78 Commits

Author	SHA1	Message	Date
Jason Ertel	077053afbd	Add content-type header to PUT request, now required in Kratos 0.10.1	2022-07-11 13:43:41 -04:00
weslambert	adeccd0e7f	Merge pull request #8097 from Security-Onion-Solutions/dev ... Merge latest dev into foxtrot	2022-06-08 15:01:09 -04:00
Jason Ertel	c20859f8c3	Upgrade to Kratos 0.9.0-alpha.3	2022-05-18 17:05:21 -04:00
weslambert	6f294cc0c2	Change Kibana user role from superuser to kibana_system for Elastic 8	2022-03-18 11:54:08 -04:00
Mike Reeves	b5b60af16f	Remove hive from so-user	2022-03-14 15:06:07 -04:00
Jason Ertel	0cec5879bb	Gracefully handle situations when another process is using the Kratos DB	2022-03-08 10:55:26 -05:00
Jason Ertel	914d81ca07	Revert "Gracefully handle situations when another process is using the Kratos DB" ... This reverts commit f2865d8b7f.	2022-03-08 10:40:20 -05:00
Jason Ertel	f2865d8b7f	Gracefully handle situations when another process is using the Kratos DB	2022-03-08 10:38:05 -05:00
Jason Ertel	93e9548eaf	Require a minimum of 8 characters for passwords, to match Kratos min requirements	2022-02-18 15:14:48 -05:00
Jason Ertel	fdc63b5816	Clarify so-user update usage/help	2022-02-18 09:41:09 -05:00
Jason Ertel	d97423e9f8	Enable MFA support	2022-02-15 07:49:12 -05:00
Jason Ertel	eefcc929c2	Update copyright pattern to match other repos	2022-01-24 10:09:23 -05:00
Jason Ertel	7c22f46a55	Update copyright year for 2022	2022-01-24 09:35:29 -05:00
Jason Ertel	b0d36f2ed2	Ensure update timestamp is updated when changing passwords; this ensures the sync will automatically follow	2021-12-21 13:38:35 -05:00
Jason Ertel	83d86aebb1	Perform full email match	2021-12-09 15:04:00 -05:00
Josh Brower	6f391dbe50	Migrate FleetDM user mgt to fleetctl	2021-11-17 13:13:25 -05:00
Jason Ertel	2f8bb5a2a6	Fix Docker-created corruption of SOC user roles file	2021-10-19 16:04:10 -04:00
Jason Ertel	9797a15218	Fix issue with 'so-user delete' resetting all user roles - note that this function is not technically supported or published since it's not intended for production use	2021-10-14 17:23:18 -04:00
Jason Ertel	d21dee162d	Add Note field to user traits; Enforce max length restrictions on email, firstname, lastname, and note fields	2021-10-08 12:39:17 -04:00
Jason Ertel	62c3afc81d	Migrate users from locked to inactive during soup	2021-10-06 15:45:35 -04:00
Jason Ertel	7d8c8144b0	Drop obsolete status trait	2021-10-06 12:52:41 -04:00
Jason Ertel	a2c4fce1ef	Switch to use state attribute in identities for enabling/disabling users	2021-10-06 11:53:10 -04:00
Jason Ertel	dae41d279a	Prevent emails addresses from having uppercase characters	2021-09-22 08:25:55 -04:00
Jason Ertel	a9049eccd4	Ensure identity ID parm is quoted now that it doesn't have embedded quotes in the value	2021-09-20 13:30:05 -04:00
Jason Ertel	730503b69c	Ensure highstate migrates user roles	2021-09-18 23:17:49 -04:00
Jason Ertel	3508f3d8c1	Ensure ES user/role files are generated even if the primary admin user isn't yet created, since the system users are necessary for other installation functions	2021-09-18 19:20:43 -04:00
Jason Ertel	5704906b11	Create empty files for Docker to mount while installation continues	2021-09-18 15:49:05 -04:00
Jason Ertel	357c1db445	Recover from situation where roles file is corrupted	2021-09-18 11:08:35 -04:00
Jason Ertel	5377a1a85e	Recover from situation where roles file is corrupted	2021-09-18 11:06:54 -04:00
Jason Ertel	7f2d7eb038	Continue migration of user emails to IDs	2021-09-18 07:20:34 -04:00
Jason Ertel	30e781d076	Use user ID instead of email as role master	2021-09-17 17:54:38 -04:00
Jason Ertel	ff989b1c73	Include wording in so-user relating to optional role parameter	2021-09-14 14:03:00 -04:00
Jason Ertel	649f339934	Correct typo	2021-09-02 20:30:48 -04:00
Jason Ertel	f659079542	Consolidate password validation messaging	2021-09-02 19:12:32 -04:00
Jason Ertel	ce70380f0f	resolve so-user errors from recent auth changes	2021-09-02 17:59:33 -04:00
Jason Ertel	c4d402d8b4	Ensure role file exists before ES state is run	2021-09-02 15:45:47 -04:00
Jason Ertel	10126bb7ef	Auth enhancements	2021-09-02 09:44:57 -04:00
Jason Ertel	258cebda6e	Correct identity update payload to not have unsupported fields	2021-08-12 15:01:45 -04:00
Jason Ertel	dcc9af946a	Avoid logging when sync is unnecessary due to cronjob log output spam	2021-06-22 08:07:52 -04:00
Jason Ertel	f36ef86ccc	Improve algorithm for determining if a user sync is necessary; Apply salt state in foreground to avoid collisions with setup salt states.	2021-06-21 12:38:02 -04:00
Jason Ertel	5e042bf4b8	Improve algorithm for determining if a user sync is necessary; Apply salt state in foreground to avoid collisions with setup salt states.	2021-06-21 12:16:47 -04:00
Jason Ertel	777bece2eb	Fix intermittent 'like' failures; Ensure bash is on first line of load templates script	2021-06-20 22:14:13 -04:00
Jason Ertel	0cb4562254	Lock so-user to avoid two processes from overwriting eachother	2021-06-17 15:19:39 -04:00
Jason Ertel	989f9dce42	Ensure sqlite.db exists before querying it; Execute so-elastic-auth after common state has been applied and redirect output to setup log	2021-06-15 16:57:13 -04:00
Jason Ertel	89a02383b8	Correct cronjob path issue for sysctl; suppress diff outputs from users/roles files; suppress salt state output during user sync	2021-06-09 16:31:32 -04:00
Jason Ertel	a0c65e2333	Ensure elastic minions also update their auth files	2021-06-09 09:38:50 -04:00
Jason Ertel	dd73ad544c	Rename PATH var to avoid collision with OS PATH var; wrapped password var in quotes to support spaces in Fleet/TheHive passwords	2021-06-09 09:06:29 -04:00
Jason Ertel	d2381b0209	Ensure empty/aborted users/roles files do not get copied onto final filenames	2021-06-08 11:03:56 -04:00
Jason Ertel	ba29b5e036	Do not apply salt state if already applying a state	2021-06-04 21:56:41 -04:00
Jason Ertel	e22421ec99	Refactor users/roles management via salt due to Salt's clobbering of the inode which breaks Docker mounts	2021-06-04 20:01:30 -04:00