Commit 0df23d83 authored by Arne Øslebø's avatar Arne Øslebø
Browse files

Updated README. Various bugfixes

parent a074e19a
......@@ -6,20 +6,37 @@ SOCTools is a set of tools that can be used by a SOC for collecting and analyzin
Installation
------------
Edit soctools-inventory and add the desired docker containers to be deployed. The playbook has been tested on CentOS 7.
Review *all* settings in group_vars/all/main.yml.
Do a minimal installation of CentOS 7.
Log in and install ansible:
# yum -y install epel-release
# yum -y install ansible git
# ansible-galaxy collection install ansible.posix
Clone soctools:
# git clone --single-branch --branch dev1 https://scm.uninett.no/geant-wp8-t3.1/soctools.git
# cd soctools
Install soctools:
Edit group_vars/all/main.yml and change 'dslproxy' so that it point to the FQDN of the server.
# vi group_vars/all/main.yml
The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana.
To configure the server running soctools, run the ansible playbook:
# ansible-playbook -i soctools-inventory soctools_server.yml
To build the Docker images needed, run the ansible playbook:
`ansible-playbook -i soctools-inventory buildimages.yml`
# ansible-playbook -i soctools-inventory buildimages.yml
To build the CA needed for host and user certificates, run the ansible playbook:
`ansible-playbook -i soctools-inventory buildca.yml`
User certificates are exported in roles/ca/files/CA/private.
# ansible-playbook -i soctools-inventory buildca.yml
User certificates are can be found in the directory roles/ca/files/CA/private. Import into browser for authentication.
To start the cluster, run the ansible playbook soctools.yml:
# ansible-playbook -i soctools-inventory soctools.yml -t start
To start and stop the cluster, run the ansible playbook soctools.yml:
`ansible-playbook -i soctools-inventory soctools.yml -t start` to start the cluster.
`ansible-playbook -i soctools-inventory soctools.yml -t stop` to stop the cluster.
To stop the cluster, run the ansible playbook soctools.yml:
# ansible-playbook -i soctools-inventory soctools.yml -t stop
The NiFi interface should now be available on port 9443 on the server.
The OpenDistro for Elasticsearch interface should now be available on port 5601 on the server.
......
......@@ -2,6 +2,22 @@
dslproxy: "<CHANGE_ME:hostname>"
soctools_users:
- firstname: "Arne"
lastname: "Oslebo"
username: "arne.oslebo"
email: "arne.oslebo@uninett.no"
DN: "CN=Arne Oslebo"
CN: "Arne Oslebo"
password: "Pass002"
- firstname: "Bozidar"
lastname: "Proevski"
username: "bozidar.proevski"
email: "bozidar.proevski@finki.ukim.mk"
DN: "CN=Bozidar Proevski"
CN: "Bozidar Proevski"
password: "Pass001"
# TheHive Button plugin
THEHIVE_URL: "https://hive.gn4-3-wp8-soc.sunet.se/"
THEHIVE_API_KEY: "5LymseWiurZBrQN8Kqp8O+9KniTL5cE0"
......@@ -42,21 +58,6 @@ nifi_repo: "https://archive.apache.org/dist"
ca_cn: "SOCTOOLS-CA"
soctools_users:
- firstname: "Arne"
lastname: "Oslebo"
username: "arne.oslebo"
email: "arne.oslebo@uninett.no"
DN: "CN=Arne Oslebo"
CN: "Arne Oslebo"
password: "Pass002"
- firstname: "Bozidar"
lastname: "Proevski"
username: "bozidar.proevski"
email: "bozidar.proevski@finki.ukim.mk"
DN: "CN=Bozidar Proevski"
CN: "Bozidar Proevski"
password: "Pass001"
odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
......
......@@ -17,7 +17,7 @@
<user identifier="c78caf19-016f-1000-0001-{{'%012d'|format(loop.index) }}" identity="CN={{ nifi }}"/>
{% endfor %}
{% for user in soctools_users %}
<user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.username }}"/>
<user identifier="c78caf19-016f-1000-0002-{{'%012d'|format(loop.index) }}" identity="{{ user.DN }}"/>
{% endfor %}
</users>
</tenants>
......@@ -36,8 +36,7 @@
- name: Configure fw
ansible.posix.firewalld:
source: "{{ soctools_network }}"
zone: public
rich_rule: "rule family=ipv4 source address={{ soctools_network }} accept"
permanent: yes
state: enabled
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment