mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #206 from Security-Onion-Solutions/feature/auth
Add so-auth
This commit is contained in:
Mike Reeves
GitHub
38
salt/auth/init.sls
Normal file
38
salt/auth/init.sls
Normal file
@@ -0,0 +1,38 @@
|
||||
so-auth-api-dir:
|
||||
file.directory:
|
||||
- name: /opt/so/conf/auth/api
|
||||
- user: 939
|
||||
- group: 939
|
||||
- makedirs: True
|
||||
|
||||
so-auth-api-image:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-api:HH1.1.4
|
||||
|
||||
so-auth-ui-image:
|
||||
cmd.run:
|
||||
- name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-ui:HH1.1.4
|
||||
|
||||
so-auth-api:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-auth-api-image
|
||||
- image: docker.io/soshybridhunter/so-auth-api:HH1.1.4
|
||||
- hostname: so-auth-api
|
||||
- name: so-auth-api
|
||||
- environment:
|
||||
- BASE_PATH: "/so-auth/api"
|
||||
- binds:
|
||||
- /opt/so/conf/auth/api:/data
|
||||
- port_bindings:
|
||||
- 0.0.0.0:5656:5656
|
||||
|
||||
so-auth-ui:
|
||||
docker_container.running:
|
||||
- require:
|
||||
- so-auth-ui-image
|
||||
- image: docker.io/soshybridhunter/so-auth-ui:HH1.1.4
|
||||
- hostname: so-auth-ui
|
||||
- name: so-auth-ui
|
||||
- port_bindings:
|
||||
- 0.0.0.0:4242:80
|
||||
@@ -58,9 +58,9 @@ http {
|
||||
# }
|
||||
#}
|
||||
server {
|
||||
listen 80 default_server;
|
||||
server_name _;
|
||||
return 301 https://$host$request_uri;
|
||||
listen 80 default_server;
|
||||
server_name _;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
|
||||
@@ -88,8 +88,8 @@ http {
|
||||
# }
|
||||
|
||||
location /grafana/ {
|
||||
rewrite /grafana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:3000/;
|
||||
rewrite /grafana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:3000/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -100,10 +100,9 @@ http {
|
||||
}
|
||||
|
||||
location /kibana/ {
|
||||
auth_basic "Security Onion";
|
||||
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
|
||||
rewrite /kibana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:5601/;
|
||||
auth_request /so-auth/api/auth/;
|
||||
rewrite /kibana/(.*) /$1 break;
|
||||
proxy_pass http://{{ masterip }}:5601/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -114,7 +113,7 @@ http {
|
||||
}
|
||||
|
||||
location /playbook/ {
|
||||
proxy_pass http://{{ masterip }}:3200/playbook/;
|
||||
proxy_pass http://{{ masterip }}:3200/playbook/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -126,9 +125,8 @@ http {
|
||||
|
||||
|
||||
location /navigator/ {
|
||||
auth_basic "Security Onion";
|
||||
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
|
||||
proxy_pass http://{{ masterip }}:4200/navigator/;
|
||||
auth_request /so-auth/api/auth/;
|
||||
proxy_pass http://{{ masterip }}:4200/navigator/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -139,7 +137,7 @@ http {
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
proxy_pass https://{{ masterip }}:8080/api/;
|
||||
proxy_pass https://{{ masterip }}:8080/api/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
@@ -152,7 +150,7 @@ http {
|
||||
}
|
||||
|
||||
location /fleet/ {
|
||||
proxy_pass https://{{ masterip }}:8080/fleet/;
|
||||
proxy_pass https://{{ masterip }}:8080/fleet/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -163,10 +161,10 @@ http {
|
||||
}
|
||||
|
||||
location /thehive/ {
|
||||
proxy_pass http://{{ masterip }}:9000/thehive/;
|
||||
proxy_pass http://{{ masterip }}:9000/thehive/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -175,10 +173,10 @@ http {
|
||||
}
|
||||
|
||||
location /cortex/ {
|
||||
proxy_pass http://{{ masterip }}:9001/cortex/;
|
||||
proxy_pass http://{{ masterip }}:9001/cortex/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
proxy_http_version 1.1; # this is essential for chunked responses to work
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -187,7 +185,7 @@ http {
|
||||
}
|
||||
|
||||
location /soctopus/ {
|
||||
proxy_pass http://{{ masterip }}:7000/;
|
||||
proxy_pass http://{{ masterip }}:7000/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
@@ -198,17 +196,16 @@ http {
|
||||
}
|
||||
|
||||
location /sensoroni/ {
|
||||
auth_basic "Security Onion";
|
||||
auth_basic_user_file /opt/so/conf/nginx/.htpasswd;
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
auth_request /so-auth/api/auth/;
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
}
|
||||
|
||||
@@ -225,15 +222,34 @@ http {
|
||||
}
|
||||
|
||||
location /sensoroniagents/ {
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_pass http://{{ masterip }}:9822/;
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Proxy "";
|
||||
|
||||
}
|
||||
|
||||
location /so-auth/loginpage/ {
|
||||
proxy_pass http://{{ masterip }}:4242/;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /so-auth/api/ {
|
||||
proxy_pass http://{{ masterip }}:5656/;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
}
|
||||
|
||||
error_page 401 = @error401;
|
||||
|
||||
location @error401 {
|
||||
add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/";
|
||||
return 302 http://{{ masterip }}/so-auth/loginpage/;
|
||||
}
|
||||
|
||||
error_page 404 /404.html;
|
||||
location = /40x.html {
|
||||
}
|
||||
|
||||
@@ -51,6 +51,7 @@ base:
|
||||
- firewall
|
||||
- master
|
||||
- idstools
|
||||
- auth
|
||||
{%- if OSQUERY != 0 %}
|
||||
- mysql
|
||||
{%- endif %}
|
||||
|
||||
@@ -655,6 +655,7 @@ if (whiptail_you_sure) ; then
|
||||
echo -e "XXX\n95\nSetting checkin to run on boot... \nXXX"
|
||||
checkin_at_boot >> $SETUPLOG 2>&1
|
||||
echo -e "XX\n97\nFinishing touches... \nXXX"
|
||||
salt-call state.apply auth >> $SETUPLOG 2>&1
|
||||
filter_unused_nics >> $SETUPLOG 2>&1
|
||||
network_setup >> $SETUPLOG 2>&1
|
||||
echo -e "XXX\n98\nVerifying Setup... \nXXX"
|
||||
|
||||
Reference in New Issue
Block a user