diff --git a/configure.sh b/configure.sh index 72040949da31820948ea12eb0f61b0e0136860ea..048a152f4d4d8579c0cf11c9b65551e8dab55df8 100755 --- a/configure.sh +++ b/configure.sh @@ -11,8 +11,8 @@ wait () { done } -echo "By default, all services except HAProxy stats and OPENSEARCH are public!" -echo "The configuration file: access.ips is used to configure external access to the services" +echo "By default, all services except OPENSEARCH are public!" +echo "The configuration file access.ips is used to limit access to the services only to the configured IP ranges." echo "Do you want to modify/edit this file now?" read -p "(yes|no) [no] : " MODIFY MODIFY=${MODIFY:-no} @@ -74,22 +74,22 @@ else read -p "[$(hostname -f)]: " soctoolsproxy soctoolsproxy=${soctoolsproxy:-$(hostname -f)} echo - echo "Organization's top level domain (will be used as organization name and organization domain in different services)" - read -p 'domain: ' domain - if [ -z $domain ]; then - echo "Error: Empty string for domain! exiting..." + echo "Name of your organization (it will be used as organization name in MISP, The Hive and Cortex)" + read -p 'organization: ' organization + if [ -z $organization ]; then + echo "Error: Empty string for organization! exiting..." exit 1 fi echo echo echo echo "Please provide the following parameters for the first SOCTools user, which will be created during the initialization with organization admin privileges:" - echo "username - Username of the user" + echo "username - Username of the user" echo "firstname - First name of the user" - echo "lastname - Last name of the user" - #echo "DN - Distinguished Name of the user, for user certificate" - #echo "CN - Common Name of the user, for user certificate" - echo "Email will be generated automatically in Username@Domain format because of format restrictions in some services" + echo "lastname - Last name of the user" + echo "email - Email of the user" + #echo "DN - Distinguished Name of the user, for user certificate" + #echo "CN - Common Name of the user, for user certificate" echo "" read -p "username: " username if [ -z "$username" ]; then @@ -98,6 +98,7 @@ else fi read -p "firstname: " firstname read -p "lastname: " lastname + read -p "email: " email #read -p "Enter CN for Certificate [${firstname}${lastname}]: " CN #CN=${CN:-${firstname}${lastname}} CN="$username" @@ -106,11 +107,12 @@ else echo echo echo "Please check the gathered variables and type 'yes' if everything is correct:" - echo "soctoolsproxy: $soctoolsproxy" - echo "domain: $domain" + echo "soctoolsproxy: $soctoolsproxy" + echo "organization: $organization" echo "firstname: $firstname" echo "lastname: $lastname" echo "username: $username" + echo "email: $email" echo "DN: $DN" echo "CN: $CN" echo @@ -127,7 +129,7 @@ else sed -i "11s/CHANGE_ME_FIRST_NAME/${firstname}/" group_vars/all/variables.yml sed -i "12s/CHANGE_ME_LAST_NAME/${lastname}/" group_vars/all/variables.yml sed -i "13s/soc_admin/${username}/" group_vars/all/variables.yml - sed -i "14s/soc_admin/${username}/" group_vars/all/variables.yml + sed -i "14s/soc_admin@example.org/${email}/" group_vars/all/variables.yml sed -i "15s/CN=soc_admin/${DN}/" group_vars/all/variables.yml sed -i "16s/soc_admin/${CN}/" group_vars/all/variables.yml sed -i "26s/soc_admin/${username}/" group_vars/all/variables.yml diff --git a/group_vars/all/variables.template b/group_vars/all/variables.template index 286875f7d467c3474ff7630a5d0b610d4d989c95..203f2f5f571db550c0d08b2746c554b3976f9b8e 100644 --- a/group_vars/all/variables.template +++ b/group_vars/all/variables.template @@ -3,26 +3,26 @@ # set FQDN which will be used to access the soctools services. (the DNS record should already be in place.) soctoolsproxy: "CHANGE_ME_TO_FQDN" -# Organization's top level domain (will be used as organization name and organization domain in different services) -domain: "soctools.test" +# Short organization name (will be used as org. name in MISP, The Hive and Cortex) +org_name: "SOCTools" #List of users which will be created during the initialization with organization admin privileges soctools_users: - firstname: "CHANGE_ME_FIRST_NAME" lastname: "CHANGE_ME_LAST_NAME" username: "soc_admin" - email: "soc_admin@{{domain}}" + email: "soc_admin@example.org" DN: "CN=soc_admin" CN: "soc_admin" # - firstname: "SOC Admin 2" # lastname: "" # username: "soc_admin_2" -# email: "soc_admin_2@{{domain}}" +# email: "soc_admin_2@example.org" # DN: "CN=soc_admin_2" # CN: "soc_admin_2" -# list of users(username) from previous step which will recive admin roles in OPENSEARCH. (Minimum one user is required) -ODFE_ADMIN_USERS: +# list of users(username) from previous step which will recive admin roles in OpenSearch Dashboards. (Minimum one user is required) +OSD_ADMIN_USERS: - soc_admin # - soc_admin_2 diff --git a/roles/cortex/tasks/configure.yml b/roles/cortex/tasks/configure.yml index 7e94fcbf22f82f7d92a37bfa19ecd7e0dd31d622..a02b3a22d65f6b317de414570a9964385cbd037e 100644 --- a/roles/cortex/tasks/configure.yml +++ b/roles/cortex/tasks/configure.yml @@ -59,6 +59,22 @@ shell: "curl -XPOST -H 'Authorization: Bearer {{cortexadminuserapikey}}' -H 'Content-Type: application/json' 'http://127.0.0.1:9001/api/organization' -d @/tmp/cortex_organization.json" run_once: True +- name: generate json files for creating users + remote_user: root + template: + src: users.json + dest: /tmp/{{ item.username }}.json + with_items: + - "{{ soctools_users }}" + +- name: create users + remote_user: root + shell: "curl -XPOST -H 'Authorization: Bearer {{cortexadminuserapikey}}' -H 'Content-Type: application/json' http://127.0.0.1:9001/api/user -d @/tmp/{{item.username}}.json" + args: + warn: false + with_items: + - "{{ soctools_users }}" + - name: disable basic auth remote_user: root lineinfile: diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2 index 4155af9a310b65dcd141dcb4f7002941c1954fa4..88f53336f373669fc46da3339e5b1f10d575f352 100644 --- a/roles/cortex/templates/application.conf.j2 +++ b/roles/cortex/templates/application.conf.j2 @@ -127,7 +127,7 @@ auth { # scope = "profile" userIdField = "email" - scope = ["openid email profile"] + scope = ["openid"] } ws.ssl.trustManager { @@ -143,17 +143,18 @@ auth { # Single-Sign On sso { - autocreate = true - autoupdate = true - autologin = true + #autocreate = true + #autoupdate = true + #autologin = true defaultRoles = ["read", "analyze"] - defaultOrganization = "{{domain}}" + defaultOrganization = "{{org_name}}" mapper = simple attributes { login = "email" - name = "email" - roles = "roles" + name = "preferred_username" + # roles = "roles" + # organization = "organization" } } } diff --git a/roles/cortex/templates/cortex_organization.json b/roles/cortex/templates/cortex_organization.json index f1c58fff9d6cd9c75504d07294754903bba26fcf..d094f769a5dd7c4994758a428b47bd45746c5f91 100644 --- a/roles/cortex/templates/cortex_organization.json +++ b/roles/cortex/templates/cortex_organization.json @@ -1 +1 @@ -{"name": "{{domain}}", "description": "{{domain}}", "status": "Active"} +{"name": "{{org_name}}", "description": "{{org_name}}", "status": "Active"} diff --git a/roles/cortex/templates/users.json b/roles/cortex/templates/users.json new file mode 100644 index 0000000000000000000000000000000000000000..e9a8f8bf18ee477997888e501a03131dd54ea873 --- /dev/null +++ b/roles/cortex/templates/users.json @@ -0,0 +1,6 @@ +{ + "login": "{{ item.email }}", + "name": "{{ item.firstname }} {{ item.lastname }}", + "roles": ["read", "analyze", "orgadmin"], + "organization": "{{ org_name }}" +} diff --git a/roles/opensearch-dashboards/templates/role.json.j2 b/roles/opensearch-dashboards/templates/role.json.j2 index 9d67a52fb225237029d74bcaa8b381857a3f1eb2..1e7c2ae4cc63742e63e2e8b04b78970780b8d47a 100644 --- a/roles/opensearch-dashboards/templates/role.json.j2 +++ b/roles/opensearch-dashboards/templates/role.json.j2 @@ -6,7 +6,7 @@ ], "users":[ -{% for user in ODFE_ADMIN_USERS %} +{% for user in OSD_ADMIN_USERS %} "{{ user }}", {% endfor %} "admin" diff --git a/roles/thehive/tasks/organization.yml b/roles/thehive/tasks/organization.yml index 03528a7f73e92a5c512292d0a3a45fbaa3f1fa3e..4477ab32fe13b94b946dc29a66dc9063e4896f28 100644 --- a/roles/thehive/tasks/organization.yml +++ b/roles/thehive/tasks/organization.yml @@ -8,8 +8,8 @@ Authorization: "Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}" body_format: form-urlencoded body: - name: "{{ domain }}" - description: "{{ domain }}" + name: "{{ org_name }}" + description: "{{ org_name }}" status_code: 201 ignore_errors: True diff --git a/roles/thehive/templates/application.conf.j2 b/roles/thehive/templates/application.conf.j2 index 7dfc7e13003f85fa8bc8f1931d3cf27d6dfa4b6c..b9f07820acf3008d85f46e67531ef875c8d6ef6b 100644 --- a/roles/thehive/templates/application.conf.j2 +++ b/roles/thehive/templates/application.conf.j2 @@ -49,10 +49,6 @@ storage { # More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Authentication.md auth { providers: [ -// {name: session} # required ! -// {name: basic, realm: thehive} -// {name: local} -// {name: key} {name: session} # required ! {name: basic, realm: thehive} {name: local} @@ -70,24 +66,9 @@ auth { userUrl: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo" // scope: ["openid", "email"] scope: ["openid"] - userIdField: "email" -// userIdField: "name" + userIdField: "email" # TheHive requires user id to be an email address } ] - sso { - autocreate: true - autoupdate: true - autologin: true - mapper: "simple" -// attributes { -// login: "login" -// name: "name" -// roles: "role" -// } - defaultRoles: ["read", "write", "admin"] - defaultOrganization: "{{domain}}" -// defaultOrganization: "demo" - } ws.ssl.trustManager { stores = [ { @@ -99,10 +80,17 @@ auth { } # The format of logins must be valid email address format. If the provided login doesn't contain `@` the following # domain is automatically appended - defaultUserDomain: "{{domain}}" -# defaultUserDomain: "thehive.local" + defaultUserDomain: "thehive.local" } +# Automatically create new user when logged in using SSO and does not exist yet +#user: { +# autoCreateOnSso: true +# defaults.profile: "analyst" +# defaults.organisation: "{{ org_name }}" +#} + + ## CORTEX configuration # More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Connectors.md # Enable Cortex connector diff --git a/roles/thehive/templates/kibanauser.json b/roles/thehive/templates/kibanauser.json index 5f8a56275cca4d2ce4b1c315e6c5296d23965a00..dd4f4628d7200f94ff9663084a057e3d10005467 100644 --- a/roles/thehive/templates/kibanauser.json +++ b/roles/thehive/templates/kibanauser.json @@ -2,5 +2,5 @@ "login": "{{ THEHIVE_KIBANA_USER.username }}", "name": "{{ THEHIVE_KIBANA_USER.name }} {{ THEHIVE_KIBANA_USER.surname }}", "roles": {{ THEHIVE_KIBANA_USER.roles }}, - "organisation": "{{ domain }}" + "organisation": "{{ org_name }}" } diff --git a/roles/thehive/templates/users.json b/roles/thehive/templates/users.json index 123f1712d62daa81084f3733a642785c89edbe4d..b8d5ac713c94bd6a106acbc47ec4304f5768c5d9 100644 --- a/roles/thehive/templates/users.json +++ b/roles/thehive/templates/users.json @@ -1,6 +1,6 @@ { - "login": "{{ item.username }}", + "login": "{{ item.email }}", "name": "{{ item.firstname }} {{ item.lastname }}", "roles": ["read", "write", "admin"], - "organisation": "{{ domain }}" + "organisation": "{{ org_name }}" }