From 0df23d83ac9225d55ef00ebcbfe8a0e113ea6858 Mon Sep 17 00:00:00 2001 From: Arne Oslebo <arne.oslebo@uninett.no> Date: Wed, 23 Sep 2020 14:49:43 +0200 Subject: [PATCH] Updated README. Various bugfixes --- README.md | 33 +++++++++++++++++++++------- group_vars/all/main.yml | 31 +++++++++++++------------- roles/nifi/templates/users.xml.j2 | 2 +- roles/soctools-server/tasks/main.yml | 3 +-- 4 files changed, 43 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 62ce30f..8c28bb9 100644 --- a/README.md +++ b/README.md @@ -6,20 +6,37 @@ SOCTools is a set of tools that can be used by a SOC for collecting and analyzin Installation ------------ -Edit soctools-inventory and add the desired docker containers to be deployed. The playbook has been tested on CentOS 7. -Review *all* settings in group_vars/all/main.yml. +Do a minimal installation of CentOS 7. + +Log in and install ansible: +# yum -y install epel-release +# yum -y install ansible git +# ansible-galaxy collection install ansible.posix + +Clone soctools: +# git clone --single-branch --branch dev1 https://scm.uninett.no/geant-wp8-t3.1/soctools.git +# cd soctools + +Install soctools: +Edit group_vars/all/main.yml and change 'dslproxy' so that it point to the FQDN of the server. +# vi group_vars/all/main.yml The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana. +To configure the server running soctools, run the ansible playbook: +# ansible-playbook -i soctools-inventory soctools_server.yml + To build the Docker images needed, run the ansible playbook: -`ansible-playbook -i soctools-inventory buildimages.yml` +# ansible-playbook -i soctools-inventory buildimages.yml To build the CA needed for host and user certificates, run the ansible playbook: -`ansible-playbook -i soctools-inventory buildca.yml` -User certificates are exported in roles/ca/files/CA/private. +# ansible-playbook -i soctools-inventory buildca.yml +User certificates are can be found in the directory roles/ca/files/CA/private. Import into browser for authentication. + +To start the cluster, run the ansible playbook soctools.yml: +# ansible-playbook -i soctools-inventory soctools.yml -t start -To start and stop the cluster, run the ansible playbook soctools.yml: -`ansible-playbook -i soctools-inventory soctools.yml -t start` to start the cluster. -`ansible-playbook -i soctools-inventory soctools.yml -t stop` to stop the cluster. +To stop the cluster, run the ansible playbook soctools.yml: +# ansible-playbook -i soctools-inventory soctools.yml -t stop The NiFi interface should now be available on port 9443 on the server. The OpenDistro for Elasticsearch interface should now be available on port 5601 on the server. diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 93108ef..ec6afaa 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -2,6 +2,22 @@ dslproxy: "<CHANGE_ME:hostname>" +soctools_users: + - firstname: "Arne" + lastname: "Oslebo" + username: "arne.oslebo" + email: "arne.oslebo@uninett.no" + DN: "CN=Arne Oslebo" + CN: "Arne Oslebo" + password: "Pass002" + - firstname: "Bozidar" + lastname: "Proevski" + username: "bozidar.proevski" + email: "bozidar.proevski@finki.ukim.mk" + DN: "CN=Bozidar Proevski" + CN: "Bozidar Proevski" + password: "Pass001" + # TheHive Button plugin THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/" THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0" @@ -42,21 +58,6 @@ nifi_repo: "https://archive.apache.org/dist" ca_cn: "SOCTOOLS-CA" -soctools_users: - - firstname: "Arne" - lastname: "Oslebo" - username: "arne.oslebo" - email: "arne.oslebo@uninett.no" - DN: "CN=Arne Oslebo" - CN: "Arne Oslebo" - password: "Pass002" - - firstname: "Bozidar" - lastname: "Proevski" - username: "bozidar.proevski" - email: "bozidar.proevski@finki.ukim.mk" - DN: "CN=Bozidar Proevski" - CN: "Bozidar Proevski" - password: "Pass001" odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}" odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}" diff --git a/roles/nifi/templates/users.xml.j2 b/roles/nifi/templates/users.xml.j2 index a579698..92adb5d 100644 --- a/roles/nifi/templates/users.xml.j2 +++ b/roles/nifi/templates/users.xml.j2 @@ -17,7 +17,7 @@ <user identifier="c78caf19-016f-1000-0001-{{'%012d'|format(loop.index) }}" identity="CN={{ nifi }}"/> {% endfor %} {% for user in soctools_users %} - <user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.username }}"/> + <user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.DN }}"/> {% endfor %} </users> </tenants> diff --git a/roles/soctools-server/tasks/main.yml b/roles/soctools-server/tasks/main.yml index 7b5739e..57cb4b4 100644 --- a/roles/soctools-server/tasks/main.yml +++ b/roles/soctools-server/tasks/main.yml @@ -36,8 +36,7 @@ - name: Configure fw ansible.posix.firewalld: - source: "{{ soctools_network }}" - zone: public + rich_rule: "rule family=ipv4 source address={{ soctools_network }} accept" permanent: yes state: enabled -- GitLab