Skip to content
Snippets Groups Projects
Commit f6536e84 authored by Arne Øslebø's avatar Arne Øslebø
Browse files

merge in dev01b branch

parents 7e78c6e6 f37e1b1e
No related branches found
No related tags found
No related merge requests found
Showing
with 407 additions and 3 deletions
...@@ -42,6 +42,21 @@ mysql_name: "dsoclab-mysql" ...@@ -42,6 +42,21 @@ mysql_name: "dsoclab-mysql"
mysql_img: "{{repo}}/mysql:{{version}}{{suffix}}" mysql_img: "{{repo}}/mysql:{{version}}{{suffix}}"
mysql_dbrootpass: "Pass006" mysql_dbrootpass: "Pass006"
cassandra_name: "dsoclab-cassandra"
cassandra_img: "{{repo}}/cassandra:{{version}}{{suffix}}"
thehive_name: "dsoclab-thehive"
thehive_img: "{{repo}}/thehive:{{version}}{{suffix}}"
# GENERATED WITH cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
thehive_secret_key: "LcnI9eKLo33711BmCnzf6UM1y05pdmj3dlADL81PxuffWqhobRoiiGFftjNPKpmM"
cortex_name: "dsoclab-cortex"
cortex_img: "{{repo}}/cortex:{{version}}{{suffix}}"
cortex_elasticsearch_mem: "256m"
# GENERATED WITH cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
cortex_secret_key: "9CZ844IcAp5dHjsgU4iuaEssdopLcS6opzhVP3Ys4t4eRpNlHmwZdtfveLEXpM9D"
cortex_odfe_pass: "Pass009"
kspass: "Testing003" kspass: "Testing003"
tspass: "Testing003" tspass: "Testing003"
...@@ -50,8 +65,8 @@ sysctlconfig: ...@@ -50,8 +65,8 @@ sysctlconfig:
- { key: "net.core.wmem_max", val: "4194304" } - { key: "net.core.wmem_max", val: "4194304" }
- { key: "vm.max_map_count" , val: "524288" } - { key: "vm.max_map_count" , val: "524288" }
nifi_javamem: "4g" nifi_javamem: "1g"
odfe_javamem: "2g" odfe_javamem: "512m"
nifi_version: 1.12.1 nifi_version: 1.12.1
nifi_repo: "https://archive.apache.org/dist" nifi_repo: "https://archive.apache.org/dist"
......
---
- name: Configure the cassandra Dockerfile
template:
src: cassandra/Dockerfile.j2
dest: "{{role_path}}/files/cassandraDockerfile"
- name: Build cassandra image
command: docker build -t {{repo}}/cassandra:{{version}}{{suffix}} -f {{role_path}}/files/cassandraDockerfile {{role_path}}/files
---
- name: Configure the Cortex Dockerfile
template:
src: cortex/Dockerfile.j2
dest: "{{role_path}}/files/cortexDockerfile"
- name: Build the Cortex image
command: docker build -t {{repo}}/cortex:{{version}}{{suffix}} -f {{role_path}}/files/cortexDockerfile {{role_path}}/files
...@@ -15,3 +15,6 @@ ...@@ -15,3 +15,6 @@
- include: odfekibana.yml - include: odfekibana.yml
- include: keycloak.yml - include: keycloak.yml
- include: misp.yml - include: misp.yml
- include: cassandra.yml
- include: thehive.yml
- include: cortex.yml
---
- name: Configure theHive Dockerfile
template:
src: thehive/Dockerfile.j2
dest: "{{role_path}}/files/thehiveDockerfile"
- name: Build theHive image
command: docker build -t {{repo}}/thehive:{{version}}{{suffix}} -f {{role_path}}/files/thehiveDockerfile {{role_path}}/files
FROM {{repo}}/openjdk:{{version}}{{suffix}}
USER root
#COPY cassandra.repo /etc/yum.repos.d/cassandra.repo
#COPY supervisord.conf /etc/supervisord.conf
#COPY start.sh /start.sh
RUN echo "[cassandra]" > /etc/yum.repos.d/cassandra.repo && \
echo "name=Apache Cassandra" >> /etc/yum.repos.d/cassandra.repo && \
echo "baseurl=https://downloads.apache.org/cassandra/redhat/311x/" >> /etc/yum.repos.d/cassandra.repo && \
echo "gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
echo "repo_gpgcheck=1" >> /etc/yum.repos.d/cassandra.repo && \
echo "gpgkey=https://downloads.apache.org/cassandra/KEYS" >> /etc/yum.repos.d/cassandra.repo && \
echo '#!/bin/bash' > /start.sh && \
echo 'export CASSANDRA_HOME=/usr/share/cassandra' >> /start.sh && \
echo 'export CASSANDRA_CONF=$CASSANDRA_HOME/conf' >> /start.sh && \
echo 'export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh' >> /start.sh && \
echo 'log_file=/var/log/cassandra/cassandra.log' >> /start.sh && \
echo 'pid_file=/var/run/cassandra/cassandra.pid' >> /start.sh && \
echo 'lock_file=/var/lock/subsys/cassandra' >> /start.sh && \
echo 'CASSANDRA_PROG=/usr/sbin/cassandra' >> /start.sh && \
echo '' >> /start.sh && \
echo '$CASSANDRA_PROG -p $pid_file > $log_file 2>&1' >> /start.sh && \
yum install -y epel-release && \
yum install -y cassandra supervisor && \
mkdir /usr/share/cassandra/conf && \
cp -a /etc/cassandra/conf/* /usr/share/cassandra/conf && \
chown -R cassandra:cassandra /usr/share/cassandra && \
chown -R cassandra:cassandra /var/lib/cassandra && \
sed -i -e 's,/etc/cassandra,/usr/share/cassandra,g' /usr/share/cassandra/cassandra.in.sh && \
chmod a+x /start.sh && \
yum -y clean all
EXPOSE 7000 9042
#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
USER cassandra
# ENTRYPOINT ["/start.sh"]
[cassandra]
name=Apache Cassandra
baseurl=https://downloads.apache.org/cassandra/redhat/311x/
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://downloads.apache.org/cassandra/KEYS
#!/bin/bash
export CASSANDRA_HOME=/usr/share/cassandra
export CASSANDRA_CONF=$CASSANDRA_HOME/conf
export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh
log_file=/var/log/cassandra/cassandra.log
pid_file=/var/run/cassandra/cassandra.pid
lock_file=/var/lock/subsys/cassandra
CASSANDRA_PROG=/usr/sbin/cassandra
$CASSANDRA_PROG -p $pid_file > $log_file 2>&1
[supervisord]
loglevel=debug
nodaemon=true
[program:cassandra]
user=cassandra
directory=/usr/share/cassandra
stdout_logfile=/var/log/cassandra/cassandra.log
redirect_stderr=true
environment=CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="$CASSANDRA_HOME/cassandra.in.sh"
command=/usr/sbin/cassandra -p /var/run/cassandra/cassandra.pid
FROM {{repo}}/openjdk:{{version}}{{suffix}}
USER root
#COPY thehive.repo /etc/yum.repos.d/thehive.repo
#COPY supervisord.conf /etc/supervisord.conf
#COPY start.sh /start.sh
RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
yum install -y epel-release && \
rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
yum install -y cortex supervisor daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
mkdir -p /home/cortex && \
chown -R cortex:cortex /home/cortex && \
chown -R cortex:cortex /etc/cortex && \
cd /opt && \
git clone https://github.com/TheHive-Project/Cortex-Analyzers && \
chown -R cortex:cortex /opt/Cortex-Analyzers && \
cd /opt/Cortex-Analyzers && \
for I in analyzers/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
for I in responders/*/requirements.txt; do LC_ALL=en_US.UTF-8 pip3 install --no-cache-dir -U -r $I || true; done && \
yum -y clean all
EXPOSE 9001
#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
USER cortex
# ENTRYPOINT ["/start.sh"]
# Sample Cortex application.conf file
## SECRET KEY
#
# The secret key is used to secure cryptographic functions.
#
# IMPORTANT: If you deploy your application to several instances, make
# sure to use the same key.
# # # # # #
# GENERATED WITH cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
# # # # # #
play.http.secret.key="9CZ844IcAp5dHjsgU4iuaEssdopLcS6opzhVP3Ys4t4eRpNlHmwZdtfveLEXpM9D"
## ElasticSearch
search {
# Name of the index
index = cortex3
# ElasticSearch instance address.
# For cluster, join address:port with ',': "http://ip1:9200,ip2:9200,ip3:9200"
uri = "http://dsoclab-elastic:9200"
## Advanced configuration
# Scroll keepalive.
#keepalive = 1m
# Scroll page size.
#pagesize = 50
# Number of shards
#nbshards = 5
# Number of replicas
#nbreplicas = 1
# Arbitrary settings
#settings {
# # Maximum number of nested fields
# mapping.nested_fields.limit = 100
#}
## Authentication configuration
#search.username = ""
#search.password = ""
## SSL configuration
#search.keyStore {
# path = "/path/to/keystore"
# type = "JKS" # or PKCS12
# password = "keystore-password"
#}
#search.trustStore {
# path = "/path/to/trustStore"
# type = "JKS" # or PKCS12
# password = "trustStore-password"
#}
}
## Cache
#
# If an analyzer is executed against the same observable, the previous report can be returned without re-executing the
# analyzer. The cache is used only if the second job occurs within cache.job (the default is 10 minutes).
cache.job = 10 minutes
## Authentication
auth {
# "provider" parameter contains the authentication provider(s). It can be multi-valued, which is useful
# for migration.
# The available auth types are:
# - services.LocalAuthSrv : passwords are stored in the user entity within ElasticSearch). No
# configuration are required.
# - ad : use ActiveDirectory to authenticate users. The associated configuration shall be done in
# the "ad" section below.
# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
# "ldap" section below.
provider = [local]
ad {
# The Windows domain name in DNS format. This parameter is required if you do not use
# 'serverNames' below.
#domainFQDN = "mydomain.local"
# Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
# above. If this parameter is not set, TheHive uses 'domainFQDN'.
#serverNames = [ad1.mydomain.local, ad2.mydomain.local]
# The Windows domain name using short format. This parameter is required.
#domainName = "MYDOMAIN"
# If 'true', use SSL to connect to the domain controller.
#useSSL = true
}
ldap {
# The LDAP server name or address. The port can be specified using the 'host:port'
# syntax. This parameter is required if you don't use 'serverNames' below.
#serverName = "ldap.mydomain.local:389"
# If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
#serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
# Account to use to bind to the LDAP server. This parameter is required.
#bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
# Password of the binding account. This parameter is required.
#bindPW = "***secret*password***"
# Base DN to search users. This parameter is required.
#baseDN = "ou=users,dc=mydomain,dc=local"
# Filter to search user in the directory server. Please note that {0} is replaced
# by the actual user name. This parameter is required.
#filter = "(cn={0})"
# If 'true', use SSL to connect to the LDAP directory server.
#useSSL = true
}
}
## ANALYZERS
#
analyzer {
# analyzer location
# url can be point to:
# - directory where analyzers are installed
# - json file containing the list of analyzer descriptions
urls = [
#"https://dl.bintray.com/thehive-project/cortexneurons/analyzers.json"
"/opt/Cortex-Analyzers/analyzers"
]
# Sane defaults. Do not change unless you know what you are doing.
fork-join-executor {
# Min number of threads available for analysis.
parallelism-min = 2
# Parallelism (threads) ... ceil(available processors * factor).
parallelism-factor = 2.0
# Max number of threads available for analysis.
parallelism-max = 4
}
}
# RESPONDERS
#
responder {
# responder location (same format as analyzer.urls)
urls = [
#"https://dl.bintray.com/thehive-project/cortexneurons/reponders.json"
"/opt/Cortex-Analyzers/responders"
]
# Sane defaults. Do not change unless you know what you are doing.
fork-join-executor {
# Min number of threads available for analysis.
parallelism-min = 2
# Parallelism (threads) ... ceil(available processors * factor).
parallelism-factor = 2.0
# Max number of threads available for analysis.
parallelism-max = 4
}
}
# It's the end my friend. Happy hunting!
[thehive-project]
enabled=1
priority=1
name=TheHive-Project RPM repository
baseurl=http://rpm.thehive-project.org/stable/noarch
gpgcheck=1
FROM gn43-dsl/centos:{{version}}{{suffix}} FROM {{repo}}/centos:{{version}}{{suffix}}
ENV HAPROXY_VERSION 2.2.3 ENV HAPROXY_VERSION 2.2.3
ENV HAPROXY_URL https://www.haproxy.org/download/2.2/src/haproxy-2.2.3.tar.gz ENV HAPROXY_URL https://www.haproxy.org/download/2.2/src/haproxy-2.2.3.tar.gz
......
FROM {{repo}}/openjdk:{{version}}{{suffix}}
USER root
#COPY thehive.repo /etc/yum.repos.d/thehive.repo
#COPY supervisord.conf /etc/supervisord.conf
#COPY start.sh /start.sh
RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
yum install -y epel-release && \
rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
yum install -y thehive4 supervisor daemonize vim net-tools telnet htop && \
mkdir -p /opt/thp_data/files/thehive && \
chown -R thehive:thehive /opt/thp_data/files/thehive && \
mkdir -p /home/thehive && \
chown -R thehive:thehive /home/thehive /etc/thehive && \
yum -y clean all
EXPOSE 9000
#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
USER thehive
# ENTRYPOINT ["/start.sh"]
#!/bin/bash
export CASSANDRA_HOME=/usr/share/cassandra
export CASSANDRA_CONF=$CASSANDRA_HOME/conf
export CASSANDRA_INCLUDE=$CASSANDRA_HOME/cassandra.in.sh
log_file=/var/log/cassandra/cassandra.log
pid_file=/var/run/cassandra/cassandra.pid
lock_file=/var/lock/subsys/cassandra
CASSANDRA_PROG=/usr/sbin/cassandra
$CASSANDRA_PROG -p $pid_file > $log_file 2>&1
[supervisord]
loglevel=debug
nodaemon=true
[program:cassandra]
user=cassandra
directory=/usr/share/cassandra
stdout_logfile=/var/log/cassandra/cassandra.log
redirect_stderr=true
environment=CASSANDRA_HOME="/usr/share/cassandra",CASSANDRA_CONF="/usr/share/cassandra/conf",CASSANDRA_INCLUDE="$CASSANDRA_HOME/cassandra.in.sh"
command=/usr/sbin/cassandra -p /var/run/cassandra/cassandra.pid
[thehive-project]
enabled=1
priority=1
name=TheHive-Project RPM repository
baseurl=http://rpm.thehive-project.org/stable/noarch
gpgcheck=1
...@@ -44,6 +44,8 @@ ...@@ -44,6 +44,8 @@
- "{{ groups['odfekibanacontainers'] }}" - "{{ groups['odfekibanacontainers'] }}"
- "{{ groups['keycloakcontainers'] }}" - "{{ groups['keycloakcontainers'] }}"
- "{{ groups['mispcontainers'] }}" - "{{ groups['mispcontainers'] }}"
- "{{ groups['thehive'] }}"
- "{{ groups['cortex'] }}"
- "{{ groups['haproxy'] }}" - "{{ groups['haproxy'] }}"
- "filebeat" - "filebeat"
environment: environment:
...@@ -63,6 +65,8 @@ ...@@ -63,6 +65,8 @@
- "{{ groups['odfekibanacontainers'] }}" - "{{ groups['odfekibanacontainers'] }}"
- "{{ groups['keycloakcontainers'] }}" - "{{ groups['keycloakcontainers'] }}"
- "{{ groups['mispcontainers'] }}" - "{{ groups['mispcontainers'] }}"
- "{{ groups['thehive'] }}"
- "{{ groups['cortex'] }}"
- "{{ groups['haproxy'] }}" - "{{ groups['haproxy'] }}"
- "filebeat" - "filebeat"
environment: environment:
...@@ -97,6 +101,8 @@ ...@@ -97,6 +101,8 @@
- "{{ groups['odfeescontainers'] }}" - "{{ groups['odfeescontainers'] }}"
- "{{ groups['odfekibanacontainers'] }}" - "{{ groups['odfekibanacontainers'] }}"
- "{{ groups['keycloakcontainers'] }}" - "{{ groups['keycloakcontainers'] }}"
- "{{ groups['thehive'] }}"
- "{{ groups['cortex'] }}"
- "{{ groups['mispcontainers'] }}" - "{{ groups['mispcontainers'] }}"
environment: environment:
EASYRSA_BATCH: 1 EASYRSA_BATCH: 1
...@@ -123,6 +129,13 @@ ...@@ -123,6 +129,13 @@
with_items: with_items:
- "{{ groups['odfekibanacontainers'] }}" - "{{ groups['odfekibanacontainers'] }}"
- name: Copy cortex host p12 certs to cortex role
copy:
src: roles/ca/files/CA/private/{{item}}.p12
dest: roles/cortex/files/{{item}}.p12
with_items:
- "{{ groups['cortex'] }}"
- name: Copy odfekibana host certs to odfekibana role - name: Copy odfekibana host certs to odfekibana role
copy: copy:
src: roles/ca/files/CA/issued/{{item}}.crt src: roles/ca/files/CA/issued/{{item}}.crt
...@@ -193,6 +206,34 @@ ...@@ -193,6 +206,34 @@
with_items: with_items:
- "{{ groups['mispcontainers'] }}" - "{{ groups['mispcontainers'] }}"
- name: Copy thehive host cert to thehive role
copy:
src: roles/ca/files/CA/issued/{{item}}.crt
dest: roles/thehive/files/{{item}}.crt
with_items:
- "{{ groups['thehive'] }}"
- name: Copy thehive host key to thehive role
copy:
src: roles/ca/files/CA/private/{{item}}.key
dest: roles/thehive/files/{{item}}.key
with_items:
- "{{ groups['thehive'] }}"
- name: Copy cortex host cert to cortex role
copy:
src: roles/ca/files/CA/issued/{{item}}.crt
dest: roles/cortex/files/{{item}}.crt
with_items:
- "{{ groups['cortex'] }}"
- name: Copy cortex host key to cortex role
copy:
src: roles/ca/files/CA/private/{{item}}.key
dest: roles/cortex/files/{{item}}.key
with_items:
- "{{ groups['cortex'] }}"
- name: Copy truststore to roles - name: Copy truststore to roles
copy: copy:
src: roles/ca/files/truststore/cacerts.jks src: roles/ca/files/truststore/cacerts.jks
...@@ -203,6 +244,7 @@ ...@@ -203,6 +244,7 @@
- odfekibana - odfekibana
- keycloak - keycloak
- misp - misp
- cortex
- name: Copy ca cert to roles - name: Copy ca cert to roles
copy: copy:
...@@ -214,6 +256,8 @@ ...@@ -214,6 +256,8 @@
- odfekibana - odfekibana
- keycloak - keycloak
- misp - misp
- thehive
- cortex
- name: Check for existing user certificates - name: Check for existing user certificates
command: roles/ca/files/easyrsa/easyrsa show-cert {{item.CN | regex_escape()}} command: roles/ca/files/easyrsa/easyrsa show-cert {{item.CN | regex_escape()}}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment