CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #476 from Security-Onion-Solutions/feature/auth

Browse Source 
Integrate new auth system and SOC interface
This commit is contained in:
Jason Ertel
2020-03-31 08:57:19 -04:00
committed by GitHub
parent fd00cdf8f3 f7e9e99eae
commit 14c44e0f6e
21 changed files with 782 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pillar/docker/config.sls
View File

@@ -17,10 +17,9 @@ eval:
- so-grafana - so-grafana
{% endif %} {% endif %}
- so-dockerregistry - so-dockerregistry
- so-sensoroni - so-soc
- so-kratos
- so-idstools - so-idstools
- so-auth-api
- so-auth-ui
{% if OSQUERY != '0' %} {% if OSQUERY != '0' %}
- so-mysql - so-mysql
- so-fleet - so-fleet
@@ -89,12 +88,11 @@ master_search:
containers: containers:
- so-core - so-core
- so-telegraf - so-telegraf
- so-sensoroni - so-soc
- so-kratos
- so-acng - so-acng
- so-idstools - so-idstools
- so-redis - so-redis
- so-auth-api
- so-auth-ui
- so-logstash - so-logstash
- so-elasticsearch - so-elasticsearch
- so-curator - so-curator
@@ -135,12 +133,11 @@ master:
- so-influxdb - so-influxdb
- so-grafana - so-grafana
{% endif %} {% endif %}
- so-sensoroni - so-soc
- so-kratos
- so-acng - so-acng
- so-idstools - so-idstools
- so-redis - so-redis
- so-auth-api
- so-auth-ui
- so-elasticsearch - so-elasticsearch
- so-logstash - so-logstash
- so-kibana - so-kibana

3
pillar/top.sls
View File

@@ -21,7 +21,6 @@ base:
- static - static
- firewall.* - firewall.*
- data.* - data.*
- auth
- minions.{{ grains.id }} - minions.{{ grains.id }}
'*_master': '*_master':
@@ -33,7 +32,6 @@ base:
- firewall.* - firewall.*
- data.* - data.*
- brologs - brologs
- auth
- logstash - logstash
- logstash.eval - logstash.eval
- healthcheck.eval - healthcheck.eval
@@ -63,5 +61,4 @@ base:
- static - static
- firewall.* - firewall.*
- data.* - data.*
- auth
- minions.{{ grains.id }} - minions.{{ grains.id }}

8
salt/common/init.sls
View File

@@ -104,13 +104,6 @@ nginxconf:
- template: jinja - template: jinja
- source: salt://common/nginx/nginx.conf.{{ grains.role }} - source: salt://common/nginx/nginx.conf.{{ grains.role }}
copyindex:
file.managed:
- name: /opt/so/conf/nginx/index.html
- user: 939
- group: 939
- source: salt://common/nginx/index.html
nginxlogdir: nginxlogdir:
file.directory: file.directory:
- name: /opt/so/log/nginx/ - name: /opt/so/log/nginx/
@@ -133,7 +126,6 @@ so-core:
- binds: - binds:
- /opt/so:/opt/so:rw - /opt/so:/opt/so:rw
- /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /opt/so/conf/nginx/index.html:/opt/socore/html/index.html:ro
- /opt/so/log/nginx/:/var/log/nginx:rw - /opt/so/log/nginx/:/var/log/nginx:rw
- /opt/so/tmp/nginx/:/var/lib/nginx:rw - /opt/so/tmp/nginx/:/var/lib/nginx:rw
- /opt/so/tmp/nginx/:/run:rw - /opt/so/tmp/nginx/:/run:rw

75
salt/common/nginx/nginx.conf.so-eval
View File

@@ -4,7 +4,6 @@
# * Official English Documentation: http://nginx.org/en/docs/ # * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto; worker_processes auto;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
pid /run/nginx.pid; pid /run/nginx.pid;
@@ -107,10 +106,42 @@ http {
# Load configuration files for the default server block. # Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf; #include /etc/nginx/default.d/*.conf;
#location / { location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
# try_files $uri $uri.html /index.html; proxy_pass http://{{ masterip }}:9822;
# } proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location / {
auth_request /auth/sessions/whoami;
proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /auth/ {
rewrite /auth/(.*) /$1 break;
proxy_pass http://{{ masterip }}:4433/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
location /grafana/ { location /grafana/ {
rewrite /grafana/(.*) /$1 break; rewrite /grafana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:3000/; proxy_pass http://{{ masterip }}:3000/;
@@ -124,7 +155,7 @@ http {
} }
location /kibana/ { location /kibana/ {
auth_request /so-auth/api/auth/; auth_request /auth/sessions/whoami;
rewrite /kibana/(.*) /$1 break; rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:5601/; proxy_pass http://{{ masterip }}:5601/;
proxy_read_timeout 90; proxy_read_timeout 90;
@@ -162,7 +193,7 @@ http {
location /navigator/ { location /navigator/ {
auth_request /so-auth/api/auth/; auth_request /auth/sessions/whoami;
proxy_pass http://{{ masterip }}:4200/navigator/; proxy_pass http://{{ masterip }}:4200/navigator/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
@@ -219,22 +250,8 @@ http {
} }
location /sensoroni/ { location /kibana/app/soc/ {
auth_request /so-auth/api/auth/; rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /kibana/app/sensoroni/ {
rewrite ^/kibana/app/sensoroni/(.*) /sensoroni/$1 permanent;
} }
location /kibana/app/fleet/ { location /kibana/app/fleet/ {
@@ -255,23 +272,11 @@ http {
proxy_set_header Proxy ""; proxy_set_header Proxy "";
} }
location /so-auth/loginpage/ {
proxy_pass http://{{ masterip }}:4242/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /so-auth/api/ {
proxy_pass http://{{ masterip }}:5656/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
error_page 401 = @error401; error_page 401 = @error401;
location @error401 { location @error401 {
add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000"; add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000";
return 302 http://{{ masterip }}/so-auth/loginpage/; return 302 /auth/self-service/browser/flows/login;
} }
error_page 404 /404.html; error_page 404 /404.html;

109
salt/common/nginx/nginx.conf.so-master
View File

@@ -4,7 +4,6 @@
# * Official English Documentation: http://nginx.org/en/docs/ # * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto; worker_processes auto;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
pid /run/nginx.pid; pid /run/nginx.pid;
@@ -59,9 +58,9 @@ http {
# } # }
#} #}
server { server {
listen 80 default_server; listen 80 default_server;
server_name _; server_name _;
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
{% if FLEET_MASTER %} {% if FLEET_MASTER %}
@@ -107,13 +106,45 @@ http {
# Load configuration files for the default server block. # Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf; #include /etc/nginx/default.d/*.conf;
#location / { location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
# try_files $uri $uri.html /index.html; proxy_pass http://{{ masterip }}:9822;
# } proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location / {
auth_request /auth/sessions/whoami;
proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /auth/ {
rewrite /auth/(.*) /$1 break;
proxy_pass http://{{ masterip }}:4433/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
location /grafana/ { location /grafana/ {
rewrite /grafana/(.*) /$1 break; rewrite /grafana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:3000/; proxy_pass http://{{ masterip }}:3000/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -124,9 +155,9 @@ http {
} }
location /kibana/ { location /kibana/ {
auth_request /so-auth/api/auth/; auth_request /auth/sessions/whoami;
rewrite /kibana/(.*) /$1 break; rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:5601/; proxy_pass http://{{ masterip }}:5601/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -150,7 +181,7 @@ http {
} }
location /playbook/ { location /playbook/ {
proxy_pass http://{{ masterip }}:3200/playbook/; proxy_pass http://{{ masterip }}:3200/playbook/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -160,9 +191,10 @@ http {
} }
location /navigator/ { location /navigator/ {
auth_request /so-auth/api/auth/; auth_request /auth/sessions/whoami;
proxy_pass http://{{ masterip }}:4200/navigator/; proxy_pass http://{{ masterip }}:4200/navigator/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -184,10 +216,10 @@ http {
} }
location /thehive/ { location /thehive/ {
proxy_pass http://{{ masterip }}:9000/thehive/; proxy_pass http://{{ masterip }}:9000/thehive/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work proxy_http_version 1.1; # this is essential for chunked responses to work
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -196,10 +228,10 @@ http {
} }
location /cortex/ { location /cortex/ {
proxy_pass http://{{ masterip }}:9001/cortex/; proxy_pass http://{{ masterip }}:9001/cortex/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work proxy_http_version 1.1; # this is essential for chunked responses to work
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -208,7 +240,7 @@ http {
} }
location /soctopus/ { location /soctopus/ {
proxy_pass http://{{ masterip }}:7000/; proxy_pass http://{{ masterip }}:7000/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -218,22 +250,8 @@ http {
} }
location /sensoroni/ { location /kibana/app/soc/ {
auth_request /so-auth/api/auth/; rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /kibana/app/sensoroni/ {
rewrite ^/kibana/app/sensoroni/(.*) /sensoroni/$1 permanent;
} }
location /kibana/app/fleet/ { location /kibana/app/fleet/ {
@@ -244,36 +262,21 @@ http {
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent; rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
} }
location /sensoroniagents/ { location /sensoroniagents/ {
proxy_pass http://{{ masterip }}:9822/; proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy ""; proxy_set_header Proxy "";
}
location /so-auth/loginpage/ {
proxy_pass http://{{ masterip }}:4242/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /so-auth/api/ {
proxy_pass http://{{ masterip }}:5656/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
} }
error_page 401 = @error401; error_page 401 = @error401;
location @error401 { location @error401 {
add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000"; add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000";
return 302 http://{{ masterip }}/so-auth/loginpage/; return 302 /auth/self-service/browser/flows/login;
} }
error_page 404 /404.html; error_page 404 /404.html;

136
salt/common/nginx/nginx.conf.so-mastersearch
View File

@@ -4,7 +4,6 @@
# * Official English Documentation: http://nginx.org/en/docs/ # * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto; worker_processes auto;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
pid /run/nginx.pid; pid /run/nginx.pid;
@@ -59,9 +58,9 @@ http {
# } # }
#} #}
server { server {
listen 80 default_server; listen 80 default_server;
server_name _; server_name _;
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
{% if FLEET_MASTER %} {% if FLEET_MASTER %}
@@ -107,13 +106,45 @@ http {
# Load configuration files for the default server block. # Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf; #include /etc/nginx/default.d/*.conf;
#location / { location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
# try_files $uri $uri.html /index.html; proxy_pass http://{{ masterip }}:9822;
# } proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location / {
auth_request /auth/sessions/whoami;
proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /auth/ {
rewrite /auth/(.*) /$1 break;
proxy_pass http://{{ masterip }}:4433/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
location /grafana/ { location /grafana/ {
rewrite /grafana/(.*) /$1 break; rewrite /grafana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:3000/; proxy_pass http://{{ masterip }}:3000/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -124,9 +155,9 @@ http {
} }
location /kibana/ { location /kibana/ {
auth_request /so-auth/api/auth/; auth_request /auth/sessions/whoami;
rewrite /kibana/(.*) /$1 break; rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ masterip }}:5601/; proxy_pass http://{{ masterip }}:5601/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -136,8 +167,21 @@ http {
} }
location /playbook/ { location /nodered/ {
proxy_pass http://{{ masterip }}:3200/playbook/; proxy_pass http://{{ masterip }}:1880/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Proxy "";
}
location /playbook/ {
proxy_pass http://{{ masterip }}:3200/playbook/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -147,9 +191,10 @@ http {
} }
location /navigator/ { location /navigator/ {
auth_request /so-auth/api/auth/; auth_request /auth/sessions/whoami;
proxy_pass http://{{ masterip }}:4200/navigator/; proxy_pass http://{{ masterip }}:4200/navigator/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -171,10 +216,10 @@ http {
} }
location /thehive/ { location /thehive/ {
proxy_pass http://{{ masterip }}:9000/thehive/; proxy_pass http://{{ masterip }}:9000/thehive/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work proxy_http_version 1.1; # this is essential for chunked responses to work
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -183,22 +228,10 @@ http {
} }
location /cortex/ { location /cortex/ {
proxy_pass http://{{ masterip }}:9001/cortex/; proxy_pass http://{{ masterip }}:9001/cortex/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work proxy_http_version 1.1; # this is essential for chunked responses to work
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
location /cyberchef/ {
proxy_pass http://{{ masterip }}:9080/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_http_version 1.1; # this is essential for chunked responses to work
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -207,7 +240,7 @@ http {
} }
location /soctopus/ { location /soctopus/ {
proxy_pass http://{{ masterip }}:7000/; proxy_pass http://{{ masterip }}:7000/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
@@ -217,22 +250,8 @@ http {
} }
location /sensoroni/ { location /kibana/app/soc/ {
auth_request /so-auth/api/auth/; rewrite ^/kibana/app/soc/(.*) /soc/$1 permanent;
proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /kibana/app/sensoroni/ {
rewrite ^/kibana/app/sensoroni/(.*) /sensoroni/$1 permanent;
} }
location /kibana/app/fleet/ { location /kibana/app/fleet/ {
@@ -243,36 +262,21 @@ http {
rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent; rewrite ^/kibana/app/soctopus/(.*) /soctopus/$1 permanent;
} }
location /sensoroniagents/ { location /sensoroniagents/ {
proxy_pass http://{{ masterip }}:9822/; proxy_pass http://{{ masterip }}:9822/;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_connect_timeout 90; proxy_connect_timeout 90;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy ""; proxy_set_header Proxy "";
}
location /so-auth/loginpage/ {
proxy_pass http://{{ masterip }}:4242/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /so-auth/api/ {
proxy_pass http://{{ masterip }}:5656/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
} }
error_page 401 = @error401; error_page 401 = @error401;
location @error401 { location @error401 {
add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000"; add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/;Max-Age=60000";
return 302 http://{{ masterip }}/so-auth/loginpage/; return 302 /auth/self-service/browser/flows/login;
} }
error_page 404 /404.html; error_page 404 /404.html;

2
salt/common/tools/sbin/so-playbook-sync
View File

@@ -17,4 +17,4 @@
. /usr/sbin/so-common . /usr/sbin/so-common
docker exec so-soctopus python3 playbook_play-sync.py docker exec so-soctopus python3 playbook_play-sync.py >> /opt/so/log/soctopus/so-playbook-sync.log 2>&1

201
salt/common/tools/sbin/so-user Executable file
View File

@@ -0,0 +1,201 @@
#!/bin/bash
# Copyright 2020 Security Onion Solutions. All rights reserved.
#
# This program is distributed under the terms of version 2 of the
# GNU General Public License. See LICENSE for further details.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
got_root() {
# Make sure you are root
if [ "$(id -u)" -ne 0 ]; then
echo "This script must be run using sudo!"
exit 1
fi
}
# Make sure the user is root
got_root
if [[ $# < 1 || $# > 2 ]]; then
echo "Usage: $0 <list|add|update|delete|checkpw> [email]"
echo "Note that checkpw only checks that the given password meets the minimum requirements, it does not test that it matches for an existing user."
exit 1
fi
operation=$1
email=$2
kratosUrl=${KRATOS_URL:-http://127.0.0.1:4434}
databasePath=${KRATOS_DB_PATH:-/opt/so/conf/kratos/db/db.sqlite}
argon2Iterations=${ARGON2_ITERATIONS:-3}
argon2Memory=${ARGON2_MEMORY:-14}
argon2Parallelism=${ARGON2_PARALLELISM:-2}
argon2HashSize=${ARGON2_HASH_SIZE:-32}
function fail() {
msg=$1
echo "$1"
exit 1
}
function require() {
cmd=$1
which "$1" 2>&1 > /dev/null
[[ $? != 0 ]] && fail "This script requires the following command be installed: ${cmd}"
}
# Verify this environment is capable of running this script
require "argon2"
require "jq"
require "curl"
require "openssl"
require "sqlite3"
[[ ! -f $databasePath ]] && fail "Unable to find database file; specify path via KRATOS_DB_PATH environment variable"
response=$(curl -Ss ${kratosUrl}/)
[[ "$response" != "404 page not found" ]] && fail "Unable to communicate with Kratos; specify URL via KRATOS_URL environment variable"
function findIdByEmail() {
email=$1
response=$(curl -Ss ${kratosUrl}/identities)
identityId=$(echo "${response}" | jq ".[] | select(.addresses[0].value == \"$email\") | .id")
echo $identityId
}
function validatePassword() {
password=$1
len=$(expr length "$password")
if [[ $len -lt 6 ]]; then
echo "Password does not meet the minimum requirements"
exit 2
fi
}
function updatePassword() {
identityId=$1
# Read password from stdin (show prompt only if no stdin was piped in)
test -t 0
if [[ $? == 0 ]]; then
echo "Enter new password:"
fi
read -s password
validatePassword "$password"
if [[ -n $identityId ]]; then
# Generate password hash
salt=$(openssl rand -hex 8)
passwordHash=$(echo "${password}" | argon2 ${salt} -id -t $argon2Iterations -m $argon2Memory -p $argon2Parallelism -l $argon2HashSize -e)
# Update DB with new hash
echo "update identity_credentials set config=CAST('{\"hashed_password\":\"${passwordHash}\"}' as BLOB) where identity_id=${identityId};" | sqlite3 "$databasePath"
[[ $? != 0 ]] && fail "Unable to update password"
fi
}
function listUsers() {
response=$(curl -Ss ${kratosUrl}/identities)
[[ $? != 0 ]] && fail "Unable to communicate with Kratos"
echo "${response}" | jq -r ".[] | .addresses[0].value" | sort
}
function createUser() {
email=$1
now=$(date -u +%FT%TZ)
addUserJson=$(cat <<EOF
{
"addresses": [
{
"expires_at": "2099-01-31T12:00:00Z",
"value": "${email}",
"verified": true,
"verified_at": "${now}",
"via": "so-add-user"
}
],
"traits": {"email":"${email}"},
"traits_schema_id": "default"
}
EOF
)
response=$(curl -Ss ${kratosUrl}/identities -d "$addUserJson")
[[ $? != 0 ]] && fail "Unable to communicate with Kratos"
identityId=$(echo "${response}" | jq ".id")
if [[ ${identityId} == "null" ]]; then
code=$(echo "${response}" | jq ".error.code")
[[ "${code}" == "409" ]] && fail "User already exists"
reason=$(echo "${response}" | jq ".error.message")
[[ $? == 0 ]] && fail "Unable to add user: ${reason}"
fi
updatePassword $identityId
}
function updateUser() {
email=$1
identityId=$(findIdByEmail "$email")
[[ ${identityId} == "" ]] && fail "User not found"
updatePassword $identityId
}
function deleteUser() {
email=$1
identityId=$(findIdByEmail "$email")
[[ ${identityId} == "" ]] && fail "User not found"
response=$(curl -Ss -XDELETE "${kratosUrl}/identities/$identityId")
[[ $? != 0 ]] && fail "Unable to communicate with Kratos"
}
case "${operation}" in
"add")
[[ "$email" == "" ]] && fail "Email address must be provided"
createUser "$email"
echo "Successfully added new user"
;;
"list")
listUsers
;;
"update")
[[ "$email" == "" ]] && fail "Email address must be provided"
updateUser "$email"
echo "Successfully updated user"
;;
"delete")
[[ "$email" == "" ]] && fail "Email address must be provided"
deleteUser "$email"
echo "Successfully deleted user"
;;
"checkpw")
updatePassword
echo "Password is acceptable"
;;
*)
fail "Unsupported operation: $operation"
;;
esac
exit 0

17
salt/common/tools/sbin/so-user-add
View File

@@ -1,17 +1,2 @@
#!/bin/bash #!/bin/bash
USERNAME=$1 so-user add $*
# Make sure a username is provided
[ $# -eq 0 ] && { echo "Usage: $0 username"; exit 1; }
# If the file is there already lets create it otherwise add the user
if [ ! -f /opt/so/conf/nginx/.htpasswd ]; then
# Create the password file
htpasswd -c /opt/so/conf/nginx/.htpasswd $USERNAME
else
htpasswd /opt/so/conf/nginx/.htpasswd $USERNAME
fi

4
salt/curator/files/bin/so-curator-closed-delete
View File

@@ -34,8 +34,6 @@
#fi #fi
# Avoid starting multiple instances # Avoid starting multiple instances
if pgrep -f "so-curator-closed-delete-delete" >/dev/null; then if ! pgrep -f "so-curator-closed-delete-delete" >/dev/null; then
echo "Script is already running."
else
/usr/sbin/so-curator-closed-delete-delete /usr/sbin/so-curator-closed-delete-delete
fi fi

5
salt/master/files/registry/scripts/so-docker-download
View File

@@ -1,12 +1,13 @@
#!/bin/bash #!/bin/bash
MASTER={{ MASTER }} MASTER={{ MASTER }}
VERSION="HH1.1.4" VERSION="HH1.2.1"
TRUSTED_CONTAINERS=( \ TRUSTED_CONTAINERS=( \
"so-core:$VERSION" \ "so-core:$VERSION" \
"so-cyberchef:$VERSION" \ "so-cyberchef:$VERSION" \
"so-acng:$VERSION" \ "so-acng:$VERSION" \
"so-sensoroni:$VERSION" \ "so-soc:$VERSION" \
"so-kratos:$VERSION" \
"so-fleet:$VERSION" \ "so-fleet:$VERSION" \
"so-soctopus:$VERSION" \ "so-soctopus:$VERSION" \
"so-steno:$VERSION" \ "so-steno:$VERSION" \

78
salt/soc/files/kratos/kratos.yaml Normal file
View File

@@ -0,0 +1,78 @@
{%- set WEBACCESS = salt['pillar.get']('kratos:redirect', '') -%}
{%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
selfservice:
strategies:
password:
enabled: true
verify:
return_to: https://{{ WEBACCESS }}/
logout:
redirect_to: https://{{ WEBACCESS }}/login/
login:
request_lifespan: 10m
after:
password:
-
job: session
-
job: redirect
config:
default_redirect_url: https://{{ WEBACCESS }}/
allow_user_defined_redirect: true
registration:
request_lifespan: 10m
after:
password:
-
job: verify
-
job: session
-
job: redirect
config:
default_redirect_url: https://{{ WEBACCESS }}/
allow_user_defined_redirect: true
log:
level: debug
format: json
secrets:
session:
- {{ KRATOSKEY }}
urls:
login_ui: https://{{ WEBACCESS }}/login/
registration_ui: https://{{ WEBACCESS }}/login/
error_ui: https://{{ WEBACCESS }}/login/
profile_ui: https://{{ WEBACCESS }}/
verify_ui: https://{{ WEBACCESS }}/
mfa_ui: https://{{ WEBACCESS }}/
self:
public: https://{{ WEBACCESS }}/auth/
admin: https://{{ WEBACCESS }}/kratos/
default_return_to: https://{{ WEBACCESS }}/
whitelisted_return_to_domains:
- http://127.0.0.1
hashers:
argon2:
parallelism: 2
memory: 16384
iterations: 3
salt_length: 16
key_length: 32
identity:
traits:
default_schema_url: file:///kratos-conf/schema.json
courier:
smtp:
connection_uri: smtps://{{ WEBACCESS }}:25

28
salt/soc/files/kratos/schema.json Normal file
View File

@@ -0,0 +1,28 @@
{
"$id": "securityonion.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"minLength": 6,
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
},
"verification": {
"via": "email"
}
}
}
},
"required": [
"email"
],
"additionalProperties": false
}

23
salt/soc/files/soc/changes.json Normal file
View File

@@ -0,0 +1,23 @@
{
"title": "Introducing Hybrid Hunter 1.2.1 Beta",
"changes": [
{ "summary": "New authentication framework" },
{ "summary": "New Logstash pipeline setup. Now uses multiple pipelines." },
{ "summary": "New Master + Search node type and well as a Heavy Node type in the install." },
{ "summary": "Change all nodes to point to the docker registry on the Master. This cuts down on the calls to dockerhub." },
{ "summary": "Upgraded to Zeek 3.0" },
{ "summary": "Upgraded to Elastic 7.6" },
{ "summary": "New SO Start | Stop | Restart scripts for all components (eg. `so-playbook-restart`)." },
{ "summary": "BPF support for Suricata (NIDS), Steno (PCAP) & Zeek (<a target='new' href='https://github.com/Security-Onion-Solutions/securityonion-saltstack/wiki/BPF'>More Info</a>)." },
{ "summary": "Updated Domain Stats & Frequency Server containers to Python3 & created new Salt states for them." },
{ "summary": "Added so-status script which gives an easy to read look at container status." },
{ "summary": "Manage threshold.conf for Suricata using the thresholding pillar." },
{ "summary": "The ISO now includes all the docker containers for faster install speeds." },
{ "summary": "You now set the password for the onion account during the iso install. This account is temporary and will be removed after so-setup." },
{ "summary": "Updated Helix parsers for better compatibility." },
{ "summary": "Updated telegraf docker to include curl and jq." },
{ "summary": "CVE-2020-0601 Zeek Detection Script." },
{ "summary": "ISO Install now prompts you to create a password for the onion user during imaging. This account gets disabled during setup." },
{ "summary": "Check out the Hybrid Hunter Quick Start Guide." }
]
}

26
salt/soc/files/soc/soc.json Normal file
View File

@@ -0,0 +1,26 @@
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') -%}
{%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%}
{
"logFilename": "/opt/sensoroni/logs/sensoroni-server.log",
"server": {
"bindAddress": "0.0.0.0:9822",
"baseUrl": "/",
"maxPacketCount": 5000,
"htmlDir": "html",
"modules": {
"filedatastore": {
"jobDir": "jobs"
},
"securityonion": {
"elasticsearchHost": "http://{{ MASTERIP }}:9200",
"elasticsearchUsername": "",
"elasticsearchPassword": "",
"elasticsearchVerifyCert": false
},
"statickeyauth": {
"anonymousCidr": "172.17.0.0/24",
"apiKey": "{{ SENSORONIKEY }}"
}
}
}
}

97
salt/soc/init.sls Normal file
View File

@@ -0,0 +1,97 @@
{% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.1') %}
{% set MASTER = salt['grains.get']('master') %}
socdir:
file.directory:
- name: /opt/so/conf/soc
- user: 939
- group: 939
- makedirs: True
socdatadir:
file.directory:
- name: /nsm/soc/jobs
- user: 939
- group: 939
- makedirs: True
soclogdir:
file.directory:
- name: /opt/so/log/soc
- user: 939
- group: 939
- makedirs: True
socsync:
file.recurse:
- name: /opt/so/conf/soc
- source: salt://soc/files/soc
- user: 939
- group: 939
- template: jinja
so-soc:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-soc:{{ VERSION }}
- hostname: soc
- name: so-soc
- binds:
- /nsm/soc/jobs:/opt/sensoroni/jobs:rw
- /opt/so/conf/soc/soc.json:/opt/sensoroni/sensoroni.json:ro
- /opt/so/conf/soc/changes.json:/opt/sensoroni/html/changes.json:ro
- /opt/so/log/soc/:/opt/sensoroni/logs/:rw
- port_bindings:
- 0.0.0.0:9822:9822
- watch:
- file: /opt/so/conf/soc
# Add Kratos Group
kratosgroup:
group.present:
- name: kratos
- gid: 928
# Add Kratos user
kratos:
user.present:
- uid: 928
- gid: 928
- home: /opt/so/conf/kratos
kratosdir:
file.directory:
- name: /opt/so/conf/kratos/db
- user: 928
- group: 928
- makedirs: True
kratoslogdir:
file.directory:
- name: /opt/so/log/kratos
- user: 928
- group: 928
- makedirs: True
kratossync:
file.recurse:
- name: /opt/so/conf/kratos
- source: salt://soc/files/kratos
- user: 928
- group: 928
- template: jinja
so-kratos:
docker_container.running:
- image: {{ MASTER }}:5000/soshybridhunter/so-kratos:{{ VERSION }}
- hostname: kratos
- name: so-kratos
- binds:
- /opt/so/conf/kratos/schema.json:/kratos-conf/schema.json:ro
- /opt/so/conf/kratos/kratos.yaml:/kratos-conf/kratos.yaml:ro
- /opt/so/log/kratos/:/kratos-log:rw
- /opt/so/conf/kratos/db:/kratos-data:rw
- port_bindings:
- 0.0.0.0:4433:4433
- 0.0.0.0:4434:4434
- watch:
- file: /opt/so/conf/kratos

11
salt/top.sls
View File

@@ -52,10 +52,9 @@ base:
- registry - registry
- master - master
- common - common
- sensoroni - soc
- firewall - firewall
- idstools - idstools
- auth
- healthcheck - healthcheck
{%- if FLEETMASTER or FLEETNODE %} {%- if FLEETMASTER or FLEETNODE %}
- mysql - mysql
@@ -98,12 +97,11 @@ base:
- ssl - ssl
- registry - registry
- common - common
- sensoroni - soc
- firewall - firewall
- master - master
- idstools - idstools
- redis - redis
- auth
{%- if FLEETMASTER or FLEETNODE %} {%- if FLEETMASTER or FLEETNODE %}
- mysql - mysql
{%- endif %} {%- endif %}
@@ -192,7 +190,6 @@ base:
- firewall - firewall
- sensor - sensor
- master - master
- auth
{%- if FLEETMASTER or FLEETNODE %} {%- if FLEETMASTER or FLEETNODE %}
- fleet.install_package - fleet.install_package
{%- endif %} {%- endif %}
@@ -203,13 +200,11 @@ base:
- ssl - ssl
- registry - registry
- common - common
- sensoroni - soc
- auth
- firewall - firewall
- master - master
- idstools - idstools
- redis - redis
- auth
{%- if FLEETMASTER or FLEETNODE %} {%- if FLEETMASTER or FLEETNODE %}
- mysql - mysql
{%- endif %} {%- endif %}

64
setup/so-functions
View File

@@ -78,6 +78,29 @@ add_socore_user_notmaster() {
} }
wait_for_identity_db_to_exist() {
MAXATTEMPTS=30
attempts=0
while [[ $attempts -lt $MAXATTEMPTS ]]; do
# Check and see if the DB file is in there
if [ -f /opt/so/conf/kratos/db/db.sqlite ]; then
echo "Database file exists at $(date)"
attempts=$MAXATTEMPTS
else
echo "Identity database does not yet exist; waiting 5 seconds and will check again ($attempts/$MAXATTEMPTS)..."
sleep 5
attempts=$((attempts+1))
fi
done
}
add_web_user() {
wait_for_identity_db_to_exist
echo "Attempting to add administrator user for web interface..."
echo "$WEBPASSWD1" | /usr/sbin/so-user add $WEBUSER
echo "Add user result: $?"
}
# Create an auth pillar so that passwords survive re-install # Create an auth pillar so that passwords survive re-install
auth_pillar(){ auth_pillar(){
@@ -219,6 +242,16 @@ check_socore_pass() {
} }
check_web_pass() {
if [ $WEBPASSWD1 == $WEBPASSWD2 ]; then
WPMATCH=yes
else
whiptail_passwords_dont_match
fi
}
checkin_at_boot() { checkin_at_boot() {
echo "Enabling checkin at boot" >> $SETUPLOG 2>&1 echo "Enabling checkin at boot" >> $SETUPLOG 2>&1
echo "startup_states: highstate" >> /etc/salt/minion echo "startup_states: highstate" >> /etc/salt/minion
@@ -539,7 +572,8 @@ docker_seed_registry() {
"so-navigator:$VERSION" \ "so-navigator:$VERSION" \
"so-playbook:$VERSION" \ "so-playbook:$VERSION" \
"so-redis:$VERSION" \ "so-redis:$VERSION" \
"so-sensoroni:$VERSION" \ "so-soc:$VERSION" \
"so-kratos:$VERSION" \
"so-soctopus:$VERSION" \ "so-soctopus:$VERSION" \
"so-steno:$VERSION" \ "so-steno:$VERSION" \
#"so-strelka:$VERSION" \ #"so-strelka:$VERSION" \
@@ -556,7 +590,7 @@ docker_seed_registry() {
"so-idstools:$VERSION" \ "so-idstools:$VERSION" \
"so-logstash:$VERSION" \ "so-logstash:$VERSION" \
"so-redis:$VERSION" \ "so-redis:$VERSION" \
"so-sensoroni:$VERSION" \ #"so-sensoroni:$VERSION" \
"so-steno:$VERSION" \ "so-steno:$VERSION" \
"so-suricata:$VERSION" \ "so-suricata:$VERSION" \
"so-telegraf:$VERSION" \ "so-telegraf:$VERSION" \
@@ -651,6 +685,7 @@ generate_passwords(){
CORTEXKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) CORTEXKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
CORTEXORGUSERKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) CORTEXORGUSERKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
SENSORONIKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) SENSORONIKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
KRATOSKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
} }
get_filesystem_nsm(){ get_filesystem_nsm(){
@@ -690,6 +725,14 @@ get_main_ip() {
} }
get_redirect() {
whiptail_set_redirect_info
whiptail_set_redirect
if [ $REDIRECTINFO == 'OTHER' ]; then
whiptail_set_redirect_host
fi
}
got_root() { got_root() {
# Make sure you are root # Make sure you are root
@@ -801,6 +844,18 @@ master_pillar() {
echo " thehive: $THEHIVE" >> $PILLARFILE echo " thehive: $THEHIVE" >> $PILLARFILE
echo " playbook: $PLAYBOOK" >> $PILLARFILE echo " playbook: $PLAYBOOK" >> $PILLARFILE
echo "" >> $PILLARFILE echo "" >> $PILLARFILE
echo "kratos:" >> $PILLARFILE
if [[ $REDIRECTINFO == 'OTHER' ]]; then
REDIRECTIT=$REDIRECT
elif [[ $REDIRECTINFO == 'IP' ]]; then
REDIRECTIT=$MAINIP
elif [[ $REDIRECTINFO == 'HOSTNAME' ]]; then
REDIRECTIT=$HOSTNAME
fi
echo " kratoskey: $KRATOSKEY" >> $PILLARFILE
echo " redirect: $REDIRECTIT" >> $PILLARFILE
echo "" >> $PILLARFILE
} }
@@ -974,6 +1029,7 @@ saltify() {
yum -y install wget https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm yum -y install wget https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
cp /etc/yum.repos.d/salt-py3-latest.repo /etc/yum.repos.d/salt-py3-2019-2.repo cp /etc/yum.repos.d/salt-py3-latest.repo /etc/yum.repos.d/salt-py3-2019-2.repo
sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-py3-2019-2.repo sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-py3-2019-2.repo
yum -y install sqlite3 argon2 curl jq openssl
# Download Ubuntu Keys in case master updates = 1 # Download Ubuntu Keys in case master updates = 1
mkdir -p /opt/so/gpg mkdir -p /opt/so/gpg
wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
@@ -1191,11 +1247,11 @@ EOF
# Initialize the new repos # Initialize the new repos
apt-get update >> $SETUPLOG 2>&1 apt-get update >> $SETUPLOG 2>&1
if [ $OSVER != "xenial" ]; then if [ $OSVER != "xenial" ]; then
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto >> $SETUPLOG 2>&1 apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
apt-mark hold salt-minion salt-common apt-mark hold salt-minion salt-common
else else
# Need to add python packages here # Need to add python packages here
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto >> $SETUPLOG 2>&1 apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
apt-mark hold salt-minion salt-common apt-mark hold salt-minion salt-common
fi fi
else else

46
setup/so-setup
View File

@@ -300,6 +300,15 @@ if (whiptail_you_sure) ; then
check_socore_pass check_socore_pass
done done
# Get a password for the web admin user
whiptail_create_web_user
WPMATCH=no
while [ $WPMATCH != yes ]; do
whiptail_create_web_user_password1
whiptail_create_web_user_password2
check_web_pass
done
get_redirect
# Last Chance to back out # Last Chance to back out
whiptail_make_changes whiptail_make_changes
set_hostname set_hostname
@@ -376,21 +385,23 @@ if (whiptail_you_sure) ; then
docker_seed_registry >> $SETUPLOG 2>&1 docker_seed_registry >> $SETUPLOG 2>&1
echo -e "XXX\n43\nInstalling Common Components... \nXXX" echo -e "XXX\n43\nInstalling Common Components... \nXXX"
salt-call state.apply common >> $SETUPLOG 2>&1 salt-call state.apply common >> $SETUPLOG 2>&1
echo -e "XXX\n44\nInstalling SOC... \nXXX"
salt-call state.apply soc >> $SETUPLOG 2>&1
echo -e "XXX\n45\nApplying firewall rules... \nXXX" echo -e "XXX\n45\nApplying firewall rules... \nXXX"
salt-call state.apply firewall >> $SETUPLOG 2>&1 salt-call state.apply firewall >> $SETUPLOG 2>&1
salt-call state.apply master >> $SETUPLOG 2>&1 salt-call state.apply master >> $SETUPLOG 2>&1
salt-call state.apply idstools >> $SETUPLOG 2>&1 salt-call state.apply idstools >> $SETUPLOG 2>&1
echo -e "XXX\n40\nInstalling Redis... \nXXX" echo -e "XXX\n46\nInstalling Redis... \nXXX"
salt-call state.apply redis >> $SETUPLOG 2>&1 salt-call state.apply redis >> $SETUPLOG 2>&1
if [[ $OSQUERY == '1' ]]; then if [[ $OSQUERY == '1' ]]; then
echo -e "XXX\n41\nInstalling MySQL... \nXXX" echo -e "XXX\n48\nInstalling MySQL... \nXXX"
salt-call state.apply mysql >> $SETUPLOG 2>&1 salt-call state.apply mysql >> $SETUPLOG 2>&1
fi fi
if [[ $WAZUH == '1' ]]; then if [[ $WAZUH == '1' ]]; then
echo -e "XXX\n68\nInstalling Wazuh... \nXXX" echo -e "XXX\n48\nInstalling Wazuh... \nXXX"
salt-call state.apply wazuh >> $SETUPLOG 2>&1 salt-call state.apply wazuh >> $SETUPLOG 2>&1
fi fi
echo -e "XXX\n45\nInstalling Elastic Components... \nXXX" echo -e "XXX\n49\nInstalling Elastic Components... \nXXX"
salt-call state.apply elasticsearch >> $SETUPLOG 2>&1 salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
salt-call state.apply logstash >> $SETUPLOG 2>&1 salt-call state.apply logstash >> $SETUPLOG 2>&1
salt-call state.apply kibana >> $SETUPLOG 2>&1 salt-call state.apply kibana >> $SETUPLOG 2>&1
@@ -419,7 +430,9 @@ if (whiptail_you_sure) ; then
echo -e "XX\n97\nFinishing touches... \nXXX" echo -e "XX\n97\nFinishing touches... \nXXX"
filter_unused_nics >> $SETUPLOG 2>&1 filter_unused_nics >> $SETUPLOG 2>&1
network_setup >> $SETUPLOG 2>&1 network_setup >> $SETUPLOG 2>&1
echo -e "XXX\n98\nVerifying Setup... \nXXX" echo -e "XXX\n98\nAdding user to SOC... \nXXX"
add_web_user >> $SETUPLOG 2>&1
echo -e "XXX\n99\nVerifying Setup... \nXXX"
salt-call state.highstate >> $SETUPLOG 2>&1 salt-call state.highstate >> $SETUPLOG 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0 } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}') GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
@@ -570,6 +583,15 @@ if (whiptail_you_sure) ; then
check_socore_pass check_socore_pass
done done
fi fi
# Get a password for the web admin user
whiptail_create_web_user
WPMATCH=no
while [ $WPMATCH != yes ]; do
whiptail_create_web_user_password1
whiptail_create_web_user_password2
check_web_pass
done
get_redirect
whiptail_make_changes whiptail_make_changes
set_hostname set_hostname
set_version set_version
@@ -616,14 +638,10 @@ if (whiptail_you_sure) ; then
master_pillar >> $SETUPLOG 2>&1 master_pillar >> $SETUPLOG 2>&1
echo "** Generating the patch pillar **" >> $SETUPLOG echo "** Generating the patch pillar **" >> $SETUPLOG
patch_pillar >> $SETUPLOG 2>&1 patch_pillar >> $SETUPLOG 2>&1
echo -e "XXX\n7\nConfiguring minion... \nXXX" echo -e "XXX\n7\nConfiguring minion... \nXXX"
configure_minion $TYPE >> $SETUPLOG 2>&1 configure_minion $TYPE >> $SETUPLOG 2>&1
echo -e "XXX\n7\nSetting the node type to $TYPE... \nXXX" echo -e "XXX\n7\nSetting the node type to $TYPE... \nXXX"
set_node_type >> $SETUPLOG 2>&1 set_node_type >> $SETUPLOG 2>&1
echo -e "XXX\n7\nSearch node pillar... \nXXX" echo -e "XXX\n7\nSearch node pillar... \nXXX"
node_pillar >> $SETUPLOG 2>&1 node_pillar >> $SETUPLOG 2>&1
echo -e "XXX\n8\nCreating firewall policies... \nXXX" echo -e "XXX\n8\nCreating firewall policies... \nXXX"
@@ -650,12 +668,13 @@ if (whiptail_you_sure) ; then
echo -e "XXX\n25\nInstalling master components... \nXXX" echo -e "XXX\n25\nInstalling master components... \nXXX"
salt-call state.apply master >> $SETUPLOG 2>&1 salt-call state.apply master >> $SETUPLOG 2>&1
salt-call state.apply idstools >> $SETUPLOG 2>&1 salt-call state.apply idstools >> $SETUPLOG 2>&1
echo -e "XXX\n26\nInstalling SOC... \nXXX"
salt-call state.apply soc >> $SETUPLOG 2>&1
if [[ $OSQUERY == '1' ]]; then if [[ $OSQUERY == '1' ]]; then
salt-call state.apply mysql >> $SETUPLOG 2>&1 salt-call state.apply mysql >> $SETUPLOG 2>&1
fi fi
if [[ $WAZUH == '1' ]]; then if [[ $WAZUH == '1' ]]; then
echo -e "XXX\n65\nInstalling Wazuh components... \nXXX" echo -e "XXX\n27\nInstalling Wazuh components... \nXXX"
salt-call state.apply wazuh >> $SETUPLOG 2>&1 salt-call state.apply wazuh >> $SETUPLOG 2>&1
fi fi
echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX" echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX"
@@ -700,10 +719,11 @@ if (whiptail_you_sure) ; then
echo -e "XXX\n95\nSetting checkin to run on boot... \nXXX" echo -e "XXX\n95\nSetting checkin to run on boot... \nXXX"
checkin_at_boot >> $SETUPLOG 2>&1 checkin_at_boot >> $SETUPLOG 2>&1
echo -e "XX\n97\nFinishing touches... \nXXX" echo -e "XX\n97\nFinishing touches... \nXXX"
salt-call state.apply auth >> $SETUPLOG 2>&1
filter_unused_nics >> $SETUPLOG 2>&1 filter_unused_nics >> $SETUPLOG 2>&1
network_setup >> $SETUPLOG 2>&1 network_setup >> $SETUPLOG 2>&1
echo -e "XXX\n98\nVerifying Setup... \nXXX" echo -e "XXX\n98\nAdding user to SOC... \nXXX"
add_web_user >> $SETUPLOG 2>&1
echo -e "XXX\n99\nVerifying Setup... \nXXX"
salt-call state.highstate >> $SETUPLOG 2>&1 salt-call state.highstate >> $SETUPLOG 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0 } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}') GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')

50
setup/so-whiptail
View File

@@ -158,6 +158,34 @@ whiptail_create_socore_user_password2() {
} }
whiptail_create_web_user() {
WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \
"Please enter an email address to create an administrator account for the web interface." 10 60 3>&1 1>&2 2>&3)
}
whiptail_create_web_user_password1() {
WEBPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \
"Enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_create_web_user_password2() {
WEBPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \
"Re-enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_cur_close_days() { whiptail_cur_close_days() {
CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \ CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
@@ -683,6 +711,28 @@ whiptail_set_hostname() {
} }
whiptail_set_redirect() {
REDIRECTINFO=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose the access method for the web interface:" 20 75 4 \
"IP" "Use IP to access the web interface" ON \
"HOSTNAME" "Use Hostname ($HOSTNAME) to access the web interface" OFF \
"OTHER" "Use a different name like a FQDN or Load Balancer" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_set_redirect_host() {
REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the Hostname or IP you would like to use for the web interface." 10 75 $HOSTNAME 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_set_redirect_info() {
whiptail --title "Security Onion Setup" --msgbox "The following selection refers to accessing the web interface. \n
For security reasons, we use strict cookie enforcement." 10 75
}
whiptail_setup_complete() { whiptail_setup_complete() {
whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75 whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75

4
upgrade/so-update-functions
View File

@@ -51,12 +51,13 @@ if [ $MASTERCHECK != 'so-helix' ]; then
"so-idstools:$BUILD$UPDATEVERSION" \ "so-idstools:$BUILD$UPDATEVERSION" \
"so-influxdb:$BUILD$UPDATEVERSION" \ "so-influxdb:$BUILD$UPDATEVERSION" \
"so-kibana:$BUILD$UPDATEVERSION" \ "so-kibana:$BUILD$UPDATEVERSION" \
"so-kratos:$BUILD$UPDATEVERSION" \
"so-logstash:$BUILD$UPDATEVERSION" \ "so-logstash:$BUILD$UPDATEVERSION" \
"so-mysql:$BUILD$UPDATEVERSION" \ "so-mysql:$BUILD$UPDATEVERSION" \
"so-navigator:$BUILD$UPDATEVERSION" \ "so-navigator:$BUILD$UPDATEVERSION" \
"so-playbook:$BUILD$UPDATEVERSION" \ "so-playbook:$BUILD$UPDATEVERSION" \
"so-redis:$BUILD$UPDATEVERSION" \ "so-redis:$BUILD$UPDATEVERSION" \
"so-sensoroni:$BUILD$UPDATEVERSION" \ "so-soc:$BUILD$UPDATEVERSION" \
"so-soctopus:$BUILD$UPDATEVERSION" \ "so-soctopus:$BUILD$UPDATEVERSION" \
"so-steno:$BUILD$UPDATEVERSION" \ "so-steno:$BUILD$UPDATEVERSION" \
"so-strelka:$BUILD$UPDATEVERSION" \ "so-strelka:$BUILD$UPDATEVERSION" \
@@ -73,7 +74,6 @@ if [ $MASTERCHECK != 'so-helix' ]; then
"so-idstools:$BUILD$UPDATEVERSION" \ "so-idstools:$BUILD$UPDATEVERSION" \
"so-logstash:$BUILD$UPDATEVERSION" \ "so-logstash:$BUILD$UPDATEVERSION" \
"so-redis:$BUILD$UPDATEVERSION" \ "so-redis:$BUILD$UPDATEVERSION" \
"so-sensoroni:$BUILD$UPDATEVERSION" \
"so-steno:$BUILD$UPDATEVERSION" \ "so-steno:$BUILD$UPDATEVERSION" \
"so-suricata:$BUILD$UPDATEVERSION" \ "so-suricata:$BUILD$UPDATEVERSION" \
"so-telegraf:$BUILD$UPDATEVERSION" \ "so-telegraf:$BUILD$UPDATEVERSION" \