mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge branch 'master' into watchlist_feature

This commit is contained in:
A Smith 2018-11-12 14:49:42 -06:00 коммит произвёл GitHub
Родитель 01f37161c1 3a4fa6889d
Коммит ee606a17e5
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
25 изменённых файлов: 336 добавлений и 196 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
.gitignore поставляемый
Просмотреть файл

@ -16,3 +16,5 @@ alerts/generic_alerts
cloudy_mozdef/aws_parameters.json
moz_private
cloudy_mozdef/aws_parameters.sh
docs/source/_build
docs/source/_static

3
cloudy_mozdef/Makefile
Просмотреть файл

@ -10,6 +10,7 @@ S3_BUCKET_PATH := cf
S3_BUCKET_URI := s3://$(S3_BUCKET_NAME)/$(S3_BUCKET_PATH)
S3_STACK_URI := https://s3-$(AWS_REGION).amazonaws.com/$(S3_BUCKET_NAME)/$(S3_BUCKET_PATH)/
# OIDC_CLIENT_SECRET is set in an environment variable by running "source aws_parameters.sh"
OIDC_CLIENT_SECRET_PARAM_ARG := $(shell test -n "$(OIDC_CLIENT_SECRET)" && echo "ParameterKey=OIDCClientSecret,ParameterValue=$(OIDC_CLIENT_SECRET)")
all:
@echo 'Available make targets:'
@ -43,7 +44,7 @@ update-stack: test ## Updates the nested stack on AWS
aws cloudformation update-stack --stack-name $(STACK_NAME) --template-url $(S3_STACK_URI)mozdef-parent.yml \
--capabilities CAPABILITY_IAM \
--parameters ParameterKey=S3TemplateLocation,ParameterValue=$(S3_STACK_URI) \
ParameterKey=OIDCClientSecret,ParameterValue=$(OIDC_CLIENT_SECRET) \
$(OIDC_CLIENT_SECRET_PARAM_ARG) \
--output text
# --ignore-checks=E2502 : https://github.com/awslabs/cfn-python-lint/issues/408

2
cloudy_mozdef/cloudformation/mozdef-instance.yml
Просмотреть файл

@ -117,7 +117,7 @@ Resources:
- content: |
OPTIONS_ESSERVERS=${ESURL}
OPTIONS_KIBANAURL=${KibanaURL}
OPTIONS_METEOR_KIBANAURL=${KibanaURL}
OPTIONS_METEOR_KIBANAURL=https://relative:9090/_plugin/kibana/
# See https://github.com/mozilla-iam/mozilla.oidc.accessproxy/blob/master/README.md#setup
client_id=${OIDCClientId}
client_secret=${OIDCClientSecret}

1
docker/compose/mozdef_meteor/Dockerfile
Просмотреть файл

@ -38,7 +38,6 @@ RUN rm -r /opt/mozdef/meteor
RUN cp /opt/mozdef/.meteor/packages/meteor-tool/*/mt-os.linux.x86_64/scripts/admin/launch-meteor /usr/bin/meteor
COPY meteor /opt/mozdef/envs/mozdef/meteor
COPY docker/compose/mozdef_meteor/files/settings.js /opt/mozdef/envs/mozdef/meteor/app/lib/settings.js
RUN chown -R mozdef:mozdef /opt/mozdef/envs/mozdef/meteor
USER mozdef

18
docker/compose/mozdef_meteor/files/settings.js
Просмотреть файл

@ -1,18 +0,0 @@
/*
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
Copyright (c) 2017 Mozilla Corporation
*/
//configuration settings
mozdef = {
rootURL: "http://localhost",
port: "80",
rootAPI: "http://rest:8081",
kibanaURL: "http://localhost:9090/app/kibana#",
enableBlockIP: false,
enableClientAccountCreation: true,
authenticationType: "meteor-password"
}

3
docker/compose/mozdef_rest/files/index.conf
Просмотреть файл

@ -1,7 +1,6 @@
[options]
kibanaurl=http://localhost:9090/app/kibana#
kibanaurl=http://localhost:9090/app/kibana
esservers=http://elasticsearch:9200
enableBlockIP=True
mongohost=mongodb
mongoport=3002
listen_host=0.0.0.0

3
docker/compose/tester/files/rest_config.conf
Просмотреть файл

@ -1,7 +1,6 @@
[options]
kibanaurl=http://localhost:9090/app/kibana#
kibanaurl=http://localhost:9090/app/kibana
esservers=http://elasticsearch:9200
enableBlockIP=True
mongohost=mongodb
mongoport=3002
listen_host=0.0.0.0

17
docs/source/advanced_settings.rst
Просмотреть файл

@ -16,6 +16,23 @@ These files all follow the same format:
All programs do their best to set reasonable, sane defaults and most will run fine without a conf file. By default programname.py will look for programname.conf as it's configuration file so if you follow that convention you don't even need to specify the -c path/to/file.conf option.
You can override any .conf file setting by providing an equivalent environment variable.
Certain environment variables have special meaning to the web ui (meteor):
::
OPTIONS_METEOR_ROOTURL is "http://localhost" by default and should be set to the dns name of the UI where you will run MozDef
OPTIONS_METEOR_PORT is 80 by default and is the port on which the UI will run
OPTIONS_METEOR_ROOTAPI is http://rest:8081 by default and should resolve to the location of the rest api
OPTIONS_METEOR_KIBANAURL is http://localhost:9090/app/kibana# by default and should resolve to your kibana installation
OPTIONS_METEOR_ENABLECLIENTACCOUNTCREATION is true by default and governs whether accounts can be created
OPTIONS_METEOR_AUTHENTICATIONTYPE is meteor-password by default and can be set to oidc to allow for oidc authentication
OPTIONS_REMOVE_FEATURES is empty by default, but if you pass a comma separated list of features you'd like to remove they will no longer be available.
You can find a list of features in the meteor/private/features.txt file in the git repo.
Special Config Items
_____________________

21
docs/source/demo.rst
Просмотреть файл

@ -3,16 +3,23 @@ Demo Instance
Mozilla used to maintain a demo instance of MozDef, however it's currently offline. Best bet for demo is to clone the repo and use the docker containers to stand up a local instance for yourself. There are some scripts in the https://github.com/mozilla/MozDef/tree/master/examples/demo folder to send sample events into a local docker instance that will generate alerts, attackers, etc and give you a feel for the flow.
Here's how to make MozDef go using the provided docker compose files:
First; set up your docker environment with some tweaks to avoid some common pitfalls:
1) Allocate it at least 4GB of memory
2) Use the aufs filesystem driver ( to avoid issues unpacking tar files on overlayfs)
.. image:: https://user-images.githubusercontent.com/566889/47741098-ac306e80-dc36-11e8-88cb-4ba3f1458028.png
:width: 40px
:align: center
:height: 100px
Once you've done that, here's how to make MozDef go using the provided docker compose files:
1) Pull the repo: git clone https://github.com/mozilla/MozDef.git
2) Build the docker containers:
2) Run the containers:
docker-compose -f docker/compose/docker-compose.yml -f docker/compose/docker-compose-rebuild.yml -p mozdef build
3) Run the containers:
docker-compose -f docker/compose/docker-compose.yml -f docker/compose/docker-compose-rebuild.yml -p mozdef up
docker-compose -f docker/compose/docker-compose.yml -p mozdef up
4) Firefox yourself to http://localhost to see the main UI (when the container starts)
5) Login using a locally created account (click login, create and choose a username/password)

24
docs/source/installation.rst
Просмотреть файл

@ -195,29 +195,21 @@ If you wish to use meteor as the authentication handler you'll also need to inst
meteor add accounts-password
You may want to edit the app/lib/settings.js file to properly configure the URLs and Authentication
You may want to edit the /meteor/imports/settings.js file to properly configure the URLs and Authentication
The default setting will use Meteor Accounts, but you can just as easily install an external provider like Github, Google, Facebook or your own OIDC::
mozdef = {
rootURL: "localhost",
port: "443",
rootAPI: "https://localhost:8444",
kibanaURL: "https://localhost:9443/app/kibana#",
enableBlockIP: true,
enableClientAccountCreation: true,
authenticationType: "meteor-password"
...
authenticationType: "meteor-password",
...
}
or for an OIDC implementation that passes a header to the nginx reverse proxy (for example using OpenResty with Lua and Auth0)::
mozdef = {
rootURL: "localhost",
port: "443",
rootAPI: "https://localhost:8444",
kibanaURL: "https://localhost:9443/app/kibana#",
enableBlockIP: true,
enableClientAccountCreation: false,
authenticationType: "OIDC"
...
authenticationType: "OIDC",
...
}
Then start meteor with::
@ -258,7 +250,7 @@ This will create a 'bundle' directory with the entire UI code below that directo
If you didn't update the settings.js before bundling the meteor installation, you will need to update the settings.js file to match your servername/port::
vim bundle/programs/server/app/app/lib/settings.js
vim bundle/programs/server/app/imports/settings.js
If your development OS is different than your production OS you will also need to update
the fibers node module::

2
meteor/client/alertdetails.js
Просмотреть файл

@ -17,7 +17,7 @@ if (Meteor.isClient) {
kibanaurl: function () {
var esmetadata = alerts.findOne({'esmetadata.id': Session.get('alertID')}).esmetadata;
url=getSetting('kibanaURL') + '/doc/alerts-*/' + esmetadata.index + '/alert?id=' + esmetadata.id;
url=getSetting('kibanaURL') + '#/doc/alerts-*/' + esmetadata.index + '/alert?id=' + esmetadata.id;
return url;
}
});

2
meteor/client/alertssummary.html
Просмотреть файл

@ -95,7 +95,7 @@ Copyright (c) 2014 Mozilla Corporation
<tr class="alert-row">
<td>{{utctimestamp}}</td>
<td><a href="/alert/{{esmetadata.id}}">mozdef</a><br>
<a href="{{mozdef.kibanaURL}}/doc/alerts-*/{{esmetadata.index}}/alert?id={{esmetadata.id}}" target="_blank">kibana</a>
<a href="{{mozdef.kibanaURL}}#/doc/alerts-*/{{esmetadata.index}}/alert?id={{esmetadata.id}}" target="_blank">kibana</a>
{{#if url}}
<br><a href="{{url}}" target ="_blank">docs</a>
{{/if}}

2
meteor/client/attackers.js
Просмотреть файл

@ -709,7 +709,7 @@ if (Meteor.isClient) {
//create the character's nameplate
var acallout=$('<div class="container-fluid attackercallout"></div>');
var abuttons=$('<div class="row-fluid"/>');
if (getSetting('enableBlockIP')) {
if (isFeature('blockip')) {
abuttons.append($('<button/>',{
'class': 'blockip btn btn-danger btn-mini center',
'data-ipaddress': dbrecord.indicators[0].ipv4address,

124
meteor/client/menu.html
Просмотреть файл

@ -7,57 +7,84 @@ Copyright (c) 2014 Mozilla Corporation
<template name="menu">
<div class="container headercontainer">
<div id="header" class="row center">
<span id="nav-main">
<ul>
<li><img class="mozillalogo" src="/images/mozilla.svg" ></li>
<li><a class="mozdef" href="/" title="MOZDEF">MOZDEF</a></li>
<li> <a target="_blank" href={{mozdef.kibanaURL}}>Kibana</a>
<ul>
<li class="first">
{{#each kibanadashboards as item}}
{{>kibanaDashboardItem}}
{{/each}}
{{#if haveFeatures }}
<div id="header" class="row center">
<span id="nav-main">
<ul>
<li><img class="mozillalogo" src="/images/mozilla.svg" ></li>
<li><a class="mozdef" href="/" title="MOZDEF">MOZDEF</a></li>
{{#if isFeature "kibana"}}
<li> <a target="_blank" href={{ resolveKibanaURL mozdef.kibanaURL }}>Kibana</a>
<ul>
<li>
{{#each kibanadashboards as item}}
{{>kibanaDashboardItem}}
{{/each}}
</li>
</ul>
</li>
</ul>
</li>
<li><a href="/alerts/">Alerts</a>
<ul>
<li class="first"><a href="/watchlist">watchlist</a></li>
<li class="first"><a href="/ipblocklist">ip blocklist</a></li>
<li class="first"><a href="/fqdnblocklist">fqdn blocklist</a></li>
</ul>
</li>
<li><a href="/investigations">Investigations</a>
<ul>
<li class="first"><a href="/investigation/new/">new investigation</a></li>
</ul>
</li>
<li><a href="/incidents">Incidents</a>
<ul>
<li class="first"><a href="/incident/new/">new incident</a></li>
<li class="last"><a href="/incidents/veris/">veris stats</a></li>
</ul>
</li>
<li class="first"><a href="#">Visualizations</a>
<ul>
<li class="first"><a href="/logincounts/">logincounts</a></li>
<li><a href="/attackers">attackers</a></li>
<li class="last"><a href="/globe">globe</a></li>
</ul>
</li>
<li><a href="/about">About</a></li>
</ul>
<label>
{{#if loggingIn}}
loading
{{/if}}
{{> loginButtons align="right"}}
</label>
{{/if}}
{{#if isFeature "alerts"}}
<li><a href="/alerts/">Alerts</a>
<ul>
{{#if isFeature "watchlist"}}
<li><a href="/watchlist">watchlist</a></li>
{{/if}}
{{#if isFeature "ipblocklist"}}
<li><a href="/ipblocklist">ip blocklist</a></li>
{{/if}}
{{#if isFeature "fqdnblocklist"}}
<li><a href="/fqdnblocklist">fqdn blocklist</a></li>
{{/if}}
</ul>
</li>
{{/if}}
{{#if isFeature "investigations"}}
<li><a href="/investigations">Investigations</a>
<ul>
<li><a href="/investigation/new/">new investigation</a></li>
</ul>
</li>
{{/if}}
{{#if isFeature "incidents"}}
<li><a href="/incidents">Incidents</a>
<ul>
</span>
<li><a href="/incident/new/">new incident</a></li>
<li><a href="/incidents/veris/">veris stats</a></li>
</ul>
</li>
{{/if}}
{{#if isFeature "visualizations"}}
<li class="first"><a href="#">Visualizations</a>
<ul>
{{#if isFeature "logincounts"}}
<li><a href="/logincounts/">logincounts</a></li>
{{/if}}
{{#if isFeature "attackers"}}
<li><a href="/attackers">attackers</a></li>
{{/if}}
{{#if isFeature "globe"}}
<li><a href="/globe">globe</a></li>
{{/if}}
</ul>
</li>
{{/if}}
{{#if isFeature "about"}}
<li><a href="/about">About</a></li>
{{/if}}
</ul>
<label>
{{#if loggingIn}}
loading
{{/if}}
{{> loginButtons align="right"}}
</label>
</div>
</span>
</div>
{{/if}}
</div>
</template>
@ -66,4 +93,3 @@ Copyright (c) 2014 Mozilla Corporation
<a target=" _blank" href="{{url}}">{{name}}</a>
</li>
</template>

32
meteor/client/menu.js Normal file
Просмотреть файл

@ -0,0 +1,32 @@
import { Meteor } from 'meteor/meteor';
import { Template } from 'meteor/templating';
import { Tracker } from 'meteor/tracker'
Template.menu.rendered = function () {
Tracker.autorun(function() {
Meteor.subscribe("features");
});
};
Template.menu.helpers({
haveFeatures: function(){
//subscription has records?
return features.find().count() >0;
},
resolveKibanaURL: function(url){
// special function just for the menu
// to adjust the kibana URL if we are told to make it 'relative'
// to whatever DNS name we are running on
// i.e. pass in http://relative:9090/app/kibana
// when the running dns is something.com
// and we will set the hostname to something.com instead of 'relative'
var kibanaURL = new URL(url);
if ( kibanaURL.hostname == 'relative' ){
// we were passed something like OPTIONS_METEOR_KIBANAURL=http://relative:9090/app/kibana
// so lets figure out where we should be
dnsURL=new URL(document.URL);
kibanaURL.hostname = dnsURL.hostname;
}
return kibanaURL;
}
});

3
meteor/client/mozdef.html
Просмотреть файл

@ -59,3 +59,6 @@ Copyright (c) 2014 Mozilla Corporation
</div>
</template>
<template name='loading'>
loading...
</template>

18
meteor/client/mozdef.js
Просмотреть файл

@ -4,7 +4,7 @@ License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
Copyright (c) 2014 Mozilla Corporation
*/
import { Meteor } from 'meteor/meteor'
import { Meteor } from 'meteor/meteor';
import { Template } from 'meteor/templating';
import validator from 'validator';
import '/imports/collections.js';
@ -15,6 +15,7 @@ import PNotify from 'pnotify';
import 'pnotify/dist/pnotify.css';
import './mozdef.html';
import './menu.html';
import './menu.js';
import '/client/layout.js';
@ -150,7 +151,7 @@ if (Meteor.isClient) {
result.push({key:prefix,value: x})
}
return result
}
};
Template.hello.helpers({
greeting: function() {
@ -175,6 +176,10 @@ if (Meteor.isClient) {
}
});
UI.registerHelper('isFeature',function(featureName){
return isFeature(featureName);
});
UI.registerHelper('uiDateFormat',function(adate){
return dateFormat(adate);
});
@ -309,9 +314,12 @@ if (Meteor.isClient) {
dshielditem=$("<li><a class='ipmenu-dshield' data-ipaddress='" + iptext + "'href='#'>dshield</a></li>");
intelitem=$("<li><a class='ipmenu-intel' data-ipaddress='" + iptext + "'href='#'>ip intel</a></li>");
watchItemitem=$("<li><a class='ipmenu-watchitem' data-ipaddress='" + iptext + "'href='#'>watch</a></li>");
blockIPitem=$("<li><a class='ipmenu-blockip' data-ipaddress='" + iptext + "'href='#'>block</a></li>");
ipmenu.append(copyitem,whoisitem,dshielditem,intelitem,blockIPitem);
if ( isFeature('blockip') ){
blockIPitem=$("<li><a class='ipmenu-blockip' data-ipaddress='" + iptext + "'href='#'>block</a></li>");
}else{
blockIPitem=$();
}
ipmenu.append(copyitem,whoisitem,dshielditem,intelitem,watchItemitem,blockIPitem);
$(this).parent().parent().append(ipmenu);
});

11
meteor/client/router.js
Просмотреть файл

@ -4,14 +4,19 @@ License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
Copyright (c) 2014 Mozilla Corporation
*/
import { Meteor } from 'meteor/meteor';
Router.configure({
// the default layout
layoutTemplate: 'layout',
// ensure we have settings
loadingTemplate: 'loading',
waitOn: function() {
return Meteor.subscribe('mozdefsettings')
}
return [
Meteor.subscribe('features'),
Meteor.subscribe('mozdefsettings')
];
}
});
Router.map(function () {

154
meteor/imports/collections.js
Просмотреть файл

@ -10,6 +10,7 @@ import uuid from "uuid";
//collections shared by client/server
Meteor.startup(() => {
mozdefsettings = new Meteor.Collection("mozdefsettings");
features = new Meteor.Collection("features");
events = new Meteor.Collection("events");
alerts = new Meteor.Collection("alerts");
investigations = new Meteor.Collection("investigations");
@ -34,7 +35,9 @@ Meteor.startup(() => {
Meteor.publish("mozdefsettings",function(){
return mozdefsettings.find();
});
Meteor.publish("features",function(){
return features.find();
});
Meteor.publish("alerts-summary", function (searchregex,timeperiod,recordlimit) {
//tail the last 100 records by default
@ -277,102 +280,104 @@ Meteor.startup(() => {
return fqdnblocklist.find({},{limit:0});
})
Meteor.publish("watchlist", function () {
return watchlist.find({},{limit:0});
})
//access rules from clients
//barebones to allow you to specify rules
//access rules from clients
//barebones to allow you to specify rules
incidents.allow({
insert: function (userId, doc) {
// the user must be logged in
return (userId);
},
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
},
remove: function (userId, doc) {
// can only remove one's own indicents
return doc.creator === Meteor.user().profile.email;
},
fetch: ['creator']
incidents.allow({
insert: function (userId, doc) {
// the user must be logged in
return (userId);
},
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
},
remove: function (userId, doc) {
// can only remove one's own indicents
return doc.creator === Meteor.user().profile.email;
},
fetch: ['creator']
});
attackers.allow({
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
}
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
}
});
alerts.allow({
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
}
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
}
});
investigations.allow({
insert: function (userId, doc) {
// the user must be logged in
return (userId);
},
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
},
remove: function (userId, doc) {
// can only remove one's own items
return doc.creator === Meteor.user().profile.email;
insert: function (userId, doc) {
// the user must be logged in
return (userId);
},
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
},
remove: function (userId, doc) {
// can only remove one's own items
return doc.creator === Meteor.user().profile.email;
},
fetch: ['creator']
});
userActivity.allow({
insert: function (userId, doc) {
// the user must be logged in
return (userId);
},
remove: function (userId, doc) {
// can only remove one's own items
return doc.userId === Meteor.user().profile.email;
},
insert: function (userId, doc) {
// the user must be logged in
return (userId);
},
remove: function (userId, doc) {
// can only remove one's own items
return doc.userId === Meteor.user().profile.email;
},
});
ipblocklist.allow({
insert: function (userId, doc) {
// the user must be logged in
return (userId);
},
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
},
remove: function (userId, doc) {
// the user must be logged in
return (userId);
},
fetch: ['creator']
insert: function (userId, doc) {
// the user must be logged in
return (userId);
},
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
},
remove: function (userId, doc) {
// the user must be logged in
return (userId);
},
fetch: ['creator']
});
fqdnblocklist.allow({
insert: function (userId, doc) {
// the user must be logged in
return (userId);
},
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
},
remove: function (userId, doc) {
// the user must be logged in
return (userId);
},
fetch: ['creator']
insert: function (userId, doc) {
// the user must be logged in
return (userId);
},
update: function (userId, doc, fields, modifier) {
// the user must be logged in
return (userId);
},
remove: function (userId, doc) {
// the user must be logged in
return (userId);
},
fetch: ['creator']
});
watchlist.allow({
insert: function (userId, doc) {
// the user must be logged in
@ -388,6 +393,13 @@ Meteor.startup(() => {
},
fetch: ['creator']
});
// since we store email from oidc calls in the profile
// deny updates to the profile which is writeable by default
// https://docs.meteor.com/api/accounts.html#Meteor-users
Meteor.users.deny({ update: () => true });
};
if (Meteor.isClient) {
@ -403,7 +415,7 @@ Meteor.startup(() => {
// based on how enableClientAccountCreation was set at deployment.
Meteor.login();
});
Meteor.subscribe("features");
alertsCount = new Meteor.Collection("alerts-count",options);
//client-side subscriptions to low volume collections
Meteor.subscribe("veris");

8
meteor/imports/helpers.js
Просмотреть файл

@ -23,3 +23,11 @@ getSetting=function (settingKey){
}
};
isFeature = function(featureName){
if ( features.findOne({'name':featureName}) ){
return features.findOne({'name':featureName}).enabled;
}else{
return true;
}
};

8
meteor/imports/models.js
Просмотреть файл

@ -177,5 +177,13 @@ models={
'dateCreated': today
};
},
feature: function(){
return {
'_id': uuid(),
'name':'',
'url':'',
'enabled':true
};
},
};

17
meteor/imports/settings.js
Просмотреть файл

@ -5,16 +5,25 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
Copyright (c) 2017 Mozilla Corporation
*/
// declare truthy sanity
var trueValues = ['1', 1, 'true', true, 'yes','yup','certainly','always'];
var falseValues = ['0', 0, 'false', false, 'no', undefined, null,'nope','never'];
//configuration settings
if (Meteor.isServer) {
// Figure out truthiness of the desire to enable Client Account Creation.
// This allows for env override of default true value
// with anything that is in the falseValues list above.
// If env variable isn't set, it's undefined and will || true as the default
var allowAccountCreation= new Boolean(!falseValues.includes( (process.env.OPTIONS_METEOR_ENABLECLIENTACCOUNTCREATION || true ))).valueOf()
mozdef = {
rootURL: process.env.OPTIONS_METEOR_ROOTURL || "http://localhost",
port: process.env.OPTIONS_METEOR_PORT || "80",
rootAPI: process.env.OPTIONS_METEOR_ROOTAPI || "http://rest:8081",
kibanaURL: process.env.OPTIONS_METEOR_KIBANAURL || "http://localhost:9090/app/kibana#",
enableBlockIP: process.env.OPTIONS_METEOR_ENABLEBLOCKIP || true,
enableClientAccountCreation: process.env.OPTIONS_METEOR_ENABLECLIENTACCOUNTCREATION || true,
authenticationType: process.env.OPTIONS_METEOR_AUTHENTICATIONTYPE || "meteor-password"
kibanaURL: process.env.OPTIONS_METEOR_KIBANAURL || "http://localhost:9090/app/kibana",
enableClientAccountCreation: allowAccountCreation,
authenticationType: process.env.OPTIONS_METEOR_AUTHENTICATIONTYPE || "meteor-password",
removeFeatures: process.env.OPTIONS_REMOVE_FEATURES || ""
}
// send these settings to the client via the Meteor.settings.public

12
meteor/private/features.txt Normal file
Просмотреть файл

@ -0,0 +1,12 @@
kibana /kibana
alerts /alerts
ipblocklist /ipblocklist
fqdnblocklist /fqdnblocklist
investigations /investigations
incidents /incidents
visualizations /visualizations
logincounts /logincounts
attackers /attackers
globe /globe
about /about
blockip /blockip

44
meteor/server/mozdef.js
Просмотреть файл

@ -5,6 +5,7 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
Copyright (c) 2014 Mozilla Corporation
*/
import { Meteor } from 'meteor/meteor';
import '/imports/models.js';
if (Meteor.isServer) {
@ -20,6 +21,25 @@ if (Meteor.isServer) {
// set to what the browser thinks you are coming from (i.e. localhost, or actual servername)
Meteor.absoluteUrl.defaultOptions.rootUrl = mozdef.rootURL + ':' + mozdef.port
// figure out what features are enabled
console.log("updating features");
features.remove({});
var featuresFile = Assets.getText("features.txt");
var featuresObject = featuresFile.split("\n");
var featuresRemoved = mozdef.removeFeatures.split(',').map(function(item) {
return item.trim();
});
console.log(featuresRemoved);
featuresObject.forEach(function (featureItem) {
feature = models.feature();
feature.name = featureItem.split(" ")[0];
feature.url = featureItem.split(" ")[1]
if ( featuresRemoved.includes(feature.name) ){
feature.enabled=false;
}
features.insert(feature);
});
console.log('settings', mozdef);
// in addition to the Meteor.settings we use put deployment
// settings in settings.js to make it easier to deploy
// and to allow clients to get access to deployment-specific settings.
@ -43,30 +63,26 @@ if (Meteor.isServer) {
key: 'kibanaURL',
value: mozdef.kibanaURL
});
mozdefsettings.insert({
key: 'enableBlockIP',
value: mozdef.enableBlockIP
});
mozdefsettings.insert({
key: 'authenticationType',
value: mozdef.authenticationType
});
//allow local account creation?
//http://docs.meteor.com/#/full/accounts_config
var enableClientAccountCreation = !!(mozdef.enableClientAccountCreation || false);
Accounts._options.enableClientAccountCreation = enableClientAccountCreation;
mozdefsettings.insert({
key: 'enableClientAccountCreation',
value: enableClientAccountCreation
value: mozdef.enableClientAccountCreation
});
// allow local account creation?
// http://docs.meteor.com/#/full/accounts_config
// https://docs.meteor.com/api/accounts-multi.html#AccountsCommon-config
// https://github.com/meteor/meteor/blob/master/packages/accounts-base/accounts_common.js#L124
// newer meteor uses a key of forbidClientAccountCreation, so
// we negate the enableClientAccountCreation mozdef setting
Accounts._options.forbidClientAccountCreation = !enableClientAccountCreation;
// we invert the enableClientAccountCreation mozdef setting
Accounts._options.forbidClientAccountCreation = !mozdef.enableClientAccountCreation;
mozdefsettings.insert({
key: 'forbidClientAccountCreation',
value: !!!enableClientAccountCreation
value: !mozdef.enableClientAccountCreation
});
registerLoginMethod();
@ -119,6 +135,9 @@ function registerLoginViaPassword() {
if (typeof (email) === "undefined") {
console.log("User Email address not defined.")
return user;
}else{
// set the username to the primary email
user.username=email;
}
if (typeof (user.profile) === "undefined") {
@ -136,6 +155,7 @@ function registerLoginViaPassword() {
// set any other profile information here.
return user
});
}

1
rest/index.conf
Просмотреть файл

@ -1,6 +1,5 @@
[options]
kibanaurl=http://localhost:9090/app/kibana
esservers=http://localhost:9200
enableBlockIP=True
mongoport=3002
listen_host=0.0.0.0