зеркало из https://github.com/mozilla/mig.git
87 строки
2.7 KiB
HTML
87 строки
2.7 KiB
HTML
<!DOCTYPE html>
|
||
<html>
|
||
<head>
|
||
<meta charset="utf-8" />
|
||
<link href="docstyle.css" rel="stylesheet" />
|
||
<title>Mozilla InvestiGator: MozDef Asset Worker</title>
|
||
<meta content="Julien Vehent <jvehent@mozilla.com>" name="author" />
|
||
</head>
|
||
<body>
|
||
<h1>Mozilla InvestiGator: MozDef Asset Worker</h1>
|
||
<aside class="topic contents" id="table-of-contents">
|
||
<h1>Table of Contents</h1>
|
||
<ul class="auto-toc">
|
||
<li>
|
||
<p><a href="#configuration">1 Configuration</a></p>
|
||
<ul class="auto-toc">
|
||
<li><a href="#upstart">1.1 Upstart</a></li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
</aside>
|
||
<p>The MozDef Asset Worker in a separate program that listens for event about agents that newly joined the platform, and create asset hints that are published to MozDef. This worker serves a very specific purpose in the collection of asset data performed by Mozilla OpSec. It may not be very useful to anyone else.</p>
|
||
<section id="configuration">
|
||
<h2>1 Configuration</h2>
|
||
<p>This worker retrieves agents hearbeats in the MIG Agent format from the MIG Relay, transforms them into Asset Hints, and publishes them to some other rabbitmq endpoint when MozDef will retrieve them.</p>
|
||
<pre><code class="">; mozdef rabbitmq endpoint
|
||
[mozdef]
|
||
host = "mozdef.rabbitmq.example.net"
|
||
port = 5671
|
||
user = "migassetworker"
|
||
pass = "secretpassphrase"
|
||
vhost = "mozdef"
|
||
exchange = "eventtask"
|
||
routingkey = "eventtask"
|
||
usetls = true
|
||
cacertpath = "/etc/certs/ca.crt"
|
||
clientcertpath = "/etc/certs/migassetworker.crt"
|
||
clientkeypath = "/etc/certs/migassetworker.key"
|
||
timeout = "10s"
|
||
|
||
; mig rabbitmq endpoint
|
||
[mq]
|
||
host = "hostname.mig.relay.example.net"
|
||
port = 5671
|
||
user = "migworker"
|
||
pass = "somepassphrase"
|
||
vhost = "mig"
|
||
usetls = true
|
||
cacert = "/path/to/ca.crt"
|
||
tlscert = "/path/to/client.crt"
|
||
tlskey = "/path/to/client.key"
|
||
timeout = "10s"
|
||
|
||
[logging]
|
||
mode = "syslog" ; stdout | file | syslog
|
||
level = "info" ; debug | info | warning | error | critical
|
||
host = "localhost"
|
||
port = 514
|
||
protocol = "udp"</code></pre>
|
||
<section id="upstart">
|
||
<h3>1.1 Upstart</h3>
|
||
<pre><code class=""># Mozilla InvestiGator MozDef Asset Worker
|
||
|
||
description "MIG MozDef Asset Worker"
|
||
|
||
start on filesystem or runlevel [2345]
|
||
stop on runlevel [!2345]
|
||
|
||
setuid mig
|
||
limit nofile 640000 640000
|
||
|
||
respawn
|
||
respawn limit 10 5
|
||
umask 022
|
||
|
||
console none
|
||
|
||
pre-start script
|
||
test /opt/mig_mozdef_asset_worker || { stop; exit 0; }
|
||
end script
|
||
|
||
# Start
|
||
exec /opt/mig_mozdef_asset_worker</code></pre>
|
||
</section>
|
||
</section>
|
||
</body>
|
||
</html> |