Commit 5d3b00ad authored by Arne Øslebø's avatar Arne Øslebø
Browse files

merge dev4

parent 155783b0
---
- name: Create Users in TheHive
hosts: thehive
roles:
- thehive
......@@ -18,4 +18,23 @@ soctools_users:
ODFE_ADMIN_USERS:
- user1
THEHIVE_ORGANIZATION: "uninett.no"
THEHIVE_KIBANA_USER:
username: "kibana"
name: "Kibana"
surname: "User"
roles: '["read", "write"]'
THEHIVE_USERS:
- user1:
username: "user1"
name: "User1"
surname: "SOC"
roles: '["read", "write", "admin"]'
- user2:
username: "user2"
name: "User2"
surname: "SOC"
roles: '["read", "write", "admin"]'
......@@ -23,6 +23,10 @@
- "{{playbook_dir}}/secrets/CA/cacerts.jks"
- "{{playbook_dir}}/secrets/CA/ca.crt"
- name: Get openid authkey
set_fact:
cortexsecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/cortexsecret',convert_data=False) | from_json}}"
- name: Configure embedded Elasticsearch 6
remote_user: root
template:
......
......@@ -66,7 +66,7 @@ auth {
# the "ad" section below.
# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
# "ldap" section below.
provider = [local]
provider = [local,oauth2]
ad {
# The Windows domain name in DNS format. This parameter is required if you do not use
......@@ -108,6 +108,84 @@ auth {
# If 'true', use SSL to connect to the LDAP directory server.
#useSSL = true
}
oauth2 {
# URL of the authorization server
clientId = "soctools-cortex"
clientSecret = {{cortexsecret.value}}
redirectUri = "https://{{soctoolsproxy}}:9001/api/ssoLogin"
responseType = "code"
grantType = "authorization_code"
# URL from where to get the access token
authorizationUrl = "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
authorizationHeader = "Bearer"
tokenUrl = "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
# The endpoint from which to obtain user details using the OAuth token, after successful login
userUrl = "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
scope = "profile"
userIdField = "email"
#userUrl = "https://auth-site.com/api/User"
#scope = ["openid profile"]
}
ws.ssl.trustManager {
stores = [
{
type = "JKS" // JKS or PEM
path = "cacerts.jks"
password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
}
]
}
# Single-Sign On
sso {
# Autocreate user in database?
autocreate = true
# Autoupdate its profile and roles?
autoupdate = true
# Autologin user using SSO?
autologin = true
# Name of mapping class from user resource to backend user ('simple' or 'group')
#mapper = group
#mapper = simple
#attributes {
# login = "user"
# name = "name"
# groups = "groups"
# organization = "org"
#}
# defaultRoles = ["read", "write", "admin"]
# defaultOrganization = "uninett.no"
#defaultRoles = ["read"]
#defaultOrganization = "csirt"
#groups {
# # URL to retreive groups (leave empty if you are using OIDC)
# #url = "https://auth-site.com/api/Groups"
# # Group mappings, you can have multiple roles for each group: they are merged
# mappings {
# admin-profile-name = ["admin"]
# editor-profile-name = ["write"]
# reader-profile-name = ["read"]
# }
#}
mapper = simple
attributes {
login = "user"
name = "name"
roles = "roles"
organization = "org"
}
defaultRoles = ["read", "analyze"]
defaultOrganization = "uninett.no"
}
}
## ANALYZERS
......
......@@ -91,6 +91,13 @@
local: "{{playbook_dir}}/secrets/tokens/kibanasecret"
- remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/mispsecret"
local: "{{playbook_dir}}/secrets/tokens/mispsecret"
- remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/thehivesecret"
local: "{{playbook_dir}}/secrets/tokens/thehivesecret"
- remote: "{{ ansible_facts.env['JBOSS_HOME'] }}/cortexsecret"
local: "{{playbook_dir}}/secrets/tokens/cortexsecret"
- name: Set Autostart for supervisord's services
shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
replace:
path: /etc/supervisord.conf
regexp: '^autostart=false$'
replace: 'autostart=true'
......@@ -31,6 +31,12 @@ kcadm.sh get realms/{{openid_realm}}/clients/${KIBANACLIENT}/client-secret --fie
MISPCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-misp","protocol":"openid-connect","clientAuthenticatorType": "client-secret","rootUrl": "https://{{soctoolsproxy}}:6443","adminUrl": "","redirectUris": ["https://{{soctoolsproxy}}:6443/users/login/keycloak"],"webOrigins": [], "publicClient": false }')
kcadm.sh get realms/{{openid_realm}}/clients/${MISPCLIENT}/client-secret --fields value > /opt/jboss/keycloak/mispsecret
THEHIVECLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-thehive","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{soctoolsproxy}}:9000/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
kcadm.sh get realms/{{openid_realm}}/clients/${THEHIVECLIENT}/client-secret --fields value > /opt/jboss/keycloak/thehivesecret
CORTEXCLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-cortex","protocol":"openid-connect","clientAuthenticatorType": "client-secret","adminUrl": "","redirectUris": ["https://{{soctoolsproxy}}:9001/api/ssoLogin"],"webOrigins": [], "publicClient": false }')
kcadm.sh get realms/{{openid_realm}}/clients/${CORTEXCLIENT}/client-secret --fields value > /opt/jboss/keycloak/cortexsecret
kcadm.sh config truststore --delete
exec 1>&6 6>&-
......
// Default plugin configuration
export const THEHIVE_URL = '{{THEHIVE_URL}}';
export const THEHIVE_API_KEY = '{{THEHIVE_API_KEY}}';
export const THEHIVE_OWNER = '{{THEHIVE_OWNER}}'; // default owner account of the created cases
export const THEHIVE_URL = 'https://{{soctoolsproxy}}:9000';
export const THEHIVE_API_KEY = '{{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}';
export const THEHIVE_OWNER = '{{THEHIVE_KIBANA_USER.username}}'; // default owner account of the created cases
......@@ -126,6 +126,7 @@
-k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/odfees_adminpass")}} \
-H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
-F "file=@/tmp/kibana_graphs.ndjson"'
ignore_errors: True
- name: Copy role modification json to container
remote_user: kibana
......
---
- name: copy json file for admin user
remote_user: root
template:
src: admin.json
dest: /tmp/admin.json
- name: get admin user id
remote_user: root
shell: "curl -X POST http://127.0.0.1:9000/api/login -b /tmp/cookie.txt -c /tmp/cookie.txt -H 'Content-Type: application/json' -d @/tmp/admin.json | cut -d\\\" -f4"
register: adminuser
args:
warn: false
- set_fact:
adminuserid={{ adminuser.stdout }}
- name: create admin user API KEY
shell: "curl -X POST http://127.0.0.1:9000/api/v1/user/{{ adminuserid }}/key/renew -b /tmp/cookie.txt -c /tmp/cookie.txt 2> /dev/null | tee /tmp/thehive_secret_key"
register: adminuserkey
args:
warn: false
- set_fact:
adminuserapikey={{ adminuserkey.stdout }}
- name: copy API key to local file
local_action: copy content="{{adminuserapikey}}" dest=secrets/tokens/thehive_secret_key
- name: copy json file for admin pass
remote_user: root
template:
src: adminpass.json
dest: /tmp/adminpass.json
- name: change password for admin user
shell: "curl -X POST http://127.0.0.1:9000/api/v1/user/{{ adminuserid }}/password/set -b /tmp/cookie.txt -c /tmp/cookie.txt -H 'Content-Type: application/json' -d @/tmp/adminpass.json"
args:
warn: false
---
- name: generate json files for creating users
remote_user: root
template:
src: users.json
dest: /tmp/{{ item.username }}.json
with_items:
- "{{ THEHIVE_USERS }}"
- name: create users
remote_user: root
shell: "curl -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/user -d @/tmp/{{ item.username}}.json"
args:
warn: false
with_items:
- "{{ THEHIVE_USERS }}"
---
- name: generate json file for kibana user
remote_user: root
template:
src: kibanauser.json
dest: /tmp/kibanauser.json
- name: create kibana user
remote_user: root
shell: "curl -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/user -d @/tmp/kibanauser.json | cut -d\\\" -f4"
register: kibanauser
args:
warn: false
- set_fact:
kibanauserid={{ kibanauser.stdout }}
- name: create API key for kibana user
remote_user: root
shell: "curl -XPOST -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/v1/user/{{kibanauser.stdout}}/key/renew 2> /dev/null | tee /tmp/kibanaapikey"
register: kibanaapikey
args:
warn: false
- set_fact:
kibanauserapikey={{ kibanaapikey.stdout }}
- name: copy API key to local file
local_action: copy content="{{kibanauserapikey}}" dest=secrets/tokens/thehive_kibana_secret_key
......@@ -3,6 +3,20 @@
- include: start.yml
tags:
- start
- include: adminuser.yml
tags:
- start
- include: organization.yml
tags:
- start
- include: kibanauser.yml
tags:
- start
- include: createusers.yml
tags:
- start
- create-thehive-users
- createusers
- include: stop.yml
tags:
- stop
......
---
- name: create organisation
uri:
url: "http://127.0.0.1:9000/api/organisation"
method: POST
headers:
Authorization: "Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}"
body_format: form-urlencoded
body:
name: "{{ THEHIVE_ORGANIZATION }}"
description: "{{ THEHIVE_ORGANIZATION }}"
status_code: 201
ignore_errors: True
---
- name: Copy cacert to ca-trust dir
remote_user: root
copy:
src: "{{playbook_dir}}/secrets/CA/ca.crt"
dest: /etc/pki/ca-trust/source/anchors/ca.crt
- name: Install cacert to root truststore
remote_user: root
command: "update-ca-trust"
- name: Copy certificate in thehive conf dir
copy:
src: "{{playbook_dir}}/secrets/CA/issued/{{ inventory_hostname }}.crt"
dest: "/etc/thehive/{{ inventory_hostname }}.crt"
mode: 0600
- name: Copy certificate key in thehive conf dir
copy:
src: "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.key"
dest: "/etc/thehive/{{ inventory_hostname }}.key"
mode: 0600
- name: Copy CA certificates in thehive conf dir
copy:
src: "{{playbook_dir}}/secrets/CA/{{ item }}"
dest: "/etc/thehive/{{ item }}"
mode: 0600
with_items:
- "cacerts.jks"
- "ca.crt"
- name: Get openid authkey
set_fact:
thehivesecret: "{{lookup('file', '{{playbook_dir}}/secrets/tokens/thehivesecret',convert_data=False) | from_json}}"
- name: Configure TheHive
remote_user: thehive
template:
......
{"user":"admin@thehive.local","password":"secret"}
{"password":"{{lookup('password', '{{playbook_dir}}/secrets/passwords/thehive_adminpass')}}"}
......@@ -5,7 +5,7 @@
## Include Play secret key
# More information on secret key at https://www.playframework.com/documentation/2.8.x/ApplicationSecret
#include "/etc/thehive/secret.conf"
play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/passwords/thehive_secret_key')}}"
play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}"
## Database configuration
db.janusgraph {
......@@ -13,7 +13,7 @@ db.janusgraph {
## Cassandra configuration
# More information at https://docs.janusgraph.org/basics/configuration-reference/#storagecql
backend: cql
hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}"]
hostname: ["{{groups['cassandra'][0]}}.{{soctools_netname}}:9042"]
# Cassandra authentication (if configured)
// username: "thehive"
// password: "password"
......@@ -47,17 +47,61 @@ storage {
## Authentication configuration
# More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Authentication.md
//auth {
// providers: [
auth {
providers: [
// {name: session} # required !
// {name: basic, realm: thehive}
// {name: local}
// {name: key}
// ]
{name: session} # required !
{name: basic, realm: thehive}
{name: local}
{name: key}
{
name: oauth2
clientId: "soctools-thehive"
clientSecret: {{thehivesecret.value}}
redirectUri: "https://{{soctoolsproxy}}:9000/api/ssoLogin"
responseType: "code"
grantType: "authorization_code"
authorizationUrl: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
authorizationHeader: "Bearer"
tokenUrl: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
userUrl: "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
// scope: ["openid", "email"]
scope: ["openid"]
userIdField: "email"
// userIdField: "name"
}
]
sso {
autocreate: true
autoupdate: true
autologin: true
mapper: "simple"
// attributes {
// login: "login"
// name: "name"
// roles: "role"
// }
defaultRoles: ["read", "write", "admin"]
defaultOrganization: "uninett.no"
// defaultOrganization: "demo"
}
ws.ssl.trustManager {
stores = [
{
type: "JKS" // JKS or PEM
path: "cacerts.jks"
password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
}
]
}
# The format of logins must be valid email address format. If the provided login doesn't contain `@` the following
# domain is automatically appended
// defaultUserDomain: "thehive.local"
//}
defaultUserDomain: "uninett.no"
# defaultUserDomain: "thehive.local"
}
## CORTEX configuration
# More information at https://github.com/TheHive-Project/TheHiveDocs/TheHive4/Administration/Connectors.md
......
{
"login": "{{ THEHIVE_KIBANA_USER.username }}",
"name": "{{ THEHIVE_KIBANA_USER.name }} {{ THEHIVE_KIBANA_USER.surname }}",
"roles": {{ THEHIVE_KIBANA_USER.roles }},
"organisation": "{{ THEHIVE_ORGANIZATION }}"
}
{
"login": "{{ item.username }}",
"name": "{{ item.name }} {{ item.surname }}",
"roles": {{ item.roles }},
"organisation": "{{ THEHIVE_ORGANIZATION }}"
}
......@@ -15,3 +15,7 @@
- name: restart soctools cluster servics
import_playbook: restart-soctools.yml
when: "'restart' in ansible_run_tags or 'restart-thehive' in ansible_run_tags or 'restart-keycloak' in ansible_run_tags or 'restart-cortex' in ansible_run_tags or 'restart-haproxy' in ansible_run_tags or 'restart-cassandra' in ansible_run_tags or 'restart-filebeat' in ansible_run_tags or 'restart-misp' in ansible_run_tags or 'restart-mysql' in ansible_run_tags or 'restart-nifi' in ansible_run_tags or 'restart-odfees' in ansible_run_tags or 'restart-odfekibana' in ansible_run_tags"
- name: create thehive users
import_playbook: create-thehive-users.yml
when: "'create-thehive-users' in ansible_run_tags or 'createusers' in ansible_run_tags"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment