Access permissions in SaltMiner are managed using the security controls built into the Elastic Stack. Full details on Elastic Stack security can be found at https://www.elastic.co/guide/en/elasticsearch/reference/7.17/secure-cluster.html.
Access permissions are managed by creating users and assigning roles. Users and roles are managed from the Management menu under Stack Management.
Users #
User authentication #
Authentication identifies an individual. To gain access to restricted resources, a user must prove their identity, via passwords, credentials, or some other means (typically referred to as authentication tokens).
The Elastic Stack authenticates users by identifying the users behind the requests that hit the cluster and verifying that they are who they claim to be. The authentication process is handled by one or more authentication services called realms.
User authorization #
SaltMiner relies on the Elastic Stack for User Authentication and Authorization. The Elastic Stack security features add authorization, which is the process of determining whether the user behind an incoming request is allowed to execute the request. The security features provide a role-based access control (RBAC) mechanism, which enables you to authorize users by assigning privileges to roles and assigning roles to users or groups.
This process takes place after the user is successfully identified and authenticated.
For further information reference: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setting-up-authentication.html
Roles #
As with users, SaltMiner roles are managed in Elastic. The Elastic Stack security features apply a default role to all users, including anonymous users. The default role enables users to access the authenticate endpoint, change their own passwords, and get information about themselves.
Built-in roles #
The Elastic Stack has a set of built-in roles you can explicitly assign to users. These roles have a fixed set of privileges and cannot be updated. In addition to the built-in roles in the Elastic Stack, SaltMiner also provides two predefined roles which are used in the PenTest module. One of these roles is necessary to access the PenTest module for any user unless they have the superuser role:
pentester
This role provides full access to all of the functionality in the PenTest module of SaltMiner including full create, read, write, and delete permissions.
pentest-readonly
This role provides read-only access to all areas of the PenTest module. It does not allow create or delete functionality on any items.
The following are typical built-in Elastic Stack roles used in SaltMiner:
superuser
Grants full access to the cluster, including all indices and data. A user with the superuser role can also manage users and roles and impersonate any other user in the system. Due to the permissive nature of this role, take extra care when assigning it to a user.
editor
This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.Grants full access to all features in Kibana (including Solutions) and read-only access to data indices.
- This role provides read access to any index that is not prefixed with a dot.
- This role automatically grants full access to new Kibana features as soon as they are released.
viewer
This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.Grants read-only access to all features in Kibana (including Solutions) and to data indices.
- This role provides read access to any index that is not prefixed with a dot.
- This role automatically grants read-only access to new Kibana features as soon as they are available.
For further information reference: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/built-in-roles.html