Updated README. Various bugfixes

0df23d83 · Arne Øslebø · a074e19a · 0df23d83 · 0df23d83 · 0df23d83
Commit 0df23d83 authored Sep 23, 2020 by Arne Øslebø
--- a/README.md
+++ b/README.md
@@ -6,20 +6,37 @@ SOCTools is a set of tools that can be used by a SOC for collecting and analyzin
 Installation
 ------------

-Edit soctools-inventory and add the desired docker containers to be deployed. The playbook has been tested on CentOS 7.
-Review *all* settings in group_vars/all/main.yml.
+Do a minimal installation of CentOS 7.
+
+Log in and install ansible:
+# yum -y install epel-release
+# yum -y install ansible git
+# ansible-galaxy collection install ansible.posix
+
+Clone soctools:
+# git clone --single-branch --branch dev1 https://scm.uninett.no/geant-wp8-t3.1/soctools.git
+# cd soctools
+
+Install soctools:
+Edit group_vars/all/main.yml and change 'dslproxy' so that it point to the FQDN of the server.
+# vi group_vars/all/main.yml
 The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana.

+To configure the server running soctools, run the ansible playbook:
+# ansible-playbook -i soctools-inventory soctools_server.yml
+
 To build the Docker images needed, run the ansible playbook:
-`ansible-playbook -i soctools-inventory buildimages.yml`
+# ansible-playbook -i soctools-inventory buildimages.yml

 To build the CA needed for host and user certificates, run the ansible playbook:
-`ansible-playbook -i soctools-inventory buildca.yml`
-User certificates are exported in roles/ca/files/CA/private.
+# ansible-playbook -i soctools-inventory buildca.yml
+User certificates are can be found in the directory roles/ca/files/CA/private. Import into browser for authentication.
+
+To start the cluster, run the ansible playbook soctools.yml:
+# ansible-playbook -i soctools-inventory soctools.yml -t start

-To start and stop the cluster, run the ansible playbook soctools.yml:
-`ansible-playbook -i soctools-inventory soctools.yml -t start` to start the cluster.
-`ansible-playbook -i soctools-inventory soctools.yml -t stop` to stop the cluster.
+To stop the cluster, run the ansible playbook soctools.yml:
+# ansible-playbook -i soctools-inventory soctools.yml -t stop

 The NiFi interface should now be available on port 9443 on the server.
 The OpenDistro for Elasticsearch interface should now be available on port 5601 on the server.

--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -2,6 +2,22 @@

 dslproxy: "<CHANGE_ME:hostname>"

+soctools_users:
+  - firstname: "Arne"
+    lastname: "Oslebo"
+    username: "arne.oslebo"
+    email: "arne.oslebo@uninett.no"
+    DN: "CN=Arne Oslebo"
+    CN: "Arne Oslebo"
+    password: "Pass002"
+  - firstname: "Bozidar"
+    lastname: "Proevski"
+    username: "bozidar.proevski"
+    email: "bozidar.proevski@finki.ukim.mk"
+    DN: "CN=Bozidar Proevski"
+    CN: "Bozidar Proevski"
+    password: "Pass001"
+
 # TheHive Button plugin
 THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
 THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
@@ -42,21 +58,6 @@ nifi_repo: "https://archive.apache.org/dist"

 ca_cn: "SOCTOOLS-CA"

-soctools_users:
-  - firstname: "Arne"
-    lastname: "Oslebo"
-    username: "arne.oslebo"
-    email: "arne.oslebo@uninett.no"
-    DN: "CN=Arne Oslebo"
-    CN: "Arne Oslebo"
-    password: "Pass002"
-  - firstname: "Bozidar"
-    lastname: "Proevski"
-    username: "bozidar.proevski"
-    email: "bozidar.proevski@finki.ukim.mk"
-    DN: "CN=Bozidar Proevski"
-    CN: "Bozidar Proevski"
-    password: "Pass001"

 odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
 odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"

--- a/roles/nifi/templates/users.xml.j2
+++ b/roles/nifi/templates/users.xml.j2
@@ -17,7 +17,7 @@
        <user identifier="c78caf19-016f-1000-0001-{{'%012d'|format(loop.index) }}" identity="CN={{ nifi }}"/>
        {% endfor %}
 	{% for user in soctools_users %}
-        <user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.username }}"/>
+        <user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.DN }}"/>
        {% endfor %}        
    </users>
 </tenants>
--- a/roles/soctools-server/tasks/main.yml
+++ b/roles/soctools-server/tasks/main.yml
@@ -36,8 +36,7 @@

 - name: Configure fw
  ansible.posix.firewalld:
-    source: "{{ soctools_network }}"
-    zone: public
+    rich_rule: "rule family=ipv4 source address={{ soctools_network }} accept"
    permanent: yes
    state: enabled