diff --git a/salt/common/nginx/nginx.conf.so-eval b/salt/common/nginx/nginx.conf.so-eval index fe55dc274..a0b3a39de 100644 --- a/salt/common/nginx/nginx.conf.so-eval +++ b/salt/common/nginx/nginx.conf.so-eval @@ -188,6 +188,18 @@ http { proxy_set_header Proxy ""; } + + location /cyberchef/ { + proxy_pass http://{{ masterip }}:9080/; + proxy_read_timeout 90; + proxy_connect_timeout 90; + proxy_http_version 1.1; # this is essential for chunked responses to work + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Proxy ""; + + } location /soctopus/ { proxy_pass http://{{ masterip }}:7000/; diff --git a/salt/common/nginx/nginx.conf.so-master b/salt/common/nginx/nginx.conf.so-master index 964579a96..265413fa2 100644 --- a/salt/common/nginx/nginx.conf.so-master +++ b/salt/common/nginx/nginx.conf.so-master @@ -187,6 +187,18 @@ http { proxy_set_header Proxy ""; } + + location /cyberchef/ { + proxy_pass http://{{ masterip }}:9080/; + proxy_read_timeout 90; + proxy_connect_timeout 90; + proxy_http_version 1.1; # this is essential for chunked responses to work + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Proxy ""; + + } location /soctopus/ { proxy_pass http://{{ masterip }}:7000/; diff --git a/salt/cyberchef/init.sls b/salt/cyberchef/init.sls new file mode 100644 index 000000000..1f1d5c080 --- /dev/null +++ b/salt/cyberchef/init.sls @@ -0,0 +1,53 @@ +# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Create the cyberchef group +cyberchefgroup: + group.present: + - name: cyberchef + - gid: 946 + +# Add the cyberchef user +cyberchef: + user.present: + - uid: 946 + - gid: 946 + - home: /opt/so/conf/cyberchef + +cyberchefconfdir: + file.directory: + - name: /opt/so/conf/cyberchef + - user: 946 + - group: 939 + - makedirs: True + +cybercheflog: + file.directory: + - name: /opt/so/log/cyberchef + - user: 946 + - group: 946 + - makedirs: True + +so-cyberchefimage: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-cyberchef:HH1.1.3 + +so-cyberchef: + docker_container.running: + - require: + - so-cyberchef + - image: docker.io/soshybridhunter/so-cyberchef:HH1.1.3 + - port_bindings: + - 0.0.0.0:9080:8080 diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index c0c1e6d82..b0ff81b00 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -276,6 +276,18 @@ enable_master_cortex_9001_{{ip}}: - position: 1 - save: True +enable_master_cyberchef_9080_{{ip}}: + iptables.insert: + - table: filter + - chain: DOCKER-USER + - jump: ACCEPT + - proto: tcp + - source: {{ ip }} + - dport: 9080 + - position: 1 + - save: True + + {% endfor %} # Make it so all the minions can talk to salt and update etc. diff --git a/salt/top.sls b/salt/top.sls index f742a66cf..1d7d6ccf8 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -43,6 +43,7 @@ base: - suricata - bro - curator + - cyberchef - elastalert {%- if OSQUERY != 0 %} - fleet @@ -69,6 +70,7 @@ base: - ca - ssl - common + - cyberchef - sensoroni - firewall - master