Skip to content

Commit

Permalink
Merge pull request #60 from Security-Onion-Solutions/dev
Browse files Browse the repository at this point in the history
2.3.90
  • Loading branch information
TOoSmOotH authored Nov 22, 2021
2 parents e0836f5 + 2ce1a5b commit d7be1d5
Show file tree
Hide file tree
Showing 60 changed files with 8,144 additions and 8,293 deletions.
24 changes: 15 additions & 9 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -43,17 +43,15 @@ RUN chmod u+x scripts/*
RUN chown 939:939 scripts/*
RUN find . -name \*.html -exec sed -i -e "s/VERSION_PLACEHOLDER/$VERSION/g" {} \;

RUN [[ $VERSION == '0.0.0' ]] || \
(wget https://docs.securityonion.net/_/downloads/en/$(echo $VERSION | cut -d'.' -f 1,2)/htmlzip/ -O /tmp/docs.zip && \
unzip -o /tmp/docs.zip -d html/docs && \
rm -f /tmp/docs.zip && \
mv -f html/docs/securityonion-*/* html/docs && \
rm -fr html/docs/securityonion-* && \
wget https://github.com/Security-Onion-Solutions/securityonion-docs/raw/$(echo $VERSION | cut -d'.' -f 1,2)/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf -O html/docs/cheatsheet.pdf)

RUN [[ $ELASTIC_VERSION == '0.0.0' ]] || \
(mkdir -p html/downloads && \
wget https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-oss-$(echo $ELASTIC_VERSION)-windows-x86_64.msi -P html/downloads/)
wget https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-oss-$(echo $ELASTIC_VERSION)-windows-x86_64.msi -P html/downloads/ && \
wget https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-oss-$(echo $ELASTIC_VERSION)-x86_64.rpm -P html/downloads/ && \
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-$(echo $ELASTIC_VERSION)-x86_64.rpm -P html/downloads/ && \
wget https://artifacts.elastic.co/downloads/beats/auditbeat/auditbeat-oss-$(echo $ELASTIC_VERSION)-x86_64.rpm -P html/downloads/ && \
wget https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-oss-$(echo $ELASTIC_VERSION)-amd64.deb -P html/downloads/ && \
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-$(echo $ELASTIC_VERSION)-amd64.deb -P html/downloads/ && \
wget https://artifacts.elastic.co/downloads/beats/auditbeat/auditbeat-oss-$(echo $ELASTIC_VERSION)-amd64.deb -P html/downloads/)

RUN [[ $WAZUH_VERSION == '0.0.0' ]] || \
(mkdir -p html/downloads && \
Expand All @@ -62,6 +60,14 @@ RUN [[ $WAZUH_VERSION == '0.0.0' ]] || \
wget https://packages.wazuh.com/3.x/apt/pool/main/w/wazuh-agent/wazuh-agent_$(echo $WAZUH_VERSION)_amd64.deb -P html/downloads/ && \
wget https://packages.wazuh.com/3.x/windows/wazuh-agent-$(echo $WAZUH_VERSION).msi -P html/downloads/)

RUN [[ $VERSION == '0.0.0' ]] || \
(wget https://docs.securityonion.net/_/downloads/en/$(echo $VERSION | cut -d'.' -f 1,2)/htmlzip/ -O /tmp/docs.zip && \
unzip -o /tmp/docs.zip -d html/docs && \
rm -f /tmp/docs.zip && \
mv -f html/docs/securityonion-*/* html/docs && \
rm -fr html/docs/securityonion-* && \
wget https://github.com/Security-Onion-Solutions/securityonion-docs/raw/$(echo $VERSION | cut -d'.' -f 1,2)/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf -O html/docs/cheatsheet.pdf)

ENV ELASTIC_VERSION=$ELASTIC_VERSION
ENV WAZUH_VERSION=$WAZUH_VERSION

Expand Down
18 changes: 11 additions & 7 deletions Dockerfile.kratos
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,20 @@

FROM ghcr.io/security-onion-solutions/golang:alpine AS builder

ARG OWNER=ory
ARG VERSION=v0.7.6-alpha.1

RUN addgroup -S ory; \
adduser -S ory -G ory -D -H -s /bin/nologin
RUN apk -U --no-cache add build-base git gcc bash

RUN mkdir -p /go/src/github.com/jertel
WORKDIR /go/src/github.com/jertel
RUN git clone https://github.com/jertel/kratos.git
RUN mkdir -p /go/src/github.com/$OWNER
WORKDIR /go/src/github.com/$OWNER
RUN git clone https://github.com/$OWNER/kratos.git

WORKDIR /go/src/github.com/jertel/kratos
WORKDIR /go/src/github.com/$OWNER/kratos

RUN git checkout v0.6.3-alpha.1-so
RUN git checkout $VERSION

ENV GO111MODULE on
ENV CGO_ENABLED 1
Expand All @@ -34,6 +37,7 @@ ENV DSN=sqlite:///kratos-data/db.sqlite?_fk=true

ARG UID=928
ARG GID=928
ARG OWNER=ory

RUN addgroup --gid "$GID" -S kratos; \
adduser -u "$UID" -S kratos -G kratos -D -H -s /bin/nologin
Expand All @@ -48,8 +52,8 @@ RUN echo "chmod 600 /kratos-data/db.sqlite" >> /start-kratos.sh
RUN echo "kratos -c /kratos-conf/kratos.yaml serve --sqa-opt-out=true >> /kratos-log/kratos.log 2>&1" >> /start-kratos.sh
RUN chmod a+x /start-kratos.sh

COPY --from=builder /go/src/github.com/jertel/kratos/kratos /usr/bin/kratos
COPY --from=builder /go/src/github.com/jertel/kratos/.schema /.schema
COPY --from=builder /go/src/github.com/$OWNER/kratos/kratos /usr/bin/kratos
COPY --from=builder /go/src/github.com/$OWNER/kratos/.schema /.schema
USER kratos


Expand Down
27 changes: 14 additions & 13 deletions config/serverconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,16 +20,17 @@ const DEFAULT_MAX_PACKET_COUNT = 5000
const DEFAULT_IDLE_CONNECTION_TIMEOUT_MS = 300000

type ServerConfig struct {
AirgapEnabled bool `json:"airgapEnabled"`
BindAddress string `json:"bindAddress"`
BaseUrl string `json:"baseUrl"`
HtmlDir string `json:"htmlDir"`
MaxPacketCount int `json:"maxPacketCount"`
Modules module.ModuleConfigMap `json:"modules"`
ModuleFailuresIgnored bool `json:"moduleFailuresIgnored"`
ClientParams ClientParameters `json:"client"`
IdleConnectionTimeoutMs int `json:"idleConnectionTimeoutMs"`
TimezoneScript string `json:"timezoneScript"`
AirgapEnabled bool `json:"airgapEnabled"`
BindAddress string `json:"bindAddress"`
BaseUrl string `json:"baseUrl"`
DeveloperEnabled bool `json:"developerEnabled"`
HtmlDir string `json:"htmlDir"`
MaxPacketCount int `json:"maxPacketCount"`
Modules module.ModuleConfigMap `json:"modules"`
ModuleFailuresIgnored bool `json:"moduleFailuresIgnored"`
ClientParams ClientParameters `json:"client"`
IdleConnectionTimeoutMs int `json:"idleConnectionTimeoutMs"`
TimezoneScript string `json:"timezoneScript"`
}

func (config *ServerConfig) Verify() error {
Expand All @@ -40,7 +41,7 @@ func (config *ServerConfig) Verify() error {
if config.BindAddress == "" {
err = errors.New("Server.BindAddress configuration value is required")
}
if strings.TrimSpace(config.BaseUrl) == ""{
if strings.TrimSpace(config.BaseUrl) == "" {
config.BaseUrl = "/"
}
if config.BaseUrl[len(config.BaseUrl)-1] != '/' {
Expand All @@ -49,11 +50,11 @@ func (config *ServerConfig) Verify() error {
if err == nil {
err = config.ClientParams.Verify()
}
if (config.IdleConnectionTimeoutMs <= 0) {
if config.IdleConnectionTimeoutMs <= 0 {
config.IdleConnectionTimeoutMs = DEFAULT_IDLE_CONNECTION_TIMEOUT_MS
}
if len(config.TimezoneScript) == 0 {
config.TimezoneScript = "/opt/sensoroni/scripts/timezones.sh"
}
return err
}
}
2 changes: 2 additions & 0 deletions config/serverconfig_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ func TestVerifyServer(tester *testing.T) {
if assert.Error(tester, err) {
assert.Equal(tester, DEFAULT_MAX_PACKET_COUNT, cfg.MaxPacketCount)
assert.Equal(tester, DEFAULT_IDLE_CONNECTION_TIMEOUT_MS, cfg.IdleConnectionTimeoutMs)
assert.False(tester, cfg.DeveloperEnabled)
}

cfg.BindAddress = "http://some.where"
Expand All @@ -30,5 +31,6 @@ func TestVerifyServer(tester *testing.T) {
if assert.Nil(tester, err) {
assert.Equal(tester, 123, cfg.MaxPacketCount)
assert.Equal(tester, "/opt/sensoroni/scripts/timezones.sh", cfg.TimezoneScript)
assert.False(tester, cfg.DeveloperEnabled)
}
}
10 changes: 5 additions & 5 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@ go 1.16

require (
github.com/apex/log v1.9.0
github.com/elastic/go-elasticsearch/v7 v7.11.0
github.com/elastic/go-elasticsearch/v7 v7.15.0
github.com/google/gopacket v1.1.19
github.com/google/uuid v1.1.1 // indirect
github.com/google/uuid v1.3.0
github.com/gorilla/websocket v1.4.2
github.com/influxdata/influxdb-client-go/v2 v2.2.3 // indirect
github.com/influxdata/influxdb-client-go/v2 v2.5.1
github.com/kennygrant/sanitize v1.2.4
github.com/stretchr/testify v1.7.0 // indirect
github.com/tidwall/gjson v1.6.8
github.com/stretchr/testify v1.7.0
github.com/tidwall/gjson v1.9.3
)
Loading

0 comments on commit d7be1d5

Please sign in to comment.