diff --git a/setup/so-functions b/setup/so-functions index 2db632572..6134e78bb 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -29,9 +29,9 @@ accept_salt_key_local() { accept_salt_key_remote() { echo "Accept the key remotely on the master" >> $SETUPLOG 2>&1 # Delete the key just in case. - ssh -i /root/.ssh/so.key socore@$MSRV sudo salt-key -d $MINION_ID -y + ssh -i /root/.ssh/so.key soremote@$MSRV sudo salt-key -d $MINION_ID -y salt-call state.apply ca - ssh -i /root/.ssh/so.key socore@$MSRV sudo salt-key -a $MINION_ID -y + ssh -i /root/.ssh/so.key soremote@$MSRV sudo salt-key -a $MINION_ID -y } @@ -65,8 +65,23 @@ add_socore_user_master() { fi groupadd --gid 939 socore $ADDUSER --uid 939 --gid 939 --home-dir /opt/so socore - # Set the password for socore that we got during setup - echo socore:$COREPASS1 | chpasswd --crypt-method=SHA512 + +} + +add_soremote_user_master() { + + echo "Add soremote on the master" >>~/sosetup.log 2>&1 + # Add user "soremote" to the master. This will be for things like accepting keys. + if [ $OS == 'centos' ]; then + local ADDUSER=adduser + else + local ADDUSER=useradd + fi + groupadd --gid 947 soremote + $ADDUSER --uid 947 --gid 947 soremote + + # Set the password for soremote that we got during setup + echo soremote:$REMOTEPASS1 | chpasswd --crypt-method=SHA512 } @@ -232,9 +247,9 @@ check_network_manager_conf() { fi } -check_socore_pass() { +check_soremote_pass() { - if [ $COREPASS1 == $COREPASS2 ]; then + if [ $SOREMOTEPASS1 == $SOREMOTEPASS2 ]; then SCMATCH=yes else whiptail_passwords_dont_match @@ -337,8 +352,8 @@ copy_minion_tmp_files() { fi else echo "scp pillar and salt files in $TMP to master /opt/so/saltstack" - scp -prv -i /root/.ssh/so.key $TMP/pillar/* socore@$MSRV:/opt/so/saltstack/pillar >> $SETUPLOG 2>&1 - scp -prv -i /root/.ssh/so.key $TMP/salt/* socore@$MSRV:/opt/so/saltstack/salt >> $SETUPLOG 2>&1 + scp -prv -i /root/.ssh/so.key $TMP/pillar/* soremote@$MSRV:/opt/so/saltstack/pillar >> $SETUPLOG 2>&1 + scp -prv -i /root/.ssh/so.key $TMP/salt/* soremote@$MSRV:/opt/so/saltstack/salt >> $SETUPLOG 2>&1 fi } @@ -352,7 +367,7 @@ copy_ssh_key() { chown -R $SUDO_USER:$SUDO_USER /root/.ssh echo "Copying the SSH key to the master" #Copy the key over to the master - ssh-copy-id -f -i /root/.ssh/so.key socore@$MSRV + ssh-copy-id -f -i /root/.ssh/so.key soremote@$MSRV } @@ -1018,6 +1033,7 @@ reserve_group_ids() { groupadd -g 941 stenographer groupadd -g 945 ossec groupadd -g 946 cyberchef + groupadd -g 947 soremote } @@ -1263,7 +1279,7 @@ EOF # Copy down the gpg keys and install them from the master mkdir $TMP/gpg echo "scp the gpg keys and install them from the master" - scp -v -i /root/.ssh/so.key socore@$MSRV:/opt/so/gpg/* $TMP/gpg + scp -v -i /root/.ssh/so.key soremote@$MSRV:/opt/so/gpg/* $TMP/gpg echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" apt-key add $TMP/gpg/SALTSTACK-GPG-KEY.pub apt-key add $TMP/gpg/GPG-KEY-WAZUH @@ -1463,27 +1479,27 @@ set_initial_firewall_policy() { fi if [ $INSTALLTYPE == 'SENSOR' ]; then - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0 + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0 fi if [ $INSTALLTYPE == 'SEARCHNODE' ]; then - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM fi if [ $INSTALLTYPE == 'HEAVYNODE' ]; then - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0 - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0 + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM fi if [ $INSTALLTYPE == 'FLEET' ]; then - ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP + ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP fi if [ $INSTALLTYPE == 'PARSINGNODE' ]; then @@ -1559,13 +1575,13 @@ set_version() { update_sudoers() { - if ! grep -qE '^socore\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers; then - # Update Sudoers so that socore can accept keys without a password - echo "socore ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers - echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers - echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers + if ! grep -qE '^soremote\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers; then + # Update Sudoers so that soremote can accept keys without a password + echo "soremote ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers + echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers + echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers else - echo "User socore already granted sudo privileges" + echo "User soremote already granted sudo privileges" fi } diff --git a/setup/so-setup b/setup/so-setup index 1b08132c5..11bf5a1f7 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -71,14 +71,6 @@ if (whiptail_you_sure) ; then # Set management nic whiptail_management_nic -# whiptail_create_socore_user -# SCMATCH=no -# while [ $SCMATCH != yes ]; do -# whiptail_create_socore_user_password1 -# whiptail_create_socore_user_password2 -# check_socore_pass -# done - else # Set the hostname @@ -169,7 +161,7 @@ if (whiptail_you_sure) ; then add_admin_user disable_onion_user fi - #add_socore_user_master + # Install salt and dependencies { sleep 0.5 @@ -291,13 +283,13 @@ if (whiptail_you_sure) ; then fi fi - # Get a password for the socore user - whiptail_create_socore_user + # Get a password for the soremote user + whiptail_create_soremote_user SCMATCH=no while [ $SCMATCH != yes ]; do - whiptail_create_socore_user_password1 - whiptail_create_socore_user_password2 - check_socore_pass + whiptail_create_soremote_user_password1 + whiptail_create_soremote_user_password2 + check_soremote_pass done # Get a password for the web admin user @@ -331,10 +323,8 @@ if (whiptail_you_sure) ; then fi # Add the user so we can sit back and relax - #echo "" - #echo "**** Please set a password for socore. You will use this password when setting up other Nodes/Sensors" - #echo "" add_socore_user_master + add_soremote_user_master # Install salt and dependencies { @@ -574,13 +564,13 @@ if (whiptail_you_sure) ; then if [ $INSTALLTYPE == 'MASTERSEARCH' ]; then # Find out how to handle updates whiptail_master_updates - # Get a password for the socore user - whiptail_create_socore_user + # Get a password for the soremote user + whiptail_create_soremote_user SCMATCH=no while [ $SCMATCH != yes ]; do - whiptail_create_socore_user_password1 - whiptail_create_socore_user_password2 - check_socore_pass + whiptail_create_soremote_user_password1 + whiptail_create_soremote_user_password2 + check_soremote_pass done fi # Get a password for the web admin user @@ -610,6 +600,7 @@ if (whiptail_you_sure) ; then # Add the user so we can sit back and relax add_socore_user_master + add_soremote_user_master { sleep 0.5 if [ $INSTALLTYPE == 'EVAL' ]; then diff --git a/setup/so-whiptail b/setup/so-whiptail index 5aa48ac2b..00862292c 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -132,26 +132,26 @@ whiptail_create_admin_user_password2() { } -whiptail_create_socore_user() { +whiptail_create_soremote_user() { - whiptail --title "Security Onion Setup" --msgbox "Set a password for the socore user. This account is used for adding sensors remotely." 8 75 + whiptail --title "Security Onion Setup" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75 } -whiptail_create_socore_user_password1() { +whiptail_create_soremote_user_password1() { - COREPASS1=$(whiptail --title "Security Onion Install" --passwordbox \ - "Enter a password for user socore" 10 75 3>&1 1>&2 2>&3) + REMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \ + "Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus } -whiptail_create_socore_user_password2() { +whiptail_create_soremote_user_password2() { - COREPASS2=$(whiptail --title "Security Onion Install" --passwordbox \ - "Re-enter a password for user socore" 10 75 3>&1 1>&2 2>&3) + REMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \ + "Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus