Merge pull request #1738 from Security-Onion-Solutions/bugfix/nginx-redirect

Bugfix/nginx redirect

salt/common/tools/sbin/so-cortex-user-add

@@ -31,7 +31,7 @@ fi
 USER=$1
 
 CORTEX_KEY=$(lookup_pillar cortexkey)
-CORTEX_IP=$(lookup_pillar managerip)
+CORTEX_API_URL="$(lookup_pillar url_base)/cortex/api"
 CORTEX_ORG_NAME=$(lookup_pillar cortexorgname)
 CORTEX_USER=$USER
 
@@ -43,7 +43,7 @@ fi
 read -rs CORTEX_PASS
 
 # Create new user in Cortex
-resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }")
+resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }")
 if [[ "$resp" =~ \"status\":\"Ok\" ]]; then
     echo "Successfully added user to Cortex."
 else

salt/common/tools/sbin/so-cortex-user-enable

@@ -31,7 +31,7 @@ fi
 USER=$1
 
 CORTEX_KEY=$(lookup_pillar cortexkey)
-CORTEX_IP=$(lookup_pillar managerip)
+CORTEX_API_URL="$(lookup_pillar url_base)/cortex/api"
 CORTEX_USER=$USER
 
 case "${2^^}" in
@@ -46,7 +46,7 @@ case "${2^^}" in
 		;;
 esac
 
-resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }")
+resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }")
 if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then
     echo "Successfully updated user in Cortex."
 else

salt/common/tools/sbin/so-thehive-user-add

@@ -31,7 +31,7 @@ fi
 USER=$1
 
 THEHIVE_KEY=$(lookup_pillar hivekey)
-THEHIVE_IP=$(lookup_pillar managerip)
+THEHVIE_API_URL="$(lookup_pillar url_base)/thehive/api"
 THEHIVE_USER=$USER
 
 # Read password for new user from stdin
@@ -47,7 +47,7 @@ if ! check_password "$THEHIVE_PASS"; then
 fi
 
 # Create new user in TheHive
-resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHIVE_IP/thehive/api/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}")
+resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}")
 if [[ "$resp" =~ \"status\":\"Ok\" ]]; then
     echo "Successfully added user to TheHive"
 else

salt/common/tools/sbin/so-thehive-user-enable

@@ -31,7 +31,7 @@ fi
 USER=$1
 
 THEHIVE_KEY=$(lookup_pillar hivekey)
-THEHIVE_IP=$(lookup_pillar managerip)
+THEHVIE_API_URL="$(lookup_pillar url_base)/thehive/api"
 THEHIVE_USER=$USER
 
 case "${2^^}" in
@@ -46,7 +46,7 @@ case "${2^^}" in
 		;;
 esac
 
-resp=$(curl -sk -XPATCH -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHIVE_IP/thehive/api/user/${THEHIVE_USER}" -d "{\"status\":\"${THEHIVE_STATUS}\" }")
+resp=$(curl -sk -XPATCH -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -L "https://$THEHVIE_API_URL/user/${THEHIVE_USER}" -d "{\"status\":\"${THEHIVE_STATUS}\" }")
 if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then
     echo "Successfully updated user in TheHive"
 else

salt/nginx/etc/nginx.conf

@@ -4,6 +4,7 @@
 	{% set main_ip = salt['grains.get']('ip_interfaces:' ~ mainint)[0] %}
 {%- endif %}
 
+{%- set manager_ip = salt['pillar.get']('manager:mainip', '') %}
 {%- set url_base = salt['pillar.get']('global:url_base') %}
 
 {%- set fleet_manager = salt['pillar.get']('global:fleet_manager') %}
@@ -61,7 +62,7 @@ http {
 			{%- if role == 'fleet' %}
 			grpc_pass  grpcs://{{ main_ip }}:8080;
 			{%- else %}
-			grpc_pass  grpcs://{{ url_base }}:8080;
+			grpc_pass  grpcs://{{ manager_ip }}:8080;
 			{%- endif %}
 			grpc_set_header Host $host;
 			grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -158,7 +159,7 @@ http {
 		ssl_protocols TLSv1.2;
 
 		location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
-			proxy_pass            http://{{ url_base }}:9822;
+			proxy_pass            http://{{ manager_ip }}:9822;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -172,7 +173,7 @@ http {
 
 		location / {
 			auth_request          /auth/sessions/whoami;
-			proxy_pass            http://{{ url_base }}:9822/;
+			proxy_pass            http://{{ manager_ip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -186,7 +187,7 @@ http {
 
 		location ~ ^/auth/.*?(whoami|login|logout|settings) {
 			rewrite               /auth/(.*) /$1 break;
-			proxy_pass            http://{{ url_base }}:4433;
+			proxy_pass            http://{{ manager_ip }}:4433;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -245,7 +246,7 @@ http {
 		location /grafana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /grafana/(.*) /$1 break;
-			proxy_pass            http://{{ url_base }}:3000/;
+			proxy_pass            http://{{ manager_ip }}:3000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -258,7 +259,7 @@ http {
 		location /kibana/ {
 			auth_request          /auth/sessions/whoami;
 			rewrite               /kibana/(.*) /$1 break;
-			proxy_pass            http://{{ url_base }}:5601/;
+			proxy_pass            http://{{ manager_ip }}:5601/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -269,7 +270,7 @@ http {
 		}
 
 		location /nodered/ {
-			proxy_pass http://{{ url_base }}:1880/;
+			proxy_pass http://{{ manager_ip }}:1880/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -282,7 +283,7 @@ http {
 		}
 		
 		location /playbook/ {
-			proxy_pass            http://{{ url_base }}:3200/playbook/;
+			proxy_pass            http://{{ manager_ip }}:3200/playbook/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -301,7 +302,7 @@ http {
 		{%- else %}
 
 		location /fleet/ {
-			proxy_pass https://{{ url_base }}:8080;
+			proxy_pass https://{{ manager_ip }}:8080;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -314,7 +315,7 @@ http {
 		{%- endif %}
 
 		location /thehive/ {
-			proxy_pass            http://{{ url_base }}:9000/thehive/;
+			proxy_pass            http://{{ manager_ip }}:9000/thehive/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_http_version    1.1; # this is essential for chunked responses to work
@@ -326,7 +327,7 @@ http {
 		}
 
 		location /cortex/ {
-			proxy_pass            http://{{ url_base }}:9001/cortex/;
+			proxy_pass            http://{{ manager_ip }}:9001/cortex/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_http_version    1.1; # this is essential for chunked responses to work
@@ -338,7 +339,7 @@ http {
 		}
 		
 		location /soctopus/ {
-			proxy_pass            http://{{ url_base }}:7000/;
+			proxy_pass            http://{{ manager_ip }}:7000/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;
@@ -364,7 +365,7 @@ http {
 			if ($http_authorization = "") {
 				return 403;
 			}
-			proxy_pass            http://{{ url_base }}:9822/;
+			proxy_pass            http://{{ manager_ip }}:9822/;
 			proxy_read_timeout    90;
 			proxy_connect_timeout 90;
 			proxy_set_header      Host $host;

salt/pcap/files/sensoroni.json

@@ -1,4 +1,4 @@
-{%- set MANAGER = salt['grains.get']('master') -%}
+{%- set URLBASE = salt['pillar.get']('global:url_base') %}
 {%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%}
 {%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms', 10000) -%}
 {
@@ -6,7 +6,7 @@
   "logLevel":"info",
   "agent": {
     "pollIntervalMs": {{ CHECKININTERVALMS if CHECKININTERVALMS else 10000 }},
-    "serverUrl": "https://{{ MANAGER }}/sensoroniagents",
+    "serverUrl": "https://{{ URLBASE }}/sensoroniagents",
     "verifyCert": false,
     "modules": {
       "importer": {},

salt/soctopus/files/SOCtopus.conf

@@ -1,4 +1,5 @@
 {%- set MANAGER = salt['pillar.get']('global:url_base', '') %}
+{%- set URLBASE = salt['pillar.get']('global:url_base', '') %}
 {%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %}
 {%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
 {%- set PLAYBOOK_KEY = salt['pillar.get']('playbook:api_key', '') %}
@@ -14,7 +15,7 @@ es_verifycert = no
 
 [cortex]
 auto_analyze_alerts = no
-cortex_url = https://{{MANAGER}}/cortex/
+cortex_url = https://{{URLBASE}}/cortex/
 cortex_key = {{ CORTEXKEY }}
 supported_analyzers = Urlscan_io_Search,CERTatPassiveDNS
 
@@ -35,7 +36,7 @@ grr_user = YOURGRRUSER
 grr_pass = YOURGRRPASS
 
 [hive]
-hive_url = https://{{MANAGER}}/thehive/
+hive_url = https://{{URLBASE}}/thehive/
 hive_key = {{ HIVEKEY }}
 hive_tlp = 3
 hive_verifycert = no
@@ -66,7 +67,7 @@ soc_url = http://{{MANAGER}}:9822
 
 [playbook]
 playbook_url = http://{{MANAGER}}:3200/playbook
-playbook_ext_url = https://{{MANAGER}}/playbook
+playbook_ext_url = https://{{URLBASE}}/playbook
 playbook_key = {{ PLAYBOOK_KEY }}
 playbook_verifycert = no
 playbook_unit_test_index = playbook-testing

salt/thehive/scripts/cortex_init

@@ -1,5 +1,5 @@
 #!/bin/bash
-# {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
+# {%- set URLBASE = salt['pillar.get']('global:url_base', '') %}
 # {%- set CORTEXUSER = salt['pillar.get']('global:cortexuser', 'cortexadmin') %}
 # {%- set CORTEXPASSWORD = salt['pillar.get']('global:cortexpassword', 'cortexchangeme') %}
 # {%- set CORTEXKEY = salt['pillar.get']('global:cortexkey', '') %}
@@ -17,7 +17,7 @@ cortex_clean(){
 
 cortex_init(){
     sleep 60
-    CORTEX_IP="{{MANAGERIP}}"
+    CORTEX_API_URL="{{URLBASE}}/cortex/api"
     CORTEX_USER="{{CORTEXUSER}}"
     CORTEX_PASSWORD="{{CORTEXPASSWORD}}"
     CORTEX_KEY="{{CORTEXKEY}}"    
@@ -29,31 +29,30 @@ cortex_init(){
 
 
     # Migrate DB
-    curl -v -k -XPOST -L "https://$CORTEX_IP:/cortex/api/maintenance/migrate"
+    curl -v -k -XPOST -L "https://$CORTEX_API_URL/maintenance/migrate"
 
     # Create intial Cortex superadmin
-    curl -v -k -L "https://$CORTEX_IP/cortex/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$CORTEX_USER\",\"name\" : \"$CORTEX_USER\",\"roles\" : [\"superadmin\"],\"preferences\" : \"{}\",\"password\" : \"$CORTEX_PASSWORD\", \"key\": \"$CORTEX_KEY\"}"
+    curl -v -k -L "https://$CORTEX_API_URL/user" -H "Content-Type: application/json" -d "{\"login\" : \"$CORTEX_USER\",\"name\" : \"$CORTEX_USER\",\"roles\" : [\"superadmin\"],\"preferences\" : \"{}\",\"password\" : \"$CORTEX_PASSWORD\", \"key\": \"$CORTEX_KEY\"}"
 
     # Create user-supplied org
-    curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/organization" -d "{  \"name\": \"$CORTEX_ORG_NAME\",\"description\": \"$CORTEX_ORG_DESC\",\"status\": \"Active\"}"
+    curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/organization" -d "{  \"name\": \"$CORTEX_ORG_NAME\",\"description\": \"$CORTEX_ORG_DESC\",\"status\": \"Active\"}"
     
     # Create user-supplied org user
-    curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_ORG_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_ORG_USER\",\"key\": \"$CORTEX_ORG_USER_KEY\" }"
+    curl -k -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user" -d "{\"name\": \"$CORTEX_ORG_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_ORG_USER\",\"key\": \"$CORTEX_ORG_USER_KEY\" }"
 
     # Enable URLScan.io Analyzer
-    curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/organization/analyzer/Urlscan_io_Search_0_1_0" -d '{"name":"Urlscan_io_Search_0_1_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2}}'
+    curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/organization/analyzer/Urlscan_io_Search_0_1_0" -d '{"name":"Urlscan_io_Search_0_1_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2}}'
 
     # Enable Cert PassiveDNS Analyzer
-    curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_IP/cortex/api/organization/analyzer/CERTatPassiveDNS_2_0" -d '{"name":"CERTatPassiveDNS_2_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2, "limit": 100}}'
+    curl -v -k -XPOST -H "Authorization: Bearer $CORTEX_ORG_USER_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/organization/analyzer/CERTatPassiveDNS_2_0" -d '{"name":"CERTatPassiveDNS_2_0","configuration":{"auto_extract_artifacts":false,"check_tlp":true,"max_tlp":2, "limit": 100}}'
 	
     # Revoke $CORTEX_USER key
-    curl -k -XDELETE -H "Authorization: Bearer $CORTEX_KEY" -L "https:///$CORTEX_IP/api/user/$CORTEX_USER/key" 
+    curl -k -XDELETE -H "Authorization: Bearer $CORTEX_KEY" -L "https://$CORTEX_API_URL/user/$CORTEX_USER/key" 
 
     # Update SOCtopus config with apikey value
     #sed -i "s/cortex_key = .*/cortex_key = $CORTEX_KEY/" $SOCTOPUS_CONFIG
 
     touch /opt/so/state/cortex.txt
-
 }
 
 if [ -f /opt/so/state/cortex.txt ]; then
@@ -61,7 +60,7 @@ if [ -f /opt/so/state/cortex.txt ]; then
     exit 0
 else
     rm -f garbage_file
-    while ! wget -O garbage_file {{MANAGERIP}}:9500 2>/dev/null
+    while ! wget -O garbage_file {{URLBASE}}:9500 2>/dev/null
     do
       echo "Waiting for Elasticsearch..."
       rm -f garbage_file

salt/thehive/scripts/hive_init

@@ -1,5 +1,6 @@
 #!/bin/bash
 # {%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
+# {%- set URLBASE = salt['pillar.get']('global:url_base', '') %}
 # {%- set THEHIVEUSER = salt['pillar.get']('global:hiveuser', 'hiveadmin') %}
 # {%- set THEHIVEPASSWORD = salt['pillar.get']('global:hivepassword', 'hivechangeme') %}
 # {%- set THEHIVEKEY = salt['pillar.get']('global:hivekey', '') %}
@@ -11,7 +12,8 @@ thehive_clean(){
 
 thehive_init(){
     sleep 120
-    THEHIVE_IP="{{MANAGERIP}}"
+    THEHIVE_URL="{{URLBASE}}/thehive"
+    THEHIVE_API_URL="$THEHIVE_URL/api"
     THEHIVE_USER="{{THEHIVEUSER}}"
     THEHIVE_PASSWORD="{{THEHIVEPASSWORD}}"
     THEHIVE_KEY="{{THEHIVEKEY}}"
@@ -21,7 +23,7 @@ thehive_init(){
     COUNT=0
     THEHIVE_CONNECTED="no"
     while [[ "$COUNT" -le 240 ]]; do
-        curl --output /dev/null --silent --head --fail -k "https://$THEHIVE_IP/thehive"
+        curl --output /dev/null --silent --head --fail -k "https://$THEHIVE_URL"
             if [ $? -eq 0 ]; then
                 THEHIVE_CONNECTED="yes"
                 echo "connected!"
@@ -36,15 +38,15 @@ thehive_init(){
     if [ "$THEHIVE_CONNECTED" == "yes" ]; then
     
         # Migrate DB
-        curl -v -k -XPOST -L "https://$THEHIVE_IP:/thehive/api/maintenance/migrate"
+        curl -v -k -XPOST -L "https://$THEHIVE_API_URL/maintenance/migrate"
 
         # Create intial TheHive user
-        curl -v -k -L "https://$THEHIVE_IP/thehive/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASSWORD\", \"key\": \"$THEHIVE_KEY\"}"
+        curl -v -k -L "https://$THEHIVE_API_URL/user" -H "Content-Type: application/json" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASSWORD\", \"key\": \"$THEHIVE_KEY\"}"
    
         # Pre-load custom fields
         #
         # reputation
-        curl -v -k -L "https://$THEHIVE_IP/thehive/api/list/custom_fields" -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -d "{\"value\":{\"name\": \"reputation\", \"reference\": \"reputation\", \"description\": \"This field provides an overall reputation status for an address/domain.\", \"type\": \"string\", \"options\": []}}"
+        curl -v -k -L "https://$THEHIVE_API_URL/list/custom_fields" -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" -d "{\"value\":{\"name\": \"reputation\", \"reference\": \"reputation\", \"description\": \"This field provides an overall reputation status for an address/domain.\", \"type\": \"string\", \"options\": []}}"
 
    
         touch /opt/so/state/thehive.txt