Skip to content
Snippets Groups Projects
Commit 5d3b00ad authored by Arne Øslebø's avatar Arne Øslebø
Browse files

merge dev4

parent 155783b0
No related branches found
No related tags found
No related merge requests found
Showing
with 347 additions and 12 deletions
---
- name: Create Users in TheHive
hosts: thehive
roles:
- thehive
......@@ -18,4 +18,23 @@ soctools_users:
ODFE_ADMIN_USERS:
- user1
THEHIVE_ORGANIZATION: "uninett.no"
THEHIVE_KIBANA_USER:
username: "kibana"
name: "Kibana"
surname: "User"
roles: '["read", "write"]'
THEHIVE_USERS:
- user1:
username: "user1"
name: "User1"
surname: "SOC"
roles: '["read", "write", "admin"]'
- user2:
username: "user2"
name: "User2"
surname: "SOC"
roles: '["read", "write", "admin"]'
......@@ -23,6 +23,10 @@
- "{{playbook_dir}}/secrets/CA/cacerts.jks"
- "{{playbook_dir}}/secrets/CA/ca.crt"
- name: Get openid authkey
set_fact:
cortexsecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/cortexsecret',convert_data=False) | from_json}}"
- name: Configure embedded Elasticsearch 6
remote_user: root
template:
......
......@@ -66,7 +66,7 @@ auth {
# the "ad" section below.
# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
# "ldap" section below.
provider = [local]
provider = [local,oauth2]
ad {
# The Windows domain name in DNS format. This parameter is required if you do not use
......@@ -108,6 +108,84 @@ auth {
# If 'true', use SSL to connect to the LDAP directory server.
#useSSL = true
}
oauth2 {
# URL of the authorization server
clientId = "soctools-cortex"
clientSecret = {{cortexsecret.value}}
redirectUri = "https://{{soctoolsproxy}}:9001/api/ssoLogin"
responseType = "code"
grantType = "authorization_code"
# URL from where to get the access token
authorizationUrl = "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
authorizationHeader = "Bearer"
tokenUrl = "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
# The endpoint from which to obtain user details using the OAuth token, after successful login
userUrl = "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
scope = "profile"
userIdField = "email"
#userUrl = "https://auth-site.com/api/User"
#scope = ["openid profile"]
}
ws.ssl.trustManager {
stores = [
{
type = "JKS" // JKS or PEM
path = "cacerts.jks"
password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
}
]
}
# Single-Sign On
sso {
# Autocreate user in database?
autocreate = true
# Autoupdate its profile and roles?
autoupdate = true
# Autologin user using SSO?
autologin = true
# Name of mapping class from user resource to backend user ('simple' or 'group')
#mapper = group
#mapper = simple
#attributes {
# login = "user"
# name = "name"
# groups = "groups"
# organization = "org"
#}
# defaultRoles = ["read", "write", "admin"]
# defaultOrganization = "uninett.no"
#defaultRoles = ["read"]
#defaultOrganization = "csirt"
#groups {
# # URL to retreive groups (leave empty if you are using OIDC)
# #url = "https://auth-site.com/api/Groups"
# # Group mappings, you can have multiple roles for each group: they are merged
# mappings {
# admin-profile-name = ["admin"]
# editor-profile-name = ["write"]
# reader-profile-name = ["read"]
# }
#}
mapper = simple
attributes {
login = "user"
name = "name"
roles = "roles"
organization = "org"
}
defaultRoles = ["read", "analyze"]
defaultOrganization = "uninett.no"
}
}
## ANALYZERS
......
......@@ -91,6 +91,13 @@
local: "{{playbook_dir}}/secrets/tokens/kibanasecret"
- remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/mispsecret"
local: "{{playbook_dir}}/secrets/tokens/mispsecret"
- remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/thehivesecret"
local: "{{playbook_dir}}/secrets/tokens/thehivesecret"
- remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/cortexsecret"
local: "{{playbook_dir}}/secrets/tokens/cortexsecret"
- name: Set Autostart for supervisord's services
shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
replace:
path: /etc/supervisord.conf
regexp: '^autostart=false$'
replace: 'autostart=true'
......@@ -31,6 +31,12 @@ kcadm.sh get realms/{{openid_realm}}/clients/${KIBANACLIENT}/client-secret --fie
MISPCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-misp","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{soctoolsproxy}}:6443","adminUrl": "","redirectUris": ["https://{{soctoolsproxy}}:6443/users/login/keycloak"],"webOrigins": [], "publicClient": false }')
kcadm.sh get realms/{{openid_realm}}/clients/${MISPCLIENT}/client-secret --fields value > /opt/jboss/keycloak/mispsecret
THEHIVECLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-thehive","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{soctoolsproxy}}:9000/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
kcadm.sh get realms/{{openid_realm}}/clients/${THEHIVECLIENT}/client-secret --fields value > /opt/jboss/keycloak/thehivesecret
CORTEXCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-cortex","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{soctoolsproxy}}:9001/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
kcadm.sh get realms/{{openid_realm}}/clients/${CORTEXCLIENT}/client-secret --fields value > /opt/jboss/keycloak/cortexsecret
kcadm.sh config truststore --delete
exec 1>&6 6>&-
......
// Default plugin configuration
export const THEHIVE_URL = '{{THEHIVE_URL}}';
export const THEHIVE_API_KEY = '{{THEHIVE_API_KEY}}';
export const THEHIVE_OWNER = '{{THEHIVE_OWNER}}'; // default owner account of the created cases
export const THEHIVE_URL = 'https://{{soctoolsproxy}}:9000';
export const THEHIVE_API_KEY = '{{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}';
export const THEHIVE_OWNER = '{{THEHIVE_KIBANA_USER.username}}'; // default owner account of the created cases
......@@ -126,6 +126,7 @@
-k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
-H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
-F "file=@/tmp/kibana_graphs.ndjson"'
ignore_errors: True
- name: Copy role modification json to container
remote_user: kibana
......
---
- name: copy json file for admin user
remote_user: root
template:
src: admin.json
dest: /tmp/admin.json
- name: get admin user id
remote_user: root
shell: "curl -X POST http://127.0.0.1:9000/api/login -b /tmp/cookie.txt -c /tmp/cookie.txt -H 'Content-Type: application/json' -d @/tmp/admin.json | cut -d\\\" -f4"
register: adminuser
args:
warn: false
- set_fact:
adminuserid={{ adminuser.stdout }}
- name: create admin user API KEY
shell: "curl -X POST http://127.0.0.1:9000/api/v1/user/{{ adminuserid }}/key/renew -b /tmp/cookie.txt -c /tmp/cookie.txt 2> /dev/null | tee /tmp/thehive_secret_key"
register: adminuserkey
args:
warn: false
- set_fact:
adminuserapikey={{ adminuserkey.stdout }}
- name: copy API key to local file
local_action: copy content="{{adminuserapikey}}" dest=secrets/tokens/thehive_secret_key
- name: copy json file for admin pass
remote_user: root
template:
src: adminpass.json
dest: /tmp/adminpass.json
- name: change password for admin user
shell: "curl -X POST http://127.0.0.1:9000/api/v1/user/{{ adminuserid }}/password/set -b /tmp/cookie.txt -c /tmp/cookie.txt -H 'Content-Type: application/json' -d @/tmp/adminpass.json"
args:
warn: false
---
- name: generate json files for creating users
remote_user: root
template:
src: users.json
dest: /tmp/{{ item.username }}.json
with_items:
- "{{ THEHIVE_USERS }}"
- name: create users
remote_user: root
shell: "curl -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/user -d @/tmp/{{ item.username}}.json"
args:
warn: false
with_items:
- "{{ THEHIVE_USERS }}"
---
- name: generate json file for kibana user
remote_user: root
template:
src: kibanauser.json
dest: /tmp/kibanauser.json
- name: create kibana user
remote_user: root
shell: "curl -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/user -d @/tmp/kibanauser.json | cut -d\\\" -f4"
register: kibanauser
args:
warn: false
- set_fact:
kibanauserid={{ kibanauser.stdout }}
- name: create API key for kibana user
remote_user: root
shell: "curl -XPOST -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/v1/user/{{kibanauser.stdout}}/key/renew 2> /dev/null | tee /tmp/kibanaapikey"
register: kibanaapikey
args:
warn: false
- set_fact:
kibanauserapikey={{ kibanaapikey.stdout }}
- name: copy API key to local file
local_action: copy content="{{kibanauserapikey}}" dest=secrets/tokens/thehive_kibana_secret_key
......@@ -3,6 +3,20 @@
- include: start.yml
tags:
- start
- include: adminuser.yml
tags:
- start
- include: organization.yml
tags:
- start
- include: kibanauser.yml
tags:
- start
- include: createusers.yml
tags:
- start
- create-thehive-users
- createusers
- include: stop.yml
tags:
- stop
......
---
- name: create organisation
uri:
url: "http://127.0.0.1:9000/api/organisation"
method: POST
headers:
Authorization: "Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}"
body_format: form-urlencoded
body:
name: "{{ THEHIVE_ORGANIZATION }}"
description: "{{ THEHIVE_ORGANIZATION }}"
status_code: 201
ignore_errors: True
---
- name: Copy cacert to ca-trust dir
remote_user: root
copy:
src: "{{playbook_dir}}/secrets/CA/ca.crt"
dest: /etc/pki/ca-trust/source/anchors/ca.crt
- name: Install cacert to root truststore
remote_user: root
command: "update-ca-trust"
- name: Copy certificate in thehive conf dir
copy:
src: "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
dest: "/etc/thehive/{{ inventory_hostname }}.crt"
mode: 0600
- name: Copy certificate key in thehive conf dir
copy:
src: "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
dest: "/etc/thehive/{{ inventory_hostname }}.key"
mode: 0600
- name: Copy CA certificates in thehive conf dir
copy:
src: "{{playbook_dir}}/secrets/CA/{{ item }}"
dest: "/etc/thehive/{{ item }}"
mode: 0600
with_items:
- "cacerts.jks"
- "ca.crt"
- name: Get openid authkey
set_fact:
thehivesecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehivesecret',convert_data=False) | from_json}}"
- name: Configure TheHive
remote_user: thehive
template:
......
{"user":"admin@thehive.local","password":"secret"}
{"password":"{{lookup('password', '{{playbook_dir}}/secrets/passwords/thehive_adminpass')}}"}
......@@ -5,7 +5,7 @@
## Include Play secret key
# More information on secret key at https://www.playframework.com/documentation/2.8.x/ApplicationSecret
#include "/etc/thehive/secret.conf"
play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/passwords/thehive_secret_key')}}"
play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}"
## Database configuration
db.janusgraph {
......@@ -13,7 +13,7 @@ db.janusgraph {
## Cassandra configuration
# More information at https://docs.janusgraph.org/basics/configuration-reference/#storagecql
backend: cql
hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}"]
hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}:9042"]
# Cassandra authentication (if configured)
// username: "thehive"
// password: "password"
......@@ -47,17 +47,61 @@ storage {
## Authentication configuration
# More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Authentication.md
//auth {
// providers: [
auth {
providers: [
// {name: session} # required !
// {name: basic, realm: thehive}
// {name: local}
// {name: key}
// ]
{name: session} # required !
{name: basic, realm: thehive}
{name: local}
{name: key}
{
name: oauth2
clientId: "soctools-thehive"
clientSecret: {{thehivesecret.value}}
redirectUri: "https://{{soctoolsproxy}}:9000/api/ssoLogin"
responseType: "code"
grantType: "authorization_code"
authorizationUrl: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
authorizationHeader: "Bearer"
tokenUrl: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
userUrl: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
// scope: ["openid", "email"]
scope: ["openid"]
userIdField: "email"
// userIdField: "name"
}
]
sso {
autocreate: true
autoupdate: true
autologin: true
mapper: "simple"
// attributes {
// login: "login"
// name: "name"
// roles: "role"
// }
defaultRoles: ["read", "write", "admin"]
defaultOrganization: "uninett.no"
// defaultOrganization: "demo"
}
ws.ssl.trustManager {
stores = [
{
type: "JKS" // JKS or PEM
path: "cacerts.jks"
password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
}
]
}
# The format of logins must be valid email address format. If the provided login doesn't contain `@` the following
# domain is automatically appended
// defaultUserDomain: "thehive.local"
//}
defaultUserDomain: "uninett.no"
# defaultUserDomain: "thehive.local"
}
## CORTEX configuration
# More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Connectors.md
......
{
"login": "{{ THEHIVE_KIBANA_USER.username }}",
"name": "{{ THEHIVE_KIBANA_USER.name }} {{ THEHIVE_KIBANA_USER.surname }}",
"roles": {{ THEHIVE_KIBANA_USER.roles }},
"organisation": "{{ THEHIVE_ORGANIZATION }}"
}
{
"login": "{{ item.username }}",
"name": "{{ item.name }} {{ item.surname }}",
"roles": {{ item.roles }},
"organisation": "{{ THEHIVE_ORGANIZATION }}"
}
......@@ -15,3 +15,7 @@
- name: restart soctools cluster servics
import_playbook: restart-soctools.yml
when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags or 'restart-filebeat' in ansible_run_tags or 'restart-misp' in ansible_run_tags or 'restart-mysql' in ansible_run_tags or 'restart-nifi' in ansible_run_tags or 'restart-odfees' in ansible_run_tags or 'restart-odfekibana' in ansible_run_tags"
- name: create thehive users
import_playbook: create-thehive-users.yml
when: "'create-thehive-users' in ansible_run_tags or 'createusers' in ansible_run_tags"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment