Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
gn4-3-wp8-t3.1 SOC
soctools
Commits
16769791
Commit
16769791
authored
Jan 02, 2021
by
Temur Maisuradze
Browse files
revert last 3 commits back as it coused some errors in keycloak and nifi
parent
6ec74544
Changes
6
Hide whitespace changes
Inline
Side-by-side
HOWTOS.md
View file @
16769791
...
...
@@ -20,7 +20,6 @@ To update configuration files for all docker containers together, run the follow
To update configuration files only for specific services, run the following commands:
ansible-playbook -i inventories soctools.yml -t update-keycloak-config
ansible-playbook -i inventories soctools.yml -t update-thehive-config
ansible-playbook -i inventories soctools.yml -t update-cortex-config
Restart services inside docker containers using Ansible
...
...
@@ -30,7 +29,6 @@ To restart services for all docker containers together, run the following comman
To restart services only for specific docker containers, run the following commands:
ansible-playbook -i inventories soctools.yml -t restart-keycloak
ansible-playbook -i inventories soctools.yml -t restart-thehive
ansible-playbook -i inventories soctools.yml -t restart-cortex
Stop services inside docker containers using Ansible
----------------------------------------------------
...
...
@@ -39,7 +37,6 @@ To stop services for all docker containers together, run the following command:
To stop services only for specific docker containers, run the following commands:
ansible-playbook -i inventories soctools.yml -t stop-keycloak
ansible-playbook -i inventories soctools.yml -t stop-thehive
ansible-playbook -i inventories soctools.yml -t stop-cortex
Restart services inside docker containers manually
--------------------------------------------------
...
...
roles/build/templates/cortex/Dockerfile.j2
View file @
16769791
...
...
@@ -10,7 +10,7 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
yum install -y epel-release && \
rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
yum install -y cortex supervisor
rsync
daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
yum install -y cortex supervisor daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
mkdir -p /home/cortex && \
...
...
roles/cortex/tasks/main.yml
View file @
16769791
---
-
include
:
start.yml
-
name
:
Copy cacert to ca-trust dir
remote_user
:
root
copy
:
src
:
"
files/{{ca_cn}}.crt"
dest
:
/etc/pki/ca-trust/source/anchors/ca.crt
tags
:
-
start
-
startcortex
-
include
:
stop.yml
-
start
-
startcortex
-
name
:
Install cacert to root truststore
remote_user
:
root
command
:
"
update-ca-trust"
tags
:
-
start
-
startcortex
-
name
:
Copy certificates in cortex conf dir
remote_user
:
cortex
copy
:
src
:
"
{{
item
}}"
dest
:
"
/etc/cortex/{{
item
}}"
mode
:
0600
with_items
:
-
"
{{
inventory_hostname
}}.p12"
-
"
{{
inventory_hostname
}}.crt"
-
"
{{
inventory_hostname
}}.key"
-
cacerts.jks
-
"
{{ca_cn}}.crt"
tags
:
-
start
-
startcortex
-
name
:
Configure embedded Elasticsearch
6
remote_user
:
root
template
:
src
:
jvm.options.j2
dest
:
/etc/elasticsearch/jvm.options
tags
:
-
start
-
startcortex
-
name
:
Start embedded Elasticsearch
6
remote_user
:
root
command
:
"
supervisorctl
start
elasticsearch"
tags
:
-
start
-
startcortex
-
name
:
Configure Cortex
remote_user
:
cortex
template
:
src
:
application.conf.j2
dest
:
/etc/cortex/application.conf
tags
:
-
stop
-
stop-cortex
-
include
:
update-config.yml
-
start
-
startcortex
-
name
:
Start Cortex
remote_user
:
root
command
:
"
supervisorctl
start
cortex"
tags
:
-
update-config
-
update-cortex-config
-
include
:
restart.yml
-
start
-
startcortex
-
name
:
Wait for Cortex
remote_user
:
root
wait_for
:
host
:
"
{{groups['cortex'][0]}}"
port
:
9001
state
:
started
delay
:
5
tags
:
-
restart
-
restart-cortex
-
start
-
startcortex
-
name
:
Set Autostart for supervisord's services
shell
:
"
sed
-i
's/autostart=false/autostart=true/g'
/etc/supervisord.conf"
tags
:
-
start
-
name
:
Stop Elasticsearch
remote_user
:
root
command
:
"
supervisorctl
stop
elasticsearch"
tags
:
-
stop
-
stopelasticsearch
-
name
:
Stop Cortex
remote_user
:
root
command
:
"
supervisorctl
stop
cortex"
tags
:
-
stop
-
stopcortex
roles/keycloak/tasks/start.yml
View file @
16769791
...
...
@@ -92,7 +92,4 @@
local
:
"
roles/misp/files/mispsecret"
-
name
:
Set Autostart for supervisord's services
replace
:
path
:
/etc/supervisord.conf
regexp
:
'
^autostart=false$'
replace
:
'
autostart=true'
shell
:
"
sed
-i
's/autostart=false/autostart=true/g'
/etc/supervisord.conf"
roles/thehive/tasks/start.yml
View file @
16769791
...
...
@@ -24,6 +24,3 @@
regexp
:
'
^autostart=false$'
replace
:
'
autostart=true'
-
name
:
Stop TheHive
remote_user
:
root
command
:
"
supervisorctl
stop
thehive"
soctools.yml
View file @
16769791
...
...
@@ -2,16 +2,16 @@
-
name
:
Start soctools cluster
import_playbook
:
startsoctools.yml
when
:
"
'start'
or
'config'
in
ansible_run_tags"
when
:
"
'start'
in
ansible_run_tags
or
'config'
in
ansible_run_tags"
-
name
:
Stop soctools cluster
import_playbook
:
stopsoctools.yml
when
:
"
'stop'
or
'stop-thehive'
or
'stop-keycloak'
or
'stop-cortex
'
in
ansible_run_tags"
when
:
"
'stop'
in
ansible_run_tags
or
'stop-thehive'
in
ansible_run_tags
or
'stop-keycloak
'
in
ansible_run_tags"
-
name
:
Update soctools cluster configs
import_playbook
:
update-config-soctools.yml
when
:
"
'update-config'
or
'update-keycloak-config'
or
'update-thehive-config'
or
'update-
cortex
-config'
in
ansible_run_tags"
when
:
"
'update-config'
in
ansible_run_tags
or
'update-keycloak-config'
in
ansible_run_tags
or
'update-
thehive
-config'
in
ansible_run_tags"
-
name
:
restart soctools cluster servics
import_playbook
:
restart-soctools.yml
when
:
"
'restart'
or
'restart-thehive'
or
'restart-keycloak'
or
'restart-
cortex
'
in
ansible_run_tags"
when
:
"
'restart'
in
ansible_run_tags
or
'restart-thehive'
in
ansible_run_tags
or
'restart-
keycloak
'
in
ansible_run_tags"
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment