diff --git a/roles/build/files/kibanalogrotate.conf b/roles/build/files/kibanalogrotate.conf
new file mode 100644
index 0000000000000000000000000000000000000000..3b753cebacfcc15e97862cab618cbbdaa93686a3
--- /dev/null
+++ b/roles/build/files/kibanalogrotate.conf
@@ -0,0 +1,8 @@
+/usr/share/kibana/kblog
+{
+ rotate 0
+ daily
+ missingok
+ notifempty
+ copytruncate
+}
diff --git a/roles/build/files/kibanasupervisord.conf b/roles/build/files/kibanasupervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..7216d6eb5ab37e4c702e46843dbb096d129678a3
--- /dev/null
+++ b/roles/build/files/kibanasupervisord.conf
@@ -0,0 +1,33 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:kibana]
+user=kibana
+directory=/usr/share/kibana
+command=sh -c "/usr/share/kibana/bin/kibana -c /usr/share/kibana/config/kibana.yml > kblog 2>&1"
+
+[program:cron]
+autostart=true
+autorestart=true
+command=crond -n
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/cron_stderr.log
+stdout_logfile = /var/log/supervisor/cron_stdout.log
+
diff --git a/roles/build/templates/odfekibana/Dockerfile-kibana.j2 b/roles/build/templates/odfekibana/Dockerfile-kibana.j2
index 3e5d1932de7e38df805d6fa7a2bdb030261823c6..634690c46cbace0faa0500b71a5fd1831f332de0 100644
--- a/roles/build/templates/odfekibana/Dockerfile-kibana.j2
+++ b/roles/build/templates/odfekibana/Dockerfile-kibana.j2
@@ -1,5 +1,8 @@
FROM {{repo}}/centos:{{version}}{{suffix}}
+RUN yum install -y supervisor
+RUN yum clean all
+
ENV PATH="/usr/share/kibana/bin:${PATH}"
RUN groupadd -g 1000 kibana && \
@@ -13,6 +16,8 @@ RUN rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
chown -R kibana /usr/share/kibana/config/
RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
+COPY kibanasupervisord.conf /etc/supervisord.conf
+COPY kibanalogrotate.conf /etc/logrotate.d/kibana.conf
EXPOSE 5601
USER kibana
diff --git a/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2 b/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
index 256d187ee81232feb2370655f31ce43893ea1064..a8f4fdc464c3d91d3ad11c9ed336054cc4161fb8 100644
--- a/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
+++ b/roles/build/templates/odfekibana/Dockerfile-odfekibana.j2
@@ -16,5 +16,3 @@ RUN chown -R kibana:kibana /usr/share/kibana/plugins/thehive_button
RUN echo 'kibana ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-USER kibana
-
diff --git a/roles/odfekibana/tasks/main.yml b/roles/odfekibana/tasks/main.yml
index 49924ee700e2752e4c1141b68eed4f410ddf3ace..de89a77becee078489558b90d881bf0c9a967694 100644
--- a/roles/odfekibana/tasks/main.yml
+++ b/roles/odfekibana/tasks/main.yml
@@ -23,6 +23,7 @@
- start
- name: Copy certificates in odfe kibana conf dir
+ remote_user: kibana
copy:
src: "{{ item }}"
dest: "config/{{ item }}"
@@ -38,6 +39,7 @@
- start
- name: Get openid authkey
+ remote_user: kibana
set_fact:
kibanasecret: "{{lookup('file', 'files/kibanasecret',convert_data=False) | from_json }}"
tags:
@@ -62,6 +64,7 @@
# tags:
# - start
- name: Configure odfe kibana properties
+ remote_user: kibana
template:
src: "{{item}}.j2"
dest: "config/{{item}}"
@@ -71,6 +74,7 @@
- start
- name: Configure odfe kibana start script
+ remote_user: kibana
template:
src: "{{item}}.j2"
dest: "{{item}}"
@@ -87,6 +91,7 @@
- name: Generate configuration for thehive_button plugin
+ remote_user: kibana
template:
src: files/env.js.j2
dest: "/usr/share/kibana/plugins/thehive_button/public/env.js"
@@ -96,14 +101,14 @@
- start
-- name: Start OpenDistro Kibana for Elasticsearch
- command: /usr/share/kibana/startkibana.sh
- #shell: exec /usr/share/kibana/bin/kibana -c config/kibana.yml &
- #shell: "nohup /usr/share/kibana/bin/kibana -c config/kibana.yml &"
+- name: Start Supervisord (kibana and cron)
+ remote_user: root
+ shell: "/usr/bin/supervisord -c /etc/supervisord.conf &"
tags:
- start
- name: Wait for Kibana
+ remote_user: kibana
wait_for:
host: "{{groups['odfekibanacontainers'][0]}}"
port: 5601
@@ -113,6 +118,7 @@
- start
- name: Check Kibana health
+ remote_user: kibana
shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{dslproxy}}:5601/api/status" \
| egrep status....overall....state...green'
register: result
@@ -149,6 +155,7 @@
- start
- name: Import graphs to kibana
+ remote_user: kibana
shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/saved_objects/_import?overwrite=true" \
-b /tmp/cookie.txt -c /tmp/cookie.txt \
-k --user admin:{{ odfees_adminpass }} \
@@ -166,6 +173,7 @@
- start
- name: Grant admin permissions to users
+ remote_user: kibana
shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
-b /tmp/cookie.txt -c /tmp/cookie.txt \
-k --user admin:{{ odfees_adminpass }} \
@@ -196,6 +204,7 @@
# - stop
- name: Stop OpenDistro Kibana for Elasticsearch
- command: "pkill -SIGTERM -F {{inventory_hostname}}.pid"
+ remote_user: root
+ command: "pkill -SIGTERM -F /tmp/supervisord.pid"
tags:
- stop
diff --git a/soctools-inventory b/soctools-inventory
index 798d3a1e09dbecc8542815e755cbd173e5c2285d..f8897eb15739f01229c97f817908f7853db84e44 100644
--- a/soctools-inventory
+++ b/soctools-inventory
@@ -40,7 +40,7 @@ dsoclab-nifi-2 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-curren
dsoclab-nifi-3 ansible_connection=docker FILEBEAT_FILES='["/opt/nifi/nifi-current/logs/nifi-app.log","/opt/nifi/nifi-current/logs/nifi-bootstrap.log","/opt/nifi/nifi-current/logs/nifi-user.log"]' FILEBEAT_LOG_TYPE="nifi"
#dsoclab-odfe-1 ansible_connection=docker FILEBEAT_FILES='[""]'
#dsoclab-odfe-2 ansible_connection=docker FILEBEAT_FILES='[""]'
-#dsoclab-kibana ansible_connection=docker FILEBEAT_FILES='[""]'
+dsoclab-kibana ansible_connection=docker FILEBEAT_FILES='["/usr/share/kibana/kblog"]' FILEBEAT_LOG_TYPE="kibana"
#dsoclab-keycloak ansible_connection=docker FILEBEAT_FILES='[""]'
dsoclab-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log"]' FILEBEAT_LOG_TYPE="mysql"
#dsoclab-misp ansible_connection=docker FILEBEAT_FILES='[""]'