CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-04-25 05:57:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,917 Commits 40 Branches 125 Tags
21868723177982cace24392ce204c967cfece031
Commit Graph

62 Commits

Author SHA1 Message Date
Mike Reeves afc14ec29d Remove non-Oracle Linux 9 support from salt states 
Simplifies salt states, map files, and modules to only support
Oracle Linux 9, removing all Debian/Ubuntu/CentOS/Rocky/AlmaLinux/RHEL
conditional branches.
 2026-03-16 16:58:39 -04:00
Josh Patterson 959fd55e32 create dir if nonexistent 2026-01-20 14:30:11 -05:00
Josh Patterson 00fbc1c259 add back individual signing policies 2026-01-12 09:25:15 -05:00
Josh Patterson 702ba2e0a4 only allow ca.remove state to run if so-setup is running 2025-12-17 10:08:00 -05:00
Josh Patterson c0845e1612 restart docker if ca changes. cleanup dirs at key/crt location 2025-12-12 22:19:59 -05:00
Josh Patterson a2196085d5 import allowed_states 2025-12-12 18:50:37 -05:00
Josh Patterson ba62a8c10c need to restart docker service if ca changes 2025-12-12 18:50:22 -05:00
Josh Patterson 38f38e2789 fix allowed states for ca 2025-12-12 18:23:29 -05:00
Josh Patterson b9ff1704b0 the great ssl refactor 2025-12-11 17:30:06 -05:00
Josh Patterson 36a6a59d55 renew certs 7 days before expire 2025-12-01 11:54:10 -05:00
m0duspwnens a2bb220043 fix x509 mine_function 2024-06-18 12:33:33 -04:00
reyesj2 436cbc1f06 Add kafka signing_policy for client/server auth. Add kafka-client cert on manager so manager can interact with kafka using its own cert 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
 2024-04-04 16:21:29 -04:00
Mike Reeves 4fb9cce41c Update signing_policies.conf 2023-11-17 16:38:50 -05:00
m0duspwnens e58c1e189c use x509 instead of file for onchanges 2023-10-18 15:10:17 -04:00
m0duspwnens 1c1b23c328 fix mine update for ca 2023-10-18 15:07:18 -04:00
m0duspwnens 138aa9c554 update the mine with the ca when it is created or changed 2023-10-18 13:54:14 -04:00
m0duspwnens 869f60ccaa cipher deprecated for x509_+v2 2023-07-06 10:51:44 -04:00
m0duspwnens 6039a1430e x509 changes for salt 3006 2023-04-04 08:55:10 -04:00
Josh Brower 6945596eee Tweak elastic agent ssl gen 2022-09-14 08:10:42 -04:00
Mike Reeves 2bd9dd80e2 Move In Day 2022-09-07 09:06:25 -04:00
m0duspwnens 2aa19b78da dont remove ca-certificates.crt 2022-01-26 11:27:35 -05:00
m0duspwnens a43fb293fc remove role logic 2022-01-26 10:26:52 -05:00
m0duspwnens 8aa002b82e add states to remove ca and ssl keys and certs and call them during reinstall. 2022-01-26 09:33:19 -05:00
m0duspwnens a46a740170 account for salt 3004 adding new chars to random.get_str 2022-01-14 17:23:29 -05:00
m0duspwnens 2a5b4ef276 add mine function to signing_policies.conf. no longer need to check if mine in ca during manager install 2021-12-28 15:19:06 -05:00
m0duspwnens 2405de4b82 fix require 2021-12-28 11:00:35 -05:00
m0duspwnens f2adcf4ca5 ensure /etc/pki is created and simplify ca logic for non manager in ssl state 2021-12-28 10:41:57 -05:00
m0duspwnens f93c6146f5 docker binds requires 2021-10-21 15:24:55 -04:00
m0duspwnens 1d8e065902 fix salt retries - https://github.com/Security-Onion-Solutions/securityonion/issues/3948 2021-04-22 08:35:50 -04:00
m0duspwnens e6ecd609cc change timeouts to 30s 2021-01-29 13:44:11 -05:00
m0duspwnens 0936dbdb1c add timeouts and retries to ca/ssl states 2021-01-28 11:40:31 -05:00
m0duspwnens b693373d8d change how we allow or disallow states to be run https://github.com/Security-Onion-Solutions/securityonion/issues/2679 2021-01-20 15:09:53 -05:00
m0duspwnens 09cc8ae1fb fail the state if it isnt in top 2020-09-09 16:48:50 -04:00
m0duspwnens a229ae82ce only allow state to run if it is in top for the node 2020-09-02 16:15:52 -04:00
m0duspwnens 1f3ceb50da add replace: False to get rid of warning, eventhough it doesntt. bug report submitted on saltstack gh. 2020-08-10 13:04:19 -04:00
m0duspwnens c00b452f8d change module.run for ca state 2020-07-28 15:10:16 -04:00
m0duspwnens 7606cc0ad0 changes to ssl state for salt 3001 2020-07-27 15:51:31 -04:00
m0duspwnens b2e7a4221c master to manager for ssl signing policy 2020-07-09 17:19:17 -04:00
m0duspwnens 5ca3ecf4bd fix reference to master grain 2020-07-09 15:42:39 -04:00
m0duspwnens 3cf31e2460 https://github.com/Security-Onion-Solutions/securityonion/issues/404 2020-07-09 11:27:06 -04:00
Mike Reeves be5f4b04c6 Fix SSL Perms 2020-07-06 17:21:23 -04:00
Jason Ertel 97d127218a fix: stop updating salt mine - this is an attempt to sort out why the CA intermittently disappears from the mine 2020-06-15 17:40:58 -04:00
m0duspwnens 939ab918b4 update states using module.run - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/106 2019-11-07 17:31:06 -05:00
Mike Reeves 0f5c0373c5 SSL Issue 79 - Remove extensions from filebeat cert 2019-10-23 15:27:31 -04:00
Mike Reeves 3ecb6a7c3f SSL Issue 79 - Add extended type to all certs 2019-10-21 17:55:06 -04:00
Mike Reeves 06261b0b9a SSL Issue 79 - Add extended type to all certs 2019-10-21 17:54:09 -04:00
Mike Reeves 792cc7d4c4 SSL Issue 79 - Reduce valid time 2019-10-21 17:04:18 -04:00
Mike Reeves 53f7fcd07c Fleet Module - SSL additions 2018-12-05 15:54:43 -05:00
Mike Reeves 39602f3ef8 InfluxDB Module - Add Support for influxdb 2018-11-17 16:24:23 -05:00
Mike Reeves 3fa9d0cd55 CA Module - Trying to fix SSL keys 2018-10-11 09:02:20 -04:00