(lookup_pillar cortexkey)
-CORTEX_IP=$(lookup_pillar managerip)
+CORTEX_API_URL="$(lookup_pillar url_base)/cortex/api"
 CORTEX_ORG_NAME=$(lookup_pillar cortexorgname)
 CORTEX_USER=$USER
 
@@ -43,7 +43,7 @@ fi
 read -rs CORTEX_PASS
 
 # Create new user in Cortex
-resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }")
+resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }")
 if [[ "$resp" =~ \"status\":\"Ok\" ]]; then
     echo "Successfully added user to Cortex."
 else

salt/common/tools/sbin/so-cortex-user-enable

@@ -31,7 +31,7 @@ fi
 USER=$1
 
 CORTEX_KEY=$(lookup_pillar cortexkey)
-CORTEX_IP=$(lookup_pillar managerip)
+CORTEX_API_URL="$(lookup_pillar url_base)/cortex/api"
 CORTEX_USER=$USER
 
 case "${2^^}" in
@@ -46,7 +46,7 @@ case "${2^^}" in
 		;;
 esac
 
-resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }")
+resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }")
 if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then
     echo "Successfully updated user in Cortex."
 else

salt/common/tools/sbin/so-elastic-clear

@@ -51,9 +51,9 @@ if [ $SKIP -ne 1 ]; then
         # List indices
         echo 
         {% if grains['role'] in ['so-node','so-heavynode'] %}
-        curl -k https://{{ NODEIP }}:9200/_cat/indices?v
+        curl -k -L https://{{ NODEIP }}:9200/_cat/indices?v
         {% else %}
-        curl {{ NODEIP }}:9200/_cat/indices?v
+        curl -L {{ NODEIP }}:9200/_cat/indices?v
         {% endif %}
         echo
         # Inform user we are about to delete all data
@@ -94,16 +94,16 @@ fi
 echo "Deleting data..."
 
 {% if grains['role'] in ['so-node','so-heavynode'] %}
-INDXS=$(curl -s -XGET -k https://{{ NODEIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }')
+INDXS=$(curl -s -XGET -k -L https://{{ NODEIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }')
 {% else %}
-INDXS=$(curl -s -XGET {{ NODEIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }')
+INDXS=$(curl -s -XGET -L {{ NODEIP }}:9200/_cat/indices?v | egrep 'logstash|elastalert|so-' | awk '{ print $3 }')
 {% endif %}
 for INDX in ${INDXS}
 do
     {% if grains['role'] in ['so-node','so-heavynode'] %}
-    curl -XDELETE -k https://"{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1
+    curl -XDELETE -k -L https://"{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1
     {% else %}
-    curl -XDELETE "{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1
+    curl -XDELETE -L "{{ NODEIP }}:9200/${INDX}" > /dev/null 2>&1
     {% endif %}
 done
 

salt/common/tools/sbin/so-elasticsearch-indices-rw

@@ -22,5 +22,5 @@ THEHIVEESPORT=9400
 echo "Removing read only attributes for indices..."
 echo
 for p in $ESPORT $THEHIVEESPORT; do
-   curl -XPUT -H "Content-Type: application/json" http://$IP:$p/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute.  Please ensure Elasticsearch is running.";fi;
+   curl -XPUT -H "Content-Type: application/json" -L http://$IP:$p/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute.  Please ensure Elasticsearch is running.";fi;
 done

salt/common/tools/sbin/so-elasticsearch-pipeline-stats

@@ -20,14 +20,14 @@
 
 if [ "$1" == "" ]; then
         {% if grains['role'] in ['so-node','so-heavynode'] %}
-        curl -s -k https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines"
+        curl -s -k -L https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines"
         {% else %}
-        curl -s {{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines"
+        curl -s -L {{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines"
         {% endif %}
 else
         {% if grains['role'] in ['so-node','so-heavynode'] %}
-        curl -s -k https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\""
+        curl -s -k -L https://{{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\""
         {% else %}
-        curl -s {{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\""
+        curl -s -L {{ NODEIP }}:9200/_nodes/stats | jq .nodes | jq ".[] | .ingest.pipelines.\"$1\""
         {% endif %}
 fi

salt/common/tools/sbin/so-elasticsearch-pipelines-list

@@ -18,14 +18,14 @@
 . /usr/sbin/so-common
 if [ "$1" == "" ]; then
     {% if grains['role'] in ['so-node','so-heavynode'] %}
-    curl -s -k https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys'
+    curl -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys'
     {% else %}
-    curl -s {{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys'
+    curl -s -L {{ NODEIP }}:9200/_ingest/pipeline/* | jq 'keys'
     {% endif %}
 else
     {% if grains['role'] in ['so-node','so-heavynode'] %}
-    curl -s -k https://{{ NODEIP }}:9200/_ingest/pipeline/$1 | jq
+    curl -s -k -L https://{{ NODEIP }}:9200/_ingest/pipeline/$1 | jq
     {% else %}
-    curl -s {{ NODEIP }}:9200/_ingest/pipeline/$1 | jq
+    curl -s -L {{ NODEIP }}:9200/_ingest/pipeline/$1 | jq
     {% endif %}
 fi

salt/common/tools/sbin/so-elasticsearch-templates-list

@@ -18,14 +18,14 @@
 . /usr/sbin/so-common
 if [ "$1" == "" ]; then
     {% if grains['role'] in ['so-node','so-heavynode'] %}
-    curl -s -k https://{{ NODEIP }}:9200/_template/* | jq 'keys'
+    curl -s -k -L https://{{ NODEIP }}:9200/_template/* | jq 'keys'
     {% else %}
-    curl -s {{ NODEIP }}:9200/_template/* | jq 'keys'
+    curl -s -L {{ NODEIP }}:9200/_template/* | jq 'keys'
     {% endif %}
 else
     {% if grains['role'] in ['so-node','so-heavynode'] %}
-    curl -s -k https://{{ NODEIP }}:9200/_template/$1 | jq
+    curl -s -k -L https://{{ NODEIP }}:9200/_template/$1 | jq
     {% else %}
-    curl -s {{ NODEIP }}:9200/_template/$1 | jq
+    curl -s -L {{ NODEIP }}:9200/_template/$1 | jq
     {% endif %}
 fi

salt/common/tools/sbin/so-elasticsearch-templates-load

@@ -31,9 +31,9 @@ COUNT=0
 ELASTICSEARCH_CONNECTED="no"
 while [[ "$COUNT" -le 240 ]]; do
     {% if grains['role'] in ['so-node','so-heavynode'] %}
-    curl -k --output /dev/null --silent --head --fail https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
+    curl -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
     {% else %}
-	curl --output /dev/null --silent --head --fail http://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
+	curl --output /dev/null --silent --head --fail -L http://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
 	{% endif %}
 	if [ $? -eq 0 ]; then
 		ELASTICSEARCH_CONNECTED="yes"
@@ -56,9 +56,9 @@ cd ${ELASTICSEARCH_TEMPLATES}
 
 echo "Loading templates..."
 {% if grains['role'] in ['so-node','so-heavynode'] %}
-for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; curl -k ${ELASTICSEARCH_AUTH} -s -XPUT https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
+for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; curl -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
 {% else %}
-for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; curl ${ELASTICSEARCH_AUTH} -s -XPUT http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
+for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; curl ${ELASTICSEARCH_AUTH} -s -XPUT -L http://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
 {% endif %}
 echo
 

salt/common/tools/sbin/so-fleet-user-add

@@ -59,6 +59,6 @@ if [[ $? -eq 0 ]]; then
     echo "Successfully added user to Fleet"
 else
     echo "Unable to add user to Fleet; user might already exist"
-    echo $resp
+    echo "$MYSQL_OUTPUT"
     exit 2
 fi

salt/common/tools/sbin/so-index-list

@@ -16,7 +16,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 {% if grains['role'] in ['so-node','so-heavynode'] %}
-curl -X GET -k https://localhost:9200/_cat/indices?v
+curl -X GET -k -L https://localhost:9200/_cat/indices?v
 {% else %}
-curl -X GET localhost:9200/_cat/indices?v
+curl -X GET -L localhost:9200/_cat/indices?v
 {% endif %}

salt/common/tools/sbin/so-kibana-config-export

@@ -23,7 +23,7 @@
 KIBANA_HOST={{ MANAGER }}
 KSO_PORT=5601
 OUTFILE="saved_objects.ndjson"
-curl -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE
+curl -s -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -XPOST -L $KIBANA_HOST:$KSO_PORT/api/saved_objects/_export -d '{ "type": [ "index-pattern", "config", "visualization", "dashboard", "search" ], "excludeExportDetails": false }' > $OUTFILE
 
 # Clean up using PLACEHOLDER
 sed -i "s/$KIBANA_HOST/PLACEHOLDER/g" $OUTFILE

salt/common/tools/sbin/so-status

@@ -27,10 +27,15 @@ ERROR_STRING="ERROR"
 SUCCESS_STRING="OK"
 PENDING_STRING="PENDING"
 MISSING_STRING='MISSING'
+DISABLED_STRING='DISABLED'
 CALLER=$(ps -o comm= $PPID)
 declare -a BAD_STATUSES=("removing" "paused" "exited" "dead")
 declare -a PENDING_STATUSES=("paused" "created" "restarting")
 declare -a GOOD_STATUSES=("running")
+declare -a DISABLED_CONTAINERS=()
+{%- if salt['pillar.get']('steno:enabled', 'True') is sameas false %}
+DISABLED_CONTAINERS+=("so-steno")
+{%- endif %}
 
 declare -a temp_container_name_list=()
 declare -a temp_container_state_list=()
@@ -104,6 +109,7 @@ populate_container_lists() {
 
 parse_status() {
     local container_state=${1}
+    local service_name=${2}
 
     [[ $container_state = "missing" ]] && printf $MISSING_STRING && return 1
 
@@ -117,7 +123,13 @@ parse_status() {
 
     # This is technically not needed since the default is error state
     for state in "${BAD_STATUSES[@]}"; do
-        [[ $container_state = "$state" ]] && printf $ERROR_STRING && return 1
+        if [[ " ${DISABLED_CONTAINERS[@]} " =~ " ${service_name} " ]]; then
+            printf $DISABLED_STRING
+            return 0
+        elif [[ $container_state = "$state" ]]; then
+            printf $ERROR_STRING
+            return 1
+        fi
     done
 
     printf $ERROR_STRING && return 1
@@ -127,7 +139,7 @@ parse_status() {
 
 print_line() {
     local service_name=${1}
-    local service_state="$( parse_status ${2} )"
+    local service_state="$( parse_status ${2} ${1} )"
     local columns=$(tput cols)
     local state_color="\e[0m"
 
@@ -137,7 +149,7 @@ print_line() {
         state_color="\e[1;31m"
     elif [[ $service_state = "$SUCCESS_STRING" ]]; then
         state_color="\e[1;32m"
-    elif [[ $service_state = "$PENDING_STRING" ]]; then
+    elif [[ $service_state = "$PENDING_STRING" ]] || [[ $service_state = "$DISABLED_STRING" ]]; then
         state_color="\e[1;33m"
     fi
 

salt/common/tools/sbin/so-thehive-user-add

@@ -31,7 +31,7 @@ fi
 USER=$1
 
 THEHIVE_KEY=$(lookup_pillar hivekey)
-THEHIVE_IP=$(lookup_pillar managerip)
+THEHVIE_API_URL="$(lookup_pillar url_base)/thehive/api"
 THEHIVE_USER=$USER
 
 # Read password for new user from stdin
@@ -47,7 +47,7 @@ if ! check_password "$THEHIVE_PASS"; then
 fi
 
 # Create new user in TheHive
-resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" "https://$THEHIVE_IP/thehive/api/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}")
+resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}")
 if [[ "$resp" =~ \"status\":\"Ok\" ]]; then
     echo "Successfully added user to TheHive"
 else

salt/common/tools/sbin/so-thehive-user-enable

@@ -31,7 +31,7 @@ fi
 USER=$1
 
 THEHIVE_KEY=$(lookup_pillar hivekey)
-THEHIVE_IP=$(lookup_pillar managerip)
+THEHVIE_API_URL="$(lookup_pillar url_base)/thehive/api"
 THEHIVE_USER=$USER
 
 case "${2^^}" in
@@ -46,7 +46,7 @@ case "${2^^}" in
 		;;
 esac
 
-resp=$(curl -sk -XPATCH -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" "https://$THEHIVE_IP/thehive/api/user/${THEHIVE_USER}" -d "{\"status\":\"${THEHIVE_STATUS}\" }")
+resp=$(curl -sk -XPATCH -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user/${THEHIVE_USER}" -d "{\"status\":\"${THEHIVE_STATUS}\" }")
 if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then
     echo "Successfully updated user in TheHive"
 else

salt/common/tools/sbin/so-user

@@ -56,14 +56,14 @@ function verifyEnvironment() {
   require "openssl"
   require "sqlite3"
   [[ ! -f $databasePath ]] && fail "Unable to find database file; specify path via KRATOS_DB_PATH environment variable"
-  response=$(curl -Ss ${kratosUrl}/)
+  response=$(curl -Ss -L ${kratosUrl}/)
   [[ "$response" != "404 page not found" ]] && fail "Unable to communicate with Kratos; specify URL via KRATOS_URL environment variable"
 }
 
 function findIdByEmail() {
   email=$1
 
-  response=$(curl -Ss ${kratosUrl}/identities)
+  response=$(curl -Ss -L ${kratosUrl}/identities)
   identityId=$(echo "${response}" | jq ".[] | select(.verifiable_addresses[0].value == \"$email\") | .id")
   echo $identityId
 }
@@ -113,7 +113,7 @@ function updatePassword() {
 }
 
 function listUsers() {
-  response=$(curl -Ss ${kratosUrl}/identities)
+  response=$(curl -Ss -L ${kratosUrl}/identities)
   [[ $? != 0 ]] && fail "Unable to communicate with Kratos"
 
   echo "${response}" | jq -r ".[] | .verifiable_addresses[0].value" | sort
@@ -131,7 +131,7 @@ function createUser() {
 EOF
   )
   
-  response=$(curl -Ss ${kratosUrl}/identities -d "$addUserJson")
+  response=$(curl -Ss -L ${kratosUrl}/identities -d "$addUserJson")
   [[ $? != 0 ]] && fail "Unable to communicate with Kratos"
 
   identityId=$(echo "${response}" | jq ".id")
@@ -153,7 +153,7 @@ function updateStatus() {
   identityId=$(findIdByEmail "$email")
   [[ ${identityId} == "" ]] && fail "User not found"
 
-  response=$(curl -Ss "${kratosUrl}/identities/$identityId")
+  response=$(curl -Ss -L "${kratosUrl}/identities/$identityId")
   [[ $? != 0 ]] && fail "Unable to communicate with Kratos"
 
   oldConfig=$(echo "select config from identity_credentials where identity_id=${identityId};" | sqlite3 "$databasePath")
@@ -171,7 +171,7 @@ function updateStatus() {
   fi  
 
   updatedJson=$(echo "$response" | jq ".traits.status = \"$status\" | del(.verifiable_addresses) | del(.id) | del(.schema_url)")
-  response=$(curl -Ss -XPUT ${kratosUrl}/identities/$identityId -d "$updatedJson")
+  response=$(curl -Ss -XPUT -L ${kratosUrl}/identities/$identityId -d "$updatedJson")
   [[ $? != 0 ]] && fail "Unable to mark user as locked"
 
 }
@@ -191,7 +191,7 @@ function deleteUser() {
   identityId=$(findIdByEmail "$email")
   [[ ${identityId} == "" ]] && fail "User not found"
 
-  response=$(curl -Ss -XDELETE "${kratosUrl}/identities/$identityId")
+  response=$(curl -Ss -XDELETE -L "${kratosUrl}/identities/$identityId")
   [[ $? != 0 ]] && fail "Unable to communicate with Kratos"
 }
 

salt/common/tools/sbin/so-wazuh-user-add

@@ -0,0 +1,17 @@
+#!/bin/bash
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+docker exec -it so-wazuh /usr/bin/node /var/ossec/api/configuration/auth/htpasswd /var/ossec/api/configuration/auth/user $1

salt/common/tools/sbin/so-wazuh-user-passwd

@@ -0,0 +1,17 @@
+#!/bin/bash
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+docker exec -it so-wazuh /usr/bin/node /var/ossec/api/configuration/auth/htpasswd /var/ossec/api/configuration/auth/user $1

salt/common/tools/sbin/so-wazuh-user-remove

@@ -0,0 +1,17 @@
+#!/bin/bash
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+docker exec -it so-wazuh /usr/bin/node /var/ossec/api/configuration/auth/htpasswd -D /var/ossec/api/configuration/auth/user $1

salt/common/tools/sbin/soup

@@ -47,7 +47,7 @@ airgap_mounted() {
     echo "If you just copied the .iso file over you can specify the path."
     echo "If you burned the ISO to a disk the standard way you can specify the device."
     echo "Example: /home/user/securityonion-2.X.0.iso"
-    echo "Example: /dev/cdrom"
+    echo "Example: /dev/sdx1"
     echo ""
     read -p 'Enter the location of the iso: ' ISOLOC
     if [ -f $ISOLOC ]; then