Vielen Dank für Ihre Registrierung für die {{ app_name }}.
6 | 7 | {% if confirm_email_link -%} 8 |Für die Nutzung ist die Bestätigung Ihrer E-Mail-Adresse notwendig.
9 | 10 |Wenn Sie diese Registrierung initiiert haben, dann klicken Sie auf den nachstehenden Link
11 | E-Mail-Adresse bestätigen.
Falls Sie diese Registrierung nicht initiiert haben, können Sie diese E-Mail ignorieren.
14 | {%- endif %} 15 | 16 | {% endblock %} -------------------------------------------------------------------------------- /docker/core4s/scripts/Automation/score_calculation/res/social_media.query.json: -------------------------------------------------------------------------------- 1 | { 2 | "query": { 3 | "bool": { 4 | "must": [ 5 | { 6 | "term": { 7 | "alert.category.keyword": "Social Media Alerts by 4sConsult" 8 | } 9 | }, 10 | { 11 | "range": { 12 | "@timestamp": { 13 | "gte": "now-1d/d", 14 | "lte": "now" 15 | } 16 | } 17 | } 18 | ] 19 | } 20 | } 21 | } 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /docker/web/migrations/script.py.mako: -------------------------------------------------------------------------------- 1 | """${message} 2 | 3 | Revision ID: ${up_revision} 4 | Revises: ${down_revision | comma,n} 5 | Create Date: ${create_date} 6 | 7 | """ 8 | from alembic import op 9 | import sqlalchemy as sa 10 | ${imports if imports else ""} 11 | 12 | # revision identifiers, used by Alembic. 13 | revision = ${repr(up_revision)} 14 | down_revision = ${repr(down_revision)} 15 | branch_labels = ${repr(branch_labels)} 16 | depends_on = ${repr(depends_on)} 17 | 18 | 19 | def upgrade(): 20 | """Upgrade to migration.""" 21 | ${upgrades if upgrades else "pass"} 22 | 23 | 24 | def downgrade(): 25 | """Downgrade to migration.""" 26 | ${downgrades if downgrades else "pass"} 27 | -------------------------------------------------------------------------------- /docker/web/source/templates/application/alert_spike.yaml.j2: -------------------------------------------------------------------------------- 1 | {% extends ./alert_base.yaml.j2 %} 2 | 3 | # (Required, spike specific) 4 | # The size of the window used to determine average event frequency 5 | # We use two sliding windows each of size timeframe 6 | # To measure the 'reference' rate and the current rate 7 | timeframe: 8 | hours: 2 9 | 10 | # (Required, spike specific) 11 | # The spike rule matches when the current window contains spike_height times more 12 | # events than the reference window 13 | spike_height: 3 14 | 15 | # (Required, spike specific) 16 | # The direction of the spike 17 | # 'up' matches only spikes, 'down' matches only troughs 18 | # 'both' matches both spikes and troughs 19 | spike_type: "up" 20 | 21 | -------------------------------------------------------------------------------- /docker/web/source/wizard/templates/logstash/system.jinja2: -------------------------------------------------------------------------------- 1 | {% for s in systems %} 2 | if [source][ip] == "{{s.ip_address}}" 3 | { 4 | mutate { 5 | add_field => {"[soure][host][name]" => "{{s.name}}" } 6 | {% for t in s.types %} 7 | add_field => {"[soure][host][type]" => "{{t.name}}" } 8 | {% endfor %} 9 | } 10 | } 11 | if [destination][ip] == "{{s.ip_address}}" 12 | { 13 | mutate { 14 | add_field => {"[destination][host][name]" => "{{s.name}}" } 15 | {% for t in s.types %} 16 | add_field => {"[destination][host][type]" => "{{t.name}}" } 17 | {% endfor %} 18 | } 19 | } 20 | {% endfor %} 21 | -------------------------------------------------------------------------------- /docker/suricata/scripts/update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Move Own rules to correct folder - Only do if folder not empty 4 | if find /root/var_lib -mindepth 1 | read; then 5 | mv -f /root/var_lib/* /var/lib/suricata/rules 6 | fi 7 | 8 | suricata-update update-sources 9 | suricata-update enable-source et/open 10 | suricata-update enable-source oisf/trafficid 11 | suricata-update enable-source ptresearch/attackdetection 12 | suricata-update enable-source sslbl/ssl-fp-blacklist 13 | suricata-update enable-source etnetera/aggressive 14 | suricata-update enable-source tgreen/hunting 15 | suricata-update 16 | 17 | # If this is not during install, reload the rules 18 | if [ -z "$1" ]; then 19 | suricatasc -c ruleset-reload-nonblocking; 20 | fi 21 | -------------------------------------------------------------------------------- /docker/core4s/scripts/Automation/resourceupdate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Updating ASN 3 | /bin/bash /core4s/scripts/Automation/ASN_update.sh 4 | 5 | # Updating Geo-IP 6 | source /core4s/config/secrets/secrets.conf 7 | cd /tmp/ 8 | curl -sL "https://www.ip2location.com/download/?token=$IP2TOKEN&file=DB5LITEBIN" -o IP2LOCATION-LITE-DB5.BIN.zip 9 | curl -sL "https://www.ip2location.com/download/?token=$IP2TOKEN&file=DB5LITEBINIPV6" -o IP2LOCATION-LITE-DB5.IPV6.BIN.zip 10 | unzip -o IP2LOCATION-LITE-DB5.BIN.zip 11 | mv -f IP2LOCATION-LITE-DB5.BIN /core4s/workfolder/var/lib/box4s/IP2LOCATION-LITE-DB5.BIN 12 | unzip -o IP2LOCATION-LITE-DB5.IPV6.BIN.zip 13 | mv -f IP2LOCATION-LITE-DB5.IPV6.BIN /core4s/workfolder/var/lib/box4s/IP2LOCATION-LITE-DB5.IPV6.BIN 14 | -------------------------------------------------------------------------------- /docker/core4s/scripts/Automation/score_calculation/res/index_settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "settings": { 3 | "number_of_shards": 1 4 | }, 5 | "mappings": { 6 | "properties": { 7 | "score_type": { 8 | "type": "text" 9 | }, 10 | "rules": { 11 | "properties" : { 12 | "text":{ 13 | "type": "keyword" 14 | }, 15 | "weight":{ 16 | "type": "float" 17 | } 18 | } 19 | }, 20 | "value": { 21 | "type": "float" 22 | }, 23 | "timestamp": { 24 | "type": "date", 25 | "format": "epoch_millis" 26 | } 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /docker/web/migrations/versions/d995a93c3a9c_box4s_dhcp_col.py: -------------------------------------------------------------------------------- 1 | """BOX4s: DHCP col 2 | 3 | Revision ID: d995a93c3a9c 4 | Revises: a59fffda1b70 5 | Create Date: 2020-10-30 07:24:16.155013 6 | 7 | """ 8 | from alembic import op 9 | import sqlalchemy as sa 10 | from sqlalchemy.dialects import postgresql 11 | 12 | # revision identifiers, used by Alembic. 13 | revision = 'd995a93c3a9c' 14 | down_revision = 'a59fffda1b70' 15 | branch_labels = None 16 | depends_on = None 17 | 18 | 19 | def upgrade(): 20 | """Upgrade to migration.""" 21 | op.add_column('box4security', sa.Column('dhcp_enabled', sa.Boolean(), nullable=True)) 22 | 23 | 24 | def downgrade(): 25 | """Downgrade to migration.""" 26 | op.drop_column('box4security', 'dhcp_enabled') 27 | -------------------------------------------------------------------------------- /docker/db/sql/uniquevulns.sql: -------------------------------------------------------------------------------- 1 | CREATE SEQUENCE public.uniquevulns_vul_id_seq 2 | INCREMENT 1 3 | START 27275 4 | MINVALUE 1 5 | MAXVALUE 2147483647 6 | CACHE 1; 7 | ALTER SEQUENCE public.uniquevulns_vul_id_seq 8 | OWNER TO postgres; 9 | CREATE TABLE public.uniquevulns 10 | ( 11 | vul_id integer NOT NULL DEFAULT nextval('uniquevulns_vul_id_seq'::regclass), 12 | uniqueidentifier character varying(50) COLLATE pg_catalog."default" NOT NULL, 13 | CONSTRAINT uniquevulns_pkey PRIMARY KEY (vul_id), 14 | CONSTRAINT uniquevulns_uniqueidentifier_key UNIQUE (uniqueidentifier) 15 | 16 | ) 17 | WITH ( 18 | OIDS = FALSE 19 | ) 20 | TABLESPACE pg_default; 21 | 22 | ALTER TABLE public.uniquevulns 23 | OWNER to postgres; 24 | -------------------------------------------------------------------------------- /docker/metricbeat/etc/modules.d/docker.yml: -------------------------------------------------------------------------------- 1 | # Module: docker 2 | # Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.6/metricbeat-module-docker.html 3 | 4 | - module: docker 5 | metricsets: 6 | - container 7 | - cpu 8 | - diskio 9 | - event 10 | - healthcheck 11 | - info 12 | - memory 13 | - network 14 | period: 15s 15 | hosts: ["unix:///var/run/docker.sock"] 16 | 17 | # If set to true, replace dots in labels with `_`. 18 | #labels.dedot: false 19 | 20 | # To connect to Docker over TLS you must specify a client and CA certificate. 21 | #ssl: 22 | #certificate_authority: "/etc/pki/root/ca.pem" 23 | #certificate: "/etc/pki/client/cert.pem" 24 | #key: "/etc/pki/client/cert.key" -------------------------------------------------------------------------------- /docker/web/source/wizard/templates/wizard/verify_progress.html: -------------------------------------------------------------------------------- 1 | {% extends "wizard/base.html" %} 2 | {% block content %} 3 |
4 |
5 |
6 |
7 |
11 |
12 | {% endblock %}
13 | {% block scripts %}
14 |
19 | {% endblock %}
20 |
--------------------------------------------------------------------------------
/scripts/1stLevelRepair/repair_restart.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | # Log file to use
4 | # Create path if allowed or do NOP
5 | mkdir -p /var/log/box4s/1stLevelRepair || :
6 | LOG_DIR="/var/log/box4s/1stLevelRepair"
7 | if [[ ! -w $LOG_DIR ]]; then
8 | LOG_DIR="$HOME"
9 | fi
10 |
11 | LOG=$LOG_DIR/restart_service.log
12 |
13 | # Do not use interactive debian frontend.
14 | export DEBIAN_FRONTEND=noninteractive
15 |
16 | # Forward fd2 to the console
17 | # exec 2>&1
18 | # Forward fd1 to $LOG
19 | exec 2>&1 1>>${LOG}
20 | echo -n "Stopping BOX4security Service.. " 1>&2
21 | sudo systemctl stop box4security.service
22 | echo "[ DONE ]" 1>&2
23 | echo -n "Starting BOX4security Service.. " 1>&2
24 | sudo systemctl start box4security.service
25 | echo "[ DONE ]" 1>&2
26 |
--------------------------------------------------------------------------------
/docker/logstash/etc/conf.d/inputs/input_pipelines.conf:
--------------------------------------------------------------------------------
1 | input {
2 | # Localhost Beats-Interface
3 | beats {
4 | id => "input_beats"
5 | client_inactivity_timeout => 180
6 | host => "127.0.0.1"
7 | port => "5044"
8 | # we dismiss ssl for transport on same machine
9 | #ssl => true
10 | #ssl_certificate => "/etc/logstash/LogstashNode.crt"
11 | #ssl_key => "/etc/logstash/LogstashNode.key"
12 | }
13 | }
14 | # Beats-Interface für andere Hosts
15 | #beats {
16 | # host =>
17 | #port => "5046"
18 | # we dismiss ssl for transport on same machine
19 | #ssl => true
20 | #ssl_certificate => "/etc/logstash/LogstashNode.crt"
21 | #ssl_key => "/etc/logstash/LogstashNode.key"
22 | #
23 | output {
24 | if [id] == "input_beats" {
25 | pipeline { send_to => beats_pipe }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/docker/wazuh/config/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
3 |
4 | # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
5 | for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
6 | bash "$script"
7 |
8 | done
9 |
10 | ##############################################################################
11 | # Start Wazuh Server.
12 | ##############################################################################
13 | # use agent password
14 | sed -i 's/5 | Verwenden Sie zum Einloggen bitte:
6 |
| E-Mail: | 9 |{{ user.email }} | 10 |
| Passwort: | 13 |{{ user_pass }} | 14 |
17 | 18 | Bitte beachten Sie, dass sich bei dem Kennwort um ein automatisch generiertes Kennwort handelt. Sie sollten dieses so schnell wie möglich ändern. 19 | Eine Änderung ist hier möglich: BOX4security: Passwort ändern 20 | {% endblock %} 21 | -------------------------------------------------------------------------------- /docker/web/migrations/versions/6845bca64bc8_.py: -------------------------------------------------------------------------------- 1 | """Wiki 2 | 3 | Revision ID: 6845bca64bc8 4 | Revises: 1d03ea9e33bd 5 | Create Date: 2020-05-18 10:22:11.938319 6 | 7 | """ 8 | from alembic import op 9 | import sqlalchemy as sa 10 | from sqlalchemy.dialects import postgresql 11 | from source.models import Role 12 | 13 | # revision identifiers, used by Alembic. 14 | revision = '6845bca64bc8' 15 | down_revision = '1d03ea9e33bd' 16 | branch_labels = None 17 | depends_on = None 18 | 19 | 20 | def upgrade(): 21 | """Upgrade to migration.""" 22 | op.bulk_insert(Role.__table__, 23 | [ 24 | {'id': 11, 'name': 'Wiki', 'description': 'Freigabe für die Dokumentation'}, 25 | ]) 26 | 27 | 28 | def downgrade(): 29 | """Downgrade to migration.""" 30 | op.execute('DELETE FROM "role" WHERE id=11') 31 | -------------------------------------------------------------------------------- /docker/core4s/scripts/Automation/score_calculation/res/cvss_buckets.query.json: -------------------------------------------------------------------------------- 1 | { 2 | "query": { 3 | "range": { 4 | "@timestamp": { 5 | "gte": "now-7d/d", 6 | "lt": "now" 7 | } 8 | } 9 | }, 10 | "size": 0, 11 | "aggs": 12 | { 13 | "cvss": { 14 | "range": { 15 | "field": "cvss", 16 | "ranges": [ 17 | { "key": "critical" , "from": 7.5 }, 18 | { "key": "high" , "from": 5, "to": 7.5 }, 19 | { "key": "medium" , "from": 2.5, "to": 5 }, 20 | { "key": "low" , "to": 2.5 } 21 | ] 22 | }, 23 | "aggs": { 24 | "cvssUniqueVul": { 25 | "cardinality": {"field": "uniqueVul.keyword" } 26 | } 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /docker/web/migrations/versions/9f79000ab53d_add_alerts.py: -------------------------------------------------------------------------------- 1 | """Add Alerts 2 | 3 | Revision ID: 9f79000ab53d 4 | Revises: 6845bca64bc8 5 | Create Date: 2020-06-19 14:51:24.689902 6 | 7 | """ 8 | from alembic import op 9 | import sqlalchemy as sa 10 | from sqlalchemy.dialects import postgresql 11 | from source.models import Role 12 | 13 | # revision identifiers, used by Alembic. 14 | revision = '9f79000ab53d' 15 | down_revision = '6845bca64bc8' 16 | branch_labels = None 17 | depends_on = None 18 | 19 | 20 | def upgrade(): 21 | """Upgrade to migration.""" 22 | op.bulk_insert(Role.__table__, 23 | [ 24 | {'id': 12, 'name': 'Alerts', 'description': 'Kontrolle der Alarmierungen'}, 25 | ]) 26 | 27 | 28 | def downgrade(): 29 | """Downgrade to migration.""" 30 | op.execute('DELETE FROM "role" WHERE id=12') 31 | -------------------------------------------------------------------------------- /docker/web/source/templates/user_base.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | {% block content %} 3 |
4 | {# One-time system messages called Flash messages #}
5 | {% block flash_messages %}
6 | {%- with messages = get_flashed_messages(with_categories=true) -%}
7 | {% if messages %}
8 | {% for category, message in messages %}
9 |
10 | {% endfor %}
11 | {% endif %}
12 | {%- endwith %}
13 | {% endblock %}
14 | {% block user %}{% endblock %}
15 | {% endblock %}
16 |
17 | {% block scripts %}
18 |
22 | {% endblock %}
23 |
--------------------------------------------------------------------------------
/docker/web/migrations/versions/c2bdbad3c958_network_system_rel.py:
--------------------------------------------------------------------------------
1 | """Relation Network <-> Systems
2 |
3 | Revision ID: c2bdbad3c958
4 | Revises: b1685fc5f49c
5 | Create Date: 2020-10-27 08:26:08.007801
6 |
7 | """
8 | from alembic import op
9 | import sqlalchemy as sa
10 | from sqlalchemy.dialects import postgresql
11 |
12 | # revision identifiers, used by Alembic.
13 | revision = 'c2bdbad3c958'
14 | down_revision = 'b1685fc5f49c'
15 | branch_labels = None
16 | depends_on = None
17 |
18 |
19 | def upgrade():
20 | """Upgrade to migration."""
21 | op.add_column('system', sa.Column('network_id', sa.Integer(), nullable=True))
22 | op.create_foreign_key(None, 'system', 'network', ['network_id'], ['id'])
23 |
24 |
25 | def downgrade():
26 | """Downgrade to migration."""
27 | op.drop_constraint(None, 'system', type_='foreignkey')
28 | op.drop_column('system', 'network_id')
29 |
--------------------------------------------------------------------------------
/docker/metricbeat/etc/modules.d/system.yml:
--------------------------------------------------------------------------------
1 | # Module: system
2 | # Docs: https://www.elastic.co/guide/en/beats/metricbeat/6.4/metricbeat-module-system.html
3 |
4 | - module: system
5 | period: 30s
6 | metricsets:
7 | - cpu
8 | - load
9 | - memory
10 | - network
11 | - process
12 | - process_summary
13 | - socket_summary
14 | - core
15 | - diskio
16 | - socket
17 | cpu.metrics: [normalized_percentages]
18 | process.include_top_n:
19 | by_cpu: 5 # include top 5 processes by CPU
20 | by_memory: 5 # include top 5 processes by memory
21 |
22 | - module: system
23 | period: 1m
24 | metricsets:
25 | - filesystem
26 | - fsstat
27 | processors:
28 | - drop_event.when.regexp:
29 | system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'
30 |
31 | - module: system
32 | period: 5m
33 | metricsets:
34 | - uptime
35 |
--------------------------------------------------------------------------------
/docker/web/migrations/versions/96cfbddbc495_add_role_config.py:
--------------------------------------------------------------------------------
1 | """Add Role 'Config'
2 |
3 | Revision ID: 96cfbddbc495
4 | Revises: 9f79000ab53d
5 | Create Date: 2020-07-17 12:23:24.189549
6 |
7 | """
8 | from alembic import op
9 | import sqlalchemy as sa
10 | from sqlalchemy.dialects import postgresql
11 | from source.models import Role
12 |
13 | # revision identifiers, used by Alembic.
14 | revision = '96cfbddbc495'
15 | down_revision = '9f79000ab53d'
16 | branch_labels = None
17 | depends_on = None
18 |
19 |
20 | def upgrade():
21 | """Upgrade to migration."""
22 | op.bulk_insert(Role.__table__,
23 | [
24 | {'id': 13, 'name': 'Config', 'description': 'Einsicht und Bearbeiten der BOX4s-Konfiguration'},
25 | ])
26 |
27 |
28 | def downgrade():
29 | """Downgrade to migration."""
30 | op.execute('DELETE FROM "role" WHERE id=13')
31 |
--------------------------------------------------------------------------------
/docker/web/migrations/versions/045ed1db87f6_.py:
--------------------------------------------------------------------------------
1 | """empty message
2 |
3 | Revision ID: 045ed1db87f6
4 | Revises: 56e9b3f51ec8
5 | Create Date: 2020-04-22 07:57:41.568929
6 |
7 | """
8 | from alembic import op
9 | import sqlalchemy as sa
10 | from sqlalchemy.dialects import postgresql
11 |
12 | # revision identifiers, used by Alembic.
13 | revision = '045ed1db87f6'
14 | down_revision = '56e9b3f51ec8'
15 | branch_labels = None
16 | depends_on = None
17 |
18 |
19 | def upgrade():
20 | """Upgrade to migration."""
21 | # ### commands auto generated by Alembic - please adjust! ###
22 | op.add_column('role', sa.Column('description', sa.String(length=255), nullable=True))
23 |
24 |
25 | def downgrade():
26 | """Downgrade to migration."""
27 | op.drop_column('role', 'description')
28 | # ### commands auto generated by Alembic - please adjust! ###
29 |
30 | # ### end Alembic commands ###
31 |
--------------------------------------------------------------------------------
/docker/web/source/templates/application/alert_base.yaml.j2:
--------------------------------------------------------------------------------
1 | # Elasticsearch host
2 | es_host: elasticsearch
3 |
4 | # Elasticsearch port
5 | es_port: 9200
6 |
7 | # Rule name, must be unique
8 | name: {{alert.name}}
9 |
10 | # Type of rule
11 | type: {{alert.type}}
12 |
13 | # Index to search, wildcard supported
14 | index: {{alert.index}}
15 |
16 | # A list of Elasticsearch filters used for find events
17 | # These filters are joined with AND and nested in a filtered query
18 | # For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html
19 | filter:
20 | {% for query in alert.queries %}
21 | - query:
22 | query_string:
23 | query: "{{query.field}}: {{query.value}}"
24 | {% endfor %}
25 |
26 |
27 | # The alert is used when a match is found
28 | alert:
29 | - "email"
30 |
31 | # a list of email addresses to send alerts to
32 | email:
33 | - "box@4sconsult.de"
34 |
--------------------------------------------------------------------------------
/docker/core4s/scripts/Automation/score_calculation/install_index.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | DIR=$(echo "/core4s/scripts/Automation/score_calculation")
4 |
5 | echo "Install the 'scores' index"
6 | # Delete an old index, which might exist, so there is no conflict
7 | curl -s -X DELETE http://elasticsearch:9200/scores > /dev/null
8 | # Create a new index called 'scores' with specific settings configured in index_settings.json.
9 | # Also apply a specific mapping, so everything stays the same all the time
10 | curl -s -H "Content-type: application/json" -X PUT http://elasticsearch:9200/scores --data-binary @$DIR/res/index_settings.json
11 | curl -s -H "Content-type: application/json" -X PUT http://elasticsearch:9200/scores/_mapping --data-binary @$DIR/res/index_mapping.json
12 |
13 | # Create an suricata index of the current month. score calculation will fail without an existing index.
14 | curl -sLkX PUT elasticsearch:9200/suricata-$(date +%Y.%m) > /dev/null
15 |
--------------------------------------------------------------------------------
/docker/logstash/etc/conf.d/inputs/basic_input.conf:
--------------------------------------------------------------------------------
1 | input {
2 | # Localhost Beats-Interface
3 | beats {
4 | id => "input_beats"
5 | client_inactivity_timeout => 180
6 | host => "127.0.0.1"
7 | port => "5044"
8 | # we dismiss ssl for transport on same machine
9 | #ssl => true
10 | #ssl_certificate => "/etc/logstash/LogstashNode.crt"
11 | #ssl_key => "/etc/logstash/LogstashNode.key"
12 | }
13 | }
14 | # Beats-Interface für andere Hosts
15 | #beats {
16 | # host =>
17 | #port => "5046"
18 | # we dismiss ssl for transport on same machine
19 | #ssl => true
20 | #ssl_certificate => "/etc/logstash/LogstashNode.crt"
21 | #ssl_key => "/etc/logstash/LogstashNode.key"
22 | #
23 | #output {
24 | #[ if [event][type] == "suricata" {
25 | # pipeline { send_to => suricata_pipe }
26 | #}else
27 | # pipeline { send_to => beats_pipe }
28 | #}
29 | #
30 |
31 | # Seti Logstash 6.2
32 | filter {
33 | mutate {
34 | remove_field => [ "host" ]
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/docker/logstash/etc/conf.d/openvas/100_openvas_output_pipe.conf:
--------------------------------------------------------------------------------
1 | output{
2 | #Schreibe isUnique als output in die Postgres
3 | if [isUnique] {
4 | jdbc {
5 | # jdbc_driver_library => "/etc/logstash/BOX4s/mysql-connector-java-8.0.17.jar"
6 | # jdbc_driver_class => "com.mysql.jdbc.Driver"
7 | # jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/Box4_db"
8 | # jdbc_user => "Box4S"
9 | # jdbc_password => "zgJnwauCAsHrR6JB*"
10 |
11 | driver_jar_path => "/usr/share/logstash/logstash-core/lib/jars/postgresql-42.2.8.jar"
12 | max_pool_size =>"1"
13 | #driver_class => "org.postgresql.Driver"
14 | connection_string => "jdbc:postgresql://db:5432/${POSTGRES_DB}"
15 | username => "${POSTGRES_USER}"
16 | password => "${POSTGRES_PASSWORD}"
17 | statement => ["INSERT INTO uniquevulns(uniqueidentifier) VALUES(?)","%{uniqueVul}"]
18 | } #jdbc
19 | } #if
20 | pipeline { send_to => ["openvas_esoutput"] }
21 | } #output
22 |
--------------------------------------------------------------------------------
/docker/web/source/wizard/templates/logstash/network.jinja2:
--------------------------------------------------------------------------------
1 | {% for n in networks %}
2 | cidr {
3 | address => [ "%{[source][ip]}" ]
4 | network => [ "{{n.ip_address}}/{{n.cidr}}" ]
5 | add_field => {"[source][network][name]" => "{{n.name}}"}
6 | add_field => {"[source][network][vlan]" => "{{n.vlan}}"}
7 | {% for t in n.types %}
8 | add_field => {"[source][network][types]" => "{{t.name}}" }
9 | {% endfor %}
10 | }
11 | cidr {
12 | address => [ "%{[destination][ip]}" ]
13 | network => [ "{{n.ip_address}}/{{n.cidr}}" ]
14 | add_field => {"[destination][network][name]" => "{{n.name}}"}
15 | add_field => {"[destination][network][vlan]" => "{{n.vlan}}"}
16 | {% for t in n.types %}
17 | add_field => {"[destination][network][types]" => "{{t.name}}" }
18 | {% endfor %}
19 | }
20 | {% endfor %}
21 |
--------------------------------------------------------------------------------
/scripts/System_Scripts/wipe_part.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | DEVICE="/dev/sdc1" #actually partition not DEVICE
3 |
4 | if [[ $EUID -ne 0 ]]; then
5 | # root check
6 | echo "Wipe-Prozess erfordert Root-Privilegien." 1>&2
7 | exit 1
8 | fi
9 |
10 | read -p "Are you sure to wipe the elasticsearch data on partition $DEVICE? Press [y] to continue." -n 1 -r
11 | echo
12 |
13 | if [[ $REPLY =~ ^[Yy]$ ]]
14 | #sanity check
15 | then
16 |
17 | PASS=$(tr -cd '[:alnum:]' < /dev/urandom | head -c128)
18 | # generate random key
19 | openssl enc -aes-256-ctr -pass pass:"$PASS" -nosalt ')
11 | def forbidden(e):
12 | """Handle 403 Forbidden Error."""
13 | userRoleURLs = []
14 | # loop over all roles
15 | for r in current_user.roles:
16 | for d in RoleURLs:
17 | if d['name'] == r.name:
18 | # and create a copy of the Role URL configuration
19 | d_copy = d.copy()
20 | # add the text description of role to the Role URL element
21 | d_copy['description'] = r.description
22 | userRoleURLs.append(d_copy)
23 | # render the 403 navigation page with the user roles, their description and URL
24 | return render_template('errors/403.html', roleURLs=userRoleURLs), 403
25 |
--------------------------------------------------------------------------------
/docker/web/source/templates/errors/error_base.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {% block head %}
6 |
7 |
8 |
5 |
28 | {% endblock %}
29 |
--------------------------------------------------------------------------------
/docker/core4s/scripts/Automation/score_calculation/res/alerts_buckets.query.json:
--------------------------------------------------------------------------------
1 | {
2 | "query": {
3 | "bool": {
4 | "must": [
5 | {
6 | "exists": {
7 | "field": "alert.severity"
8 | }
9 | },
10 | {
11 | "range": {
12 | "@timestamp": {
13 | "gte": "now-16m/m",
14 | "lte": "now"
15 | }
16 | }
17 | }
18 | ]
19 | }
20 | },
21 | "size": 0,
22 | "aggs":
23 | {
24 | "severity": {
25 | "range": {
26 | "field": "alert.severity",
27 | "ranges": [
28 | { "key": "critical" , "from": 4.1 },
29 | { "key": "high" , "from": 3.1, "to": 4.1 },
30 | { "key": "medium" , "from": 2.1, "to": 3.1 },
31 | { "key": "low" , "from": 1.1, "to": 2.1 },
32 | { "key": "info", "to": 1.1}
33 | ]
34 | }
35 | }
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/docker/core4s/scripts/Automation/ASN_update.sh:
--------------------------------------------------------------------------------
1 | source /core4s/config/secrets/db.conf
2 | cd /tmp/
3 | curl -O -s https://iptoasn.com/data/ip2asn-combined.tsv.gz
4 | gunzip -f ip2asn-combined.tsv.gz
5 | docker cp ip2asn-combined.tsv db:/tmp/ip2asn-combined.tsv
6 | if true; then
7 | # assume db exists.. because we create it from docker build..
8 | echo "DROP table asn; CREATE table asn (range_start INET,range_end INET, AS_number VARCHAR(10) ,country_code VARCHAR(7),AS_description VARCHAR(250)); COPY asn FROM '/tmp/ip2asn-combined.tsv' DELIMITER E'\t';" | PGPASSWORD=$POSTGRES_PASSWORD PGUSER=$POSTGRES_USER psql postgres://db/box4S_db
9 | else
10 | echo "box4S_db Database does not exist, creating it!"
11 | echo "CREATE DATABASE \"box4S_db\" OWNER postgres;" |sudo -u postgres psql
12 | echo "CREATE table asn (range_start INET,range_end INET, AS_number VARCHAR(10) ,country_code VARCHAR(7),AS_description VARCHAR(250)); COPY asn FROM '/tmp/ip2asn-combined.tsv' DELIMITER E'\t';" | PGPASSWORD=$POSTGRES_PASSWORD PGUSER=$POSTGRES_USER psql postgres://db/box4S_db
13 | fi
14 | echo "ASN Daten aktualisiert."
15 | rm ip2asn-combined.tsv
16 | docker exec db /bin/bash -c "rm /tmp/ip2asn-combined.tsv*"
17 |
--------------------------------------------------------------------------------
/docker/web/source/templates/15_logstash_suppress.conf.j2:
--------------------------------------------------------------------------------
1 | filter {
2 | {#
3 | # Creates a concatenated valid logstash filter rule
4 | # for each rule from rules variable
5 | # it has to start with 1 == 1 because then we can just chain with and
6 | # THIS assumes that at least one field is not empty
7 | # and I think that makes sense, empty filter shouldn't be allowed to create.
8 | #}
9 | {% for rule in rules %}
10 | if 1 == 1 {% if rule.src_ip != '0.0.0.0' -%}
11 | and [source][ip] == "{{ rule.src_ip }}" {% endif -%}
12 | {% if rule.src_port != 0 -%}
13 | and [source][port][number] == "{{ rule.src_port }}" {% endif -%}
14 | {% if rule.dst_ip != '0.0.0.0' -%}
15 | and [destination][ip] == "{{ rule.dst_ip }}" {% endif -%}
16 | {% if rule.dst_port != 0 -%}
17 | and [destination][port][number] == "{{ rule.dst_port }}" {% endif -%}
18 | {% if rule.proto != '' -%}
19 | and [network][transport] == "{{ rule.proto }}" {% endif -%}
20 | {% if rule.signature_id != '' -%}
21 | and [alert][signature_id] == "{{ rule.signature_id }}"
22 | {% endif -%}
23 | {
24 | drop { }
25 | }
26 | {% endfor %}
27 | }
28 |
--------------------------------------------------------------------------------
/docker/web/source/templates/application/quick_alert_netuse.yaml.j2:
--------------------------------------------------------------------------------
1 | name: Network Usage Spike
2 | # (Required)
3 | # Type of alert.
4 | # the frequency rule type alerts when num_events events occur with timeframe time
5 | # The any rule will match everything. Every hit that the query returns will generate an alert.
6 | type: spike_aggregation
7 |
8 | # (Required)
9 | # Index to search, wildcard supported
10 | index: suricata-*
11 |
12 | filter:
13 | - term:
14 | event.subtype: "flow"
15 |
16 | # calculated once per 3h
17 | run_every:
18 | hours: 3
19 |
20 | # This is the name of the field over which the metric value will be calculated.
21 | metric_agg_key: "network.bytes"
22 | metric_agg_type: "sum"
23 | # The ratio of the metric value in the last timeframe to the previous timeframe that when hit will trigger an alert.
24 | spike_height: 5
25 | spike_type: "up"
26 |
27 | # Spike over the last day
28 | timeframe:
29 | days: 1
30 |
31 | {% include "application/alert_email_conf.yaml.j2" %}
32 | {% raw %}
33 | alert_subject: "BOX4s Network Usage Spike"
34 | {% endraw %}
35 | alert_text: "The current network usage is 5x higher than in the last 24 hours."
36 | alert_text_type: alert_text_only
37 |
--------------------------------------------------------------------------------
/docker/web/source/templates/user/forgot_password.html:
--------------------------------------------------------------------------------
1 | {% extends 'user_base.html' %}
2 | {% block user %}
3 | {% from "user/_macros.html" import render_field, render_checkbox_field, render_submit_field %}
4 |
6 |
7 |
11 |
26 |
27 |
7 |
8 | E-Mail-Bestätigung anfordern
9 |
10 |
11 |
26 |
5 |
28 | {% endblock %}
29 |
--------------------------------------------------------------------------------
/docker/web/source/templates/system.html:
--------------------------------------------------------------------------------
1 | {% extends "base.html" %}
2 | {% block content %}
3 |
6 |
7 |
11 |
26 |
27 |
7 |
8 | Passwort zurücksetzen
9 |
10 |
11 |
26 |
4 | {% block flash_messages %}
5 | {%- with messages = get_flashed_messages(with_categories=true) -%}
6 | {% if messages %}
7 | {% for category, message in messages %}
8 |
9 | {% endfor %}
10 | {% endif %}
11 | {%- endwith %}
12 | {% endblock %}
13 | BOX4security - System
14 |
15 |
19 |
20 | {% endblock %}
21 | {% block scripts %}
22 |
26 | {% endblock %}
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | SHELL=/bin/bash
2 | PYTHON = python3
3 | COMPOSE = docker-compose
4 | COMPOSE_F = ./docker/box4security.yml
5 |
6 | images = `arg="$(filter-out $@,$(MAKECMDGOALS))" && echo $${arg:-${1}}`
7 |
8 |
9 | help:
10 | @echo "---------------HELP-----------------"
11 | @echo "Using this make file may require root. Commands:"
12 | @echo "make build BOX4security - SystemMonitoring & Verwaltung
14 |
15 |
16 |
17 |
18 | {%trans%}User profile{%endtrans%}
6 | 7 | 19 |20 | 21 | {% if not user_manager.USER_ENABLE_AUTH0 %} 22 | {% if user_manager.USER_ENABLE_CHANGE_USERNAME %} 23 |
{%trans%}Change username{%endtrans%}
24 | {% endif %} 25 | {% if user_manager.USER_ENABLE_CHANGE_PASSWORD %} 26 |{%trans%}Change password{%endtrans%}
27 | {% endif %} 28 | {% endif %} 29 | 30 | {% endblock %} -------------------------------------------------------------------------------- /docker/core4s/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:latest 2 | 3 | # Install all programs 4 | RUN apt-get update && apt-get install -y \ 5 | bc\ 6 | python3\ 7 | python3-venv\ 8 | python3-pip\ 9 | curl\ 10 | jq\ 11 | msmtp\ 12 | cron\ 13 | postgresql-client\ 14 | unzip\ 15 | wget 16 | 17 | # Install docker 18 | RUN curl -sSL https://get.docker.com/ | sh 19 | 20 | # Install Pyip dependencies 21 | RUN pip3 install Flask untangle python-gvm 22 | # TODO: REMOVE TEMPORARY FIX: https://github.com/pypa/pip/issues/9108#issuecomment-723198497 23 | RUN pip3 install boto3==1.16.12 urllib3==1.24.3 botocore==1.19.12 24 | RUN pip3 install elasticsearch-curator==5.8.1 25 | 26 | # Add files from git 27 | ADD scripts /core4s/scripts 28 | ADD curator /core4s/curator 29 | ADD core4s.crontab /core4s/core4s.crontab 30 | ADD healthcheck.py /healthcheck.py 31 | ADD exporter.py /core4s/openvas/exporter.py 32 | 33 | # Add Crontab 34 | RUN crontab /core4s/core4s.crontab 35 | 36 | # Create cronchecker directory 37 | RUN mkdir -p /var/log/cronchecker/ 38 | 39 | #Check health 40 | HEALTHCHECK CMD curl --fail http://localhost:2981/ || exit 1 41 | 42 | # Run the command on container startup 43 | CMD cron &&\ 44 | python3 healthcheck.py 45 | -------------------------------------------------------------------------------- /docker/logstash/etc/conf.d/estransfer/suricata_es_transfer.conf: -------------------------------------------------------------------------------- 1 | input { pipeline { address => suricata_esoutput } } 2 | 3 | output { 4 | if [event][type] == "suricata" { 5 | if [event][subtype] == "stats" { 6 | elasticsearch { 7 | id => "output_elasticsearch_stats" 8 | hosts => [ "elasticsearch:9200" ] 9 | index => "suricata_stats-%{+YYYY.MM.dd}" 10 | # template => "${SYNLITE_SURICATA_TEMPLATE_PATH:/etc/logstash/synlite_suricata/templates}/synlite_suricata_stats.template.json" 11 | # template_name => "synlite-suricata_stats-1.1.0" 12 | # template_overwrite => "true" 13 | } } else { 14 | elasticsearch { 15 | id => "output_elasticsearch" 16 | hosts => [ "elasticsearch:9200" ] 17 | index => "suricata-%{+YYYY.MM.dd}" 18 | template => "/etc/logstash/BOX4s/suricata-template.json" 19 | template_name => "suricata-4s" 20 | template_overwrite => "true" 21 | }}}} 22 | -------------------------------------------------------------------------------- /docker/wiki/config.ru: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'rubygems' 3 | require 'gollum/app' 4 | 5 | gollum_path = File.expand_path('/wiki') 6 | wiki_options = {:universal_toc => false, index_page: "BOX4security", page_file_dir: "BOX4security"} 7 | Precious::App.set(:gollum_path, gollum_path) 8 | Precious::App.set(:default_markup, :markdown) 9 | Precious::App.set(:wiki_options, wiki_options) 10 | 11 | require 'rack' 12 | 13 | # set author 14 | class Precious::App 15 | before do 16 | session['gollum.author'] = { 17 | :name => env['HTTP_X_AUTH_USERNAME'], 18 | :email => "box@4sconsult.de", 19 | } 20 | end 21 | end 22 | 23 | class MapGollum 24 | def initialize base_path 25 | @mg = Rack::Builder.new do 26 | map '/' do 27 | run Proc.new { [302, { 'Location' => "/#{base_path}" }, []] } 28 | end 29 | map "/#{base_path}" do 30 | run Precious::App 31 | end 32 | end 33 | end 34 | 35 | def call(env) 36 | @mg.call(env) 37 | end 38 | end 39 | 40 | # Rack::Handler does not work with Ctrl + C. Use Rack::Server instead. 41 | Rack::Server.new(:app => MapGollum.new("wiki"), :Port => 80, :Host => '0.0.0.0').start 42 | 43 | -------------------------------------------------------------------------------- /docker/db/sql/filters.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE blocks_by_bpffilter 2 | ( 3 | id SERIAL primary key, 4 | src_ip inet, 5 | src_port integer, 6 | dst_ip inet, 7 | dst_port integer, 8 | proto varchar(4) 9 | ) 10 | WITH ( 11 | OIDS = FALSE 12 | ) 13 | TABLESPACE pg_default; 14 | ALTER TABLE blocks_by_bpffilter 15 | OWNER to postgres; 16 | INSERT INTO blocks_by_bpffilter (src_ip, src_port, dst_ip, dst_port, proto) VALUES ('127.0.0.1',0,'0.0.0.0',0,''); 17 | INSERT INTO blocks_by_bpffilter (src_ip, src_port, dst_ip, dst_port, proto) VALUES ('0.0.0.0',0,'127.0.0.1',0,''); 18 | CREATE TABLE blocks_by_logstashfilter 19 | ( 20 | id SERIAL primary key, 21 | src_ip inet, 22 | src_port integer, 23 | dst_ip inet, 24 | dst_port integer, 25 | proto varchar(4), 26 | signature_id varchar(10), 27 | signature varchar(256) 28 | ) 29 | WITH ( 30 | OIDS = FALSE 31 | ) 32 | TABLESPACE pg_default; 33 | ALTER TABLE blocks_by_logstashfilter 34 | OWNER to postgres; 35 | -------------------------------------------------------------------------------- /docker/web/source/templates/application/quick_alert_ids.yaml.j2: -------------------------------------------------------------------------------- 1 | name: Critical Intrusion Detection 2 | # (Required) 3 | # Type of alert. 4 | # the frequency rule type alerts when num_events events occur with timeframe time 5 | # The any rule will match everything. Every hit that the query returns will generate an alert. 6 | type: any 7 | 8 | {# realert: 9 | hours: 4 #} 10 | 11 | # take the whole day into account, vulns have the timestamp of the scan 12 | timeframe: 13 | minutes: 1 14 | 15 | # (Required) 16 | # Index to search, wildcard supported 17 | index: suricata-* 18 | 19 | filter: 20 | # Ignore 4s Alerts for now (gid=2) 21 | - query: 22 | query_string: 23 | query: "NOT alert.gid:2" 24 | - range: 25 | alert.severity: 26 | from: 4 27 | to: 5 28 | 29 | {% include "application/alert_email_conf.yaml.j2" %} 30 | {% raw %} 31 | alert_subject: "BOX4s IDS: {0} - {1} <-> {2}" 32 | {% endraw %} 33 | alert_subject_args: 34 | - alert.signature 35 | - source.domain 36 | - destination.domain 37 | alert_text: "{4} ({7}/{5}) \nSource: {0}:{1} <-> Destination: {2}:{3}\n Payload:\n{6}" 38 | alert_text_type: alert_text_only 39 | alert_text_args: ["source.domain", "source.port.number", "destination.domain", "destination.port.name", "alert.signature","log.severity", "payload_printable", "alert.severity"] 40 | -------------------------------------------------------------------------------- /docker/web/migrations/versions/532110801da9_.py: -------------------------------------------------------------------------------- 1 | """empty message 2 | 3 | Revision ID: 532110801da9 4 | Revises: 5 | Create Date: 2020-04-16 14:31:23.045988 6 | 7 | """ 8 | from alembic import op 9 | import sqlalchemy as sa 10 | from sqlalchemy.dialects import postgresql 11 | 12 | # revision identifiers, used by Alembic. 13 | revision = '532110801da9' 14 | down_revision = None 15 | branch_labels = None 16 | depends_on = None 17 | 18 | 19 | def upgrade(): 20 | """Create Users table.""" 21 | op.create_table( 22 | 'user', 23 | sa.Column('id', sa.Integer(), nullable=False), 24 | sa.Column('is_active', sa.Boolean(), server_default='1', nullable=False), 25 | sa.Column('email', sa.String(length=255), nullable=False), 26 | sa.Column('email_confirmed_at', sa.DateTime(), nullable=True), 27 | sa.Column('password', sa.String(length=255), server_default='', nullable=False), 28 | sa.Column('first_name', sa.String(length=100), server_default='', nullable=False), 29 | sa.Column('last_name', sa.String(length=100), server_default='', nullable=False), 30 | sa.PrimaryKeyConstraint('id'), 31 | sa.UniqueConstraint('email'), 32 | ) 33 | 34 | 35 | def downgrade(): 36 | """Drop Users table.""" 37 | op.drop_table('user') 38 | # ### end Alembic commands ### 39 | -------------------------------------------------------------------------------- /scripts/Automation/versions.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | """Fetches and returns all versions greater than installed one.""" 3 | import requests 4 | import semver 5 | import urllib3 6 | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) 7 | API_VER = requests.get('http://localhost/api/ver/', verify=False).json() 8 | CURRVER = str(API_VER['version']) 9 | ENV = str(API_VER['env']) 10 | tags = requests.get('http://localhost/api/ver/releases/', verify=False).json() 11 | VERSIONS = [] 12 | # Source: https://stackoverflow.com/questions/11887762/how-do-i-compare-version-numbers-in-python 13 | for t in tags: 14 | # now compare the versions 15 | # discard all lower and equal versions 16 | if semver.compare(CURRVER, str(t['version'])) < 0: 17 | # semver.compare returns -1 if second argument is newer 18 | if not semver.parse(t['version'])['prerelease']: 19 | # Hide prereleases from VERSIONS 20 | VERSIONS.append(t['version']) 21 | 22 | # For development systems: 23 | if ENV == "dev": 24 | # add the latest tag if it is not in VERSIONS yet 25 | # so it is a prerelease actually 26 | latest = tags[0]['version'] 27 | if latest not in VERSIONS: 28 | VERSIONS.insert(0, latest) 29 | 30 | # !! Script Output!! 31 | # All Versions greater than installed one 32 | # Latest Release last 33 | for t in reversed(VERSIONS): 34 | print(t) 35 | -------------------------------------------------------------------------------- /scripts/System_Scripts/wait-for-healthy-container.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | container_name=$1 3 | shift 4 | 5 | RETURN_HEALTHY=0 6 | RETURN_STARTING=1 7 | RETURN_UNHEALTHY=2 8 | RETURN_UNKNOWN=3 9 | RETURN_ERROR=99 10 | 11 | function usage() { 12 | echo " 13 | Usage: wait-for-healthy-container.sh
5 |
21 | {% endblock %}
22 | {% block scripts %}
23 |
27 | {% endblock %}
28 |
--------------------------------------------------------------------------------
/docker/web/source/templates/application/quick_alert_vuln.yaml.j2:
--------------------------------------------------------------------------------
1 | name: Critical Vulnerability
2 | # (Required)
3 | # Type of alert.
4 | # the frequency rule type alerts when num_events events occur with timeframe time
5 | # The any rule will match everything. Every hit that the query returns will generate an alert.
6 | type: new_term
7 |
8 | {# realert:
9 | hours: 4 #}
10 |
11 | # Monitor the field uniqueVul
12 | fields:
13 | - "uniqueVul"
14 |
15 | # take the whole day into account, as vulns have the timestamp of the scan
16 | {# timeframe:
17 | days: 1 #}
18 |
19 | # run this alert every 4h
20 | run_every:
21 | minutes: 5
22 |
23 | # This means that we will query 90 days worth of data when ElastAlert starts to find which values of uniqueVul already exist
24 | terms_window_size:
25 | days: 90
26 |
27 | # (Required)
28 | # Index to search, wildcard supported
29 | index: logstash-vulnwhisperer-*
30 |
31 | filter:
32 | - range:
33 | risk_score:
34 | from: 7.5
35 | to: 10
36 |
37 | {% include "application/alert_email_conf.yaml.j2" %}
38 | {% raw %}
39 | alert_subject: "BOX4s Critical Vulnerability: {0}: {1} ({2})"
40 | {% endraw %}
41 | alert_subject_args:
42 | - client.domain
43 | - plugin_name
44 | - risk_score
45 | alert_text: "Client: {0} (Task: {6})\n{1} ({3} - {4})\n{2}\n\nSolution: {5}"
46 | alert_text_type: alert_text_only
47 | alert_text_args: ["client.domain","plugin_name","plugin_output", "risk_score", "risk_score_name", "solution", "task_name"]
48 |
--------------------------------------------------------------------------------
/docker/suricata/etc/reference.config:
--------------------------------------------------------------------------------
1 | # config reference: system URL
2 |
3 | config reference: bugtraq http://www.securityfocus.com/bid/
4 | config reference: bid http://www.securityfocus.com/bid/
5 | config reference: cve http://cve.mitre.org/cgi-bin/cvename.cgi?name=
6 | #config reference: cve http://cvedetails.com/cve/
7 | config reference: secunia http://www.secunia.com/advisories/
8 |
9 | #whitehats is unfortunately gone
10 | config reference: arachNIDS http://www.whitehats.com/info/IDS
11 |
12 | config reference: McAfee http://vil.nai.com/vil/content/v_
13 | config reference: nessus http://cgi.nessus.org/plugins/dump.php3?id=
14 | config reference: url http://
15 | config reference: et http://doc.emergingthreats.net/
16 | config reference: etpro http://doc.emergingthreatspro.com/
17 | config reference: telus http://
18 | config reference: osvdb http://osvdb.org/show/osvdb/
19 | config reference: threatexpert http://www.threatexpert.com/report.aspx?md5=
20 | config reference: md5 http://www.threatexpert.com/report.aspx?md5=
21 | config reference: exploitdb http://www.exploit-db.com/exploits/
22 | config reference: openpacket https://www.openpacket.org/capture/grab/
23 | config reference: securitytracker http://securitytracker.com/id?
24 | config reference: secunia http://secunia.com/advisories/
25 | config reference: xforce http://xforce.iss.net/xforce/xfdb/
26 | config reference: msft http://technet.microsoft.com/security/bulletin/
27 |
--------------------------------------------------------------------------------
/docker/dnsmasq/dnsmasq.conf:
--------------------------------------------------------------------------------
1 | port=5353
2 | resolv-file=/var/lib/box4s/resolv.personal
3 | # By default, dnsmasq will send queries to any of the upstream
4 | # servers it knows about and tries to favour servers to are known
5 | # to be up. Uncommenting this forces dnsmasq to try each query
6 | # with each server strictly in the order they appear in
7 | # /etc/resolv.conf
8 | #strict-order
9 |
10 | # Queue länge für das Logfile festlegen (5-100 - Standard 5).
11 | log-async = 10
12 |
13 | # On systems which support it, dnsmasq binds the wildcard address,
14 | # even when it is listening on only some interfaces. It then discards
15 | # requests that it shouldn't reply to. This has the advantage of
16 | # working even when interfaces come and go and change address. If you
17 | # want dnsmasq to really bind only the interfaces it is listening on,
18 | # uncomment this option. About the only time you may need this is when
19 | # running another nameserver on the same machine.
20 | #bind-interfaces
21 |
22 | # Set the cachesize here.
23 | cache-size=15000
24 |
25 | # Normally responses which come from /etc/hosts and the DHCP lease
26 | # file have Time-To-Live set as zero, which conventionally means
27 | # do not cache further. If you are happy to trade lower load on the
28 | # server for potentially stale date, you can set a time-to-live (in
29 | # seconds) here.
30 | local-ttl=36000
31 |
32 | # For debugging purposes, log each DNS query as it passes through
33 | # dnsmasq.
34 | #log-queries
35 |
--------------------------------------------------------------------------------
/docker/kibana/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM docker.elastic.co/kibana/kibana:7.9.0
2 |
3 | ARG ELASTIC_VERSION=7.9.0
4 | ARG WAZUH_VERSION=3.13.1
5 | ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
6 |
7 | COPY --chown=kibana:kibana etc/* /usr/share/kibana/config/
8 | COPY --chown=root:root ./entry.sh /entrypoint.sh
9 |
10 | USER root
11 | RUN mkdir -p /usr/share/kibana/optimize/wazuh/config && \
12 | mkdir -p /var/log/kibana/ && \
13 | mkdir -p /var/lib/kibana && \
14 | touch /var/log/kibana/kibana.log && \
15 | chown -f kibana:kibana /usr/share/kibana/optimize/wazuh/config && \
16 | chown kibana:kibana -R /var/log/kibana/ && \
17 | chown kibana:kibana -R /var/lib/kibana/ && \
18 | chown -R kibana:kibana /opt/kibana/optimize && \
19 | chmod g+s /opt/kibana/optimize && \
20 | chmod +x /entrypoint.sh
21 |
22 | RUN echo 'NODE_OPTIONS="--max-old-space-size=2048"' >> /etc/default/kibana
23 |
24 | USER kibana
25 | WORKDIR /usr/share/kibana
26 | RUN ./bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip && \
27 | echo -e "hosts:\n - default:\n url: https://${INT_IP}\n port: 55000\n user: ${WAZUH_USER}\n password: ${WAZUH_PASS}\n" > /usr/share/kibana/optimize/wazuh/config/wazuh.yml
28 |
29 | HEALTHCHECK --retries=50 CMD curl -s -XGET 'http://127.0.0.1:5601/kibana/api/status' | grep -v "Kibana server is not ready yet" || exit 1
30 | USER kibana:kibana
31 | ENTRYPOINT ["/entrypoint.sh"]
32 | CMD ["/usr/share/kibana/bin/kibana"]
33 |
--------------------------------------------------------------------------------
/docker/web/source/templates/user/manage_emails.html:
--------------------------------------------------------------------------------
1 | {% extends 'flask_user/_authorized_base.html' %}
2 |
3 | {% block content %}
4 | {% from "flask_user/_macros.html" import render_field, render_submit_field %}
5 |
6 |
18 | Einrichtung starten
19 |
20 | {%trans%}Manage Emails{%endtrans%}
6 | 7 || Status | Actions | |
|---|---|---|
| {{ user_email.email }} | 12 |13 | {% if user_email.email_confirmed_at %} 14 | Confirmed 15 | {% else %} 16 | Confirm Email 17 | {% endif %} 18 | | 19 |20 | {% if user_email.is_primary %} 21 | Primary email 22 | {% else %} 23 | {% if user_email.email_confirmed_at %} 24 | Make primary | 25 | {% endif %} 26 | Delete 27 | {% endif %} 28 | | 29 |
7 |
8 |
9 |
13 |
43 |
44 | {% endblock %}
45 |
--------------------------------------------------------------------------------
/docker/metricbeat/etc/metricbeat.yml:
--------------------------------------------------------------------------------
1 | ###################### Metricbeat Configuration Example #######################
2 | # You can find the full configuration reference here:
3 | # https://www.elastic.co/guide/en/beats/metricbeat/index.html
4 | #========================== Modules configuration ============================
5 | metricbeat.config.modules:
6 | path: ${path.config}/modules.d/*.yml
7 | reload.enabled: true
8 | #==================== Elasticsearch template setting ==========================
9 | setup.template.settings:
10 | index.number_of_shards: 1
11 | index.codec: best_compression
12 | #_source.enabled: false
13 | #================================ General =====================================
14 | #============================== Dashboards =====================================
15 | #============================== Kibana =====================================
16 | setup.kibana:
17 | #============================= Elastic Cloud ==================================
18 | #================================ Outputs =====================================
19 | #-------------------------- Elasticsearch output ------------------------------
20 | output.elasticsearch:
21 | hosts: ["elasticsearch:9200"]
22 | #----------------------------- Logstash output --------------------------------
23 | #================================ Processors =====================================
24 | processors:
25 | - add_host_metadata: ~
26 | #================================ Logging =====================================
27 | logging.level: info
28 | logging.to_files: true
29 | logging.files:
30 | path: /var/log/metricbeat
31 | name: metricbeat
32 | keepfiles: 7
33 | permissions: 0644
34 | #============================== Xpack Monitoring ===============================
35 | monitoring.enabled: true
36 | #================================= Migration ==================================
37 |
--------------------------------------------------------------------------------
/docker/web/migrations/versions/2bcd96b138e4_.py:
--------------------------------------------------------------------------------
1 | """empty message
2 |
3 | Revision ID: 2bcd96b138e4
4 | Revises: 045ed1db87f6
5 | Create Date: 2020-04-22 08:22:55.727836
6 |
7 | """
8 | from alembic import op
9 | import sqlalchemy as sa
10 | from sqlalchemy.dialects import postgresql
11 | from source.models import Role
12 |
13 | # revision identifiers, used by Alembic.
14 | revision = '2bcd96b138e4'
15 | down_revision = '045ed1db87f6'
16 | branch_labels = None
17 | depends_on = None
18 |
19 |
20 | def upgrade():
21 | """Upgrade to migration."""
22 | op.bulk_insert(Role.__table__,
23 | [
24 | {'id': 1, 'name': 'Super Admin', 'description': 'Super Admin'},
25 | {'id': 2, 'name': 'Filter', 'description': 'Sehen und Anlegen von Filtern'},
26 | {'id': 3, 'name': 'Updates', 'description': 'Ansehen und Starten von Updates'},
27 | {'id': 4, 'name': 'User-Management', 'description': 'Bearbeiten und Anlegen von Benutzern'},
28 | {'id': 5, 'name': 'FAQ', 'description': 'Ansicht FAQ und Benutzung 4sConsult Kontaktformular'},
29 | {'id': 6, 'name': 'Dashboards-Master', 'description': 'Freigabe für alle Dashboards'},
30 | {'id': 7, 'name': 'SIEM', 'description': 'Freigabe für SIEM-Dashboards'},
31 | {'id': 8, 'name': 'Schwachstellen', 'description': 'Freigabe für Schwachstellen-Dashboards'},
32 | {'id': 9, 'name': 'Netzwerk', 'description': 'Freigabe für Netzwerk-Dashboards'},
33 | ])
34 | # ### end Alembic commands ###
35 |
36 |
37 | def downgrade():
38 | """Downgrade to migration."""
39 | # ### commands auto generated by Alembic - please adjust! ###
40 | op.execute('DELETE FROM "role" WHERE id<10')
41 | # ### end Alembic commands ###
42 |
--------------------------------------------------------------------------------
/docker/core4s/scripts/Automation/score_calculation/res/vuln_score.json:
--------------------------------------------------------------------------------
1 | {
2 | "query": {
3 | "range": {
4 | "@timestamp": {
5 | "gte": "now-7d/d",
6 | "lt": "now"
7 | }
8 | }
9 | },
10 | "size": 0,
11 | "aggs": {
12 | "uniqueVul": {
13 | "terms": {
14 | "field": "uniqueVul",
15 | "size": 5000
16 | },
17 | "aggs": {
18 | "cvssUniqueVul": {
19 | "term": {
20 | "field": "cvss"
21 | }
22 | },
23 | "topUniqueVul": {
24 | "top_hits": {
25 | "sort": [
26 | {
27 | "@timestamp": "asc"
28 | }
29 | ],
30 | "_source": ["uniqueVul", "client.domain", "cvss", "@timestamp"],
31 | "size": 1
32 | }
33 | }
34 | }
35 | }
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/docker/logstash/etc/pipelines.yml:
--------------------------------------------------------------------------------
1 | - pipeline.id: estransfer_openvas_output
2 | path.config: "/etc/logstash/conf.d/estransfer/openvas_es_transfer.conf"
3 | - pipeline.id: estransfer_suricata_output
4 | path.config: "/etc/logstash/conf.d/estransfer/suricata_es_transfer.conf"
5 | - pipeline.id: estransfer_heartbeat_output
6 | path.config: "/etc/logstash/conf.d/estransfer/heartbeat_es_transfer.conf"
7 | - pipeline.id: estransfer_metricbeat_output
8 | path.config: "/etc/logstash/conf.d/estransfer/metricbeat_es_transfer.conf"
9 |
10 | - pipeline.id: openvas_filter
11 | path.config: "/etc/logstash/conf.d/openvas/*.conf"
12 | pipeline.workers: 1
13 | - pipeline.id: suricata_filter
14 | queue.type: memory
15 | pipeline.batch.delay: 150
16 | queue.checkpoint.interval: 500
17 | path.config: "/etc/logstash/conf.d/suricata/*.conf"
18 | - pipeline.id: heartbeat_filter
19 | path.config: "/etc/logstash/conf.d/heartbeat/*.conf"
20 | - pipeline.id: metricbeat_filter
21 | path.config: "/etc/logstash/conf.d/metricbeat/*.conf"
22 |
23 | - pipeline.id: beats_input
24 | queue.type: memory
25 | queue.checkpoint.interval: 500
26 | config.string: |
27 | input { beats {
28 | id => "input_beats"
29 | client_inactivity_timeout => 180
30 | host => "0.0.0.0"
31 | port => "5044"
32 | }}
33 | output {
34 | if [@metadata][beat] == "heartbeat" {
35 | pipeline { send_to => ["heartbeat_pipe"] }
36 | }
37 | else if [fields][event][type] == "suricata" {
38 | pipeline { send_to => ["suricata_pipe"] }
39 | }
40 | else if [@metadata][beat] == "metricbeat" {
41 | pipeline { send_to => ["metricbeat_pipe"] }
42 | }
43 | else if [fields][event][type] == "openvas" {
44 | pipeline { send_to => ["openvas_pipe"] }
45 | }
46 |
47 | else { file { path => "/var/log/logstash/logstash_debug" } }
48 | }
49 |
50 |
--------------------------------------------------------------------------------
/docker/logstash/etc/startup.options:
--------------------------------------------------------------------------------
1 | ################################################################################
2 | # These settings are ONLY used by $LS_HOME/bin/system-install to create a custom
3 | # startup script for Logstash and is not used by Logstash itself. It should
4 | # automagically use the init system (systemd, upstart, sysv, etc.) that your
5 | # Linux distribution uses.
6 | #
7 | # After changing anything here, you need to re-run $LS_HOME/bin/system-install
8 | # as root to push the changes to the init script.
9 | ################################################################################
10 |
11 | # Override Java location
12 | #JAVACMD=/usr/bin/java
13 |
14 | # Set a home directory
15 | LS_HOME=/usr/share/logstash
16 |
17 | # logstash settings directory, the path which contains logstash.yml
18 | LS_SETTINGS_DIR=/etc/logstash
19 |
20 | # Arguments to pass to logstash
21 | LS_OPTS="--path.settings ${LS_SETTINGS_DIR}"
22 |
23 | # Arguments to pass to java
24 | LS_JAVA_OPTS=""
25 |
26 | # pidfiles aren't used the same way for upstart and systemd; this is for sysv users.
27 | LS_PIDFILE=/var/run/logstash.pid
28 |
29 | # user and group id to be invoked as
30 | LS_USER=logstash
31 | LS_GROUP=logstash
32 |
33 | # Enable GC logging by uncommenting the appropriate lines in the GC logging
34 | # section in jvm.options
35 | LS_GC_LOG_FILE=/var/log/logstash/gc.log
36 |
37 | # Open file limit
38 | LS_OPEN_FILES=16384
39 |
40 | # Nice level
41 | LS_NICE=19
42 |
43 | # Change these to have the init script named and described differently
44 | # This is useful when running multiple instances of Logstash on the same
45 | # physical box or vm
46 | SERVICE_NAME="logstash"
47 | SERVICE_DESCRIPTION="logstash"
48 |
49 | # If you need to run a command or script before launching Logstash, put it
50 | # between the lines beginning with `read` and `EOM`, and uncomment those lines.
51 | ###
52 | ## read -r -d '' PRESTART << EOM
53 | ## EOM
54 |
--------------------------------------------------------------------------------
/docker/web/source/templates/user/_macros.html:
--------------------------------------------------------------------------------
1 | {% macro render_field(field, label=None, label_visible=true, right_url=None, right_label=None) -%}
2 |
9 |
10 | Passwort zurücksetzen
11 |
12 |
13 |
43 |
44 | {% endblock %}
45 |
--------------------------------------------------------------------------------
/docker/metricbeat/etc/metricbeat.yml:
--------------------------------------------------------------------------------
1 | ###################### Metricbeat Configuration Example #######################
2 | # You can find the full configuration reference here:
3 | # https://www.elastic.co/guide/en/beats/metricbeat/index.html
4 | #========================== Modules configuration ============================
5 | metricbeat.config.modules:
6 | path: ${path.config}/modules.d/*.yml
7 | reload.enabled: true
8 | #==================== Elasticsearch template setting ==========================
9 | setup.template.settings:
10 | index.number_of_shards: 1
11 | index.codec: best_compression
12 | #_source.enabled: false
13 | #================================ General =====================================
14 | #============================== Dashboards =====================================
15 | #============================== Kibana =====================================
16 | setup.kibana:
17 | #============================= Elastic Cloud ==================================
18 | #================================ Outputs =====================================
19 | #-------------------------- Elasticsearch output ------------------------------
20 | output.elasticsearch:
21 | hosts: ["elasticsearch:9200"]
22 | #----------------------------- Logstash output --------------------------------
23 | #================================ Processors =====================================
24 | processors:
25 | - add_host_metadata: ~
26 | #================================ Logging =====================================
27 | logging.level: info
28 | logging.to_files: true
29 | logging.files:
30 | path: /var/log/metricbeat
31 | name: metricbeat
32 | keepfiles: 7
33 | permissions: 0644
34 | #============================== Xpack Monitoring ===============================
35 | monitoring.enabled: true
36 | #================================= Migration ==================================
37 |
--------------------------------------------------------------------------------
/docker/web/migrations/versions/2bcd96b138e4_.py:
--------------------------------------------------------------------------------
1 | """empty message
2 |
3 | Revision ID: 2bcd96b138e4
4 | Revises: 045ed1db87f6
5 | Create Date: 2020-04-22 08:22:55.727836
6 |
7 | """
8 | from alembic import op
9 | import sqlalchemy as sa
10 | from sqlalchemy.dialects import postgresql
11 | from source.models import Role
12 |
13 | # revision identifiers, used by Alembic.
14 | revision = '2bcd96b138e4'
15 | down_revision = '045ed1db87f6'
16 | branch_labels = None
17 | depends_on = None
18 |
19 |
20 | def upgrade():
21 | """Upgrade to migration."""
22 | op.bulk_insert(Role.__table__,
23 | [
24 | {'id': 1, 'name': 'Super Admin', 'description': 'Super Admin'},
25 | {'id': 2, 'name': 'Filter', 'description': 'Sehen und Anlegen von Filtern'},
26 | {'id': 3, 'name': 'Updates', 'description': 'Ansehen und Starten von Updates'},
27 | {'id': 4, 'name': 'User-Management', 'description': 'Bearbeiten und Anlegen von Benutzern'},
28 | {'id': 5, 'name': 'FAQ', 'description': 'Ansicht FAQ und Benutzung 4sConsult Kontaktformular'},
29 | {'id': 6, 'name': 'Dashboards-Master', 'description': 'Freigabe für alle Dashboards'},
30 | {'id': 7, 'name': 'SIEM', 'description': 'Freigabe für SIEM-Dashboards'},
31 | {'id': 8, 'name': 'Schwachstellen', 'description': 'Freigabe für Schwachstellen-Dashboards'},
32 | {'id': 9, 'name': 'Netzwerk', 'description': 'Freigabe für Netzwerk-Dashboards'},
33 | ])
34 | # ### end Alembic commands ###
35 |
36 |
37 | def downgrade():
38 | """Downgrade to migration."""
39 | # ### commands auto generated by Alembic - please adjust! ###
40 | op.execute('DELETE FROM "role" WHERE id<10')
41 | # ### end Alembic commands ###
42 |
--------------------------------------------------------------------------------
/docker/core4s/scripts/Automation/score_calculation/res/vuln_score.json:
--------------------------------------------------------------------------------
1 | {
2 | "query": {
3 | "range": {
4 | "@timestamp": {
5 | "gte": "now-7d/d",
6 | "lt": "now"
7 | }
8 | }
9 | },
10 | "size": 0,
11 | "aggs": {
12 | "uniqueVul": {
13 | "terms": {
14 | "field": "uniqueVul",
15 | "size": 5000
16 | },
17 | "aggs": {
18 | "cvssUniqueVul": {
19 | "term": {
20 | "field": "cvss"
21 | }
22 | },
23 | "topUniqueVul": {
24 | "top_hits": {
25 | "sort": [
26 | {
27 | "@timestamp": "asc"
28 | }
29 | ],
30 | "_source": ["uniqueVul", "client.domain", "cvss", "@timestamp"],
31 | "size": 1
32 | }
33 | }
34 | }
35 | }
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/docker/logstash/etc/pipelines.yml:
--------------------------------------------------------------------------------
1 | - pipeline.id: estransfer_openvas_output
2 | path.config: "/etc/logstash/conf.d/estransfer/openvas_es_transfer.conf"
3 | - pipeline.id: estransfer_suricata_output
4 | path.config: "/etc/logstash/conf.d/estransfer/suricata_es_transfer.conf"
5 | - pipeline.id: estransfer_heartbeat_output
6 | path.config: "/etc/logstash/conf.d/estransfer/heartbeat_es_transfer.conf"
7 | - pipeline.id: estransfer_metricbeat_output
8 | path.config: "/etc/logstash/conf.d/estransfer/metricbeat_es_transfer.conf"
9 |
10 | - pipeline.id: openvas_filter
11 | path.config: "/etc/logstash/conf.d/openvas/*.conf"
12 | pipeline.workers: 1
13 | - pipeline.id: suricata_filter
14 | queue.type: memory
15 | pipeline.batch.delay: 150
16 | queue.checkpoint.interval: 500
17 | path.config: "/etc/logstash/conf.d/suricata/*.conf"
18 | - pipeline.id: heartbeat_filter
19 | path.config: "/etc/logstash/conf.d/heartbeat/*.conf"
20 | - pipeline.id: metricbeat_filter
21 | path.config: "/etc/logstash/conf.d/metricbeat/*.conf"
22 |
23 | - pipeline.id: beats_input
24 | queue.type: memory
25 | queue.checkpoint.interval: 500
26 | config.string: |
27 | input { beats {
28 | id => "input_beats"
29 | client_inactivity_timeout => 180
30 | host => "0.0.0.0"
31 | port => "5044"
32 | }}
33 | output {
34 | if [@metadata][beat] == "heartbeat" {
35 | pipeline { send_to => ["heartbeat_pipe"] }
36 | }
37 | else if [fields][event][type] == "suricata" {
38 | pipeline { send_to => ["suricata_pipe"] }
39 | }
40 | else if [@metadata][beat] == "metricbeat" {
41 | pipeline { send_to => ["metricbeat_pipe"] }
42 | }
43 | else if [fields][event][type] == "openvas" {
44 | pipeline { send_to => ["openvas_pipe"] }
45 | }
46 |
47 | else { file { path => "/var/log/logstash/logstash_debug" } }
48 | }
49 |
50 |
--------------------------------------------------------------------------------
/docker/logstash/etc/startup.options:
--------------------------------------------------------------------------------
1 | ################################################################################
2 | # These settings are ONLY used by $LS_HOME/bin/system-install to create a custom
3 | # startup script for Logstash and is not used by Logstash itself. It should
4 | # automagically use the init system (systemd, upstart, sysv, etc.) that your
5 | # Linux distribution uses.
6 | #
7 | # After changing anything here, you need to re-run $LS_HOME/bin/system-install
8 | # as root to push the changes to the init script.
9 | ################################################################################
10 |
11 | # Override Java location
12 | #JAVACMD=/usr/bin/java
13 |
14 | # Set a home directory
15 | LS_HOME=/usr/share/logstash
16 |
17 | # logstash settings directory, the path which contains logstash.yml
18 | LS_SETTINGS_DIR=/etc/logstash
19 |
20 | # Arguments to pass to logstash
21 | LS_OPTS="--path.settings ${LS_SETTINGS_DIR}"
22 |
23 | # Arguments to pass to java
24 | LS_JAVA_OPTS=""
25 |
26 | # pidfiles aren't used the same way for upstart and systemd; this is for sysv users.
27 | LS_PIDFILE=/var/run/logstash.pid
28 |
29 | # user and group id to be invoked as
30 | LS_USER=logstash
31 | LS_GROUP=logstash
32 |
33 | # Enable GC logging by uncommenting the appropriate lines in the GC logging
34 | # section in jvm.options
35 | LS_GC_LOG_FILE=/var/log/logstash/gc.log
36 |
37 | # Open file limit
38 | LS_OPEN_FILES=16384
39 |
40 | # Nice level
41 | LS_NICE=19
42 |
43 | # Change these to have the init script named and described differently
44 | # This is useful when running multiple instances of Logstash on the same
45 | # physical box or vm
46 | SERVICE_NAME="logstash"
47 | SERVICE_DESCRIPTION="logstash"
48 |
49 | # If you need to run a command or script before launching Logstash, put it
50 | # between the lines beginning with `read` and `EOM`, and uncomment those lines.
51 | ###
52 | ## read -r -d '' PRESTART << EOM
53 | ## EOM
54 |
--------------------------------------------------------------------------------
/docker/web/source/templates/user/_macros.html:
--------------------------------------------------------------------------------
1 | {% macro render_field(field, label=None, label_visible=true, right_url=None, right_label=None) -%}
2 | Passwort zurücksetzen
11 |
3 | {% if field.type != 'HiddenField' and label_visible %}
4 | {% if not label %}{% set label=field.label.text %}{% endif %}
5 |
6 | {% endif %}
7 | {{ field(class_='field', **kwargs) }}
8 | {% if field.errors %}
9 | {% for e in field.errors %}
10 |
14 | {%- endmacro %}
15 |
16 | {% macro render_checkbox_field(field, label=None) -%}
17 | {% if not label %}{% set label=field.label.text %}{% endif %}
18 | {{ e }}
11 | {% endfor %} 12 | {% endif %} 13 |
19 |
22 |
23 | {%- endmacro %}
24 |
25 | {% macro render_radio_field(field) -%}
26 | {% for value, label, checked in field.iter_choices() %}
27 |
28 |
32 |
33 | {% endfor %}
34 | {%- endmacro %}
35 |
36 | {% macro render_submit_field(field, label=None, tabindex=None) -%}
37 | {% if not label %}{% set label=field.label.text %}{% endif %}
38 | {##}
39 |
42 | {%- endmacro %}
43 |
--------------------------------------------------------------------------------
/config/dashboards/Patterns/scores.ndjson:
--------------------------------------------------------------------------------
1 | {"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"rules.text\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rules.weight\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"score_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"timestamp","title":"scores*"},"id":"8d0c6650-426d-11ea-bbd4-bb7e0278945f","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-08-28T12:32:25.904Z","version":"WzY2NSwyMzRd"}
2 | {"exportedCount":1,"missingRefCount":0,"missingReferences":[]}
--------------------------------------------------------------------------------
/docker/web/migrations/versions/9a02836f6117_system_and_types.py:
--------------------------------------------------------------------------------
1 | """system and types
2 |
3 | Revision ID: 9a02836f6117
4 | Revises: 5aadb38f6936
5 | Create Date: 2020-10-21 09:40:39.988041
6 |
7 | """
8 | from alembic import op
9 | import sqlalchemy as sa
10 | from sqlalchemy.dialects import postgresql
11 |
12 | # revision identifiers, used by Alembic.
13 | revision = '9a02836f6117'
14 | down_revision = '5aadb38f6936'
15 | branch_labels = None
16 | depends_on = None
17 |
18 |
19 | def upgrade():
20 | """Upgrade to migration."""
21 | op.create_table(
22 | 'system',
23 | sa.Column('id', sa.Integer(), nullable=False),
24 | sa.Column('name', sa.String(length=100), nullable=True),
25 | sa.Column('ip_address', sa.String(length=24), nullable=True),
26 | sa.Column('location', sa.String(length=255), nullable=True),
27 | sa.Column('scan_enabled', sa.Boolean(), nullable=True),
28 | sa.Column('ids_enabled', sa.Boolean(), nullable=True),
29 | sa.PrimaryKeyConstraint('id'),
30 | sa.UniqueConstraint('name')
31 | )
32 | op.create_table(
33 | 'systemtype',
34 | sa.Column('id', sa.Integer(), nullable=False),
35 | sa.Column('name', sa.String(length=100), nullable=True),
36 | sa.PrimaryKeyConstraint('id')
37 | )
38 | op.create_table(
39 | 'system_systemtype',
40 | sa.Column('id', sa.Integer(), nullable=False),
41 | sa.Column('system_id', sa.Integer(), nullable=True),
42 | sa.Column('systemtype_id', sa.Integer(), nullable=True),
43 | sa.ForeignKeyConstraint(['system_id'], ['system.id'], ondelete='CASCADE'),
44 | sa.ForeignKeyConstraint(['systemtype_id'], ['systemtype.id'], ondelete='CASCADE'),
45 | sa.PrimaryKeyConstraint('id')
46 | )
47 |
48 |
49 | def downgrade():
50 | """Downgrade to migration."""
51 | op.drop_table('system_systemtype')
52 | op.drop_table('systemtype')
53 | op.drop_table('system')
54 |
--------------------------------------------------------------------------------
/docker/filebeat/etc/filebeat.yml:
--------------------------------------------------------------------------------
1 | # You can find the full configuration reference here:
2 | # https://www.elastic.co/guide/en/beats/filebeat/index.html
3 | #=========================== Filebeat inputs =============================
4 | filebeat.inputs:
5 | - type: log
6 | enabled: false
7 | - type: log
8 | enabled: true
9 | #harvester_limit: 1
10 | close_eof: true
11 | json.keys_under_root: true
12 | json.add_error_key: true
13 | json.message_key: log
14 | scan.sort: filename
15 | paths:
16 | - /var/lib/logstash/openvas/*.json
17 | fields:
18 | event.type: openvas
19 |
20 | - type: log
21 | enabled: true
22 | paths:
23 | - /data/suricata/eve.json
24 | fields:
25 | event.type: suricata
26 | #============================= Filebeat modules ===============================
27 | filebeat.config.modules:
28 | path: ${path.config}/modules.d/*.yml
29 | reload.enabled: false
30 | #==================== Elasticsearch template setting ==========================
31 | #================================ General =====================================
32 | #============================== Dashboards =====================================
33 | #============================== Kibana =====================================
34 | #============================= Elastic Cloud ==================================
35 | #================================ Outputs =====================================
36 | #-------------------------- Elasticsearch output ------------------------------
37 | #----------------------------- Logstash output --------------------------------
38 | output.logstash:
39 | hosts: ["logstash:5044"]
40 | #================================ Logging =====================================
41 | logging.level: info
42 | logging.to_files: true
43 | logging.files:
44 | path: /var/log/filebeat
45 | name: filebeat
46 | keepfiles: 7
47 | permissions: 0644
48 | #============================== Xpack Monitoring ===============================
49 | #xpack.monitoring.enabled: false
50 |
--------------------------------------------------------------------------------
/scripts/Development/backup4srepos.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | REPOS=(
3 | ssh://git@gitlab.com/4sconsult/box4s-license-server.git
4 | ssh://git@gitlab.com/4sconsult/elastic-standard.git
5 | ssh://git@gitlab.com/4sconsult/azure.git
6 | ssh://git@gitlab.com/4sconsult/encryptpitsa.git
7 | ssh://git@gitlab.com/4sconsult/docs.git
8 | ssh://git@gitlab.com/4sconsult/scrum-guide.git
9 | ssh://git@gitlab.com/4sconsult/box4s.git
10 | )
11 | DATE=$(date +%d.%m.%Y)
12 | echo "Creating encrypted 4sConsult repo backups for $DATE."
13 | echo -n "Recreating working folders.. "
14 | rm -rf /tmp/backup4srepos
15 | mkdir -p /tmp/backup4srepos
16 | echo -n "[ /tmp/backup4srepos "
17 | rm -rf /tmp/backup4sbundles
18 | mkdir -p /tmp/backup4sbundles
19 | echo " /tmp/backup4sbundles ]"
20 | cd /tmp/backup4srepos
21 | echo -n "Mirroring repos.. [ "
22 | for r in "${REPOS[@]}"; do
23 | echo -n "${r##*/} "
24 | git clone --mirror $r >/dev/null 2>&1
25 | done
26 | echo " ]"
27 | echo "Bundling repos.."
28 | for D in `find /tmp/backup4srepos -mindepth 1 -maxdepth 1 -type d`
29 | do
30 | cd $D
31 | repo=${PWD##*/}
32 | echo -n "- $repo "
33 | git bundle create $repo.bundle --all >/dev/null 2>&1
34 | echo "[OK]"
35 | # No such file may occur here if the repository is empty.
36 | # No bundles are created for emtpy repositories.
37 | cp $repo.bundle /tmp/backup4sbundles
38 | done
39 |
40 | echo -n "Archiving the bundles.. "
41 | cd /tmp/backup4sbundles
42 | tar cfz 4srepos-$DATE.tar.gz *
43 | echo "[OK]"
44 | echo "Archive contents: "
45 | tar -ztvf 4srepos-$DATE.tar.gz
46 |
47 | echo -n "Encrypting archive for developers' keys.. "
48 | gpg --encrypt \
49 | --recipient christoph.meyer@4sconsult.de \
50 | --recipient constantin.tillmann@4sconsult.de \
51 | --recipient jan.guenther@4sconsult.de \
52 | 4srepos-$DATE.tar.gz
53 | echo "[OK]"
54 | cp 4srepos-$DATE.tar.gz.gpg /tmp/4srepos-$DATE.tar.gz.gpg
55 | rm -rf /tmp/backup4srepos
56 | rm -rf /tmp/backup4sbundles
57 | echo "Success! Find your encrypted archive file at /tmp/4srepos-$DATE.tar.gz.gpg"
58 |
--------------------------------------------------------------------------------
/docker/logstash/etc/jvm.options:
--------------------------------------------------------------------------------
1 | ## JVM configuration
2 |
3 | ################################################################
4 | ## Expert settings
5 | ################################################################
6 | ##
7 | ## All settings below this section are considered
8 | ## expert settings. Don't tamper with them unless
9 | ## you understand what you are doing
10 | ##
11 | ################################################################
12 |
13 | ## GC configuration
14 | -XX:+UseConcMarkSweepGC
15 | -XX:CMSInitiatingOccupancyFraction=75
16 | -XX:+UseCMSInitiatingOccupancyOnly
17 |
18 | ## Locale
19 | # Set the locale language
20 | #-Duser.language=en
21 |
22 | # Set the locale country
23 | #-Duser.country=US
24 |
25 | # Set the locale variant, if any
26 | #-Duser.variant=
27 |
28 | ## basic
29 |
30 | # set the I/O temp directory
31 | #-Djava.io.tmpdir=$HOME
32 |
33 | # set to headless, just in case
34 | -Djava.awt.headless=true
35 |
36 | # ensure UTF-8 encoding by default (e.g. filenames)
37 | -Dfile.encoding=UTF-8
38 |
39 | # use our provided JNA always versus the system one
40 | #-Djna.nosys=true
41 |
42 | # Turn on JRuby invokedynamic
43 | -Djruby.compile.invokedynamic=true
44 | # Force Compilation
45 | -Djruby.jit.threshold=0
46 | # Make sure joni regexp interruptability is enabled
47 | -Djruby.regexp.interruptible=true
48 |
49 | ## heap dumps
50 |
51 | # generate a heap dump when an allocation from the Java heap fails
52 | # heap dumps are created in the working directory of the JVM
53 | -XX:+HeapDumpOnOutOfMemoryError
54 |
55 | # specify an alternative path for heap dumps
56 | # ensure the directory exists and has sufficient space
57 | #-XX:HeapDumpPath=${LOGSTASH_HOME}/heapdump.hprof
58 |
59 | ## GC logging
60 | #-XX:+PrintGCDetails
61 | #-XX:+PrintGCTimeStamps
62 | #-XX:+PrintGCDateStamps
63 | #-XX:+PrintClassHistogram
64 | #-XX:+PrintTenuringDistribution
65 | #-XX:+PrintGCApplicationStoppedTime
66 |
67 | # log GC status to a file with time stamps
68 | # ensure the directory exists
69 | #-Xloggc:${LS_GC_LOG_FILE}
70 |
71 | # Entropy source for randomness
72 | -Djava.security.egd=file:/dev/urandom
73 |
74 | # Copy the logging context from parent threads to children
75 | -Dlog4j2.isThreadContextMapInheritable=true
76 |
--------------------------------------------------------------------------------
/docker/spiderfoot/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM alpine:latest
2 | # source: https://github.com/telekom-security/tpotce/blob/master/docker/spiderfoot/Dockerfile
3 | # Get and install dependencies & packages
4 | RUN sed -i 's/dl-cdn/dl-2/g' /etc/apk/repositories && \
5 | apk -U --no-cache add \
6 | build-base \
7 | curl \
8 | git \
9 | jpeg-dev \
10 | libffi-dev \
11 | libxml2 \
12 | libxml2-dev \
13 | libxslt \
14 | libxslt-dev \
15 | musl \
16 | musl-dev \
17 | openjpeg-dev \
18 | openssl \
19 | openssl-dev \
20 | python3 \
21 | python3-dev \
22 | py-cffi \
23 | py-pillow \
24 | py-future \
25 | py3-pip \
26 | swig \
27 | tinyxml \
28 | tinyxml-dev \
29 | zlib-dev && \
30 | #
31 | # Setup user
32 | addgroup -g 2000 spiderfoot && \
33 | adduser -S -s /bin/ash -u 2000 -D -g 2000 spiderfoot && \
34 | #
35 | # Install spiderfoot
36 | git clone --depth=1 -b v3.1 https://github.com/smicallef/spiderfoot /home/spiderfoot && \
37 | cd /home/spiderfoot && \
38 | pip3 install --no-cache-dir wheel && \
39 | pip3 install --no-cache-dir -r requirements.txt && \
40 | chown -R spiderfoot:spiderfoot /home/spiderfoot && \
41 | sed -i "s#'__docroot': ''#'__docroot': '\/spiderfoot'#" /home/spiderfoot/sf.py && \
42 | sed -i 's#raise cherrypy.HTTPRedirect("\/")#raise cherrypy.HTTPRedirect("\/spiderfoot")#' /home/spiderfoot/sfwebui.py && \
43 | #
44 | # Clean up
45 | apk del --purge build-base \
46 | gcc \
47 | git \
48 | libffi-dev \
49 | libxml2-dev \
50 | libxslt-dev \
51 | musl-dev \
52 | openssl-dev \
53 | python3-dev \
54 | swig \
55 | tinyxml-dev && \
56 | rm -rf /var/cache/apk/*
57 | #
58 | # Healthcheck
59 | #HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:8080'
60 | HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:8080/spiderfoot/'
61 | #
62 | # Set user, workdir and start spiderfoot
63 | USER spiderfoot:spiderfoot
64 | WORKDIR /home/spiderfoot
65 | CMD ["/usr/bin/python3.8", "sf.py","-l", "0.0.0.0:8080"]
--------------------------------------------------------------------------------
/docker/logstash/etc/BOX4s/icmp-codes.yaml:
--------------------------------------------------------------------------------
1 | "16.0" : "No Code" #
2 | "18.0" : "No Code" #
3 | "40.0" : "Bad SPI" #
4 | "40.1" : "Authentication Failed" #
5 | "40.2" : "Decompression Failed" #
6 | "40.3" : "Decryption Failed" #
7 | "40.4" : "Need Authentication" #
8 | "40.5" : "Need Authorization" #
9 | "10.0" : "No Code" #
10 | "15.0" : "No Code" #
11 | "4.0" : "No Code" #
12 | "3.0" : "Net Unreachable" #[RFC792]
13 | "3.1" : "Host Unreachable" #[RFC792]
14 | "3.2" : "Protocol Unreachable" #[RFC792]
15 | "3.3" : "Port Unreachable" #[RFC792]
16 | "3.4" : "Fragmentation Needed and Don't Fragment was Set" #[RFC792]
17 | "3.5" : "Source Route Failed" #[RFC792]
18 | "3.6" : "Destination Network Unknown" #[RFC1122]
19 | "3.7" : "Destination Host Unknown" #[RFC1122]
20 | "3.8" : "Source Host Isolated" #[RFC1122]
21 | "3.9" : "Communication with Destination Network is Administratively Prohibited" #[RFC1122]
22 | "3.10" : "Communication with Destination Host is Administratively Prohibited" #[RFC1122]
23 | "3.11" : "Destination Network Unreachable for Type of Service" #[RFC1122]
24 | "3.12" : "Destination Host Unreachable for Type of Service" #[RFC1122]
25 | "3.13" : "Communication Administratively Prohibited" #[RFC1812]
26 | "3.14" : "Host Precedence Violation" #[RFC1812]
27 | "3.15" : "Precedence cutoff in effect" #[RFC1812]
28 | "17.0" : "No Code" #
29 | "11.0" : "Time to Live exceeded in Transit" #
30 | "11.1" : "Fragment Reassembly Time Exceeded" #
31 | "12.0" : "Pointer indicates the error" #
32 | "12.1" : "Missing a Required Option" #[RFC1108]
33 | "12.2" : "Bad Length" #
34 | "5.0" : "Redirect Datagram for the Network (or subnet)" #
35 | "5.1" : "Redirect Datagram for the Host" #
36 | "5.2" : "Redirect Datagram for the Type of Service and Network" #
37 | "5.3" : "Redirect Datagram for the Type of Service and Host" #
38 | "9.0" : "Normal router advertisement" #[RFC3344]
39 | "9.16" : "Does not route common traffic" #[RFC3344]
40 | "42.0" : "No Error" #[RFC8335]
41 | "13.0" : "No Code" #
42 | "8.0" : "No Code" #
43 | "14.0" : "No Code" #
44 | "43.0" : "No Error" #[RFC8335]
45 | "43.1" : "Malformed Query" #[RFC8335]
46 | "43.2" : "No Such Interface" #[RFC8335]
47 | "43.3" : "No Such Table Entry" #[RFC8335]
48 | "43.4" : "Multiple Interfaces Satisfy Query" #[RFC8335]
49 | "0.0" : "No Code" #
50 | "6.0" : "Alternate Address for Host" #
51 |
--------------------------------------------------------------------------------
/docker/web/source/templates/user/login_or_register.html:
--------------------------------------------------------------------------------
1 | {% extends 'flask_user/_public_base.html' %}
2 |
3 | {% block content %}
4 | {% from "flask_user/_macros.html" import render_field, render_checkbox_field, render_submit_field %}
5 |
6 |
7 |
66 | {% endblock %}
--------------------------------------------------------------------------------
/docker/web/source/templates/user/change_password.html:
--------------------------------------------------------------------------------
1 |
2 | {% extends 'user_base.html' %}
3 | {% block user %}
4 | {% from "user/_macros.html" import render_field, render_checkbox_field, render_submit_field %}
5 |
6 |
7 |
8 |
9 |
39 | {%trans%}Sign in{%endtrans%}
10 | 11 | {# ** Login form ** #} 12 | 30 | {% if user_manager.USER_ENABLE_FORGOT_PASSWORD %} 31 |
32 |
33 |
34 | {%trans%}Forgot your Password?{%endtrans%}
35 |
40 |
41 |
65 | {%trans%}Register{%endtrans%}
42 | 43 | {# ** Register form ** #} 44 | 63 | 64 |
8 |
9 |
10 |
14 |
56 | {% endblock %}
57 |
--------------------------------------------------------------------------------
/docker/logstash/etc/BOX4s/icmp-type.yaml:
--------------------------------------------------------------------------------
1 | "0" : "Echo Reply" #[RFC792]
2 | "3" : "Destination Unreachable" #[RFC792]
3 | "4" : "Source Quench (Deprecated)" #[RFC792][RFC6633]
4 | "5" : "Redirect" #[RFC792]
5 | "6" : "Alternate Host Address (Deprecated)" #[RFC6918]
6 | "8" : "Echo" #[RFC792]
7 | "9" : "Router Advertisement" #[RFC1256]
8 | "10" : "Router Solicitation" #[RFC1256]
9 | "11" : "Time Exceeded" #[RFC792]
10 | "12" : "Parameter Problem" #[RFC792]
11 | "13" : "Timestamp" #[RFC792]
12 | "14" : "Timestamp Reply" #[RFC792]
13 | "15" : "Information Request (Deprecated)" #[RFC792][RFC6918]
14 | "16" : "Information Reply (Deprecated)" #[RFC792][RFC6918]
15 | "17" : "Address Mask Request (Deprecated)" #[RFC950][RFC6918]
16 | "18" : "Address Mask Reply (Deprecated)" #[RFC950][RFC6918]
17 | "19" : "Reserved (for Security)" #[Solo]
18 | "20" : "Reserved (for Robustness Experiment)" #[ZSu]
19 | "21" : "Reserved (for Robustness Experiment)" #[ZSu]
20 | "22" : "Reserved (for Robustness Experiment)" #[ZSu]
21 | "23" : "Reserved (for Robustness Experiment)" #[ZSu]
22 | "24" : "Reserved (for Robustness Experiment)" #[ZSu]
23 | "25" : "Reserved (for Robustness Experiment)" #[ZSu]
24 | "26" : "Reserved (for Robustness Experiment)" #[ZSu]
25 | "27" : "Reserved (for Robustness Experiment)" #[ZSu]
26 | "28" : "Reserved (for Robustness Experiment)" #[ZSu]
27 | "29" : "Reserved (for Robustness Experiment)" #[ZSu]
28 | "30" : "Traceroute (Deprecated)" #[RFC1393][RFC6918]
29 | "31" : "Datagram Conversion Error (Deprecated)" #[RFC1475][RFC6918]
30 | "32" : "Mobile Host Redirect (Deprecated)" #[David_Johnson][RFC6918]
31 | "33" : "IPv6 Where-Are-You (Deprecated)" #[Simpson][RFC6918]
32 | "34" : "IPv6 I-Am-Here (Deprecated)" #[Simpson][RFC6918]
33 | "35" : "Mobile Registration Request (Deprecated)" #[Simpson][RFC6918]
34 | "36" : "Mobile Registration Reply (Deprecated)" #[Simpson][RFC6918]
35 | "37" : "Domain Name Request (Deprecated)" #[RFC1788][RFC6918]
36 | "38" : "Domain Name Reply (Deprecated)" #[RFC1788][RFC6918]
37 | "39" : "SKIP (Deprecated)" #[Markson][RFC6918]
38 | "40" : "Photuris" #[RFC2521]
39 | "41" : "ICMP messages utilized by experimental mobility protocols such as Seamoby" #[RFC4065]
40 | "42" : "Extended Echo Request" #[RFC8335]
41 | "43" : "Extended Echo Reply" #[RFC8335]
42 | "253" : "RFC3692-style Experiment 1" #[RFC4727]
43 | "254" : "RFC3692-style Experiment 2" #[RFC4727]
44 | "255" : "Reserved" #[JBP]
45 |
--------------------------------------------------------------------------------
/docker/logstash/etc/BOX4s/icmpv6-type.yaml:
--------------------------------------------------------------------------------
1 | "0" : "Reserved" #
2 | "1" : "Destination Unreachable" #[RFC4443]
3 | "2" : "Packet Too Big" #[RFC4443]
4 | "3" : "Time Exceeded" #[RFC4443]
5 | "4" : "Parameter Problem" #[RFC4443]
6 | "100" : "Private experimentation" #[RFC4443]
7 | "101" : "Private experimentation" #[RFC4443]
8 | "127" : "Reserved for expansion of ICMPv6 error messages" #[RFC4443]
9 | "128" : "Echo Request" #[RFC4443]
10 | "129" : "Echo Reply" #[RFC4443]
11 | "130" : "Multicast Listener Query" #[RFC2710]
12 | "131" : "Multicast Listener Report" #[RFC2710]
13 | "132" : "Multicast Listener Done" #[RFC2710]
14 | "133" : "Router Solicitation" #[RFC4861]
15 | "134" : "Router Advertisement" #[RFC4861]
16 | "135" : "Neighbor Solicitation" #[RFC4861]
17 | "136" : "Neighbor Advertisement" #[RFC4861]
18 | "137" : "Redirect Message" #[RFC4861]
19 | "138" : "Router Renumbering" #[RFC2894]
20 | "139" : "ICMP Node Information Query" #[RFC4620]
21 | "140" : "ICMP Node Information Response" #[RFC4620]
22 | "141" : "Inverse Neighbor Discovery Solicitation Message" #[RFC3122]
23 | "142" : "Inverse Neighbor Discovery Advertisement Message" #[RFC3122]
24 | "143" : "Version 2 Multicast Listener Report" #[RFC3810]
25 | "144" : "Home Agent Address Discovery Request Message" #[RFC6275]
26 | "145" : "Home Agent Address Discovery Reply Message" #[RFC6275]
27 | "146" : "Mobile Prefix Solicitation" #[RFC6275]
28 | "147" : "Mobile Prefix Advertisement" #[RFC6275]
29 | "148" : "Certification Path Solicitation Message" #[RFC3971]
30 | "149" : "Certification Path Advertisement Message" #[RFC3971]
31 | "150" : "ICMP messages utilized by experimentalmobility protocols such as Seamoby" #[RFC4065]
32 | "151" : "Multicast Router Advertisement" #[RFC4286]
33 | "152" : "Multicast Router Solicitation" #[RFC4286]
34 | "153" : "Multicast Router Termination" #[RFC4286]
35 | "154" : "FMIPv6 Messages" #[RFC5568]
36 | "155" : "RPL Control Message" #[RFC6550]
37 | "156" : "ILNPv6 Locator Update Message" #[RFC6743]
38 | "157" : "Duplicate Address Request" #[RFC6775]
39 | "158" : "Duplicate Address Confirmation" #[RFC6775]
40 | "159" : "MPL Control Message" #[RFC7731]
41 | "160" : "Extended Echo Request" #[RFC8335]
42 | "161" : "Extended Echo Reply" #[RFC8335]
43 | "200" : "Private experimentation" #[RFC4443]
44 | "201" : "Private experimentation" #[RFC4443]
45 | "255" : "Reserved for expansion of ICMPv6 informational messages" #[RFC4443]
46 |
--------------------------------------------------------------------------------
/docker/web/source/templates/errors/403.html:
--------------------------------------------------------------------------------
1 | {% extends "errors/error_base.html" %}
2 | {% block content %}
3 |
10 |
11 | Passwort zurücksetzen
12 |
13 |
14 |
56 | {% endblock %}
57 |
--------------------------------------------------------------------------------
/docker/logstash/etc/BOX4s/icmp-type.yaml:
--------------------------------------------------------------------------------
1 | "0" : "Echo Reply" #[RFC792]
2 | "3" : "Destination Unreachable" #[RFC792]
3 | "4" : "Source Quench (Deprecated)" #[RFC792][RFC6633]
4 | "5" : "Redirect" #[RFC792]
5 | "6" : "Alternate Host Address (Deprecated)" #[RFC6918]
6 | "8" : "Echo" #[RFC792]
7 | "9" : "Router Advertisement" #[RFC1256]
8 | "10" : "Router Solicitation" #[RFC1256]
9 | "11" : "Time Exceeded" #[RFC792]
10 | "12" : "Parameter Problem" #[RFC792]
11 | "13" : "Timestamp" #[RFC792]
12 | "14" : "Timestamp Reply" #[RFC792]
13 | "15" : "Information Request (Deprecated)" #[RFC792][RFC6918]
14 | "16" : "Information Reply (Deprecated)" #[RFC792][RFC6918]
15 | "17" : "Address Mask Request (Deprecated)" #[RFC950][RFC6918]
16 | "18" : "Address Mask Reply (Deprecated)" #[RFC950][RFC6918]
17 | "19" : "Reserved (for Security)" #[Solo]
18 | "20" : "Reserved (for Robustness Experiment)" #[ZSu]
19 | "21" : "Reserved (for Robustness Experiment)" #[ZSu]
20 | "22" : "Reserved (for Robustness Experiment)" #[ZSu]
21 | "23" : "Reserved (for Robustness Experiment)" #[ZSu]
22 | "24" : "Reserved (for Robustness Experiment)" #[ZSu]
23 | "25" : "Reserved (for Robustness Experiment)" #[ZSu]
24 | "26" : "Reserved (for Robustness Experiment)" #[ZSu]
25 | "27" : "Reserved (for Robustness Experiment)" #[ZSu]
26 | "28" : "Reserved (for Robustness Experiment)" #[ZSu]
27 | "29" : "Reserved (for Robustness Experiment)" #[ZSu]
28 | "30" : "Traceroute (Deprecated)" #[RFC1393][RFC6918]
29 | "31" : "Datagram Conversion Error (Deprecated)" #[RFC1475][RFC6918]
30 | "32" : "Mobile Host Redirect (Deprecated)" #[David_Johnson][RFC6918]
31 | "33" : "IPv6 Where-Are-You (Deprecated)" #[Simpson][RFC6918]
32 | "34" : "IPv6 I-Am-Here (Deprecated)" #[Simpson][RFC6918]
33 | "35" : "Mobile Registration Request (Deprecated)" #[Simpson][RFC6918]
34 | "36" : "Mobile Registration Reply (Deprecated)" #[Simpson][RFC6918]
35 | "37" : "Domain Name Request (Deprecated)" #[RFC1788][RFC6918]
36 | "38" : "Domain Name Reply (Deprecated)" #[RFC1788][RFC6918]
37 | "39" : "SKIP (Deprecated)" #[Markson][RFC6918]
38 | "40" : "Photuris" #[RFC2521]
39 | "41" : "ICMP messages utilized by experimental mobility protocols such as Seamoby" #[RFC4065]
40 | "42" : "Extended Echo Request" #[RFC8335]
41 | "43" : "Extended Echo Reply" #[RFC8335]
42 | "253" : "RFC3692-style Experiment 1" #[RFC4727]
43 | "254" : "RFC3692-style Experiment 2" #[RFC4727]
44 | "255" : "Reserved" #[JBP]
45 |
--------------------------------------------------------------------------------
/docker/logstash/etc/BOX4s/icmpv6-type.yaml:
--------------------------------------------------------------------------------
1 | "0" : "Reserved" #
2 | "1" : "Destination Unreachable" #[RFC4443]
3 | "2" : "Packet Too Big" #[RFC4443]
4 | "3" : "Time Exceeded" #[RFC4443]
5 | "4" : "Parameter Problem" #[RFC4443]
6 | "100" : "Private experimentation" #[RFC4443]
7 | "101" : "Private experimentation" #[RFC4443]
8 | "127" : "Reserved for expansion of ICMPv6 error messages" #[RFC4443]
9 | "128" : "Echo Request" #[RFC4443]
10 | "129" : "Echo Reply" #[RFC4443]
11 | "130" : "Multicast Listener Query" #[RFC2710]
12 | "131" : "Multicast Listener Report" #[RFC2710]
13 | "132" : "Multicast Listener Done" #[RFC2710]
14 | "133" : "Router Solicitation" #[RFC4861]
15 | "134" : "Router Advertisement" #[RFC4861]
16 | "135" : "Neighbor Solicitation" #[RFC4861]
17 | "136" : "Neighbor Advertisement" #[RFC4861]
18 | "137" : "Redirect Message" #[RFC4861]
19 | "138" : "Router Renumbering" #[RFC2894]
20 | "139" : "ICMP Node Information Query" #[RFC4620]
21 | "140" : "ICMP Node Information Response" #[RFC4620]
22 | "141" : "Inverse Neighbor Discovery Solicitation Message" #[RFC3122]
23 | "142" : "Inverse Neighbor Discovery Advertisement Message" #[RFC3122]
24 | "143" : "Version 2 Multicast Listener Report" #[RFC3810]
25 | "144" : "Home Agent Address Discovery Request Message" #[RFC6275]
26 | "145" : "Home Agent Address Discovery Reply Message" #[RFC6275]
27 | "146" : "Mobile Prefix Solicitation" #[RFC6275]
28 | "147" : "Mobile Prefix Advertisement" #[RFC6275]
29 | "148" : "Certification Path Solicitation Message" #[RFC3971]
30 | "149" : "Certification Path Advertisement Message" #[RFC3971]
31 | "150" : "ICMP messages utilized by experimentalmobility protocols such as Seamoby" #[RFC4065]
32 | "151" : "Multicast Router Advertisement" #[RFC4286]
33 | "152" : "Multicast Router Solicitation" #[RFC4286]
34 | "153" : "Multicast Router Termination" #[RFC4286]
35 | "154" : "FMIPv6 Messages" #[RFC5568]
36 | "155" : "RPL Control Message" #[RFC6550]
37 | "156" : "ILNPv6 Locator Update Message" #[RFC6743]
38 | "157" : "Duplicate Address Request" #[RFC6775]
39 | "158" : "Duplicate Address Confirmation" #[RFC6775]
40 | "159" : "MPL Control Message" #[RFC7731]
41 | "160" : "Extended Echo Request" #[RFC8335]
42 | "161" : "Extended Echo Reply" #[RFC8335]
43 | "200" : "Private experimentation" #[RFC4443]
44 | "201" : "Private experimentation" #[RFC4443]
45 | "255" : "Reserved for expansion of ICMPv6 informational messages" #[RFC4443]
46 |
--------------------------------------------------------------------------------
/docker/web/source/templates/errors/403.html:
--------------------------------------------------------------------------------
1 | {% extends "errors/error_base.html" %}
2 | {% block content %}
3 | Passwort zurücksetzen
12 |
4 |
46 | {% endblock %}
47 | {% block scripts %}
48 |
51 | {% if current_user %}
52 |
55 | {% else %}
56 |
59 | {% endif %}
60 |
61 | {% endblock %}
62 |
--------------------------------------------------------------------------------
/docker/web/migrations/versions/b1685fc5f49c_create_types.py:
--------------------------------------------------------------------------------
1 | """Create NetworkTypes and SystemTypes
2 |
3 | Revision ID: b1685fc5f49c
4 | Revises: 9a02836f6117
5 | Create Date: 2020-10-21 10:01:06.180863
6 |
7 | """
8 | from alembic import op
9 | import sqlalchemy as sa
10 | from sqlalchemy.dialects import postgresql
11 | from source.wizard.models import SystemType, NetworkType, ScanCategory
12 | # revision identifiers, used by Alembic.
13 | revision = 'b1685fc5f49c'
14 | down_revision = '9a02836f6117'
15 | branch_labels = None
16 | depends_on = None
17 |
18 |
19 | def upgrade():
20 | """Upgrade to migration."""
21 | op.bulk_insert(SystemType.__table__, [
22 | {'id': 1, 'name': 'BOX4security'},
23 | {'id': 2, 'name': 'DNS-Server'},
24 | {'id': 3, 'name': 'Gateway'},
25 | {'id': 4, 'name': 'Firewall'},
26 | {'id': 5, 'name': 'IoT'},
27 | {'id': 6, 'name': 'Industrielle IT'},
28 | ])
29 | op.bulk_insert(NetworkType.__table__, [
30 | {'name': 'Client'},
31 | {'name': 'Server'},
32 | {'name': 'Gast'},
33 | ])
34 | op.bulk_insert(ScanCategory.__table__, [
35 | {'id': 1, 'name': 'Keine Restriktionen bei den Scans'},
36 | {'id': 2, 'name': 'Scans ausschließlich zu Randzeiten oder am Wochenende'},
37 | {'id': 3, 'name': 'Scans ausschließlich bei Einsatzbereitschaft von 4sConsult und Präsenz der Netzwerkadministration'},
38 | ])
39 |
40 |
41 | def downgrade():
42 | """Downgrade to migration."""
43 | op.execute(f'DELETE FROM "{SystemType.__table__}" WHERE name="BOX4security"')
44 | op.execute(f'DELETE FROM "{SystemType.__table__}" WHERE name="DNS-Server"')
45 | op.execute(f'DELETE FROM "{SystemType.__table__}" WHERE name="Gateway"')
46 | op.execute(f'DELETE FROM "{SystemType.__table__}" WHERE name="Firewall"')
47 | op.execute(f'DELETE FROM "{SystemType.__table__}" WHERE name="IoT"')
48 | op.execute(f'DELETE FROM "{SystemType.__table__}" WHERE name="Industrielle IT"')
49 | op.execute(f'DELETE FROM "{NetworkType.__table}" WHERE name="Client"')
50 | op.execute(f'DELETE FROM "{NetworkType.__table}" WHERE name="Server"')
51 | op.execute(f'DELETE FROM "{NetworkType.__table}" WHERE name="Gast"')
52 |
53 | op.execute(f'DELETE FROM "{ScanCategory.__table}" WHERE id="1"')
54 | op.execute(f'DELETE FROM "{ScanCategory.__table}" WHERE id="2"')
55 | op.execute(f'DELETE FROM "{ScanCategory.__table}" WHERE id="3"')
56 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # Changelog
2 |
3 | All notable changes to this project will be documented in this file.
4 |
5 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7 |
8 | ## [0.0.5] - 2020-12-17
9 | ### Changed
10 | * Use NVD Vulnerability Severity Ratings (CVSS) Ranges. Previously custom vulnerability ranges were used.
11 | * `VERSION` file is now stored under fixed path `/var/lib/box4s`. Only modify if you know what you're doing (`BOX4s_ENV=dev` toggles the development mode).
12 | * When using insecure default secrets (i.e. unchanged prior to installation), these are replaced by randomly generated secrets that are also printed at the end of the installation script. Save them, if you need to.
13 | ### Fixed
14 | * Fixed parts of the update script, which didn't use changed directories yet.
15 |
16 |
17 | ## [0.0.4] - 2020-12-16
18 | Separate installation, configuration from the cloned repository.
19 |
20 | ### Added
21 | * New environment variables `$BOX4s_INSTALL_DIR` and `$BOX4s_CONFIG_DIR` are available, resolving to the installation and configuration directory respectively.
22 |
23 | ### Changed
24 | * Installation is now performed (by default) to `/opt/box4s`. The config files (secrets!) are by default copied from the local repos folder to `/etc/box4s` during installation. **Change secrets before running install script!**
25 | * Installation no longer restarts the OpenVAS container. This became obsolete with recent OpenVAS image updates. Updates are performed with each start, so also with the first.
26 |
27 |
28 | ## [0.0.3] - 2020-12-15
29 | First publicly from GitHub installable release.
30 |
31 | ### Fixed
32 | - Fix errors in installation script `install.sh` that came up when installing from the public GitHub repository.
33 |
34 |
35 |
36 | ## [0.0.2] - 2020-12-15
37 | Refactor Container to Host communication.
38 |
39 | ### Changed
40 | - Use Docker API and named UNIX pipe to communicate from web to host and other containers.
41 |
42 |
43 | ## [0.0.1] - 2020-12-10
44 | First Open Source release to the public domain.
45 |
46 | ### Changed
47 | - Installation no longer requires a deploy secret.
48 | - Installation now references Docker images stored in public Docker-Hub repositories.
49 | - Secret files no longer are encrypted under a PGP key, but are instead changed to a default value of `CHANGEME` that **must** be changed when install.
50 |
--------------------------------------------------------------------------------
/docker/web/migrations/versions/5aadb38f6936_network_and_types.py:
--------------------------------------------------------------------------------
1 | """network and types
2 |
3 | Revision ID: 5aadb38f6936
4 | Revises: 96cfbddbc495
5 | Create Date: 2020-10-21 08:27:58.262814
6 |
7 | """
8 | from alembic import op
9 | import sqlalchemy as sa
10 | from sqlalchemy.dialects import postgresql
11 |
12 | # revision identifiers, used by Alembic.
13 | revision = '5aadb38f6936'
14 | down_revision = '96cfbddbc495'
15 | branch_labels = None
16 | depends_on = None
17 |
18 |
19 | def upgrade():
20 | """Upgrade to migration."""
21 | # ### commands auto generated by Alembic - please adjust! ###
22 | op.create_table(
23 | 'networktype',
24 | sa.Column('id', sa.Integer(), nullable=False),
25 | sa.Column('name', sa.String(length=100), nullable=True),
26 | sa.PrimaryKeyConstraint('id')
27 | )
28 | op.create_table(
29 | 'scancategory',
30 | sa.Column('id', sa.Integer(), nullable=False),
31 | sa.Column('name', sa.String(), nullable=True),
32 | sa.PrimaryKeyConstraint('id')
33 | )
34 | op.create_table(
35 | 'network',
36 | sa.Column('id', sa.Integer(), nullable=False),
37 | sa.Column('name', sa.String(length=100), nullable=True),
38 | sa.Column('ip_address', sa.String(length=24), nullable=False),
39 | sa.Column('cidr', sa.Integer(), nullable=False),
40 | sa.Column('vlan', sa.String(length=50), nullable=True),
41 | sa.Column('scancategory_id', sa.Integer(), nullable=True),
42 | sa.Column('scan_weekday', sa.String(length=24), nullable=True),
43 | sa.Column('scan_time', sa.Time(), nullable=True),
44 | sa.ForeignKeyConstraint(['scancategory_id'], ['scancategory.id'], ),
45 | sa.PrimaryKeyConstraint('id')
46 | )
47 | op.create_table(
48 | 'network_networktype',
49 | sa.Column('id', sa.Integer(), nullable=False),
50 | sa.Column('network_id', sa.Integer(), nullable=True),
51 | sa.Column('networktype_id', sa.Integer(), nullable=True),
52 | sa.ForeignKeyConstraint(['network_id'], ['network.id'], ondelete='CASCADE'),
53 | sa.ForeignKeyConstraint(['networktype_id'], ['networktype.id'], ondelete='CASCADE'),
54 | sa.PrimaryKeyConstraint('id')
55 | )
56 |
57 |
58 | def downgrade():
59 | """Downgrade to migration."""
60 | op.drop_table('network_networktype')
61 | op.drop_table('network')
62 | op.drop_table('scancategory')
63 | op.drop_table('networktype')
64 |
--------------------------------------------------------------------------------
/docker/web/source/wizard/schemas.py:
--------------------------------------------------------------------------------
1 | from source.extensions import ma
2 | from marshmallow import fields
3 |
4 |
5 | class NetworkTypeSchema(ma.Schema):
6 | """Role Schema for API representation."""
7 |
8 | class Meta:
9 | """Define fields which will be available."""
10 |
11 | fields = ('id', 'name')
12 |
13 |
14 | class ScanCategorySchema(ma.Schema):
15 |
16 | class Meta:
17 | fields = (
18 | 'id',
19 | 'name',
20 | )
21 |
22 |
23 | class NetworkSchema(ma.Schema):
24 |
25 | types = fields.Nested(NetworkTypeSchema, many=True)
26 | scancategory = fields.Nested(ScanCategorySchema)
27 |
28 | class Meta:
29 | fields = (
30 | 'id',
31 | 'name',
32 | 'ip_address',
33 | 'cidr',
34 | 'vlan',
35 | 'types',
36 | 'scancategory_id',
37 | 'scan_weekday',
38 | 'scan_time',
39 | )
40 |
41 |
42 | class SystemTypeSchema(ma.Schema):
43 | """Role Schema for API representation."""
44 |
45 | class Meta:
46 | """Define fields which will be available."""
47 |
48 | fields = ('id', 'name')
49 |
50 |
51 | class SystemSchema(ma.Schema):
52 |
53 | types = fields.Nested(SystemTypeSchema, many=True)
54 | scancategory = fields.Nested(ScanCategorySchema)
55 | network = fields.Nested(NetworkSchema)
56 |
57 | class Meta:
58 | fields = (
59 | 'id',
60 | 'name',
61 | 'types',
62 | 'network',
63 | 'ip_address',
64 | 'location',
65 | 'scan_enabled',
66 | 'ids_enabled',
67 | )
68 |
69 |
70 | class BOX4securitySchema(ma.Schema):
71 |
72 | types = fields.Nested(SystemTypeSchema, many=True)
73 | scancategory = fields.Nested(ScanCategorySchema)
74 | network = fields.Nested(NetworkSchema)
75 | dns = fields.Nested(SystemSchema)
76 | gateway = fields.Nested(SystemSchema)
77 |
78 | class Meta:
79 | fields = (
80 | 'id',
81 | 'name',
82 | 'types',
83 | 'network',
84 | 'ip_address',
85 | 'location',
86 | 'scan_enabled',
87 | 'ids_enabled',
88 | 'dhcp_enabled',
89 | 'dns',
90 | 'gateway',
91 | )
92 |
93 |
94 | SYS = SystemSchema()
95 | SYSs = SystemSchema(many=True)
96 | BOX4sSchema = BOX4securitySchema()
97 | NET = NetworkSchema()
98 | NETs = NetworkSchema(many=True)
99 |
--------------------------------------------------------------------------------
/scripts/1stLevelRepair/repair_reset.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | # Log file to use
4 | # Create path if allowed or do NOP
5 | mkdir -p /var/log/box4s/1stLevelRepair || :
6 | LOG_DIR="/var/log/box4s/1stLevelRepair"
7 | if [[ ! -w $LOG_DIR ]]; then
8 | LOG_DIR="$HOME"
9 | fi
10 |
11 | LOG=$LOG_DIR/reset.log
12 |
13 | # Do not use interactive debian frontend.
14 | export DEBIAN_FRONTEND=noninteractive
15 |
16 | # Forward fd2 to the console
17 | # exec 2>&1
18 | # Forward fd1 to $LOG
19 | exec 2>&1 1>>${LOG}
20 |
21 | function delete_If_Exists(){
22 | # Helper to delete files and directories if they exist
23 | if [ -d $1 ]; then
24 | # Directory to remove
25 | sudo rm $1 -r
26 | fi
27 | if [ -f $1 ]; then
28 | # File to remove
29 | sudo rm $1
30 | fi
31 | }
32 | function testNet() {
33 | # Returns 0 for successful internet connection and dns resolution, 1 else
34 | ping -q -c 1 -W 1 $1 >/dev/null;
35 | return $?
36 | }
37 | function waitForNet() {
38 | # use argument or default value of google.com
39 | HOST=${1:-"google.com"}
40 | while ! testNet $HOST; do
41 | # while testNet returns non zero value
42 | echo "No internet connectivity or dns resolution of $HOST, sleeping for 15s" 1>&2
43 | sleep 15s
44 | echo /etc/resolv.conf | grep 'nameserver' || echo "nameserver 8.8.8.8" > /etc/resolv.conf && echo "Empty /etc/resolv.conf/ -> inserting 8.8.8.8" 1>&2
45 | done
46 | }
47 | #
48 | #Flags:
49 | # no-recreate: Does not create an empty BOX4security after deleting the current one
50 | #
51 |
52 | echo -n "Stopping BOX4security Service.. " 1>&2
53 |
54 | if [[ $(systemctl list-units --all -t service --full --no-legend "box4security.service" | cut -f1 -d' ') == $n.service ]]; then
55 | sudo systemctl stop box4security.service
56 | #Remove all Docker containers and Volumes
57 | sudo docker rm -f $(docker ps -a -q) >/dev/null || :
58 | sudo docker volume rm $(docker volume ls -q) >/dev/null || :
59 | fi
60 | echo "[ DONE ]" 1>&2
61 |
62 | echo -n "Removing Data.. " 1>&2
63 | #Securely delete /data
64 | if [ -d /data ]; then
65 | # Directory to remove
66 | sudo srm -zr /data
67 | fi
68 | delete_If_Exists /var/lib/box4s
69 | delete_If_Exists /var/lib/postgresql
70 | delete_If_Exists /var/lib/box4s_openvas
71 | delete_If_Exists /var/lib/box4s_suricata_rules
72 | delete_If_Exists /var/lib/box4s_docs
73 | delete_If_Exists /var/lib/elastalert
74 | delete_If_Exists /var/lib/logstash
75 | delete_If_Exists /etc/box4s
76 | delete_If_Exists /tmp/box4s
77 | waitForNet
78 | echo "[ DONE ]" 1>&2
79 |
80 | echo -n "Installing new BOX4security.. " 1>&2
81 | curl -sL https://gitlab.com/snippets/1982942/raw | sudo bash
82 | echo "[ DONE ]" 1>&2
83 |
--------------------------------------------------------------------------------
/docker/logstash/etc/BOX4s/suricata-template.json:
--------------------------------------------------------------------------------
1 | {
2 | "index_patterns": "suricata-*",
3 | "settings": {
4 | "index": {
5 | "number_of_shards": 3,
6 | "number_of_replicas": 1,
7 | "refresh_interval": "10s",
8 | "codec": "best_compression",
9 | "mapping": {
10 | "total_fields": { "limit": 10000}
11 | }
12 | }
13 | },
14 | "mappings": {
15 | "properties": {
16 | "link_suppress" : {
17 | "type": "text"
18 | },
19 | "destination" : {
20 | "type": "object",
21 | "properties": {
22 | "geo": {
23 | "type" : "object",
24 | "properties": {
25 | "location" : {
26 | "type": "geo_point"
27 | }
28 | }
29 | }
30 | }
31 | },
32 | "source" : {
33 | "type": "object",
34 | "properties": {
35 | "geo": {
36 | "type" : "object",
37 | "properties": {
38 | "location" : {
39 | "type": "geo_point"
40 | }
41 | }
42 | }
43 | }
44 | },
45 | "server" : {
46 | "type": "object",
47 | "properties": {
48 | "geo": {
49 | "type" : "object",
50 | "properties": {
51 | "location" : {
52 | "type": "geo_point"
53 | }
54 | }
55 | }
56 | }
57 | },
58 | "client" : {
59 | "type": "object",
60 | "properties": {
61 | "geo": {
62 | "type" : "object",
63 | "properties": {
64 | "location" : {
65 | "type": "geo_point"
66 | }
67 | }
68 | }
69 | }
70 | },
71 | "http" : {
72 | "type" : "object",
73 | "properties" : {
74 | "request" : {
75 | "type" : "object",
76 | "properties" : {
77 | "body" : {
78 | "type": "object",
79 | "properties" : {
80 | "bytes" : {
81 | "type" : "long"
82 | }
83 | }
84 | }
85 | }
86 | }
87 | }
88 | }
89 | }
90 | }
91 | }
92 |
--------------------------------------------------------------------------------
/docker/web/migrations/versions/a59fffda1b70_box4security_table.py:
--------------------------------------------------------------------------------
1 | """BOX4security table
2 |
3 | Revision ID: a59fffda1b70
4 | Revises: ea1ce32ce8fd
5 | Create Date: 2020-10-29 08:20:06.251992
6 |
7 | """
8 | from alembic import op
9 | import sqlalchemy as sa
10 | from sqlalchemy.dialects import postgresql
11 |
12 | # revision identifiers, used by Alembic.
13 | revision = 'a59fffda1b70'
14 | down_revision = 'ea1ce32ce8fd'
15 | branch_labels = None
16 | depends_on = None
17 |
18 |
19 | def upgrade():
20 | """Upgrade to migration."""
21 | op.create_table(
22 | 'box4security',
23 | sa.Column('id', sa.Integer(), nullable=False),
24 | sa.Column('name', sa.String(length=100), nullable=True),
25 | sa.Column('ip_address', sa.String(length=24), nullable=True),
26 | sa.Column('location', sa.String(length=255), nullable=True),
27 | sa.Column('scan_enabled', sa.Boolean(), nullable=True),
28 | sa.Column('ids_enabled', sa.Boolean(), nullable=True),
29 | sa.Column('network_id', sa.Integer(), nullable=True),
30 | sa.Column('dns_id', sa.Integer(), nullable=True),
31 | sa.Column('gateway_id', sa.Integer(), nullable=True),
32 | sa.ForeignKeyConstraint(['dns_id'], ['system.id'], ),
33 | sa.ForeignKeyConstraint(['gateway_id'], ['system.id'], ),
34 | sa.ForeignKeyConstraint(['network_id'], ['network.id'], ),
35 | sa.PrimaryKeyConstraint('id'),
36 | sa.UniqueConstraint('name')
37 | )
38 | op.create_table(
39 | 'box4security_systemtype',
40 | sa.Column('id', sa.Integer(), nullable=False),
41 | sa.Column('box4security', sa.Integer(), nullable=True),
42 | sa.Column('systemtype_id', sa.Integer(), nullable=True),
43 | sa.ForeignKeyConstraint(['box4security'], ['box4security.id'], ondelete='CASCADE'),
44 | sa.ForeignKeyConstraint(['systemtype_id'], ['systemtype.id'], ondelete='CASCADE'),
45 | sa.PrimaryKeyConstraint('id')
46 | )
47 | op.drop_constraint('system_gateway_id_fkey', 'system', type_='foreignkey')
48 | op.drop_constraint('system_dns_id_fkey', 'system', type_='foreignkey')
49 | op.drop_column('system', 'dns_id')
50 | op.drop_column('system', 'gateway_id')
51 |
52 |
53 | def downgrade():
54 | """Downgrade to migration."""
55 | op.add_column('system', sa.Column('gateway_id', sa.INTEGER(), autoincrement=False, nullable=True))
56 | op.add_column('system', sa.Column('dns_id', sa.INTEGER(), autoincrement=False, nullable=True))
57 | op.create_foreign_key('system_dns_id_fkey', 'system', 'system', ['dns_id'], ['id'])
58 | op.create_foreign_key('system_gateway_id_fkey', 'system', 'system', ['gateway_id'], ['id'])
59 | op.drop_table('box4security_systemtype')
60 | op.drop_table('box4security')
61 |
--------------------------------------------------------------------------------
5 |
45 |
6 |
44 |
7 | 
8 |
9 |
29 | 41 | 42 |
43 |
8 |
9 | Zugriff verboten
10 |Sie sind nicht berechtigt, diese Seite aufzurufen.
11 | {% if current_user and current_user.roles%} 12 |Ihre Berechtigungen:
13 |
14 | {% for r in roleURLs %}
15 |
16 |
27 | {% endif %}
28 |
17 |
24 |
25 | {% endfor %}
26 |
18 | {{r.name}}
19 |
20 |
21 | {{r.description}}
22 |
23 | 29 | 41 | 42 |