Add soremote user

2025-12-06 09:12:45 +01:00 · 2020-04-02 11:51:39 -04:00
parent c0f143d7f5
commit fffe1ef720
3 changed files with 65 additions and 58 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -29,9 +29,9 @@ accept_salt_key_local() {
 accept_salt_key_remote() {
 	echo "Accept the key remotely on the master" >> $SETUPLOG 2>&1
 	# Delete the key just in case.
-	ssh -i /root/.ssh/so.key socore@$MSRV sudo salt-key -d $MINION_ID -y
+	ssh -i /root/.ssh/so.key soremote@$MSRV sudo salt-key -d $MINION_ID -y
 	salt-call state.apply ca
-	ssh -i /root/.ssh/so.key socore@$MSRV sudo salt-key -a $MINION_ID -y
+	ssh -i /root/.ssh/so.key soremote@$MSRV sudo salt-key -a $MINION_ID -y

 }

@@ -65,8 +65,23 @@ add_socore_user_master() {
 	fi
 	groupadd --gid 939 socore
 	$ADDUSER --uid 939 --gid 939 --home-dir /opt/so socore
-	# Set the password for socore that we got during setup
-	echo socore:$COREPASS1 | chpasswd --crypt-method=SHA512
+
+}
+
+add_soremote_user_master() {
+
+	echo "Add soremote on the master" >>~/sosetup.log 2>&1
+	# Add user "soremote" to the master. This will be for things like accepting keys.
+	if [ $OS == 'centos' ]; then
+		local ADDUSER=adduser
+	else
+		local ADDUSER=useradd
+	fi
+	groupadd --gid 947 soremote
+	$ADDUSER --uid 947 --gid 947 soremote
+	
+	# Set the password for soremote that we got during setup
+	echo soremote:$REMOTEPASS1 | chpasswd --crypt-method=SHA512

 }

@@ -232,9 +247,9 @@ check_network_manager_conf() {
 	fi
 }

-check_socore_pass() {
+check_soremote_pass() {

-	if [ $COREPASS1 == $COREPASS2 ]; then
+	if [ $SOREMOTEPASS1 == $SOREMOTEPASS2 ]; then
 		SCMATCH=yes
 	else
 		whiptail_passwords_dont_match
@@ -337,8 +352,8 @@ copy_minion_tmp_files() {
    fi
  else
    echo "scp pillar and salt files in $TMP to master /opt/so/saltstack"
-    scp -prv -i /root/.ssh/so.key $TMP/pillar/* socore@$MSRV:/opt/so/saltstack/pillar >> $SETUPLOG 2>&1
-    scp -prv -i /root/.ssh/so.key $TMP/salt/* socore@$MSRV:/opt/so/saltstack/salt >> $SETUPLOG 2>&1
+    scp -prv -i /root/.ssh/so.key $TMP/pillar/* soremote@$MSRV:/opt/so/saltstack/pillar >> $SETUPLOG 2>&1
+    scp -prv -i /root/.ssh/so.key $TMP/salt/* soremote@$MSRV:/opt/so/saltstack/salt >> $SETUPLOG 2>&1
  fi

  }
@@ -352,7 +367,7 @@ copy_ssh_key() {
 	chown -R $SUDO_USER:$SUDO_USER /root/.ssh
 	echo "Copying the SSH key to the master"
 	#Copy the key over to the master
-	ssh-copy-id -f -i /root/.ssh/so.key socore@$MSRV
+	ssh-copy-id -f -i /root/.ssh/so.key soremote@$MSRV

 }

@@ -1018,6 +1033,7 @@ reserve_group_ids() {
 	groupadd -g 941 stenographer
 	groupadd -g 945 ossec
 	groupadd -g 946 cyberchef
+	groupadd -g 947 soremote

 }

@@ -1263,7 +1279,7 @@ EOF
      # Copy down the gpg keys and install them from the master
      mkdir $TMP/gpg
      echo "scp the gpg keys and install them from the master"
-      scp -v -i /root/.ssh/so.key socore@$MSRV:/opt/so/gpg/* $TMP/gpg
+      scp -v -i /root/.ssh/so.key soremote@$MSRV:/opt/so/gpg/* $TMP/gpg
      echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH"
      apt-key add $TMP/gpg/SALTSTACK-GPG-KEY.pub
      apt-key add $TMP/gpg/GPG-KEY-WAZUH
@@ -1463,27 +1479,27 @@ set_initial_firewall_policy() {
  fi

  if [ $INSTALLTYPE == 'SENSOR' ]; then
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
  fi

  if [ $INSTALLTYPE == 'SEARCHNODE' ]; then
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
  fi

  if [ $INSTALLTYPE == 'HEAVYNODE' ]; then
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
  fi

  if [ $INSTALLTYPE == 'FLEET' ]; then
-    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
+    ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
  fi

  if [ $INSTALLTYPE == 'PARSINGNODE' ]; then
@@ -1559,13 +1575,13 @@ set_version() {

 update_sudoers() {

-	if ! grep -qE '^socore\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers; then
-		# Update Sudoers so that socore can accept keys without a password
-		echo "socore ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers
-		echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers
-		echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers
+	if ! grep -qE '^soremote\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers; then
+		# Update Sudoers so that soremote can accept keys without a password
+		echo "soremote ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers
+		echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers
+		echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers
 	else
-		echo "User socore already granted sudo privileges"
+		echo "User soremote already granted sudo privileges"
 	fi

 }
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -71,14 +71,6 @@ if (whiptail_you_sure) ; then
    # Set management nic
    whiptail_management_nic

-#    whiptail_create_socore_user
-#    SCMATCH=no
-#    while [ $SCMATCH != yes ]; do
-#      whiptail_create_socore_user_password1
-#      whiptail_create_socore_user_password2
-#      check_socore_pass
-#    done
-
  else

    # Set the hostname
@@ -169,7 +161,7 @@ if (whiptail_you_sure) ; then
      add_admin_user
      disable_onion_user
    fi
-    #add_socore_user_master
+    
    # Install salt and dependencies
    {
      sleep 0.5
@@ -291,13 +283,13 @@ if (whiptail_you_sure) ; then
      fi
    fi

-    # Get a password for the socore user
-    whiptail_create_socore_user
+    # Get a password for the soremote user
+    whiptail_create_soremote_user
    SCMATCH=no
    while [ $SCMATCH != yes ]; do
-      whiptail_create_socore_user_password1
-      whiptail_create_socore_user_password2
-      check_socore_pass
+      whiptail_create_soremote_user_password1
+      whiptail_create_soremote_user_password2
+      check_soremote_pass
    done

    # Get a password for the web admin user
@@ -331,10 +323,8 @@ if (whiptail_you_sure) ; then
    fi

    # Add the user so we can sit back and relax
-    #echo ""
-    #echo "**** Please set a password for socore. You will use this password when setting up other Nodes/Sensors"
-    #echo ""
    add_socore_user_master
+    add_soremote_user_master

    # Install salt and dependencies
    {
@@ -574,13 +564,13 @@ if (whiptail_you_sure) ; then
    if [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
      # Find out how to handle updates
      whiptail_master_updates
-      # Get a password for the socore user
-      whiptail_create_socore_user
+      # Get a password for the soremote user
+      whiptail_create_soremote_user
      SCMATCH=no
      while [ $SCMATCH != yes ]; do
-        whiptail_create_socore_user_password1
-        whiptail_create_socore_user_password2
-        check_socore_pass
+        whiptail_create_soremote_user_password1
+        whiptail_create_soremote_user_password2
+        check_soremote_pass
      done
    fi
    # Get a password for the web admin user
@@ -610,6 +600,7 @@ if (whiptail_you_sure) ; then

    # Add the user so we can sit back and relax
    add_socore_user_master
+    add_soremote_user_master
    {
      sleep 0.5
      if [ $INSTALLTYPE == 'EVAL' ]; then
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -132,26 +132,26 @@ whiptail_create_admin_user_password2() {

 }

-whiptail_create_socore_user() {
+whiptail_create_soremote_user() {

-  whiptail --title "Security Onion Setup" --msgbox "Set a password for the socore user. This account is used for adding sensors remotely." 8 75
+  whiptail --title "Security Onion Setup" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75

 }

-whiptail_create_socore_user_password1() {
+whiptail_create_soremote_user_password1() {

-  COREPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
-  "Enter a password for user socore" 10 75 3>&1 1>&2 2>&3)
+  REMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
+  "Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)

  local exitstatus=$?
  whiptail_check_exitstatus $exitstatus

 }

-whiptail_create_socore_user_password2() {
+whiptail_create_soremote_user_password2() {

-  COREPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
-  "Re-enter a password for user socore" 10 75 3>&1 1>&2 2>&3)
+  REMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
+  "Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)

  local exitstatus=$?
  whiptail_check_exitstatus $exitstatus