Skip to content
Snippets Groups Projects
Commit 0df23d83 authored by Arne Øslebø's avatar Arne Øslebø
Browse files

Updated README. Various bugfixes

parent a074e19a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
README.md
+ 25
8
View file @ 0df23d83
...@@ -6,20 +6,37 @@ SOCTools is a set of tools that can be used by a SOC for collecting and analyzin ...@@ -6,20 +6,37 @@ SOCTools is a set of tools that can be used by a SOC for collecting and analyzin
Installation Installation
------------ ------------
Edit soctools-inventory and add the desired docker containers to be deployed. The playbook has been tested on CentOS 7. Do a minimal installation of CentOS 7.
Review *all* settings in group_vars/all/main.yml.
Log in and install ansible:
# yum -y install epel-release
# yum -y install ansible git
# ansible-galaxy collection install ansible.posix
Clone soctools:
# git clone --single-branch --branch dev1 https://scm.uninett.no/geant-wp8-t3.1/soctools.git
# cd soctools
Install soctools:
Edit group_vars/all/main.yml and change 'dslproxy' so that it point to the FQDN of the server.
# vi group_vars/all/main.yml
The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana. The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana.
To configure the server running soctools, run the ansible playbook:
# ansible-playbook -i soctools-inventory soctools_server.yml
To build the Docker images needed, run the ansible playbook: To build the Docker images needed, run the ansible playbook:
`ansible-playbook -i soctools-inventory buildimages.yml` # ansible-playbook -i soctools-inventory buildimages.yml
To build the CA needed for host and user certificates, run the ansible playbook: To build the CA needed for host and user certificates, run the ansible playbook:
`ansible-playbook -i soctools-inventory buildca.yml` # ansible-playbook -i soctools-inventory buildca.yml
User certificates are exported in roles/ca/files/CA/private. User certificates are can be found in the directory roles/ca/files/CA/private. Import into browser for authentication.
To start the cluster, run the ansible playbook soctools.yml:
# ansible-playbook -i soctools-inventory soctools.yml -t start
To start and stop the cluster, run the ansible playbook soctools.yml: To stop the cluster, run the ansible playbook soctools.yml:
`ansible-playbook -i soctools-inventory soctools.yml -t start` to start the cluster. # ansible-playbook -i soctools-inventory soctools.yml -t stop
`ansible-playbook -i soctools-inventory soctools.yml -t stop` to stop the cluster.
The NiFi interface should now be available on port 9443 on the server. The NiFi interface should now be available on port 9443 on the server.
The OpenDistro for Elasticsearch interface should now be available on port 5601 on the server. The OpenDistro for Elasticsearch interface should now be available on port 5601 on the server.
......
group_vars/all/main.yml
+ 16
15
View file @ 0df23d83
...@@ -2,6 +2,22 @@ ...@@ -2,6 +2,22 @@
dslproxy: "<CHANGE_ME:hostname>" dslproxy: "<CHANGE_ME:hostname>"
soctools_users:
- firstname: "Arne"
lastname: "Oslebo"
username: "arne.oslebo"
email: "arne.oslebo@uninett.no"
DN: "CN=Arne Oslebo"
CN: "Arne Oslebo"
password: "Pass002"
- firstname: "Bozidar"
lastname: "Proevski"
username: "bozidar.proevski"
email: "bozidar.proevski@finki.ukim.mk"
DN: "CN=Bozidar Proevski"
CN: "Bozidar Proevski"
password: "Pass001"
# TheHive Button plugin # TheHive Button plugin
THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/" THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0" THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
...@@ -42,21 +58,6 @@ nifi_repo: "https://archive.apache.org/dist" ...@@ -42,21 +58,6 @@ nifi_repo: "https://archive.apache.org/dist"
ca_cn: "SOCTOOLS-CA" ca_cn: "SOCTOOLS-CA"
soctools_users:
- firstname: "Arne"
lastname: "Oslebo"
username: "arne.oslebo"
email: "arne.oslebo@uninett.no"
DN: "CN=Arne Oslebo"
CN: "Arne Oslebo"
password: "Pass002"
- firstname: "Bozidar"
lastname: "Proevski"
username: "bozidar.proevski"
email: "bozidar.proevski@finki.ukim.mk"
DN: "CN=Bozidar Proevski"
CN: "Bozidar Proevski"
password: "Pass001"
odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}" odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}" odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
......
roles/nifi/templates/users.xml.j2
+ 1
1
View file @ 0df23d83
...@@ -17,7 +17,7 @@ ...@@ -17,7 +17,7 @@
<user identifier="c78caf19-016f-1000-0001-{{'%012d'|format(loop.index) }}" identity="CN={{ nifi }}"/> <user identifier="c78caf19-016f-1000-0001-{{'%012d'|format(loop.index) }}" identity="CN={{ nifi }}"/>
{% endfor %} {% endfor %}
{% for user in soctools_users %} {% for user in soctools_users %}
<user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.username }}"/> <user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.DN }}"/>
{% endfor %} {% endfor %}
</users> </users>
</tenants> </tenants>
roles/soctools-server/tasks/main.yml
+ 1
2
View file @ 0df23d83
...@@ -36,8 +36,7 @@ ...@@ -36,8 +36,7 @@
- name: Configure fw - name: Configure fw
ansible.posix.firewalld: ansible.posix.firewalld:
source: "{{ soctools_network }}" rich_rule: "rule family=ipv4 source address={{ soctools_network }} accept"
zone: public
permanent: yes permanent: yes
state: enabled state: enabled
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment