CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

The Hive - Wes Mods

Browse Source
This commit is contained in:
Mike Reeves
2019-03-28 10:40:29 -04:00
parent f08ab2ec2a
commit fce80236de
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/hive/thehive/files/hive_init.sh → salt/hive/thehive/scripts/hive_init.sh
View File

@@ -5,7 +5,7 @@
{%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %} {%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}
hive_init(){ hive_init(){
sleep 60
HIVE_IP="{{MASTERIP}}" HIVE_IP="{{MASTERIP}}"
HIVE_USER="{{HIVEUSER}}" HIVE_USER="{{HIVEUSER}}"
HIVE_PASSWORD="{{HIVEPASSWORD}}" HIVE_PASSWORD="{{HIVEPASSWORD}}"
@@ -16,16 +16,16 @@ hive_init(){
# Generate unique ID for apikey # Generate unique ID for apikey
HIVE_KEY="{{HIVEKEY}}" HIVE_KEY="{{HIVEKEY}}"
# Create intial TheHive user # Create intial TheHive user
curl -v -k "https://$HIVE_IP/thehive/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$HIVE_$USER\",\"name\" : \"$HIVE_USER\",\"roles\" : [\"read\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$HIVE_PASSWORD\", \"key\": \"$HIVE_KEY\"}" curl -v -k "https://$HIVE_IP/thehive/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$HIVE_$USER\",\"name\" : \"$HIVE_USER\",\"roles\" : [\"read\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$HIVE_PASSWORD\", \"key\": \"$HIVE_KEY\"}"
# Update SOCtopus config with apikey value # Update SOCtopus config with apikey value
sed -i "s/hive_key = .*/hive_key = $HIVE_KEY/" $SOCTOPUS_CONFIG #sed -i "s/hive_key = .*/hive_key = $HIVE_KEY/" $SOCTOPUS_CONFIG
# Check for correct authentication # Check for correct authentication
#curl -v -k -H "Authorization: Bearer $HIVE_KEY" "https://$HIVE_IP/thehive/api/user/$USER" #curl -v -k -H "Authorization: Bearer $HIVE_KEY" "https://$HIVE_IP/thehive/api/user/$USER"
touch /opt/so/state/thehive.txt touch /opt/so/state/thehive.txt
} }

5
salt/soctopus/files/SOCtopus.conf
View File

@@ -1,4 +1,5 @@
{%- set ip = salt['pillar.get']('static:masterip', '') %} {%- set ip = salt['pillar.get']('static:masterip', '') %}
{%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}
[es] [es]
es_url = http://{{ip}}:9200 es_url = http://{{ip}}:9200
@@ -20,14 +21,14 @@ grr_pass = YOURGRRPASS
[hive] [hive]
hive_url = https://{{ip}}/thehive/ hive_url = https://{{ip}}/thehive/
hive_key = YOURHIVEKEY hive_key = {{ HIVEKEY }}
hive_tlp = 3 hive_tlp = 3
hive_verifycert = False hive_verifycert = False
[misp] [misp]
misp_url = YOURMISPURL misp_url = YOURMISPURL
misp_key = YOURMISPKEY misp_key = YOURMISPKEY
misp_verifycert = False misp_verifycert = False
distrib = 0 distrib = 0
threat = 4 threat = 4
analysis = 0 analysis = 0

4
so-setup-network.sh
View File

@@ -427,6 +427,7 @@ generate_passwords(){
# Generate Random Passwords for Things # Generate Random Passwords for Things
MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
HIVEKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
} }
get_filesystem_nsm(){ get_filesystem_nsm(){
@@ -588,6 +589,9 @@ master_static() {
echo " broversion: $BROVERSION" >> /opt/so/saltstack/pillar/static.sls echo " broversion: $BROVERSION" >> /opt/so/saltstack/pillar/static.sls
echo " ids: $NIDS" >> /opt/so/saltstack/pillar/static.sls echo " ids: $NIDS" >> /opt/so/saltstack/pillar/static.sls
echo " masterip: $MAINIP" >> /opt/so/saltstack/pillar/static.sls echo " masterip: $MAINIP" >> /opt/so/saltstack/pillar/static.sls
echo " hiveuser: hiveadmin" >> /opt/so/saltstack/pillar/static.sls
echo " hivepassword: hivechangeme" >> /opt/so/saltstack/pillar/static.sls
echo " hivekey: $HIVEKEY" >> /opt/so/saltstack/pillar/static.sls
if [[ $MASTERUPDATES == 'MASTER' ]]; then if [[ $MASTERUPDATES == 'MASTER' ]]; then
echo " masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls echo " masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls
else else