├── .gitignore ├── .gitmodules ├── .jshintignore ├── .jshintrc ├── .nodemonignore ├── .npmignore ├── .travis.yml ├── Gruntfile.js ├── LICENSE ├── README.md ├── Vagrantfile ├── bin └── cli ├── lib ├── config-kibana.js ├── config.js ├── modules │ ├── es-proxy.js │ ├── login.js │ └── pcap.js ├── opensoc-ui.js ├── static └── views │ ├── index.jade │ └── login.jade ├── package.json ├── script ├── es_fetch ├── es_gen.js ├── es_seed ├── ldap_seed └── provision ├── seed ├── es │ └── .gitkeep ├── ldap │ ├── config.ldif │ ├── content.ldif │ ├── logging.ldif │ ├── memberof_add.ldif │ └── memberof_config.ldif ├── opensoc.pcap └── slapd.seed ├── server.js └── test ├── opensoc-ui-test.js └── session-test.js /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | 5 | # Runtime data 6 | pids 7 | *.pid 8 | 9 | # Pcap files 10 | *.pcap 11 | 12 | # Config overrides 13 | config.json 14 | config*.json 15 | 16 | # Directory for instrumented libs generated by jscoverage/JSCover 17 | lib-cov 18 | 19 | # Coverage directory used by tools like istanbul 20 | coverage 21 | 22 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 23 | .grunt 24 | 25 | # Compiled binary addons (http://nodejs.org/api/addons.html) 26 | build/Release 27 | 28 | # Dependency directory 29 | # Deployed apps should consider commenting this line out: 30 | # see https://npmjs.org/doc/faq.html#Should-I-check-my-node_modules-folder-into-git 31 | node_modules 32 | 33 | /.vagrant 34 | 35 | # Minified CSS and JS files from kibana 36 | lib/static_dist 37 | 38 | # Potentially sensitive seed data 39 | /seed/es 40 | /seed/*.pcap 41 | 42 | # temp files 43 | /tmp 44 | 45 | # Nodemon specific 46 | .nodemon-find-ref 47 | 48 | # Basics 49 | .DS_Store -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "kibana"] 2 | path = kibana 3 | url = https://github.com/OpenSOC/kibana 4 | -------------------------------------------------------------------------------- /.jshintignore: -------------------------------------------------------------------------------- 1 | lib/public 2 | coverage 3 | node_modules -------------------------------------------------------------------------------- /.jshintrc: -------------------------------------------------------------------------------- 1 | { 2 | // See http://www.jshint.com/options/ for in-depth explanations 3 | 4 | // Predefined globals that JSHint ignores 5 | "browser" : true, // standard globals like 'window' 6 | "devel" : true, // development globals, e.g. 'console' 7 | "nonstandard" : true, // widely-adopted globals, e.g. 'escape' 8 | "node" : true, 9 | "jquery" : true, 10 | 11 | 12 | "predef" : [ // extra globals 13 | "angular", 14 | "JST", 15 | "MTD", 16 | "google", 17 | 18 | // Tests 19 | "assert", 20 | "sinon", 21 | "describe", 22 | "beforeEach", 23 | "afterEach", 24 | "loadFixtures", 25 | "expect", 26 | "before", 27 | "after", 28 | "it", 29 | "mixpanel", 30 | "nv", 31 | "d3", 32 | 33 | // stanford js crypto lib 34 | "sjcl", 35 | 36 | // Moment JS Date library 37 | "moment", 38 | 39 | // RequireJS 40 | "requirejs", 41 | "define", 42 | 43 | // Angular global obj 44 | "angular", 45 | 46 | // Misc projects 47 | "Presense", 48 | "Refuge" 49 | ], 50 | 51 | // Development 52 | "debug" : false, // warn about debugger statements 53 | 54 | // Enforcing 55 | "bitwise" : true, // prohibit the use of bitwise operations (slow and '&' is usually supposed to be '&&') 56 | "curly" : true, // require {} for all blocks/scopes 57 | "latedef" : true, // prohibit variable use before definition ("hoisting") 58 | "noempty" : true, // prohibit empty blocks 59 | "trailing" : true, // no trailing whitespace is allowed 60 | "undef" : true, // prevent the use of undeclared variables 61 | 62 | // Relaxing 63 | "sub" : true, // allow all subscript notation, including '[]' 64 | "laxcomma" : true, // allow commas after line breaks in lists 65 | "strict" : false // don't force strict mode 66 | } 67 | -------------------------------------------------------------------------------- /.nodemonignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | node_modules -------------------------------------------------------------------------------- /.npmignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | 3 | coverage 4 | doc 5 | kibana 6 | script 7 | seed 8 | test 9 | 10 | README.md 11 | Vagrantfile 12 | 13 | config.json* 14 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: node_js 2 | env: IN_TRAVIS=true 3 | node_js: 4 | - '0.10' 5 | 6 | branches: 7 | only: 8 | - master 9 | - kibana4 10 | 11 | before_install: 12 | - sudo apt-get install -y libpcap-dev tshark 13 | - npm install -g grunt-cli 14 | install: cd kibana && npm install && cd .. && npm install 15 | notifications: 16 | email: 17 | recipients: 18 | - opensoc-github@external.cisco.com 19 | on_success: never 20 | on_failure: always 21 | -------------------------------------------------------------------------------- /Gruntfile.js: -------------------------------------------------------------------------------- 1 | module.exports = function (grunt) { 2 | grunt.initConfig({ 3 | // copies frontend assets from bower_components into project 4 | // bowercopy: { 5 | // options: { 6 | // clean: true 7 | // }, 8 | // css: { 9 | // options: { 10 | // destPrefix: 'lib/public/css/vendor' 11 | // }, 12 | // files: { 13 | // 'bootstrap.css': 'bootstrap/dist/css/bootstrap.css', 14 | // 'bootstrap-theme.css': 'bootstrap/dist/css/bootstrap-theme.css' 15 | // } 16 | // }, 17 | // libs: { 18 | // options: { 19 | // destPrefix: 'lib/public/js/vendor' 20 | // }, 21 | // files: { 22 | // 'angular.js': 'angular/angular.js' 23 | // } 24 | // } 25 | // } 26 | }); 27 | 28 | grunt.loadNpmTasks('grunt-bowercopy'); 29 | }; 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Build Status](https://travis-ci.org/OpenSOC/opensoc-ui.svg?branch=master)](https://travis-ci.org/OpenSOC/opensoc-ui) 2 | 3 | # OpenSOC UI 4 | 5 | User interface for the OpenSOC platform. The UI is a modified version of **[Kibana 3](https://github.com/elasticsearch/kibana/tree/kibana3)** which is served by a node JS backend. 6 | ___ 7 | 8 | ## Deployment 9 | 10 | 11 | ### Quick start 12 | 13 | * Create a config file: ```echo "{}" > ~/.opensoc-ui``` 14 | * Install opensoc-ui: ```npm install -g opensoc-ui``` 15 | * Start opensoc-ui: ```opensoc-ui``` 16 | 17 | This will start the server in the same process. To start/stop a daemonized server use ```opensoc-ui start``` and ```opensoc-ui stop```. You can view the location of the log file with ```opensoc-ui logs```. The daemon is started using the ```forever``` node package. You can tack on other command line flags that the library supports. More information about this is available at https://www.npmjs.com/package/forever. 18 | 19 | Next, head over to the "Configuration" section for more information about the config file. 20 | 21 | 22 | ### Indepth guide 23 | 24 | #### Step 1: Setup required services 25 | 26 | OpenSOC UI requires access to the following services: 27 | 28 | * ElasticSearch with OpenSOC data. 29 | * PCAP Service for access to raw pcaps. 30 | * Active Directory or LDAP for authentication. 31 | 32 | In addition raw PCAP access is restricted to any set groups. If you are using OpenLDAP, you must configure the memberOf overlay to provide reverse group membership information. Once these services are up and running, you are ready to setup the OpenSOC UI. 33 | 34 | #### Step 2: Install required packages 35 | 36 | The commands in this section are for deployment on Ubuntu 14.04. These instructions will need to be altered for Ubuntu 12.04 as the nodejs package is too old. It should be straight forward to adapt these instructions to other architectures as long as you are able to install the required packages. 37 | 38 | ```bash 39 | apt-get update 40 | apt-get install -y libpcap-dev tshark nodejs npm 41 | ln -s /usr/bin/nodejs /usr/bin/node 42 | npm install -g opensoc-ui 43 | ``` 44 | 45 | #### Step 3: Configure the UI 46 | 47 | Before you can spin up the UI, you need to point it to the various services and configure other deployment specific settings. The application will look for an application config using in the following places in order: 48 | 49 | * ```~/.opensoc-ui``` 50 | * Path specified by the environment variable ```OPENSOC_UI_CONFIG``` 51 | * Path specified by the npm package config setting ```path```. Once the package is installed, this can be set with ```npm config set opensoc-ui:path "/path/to/config.json"``` 52 | 53 | #### Step 4: Test the server 54 | ```bash 55 | opensoc-ui 56 | ``` 57 | 58 | This will run the server without daemonizing that may make it easier to debug any issues with your setup. You can exit the test server with ```Ctrl+C```. 59 | 60 | #### Step 5: Start daemonized server 61 | 62 | ```bash 63 | opensoc-ui start 64 | ``` 65 | 66 | Incidentally, to stop the server use: 67 | 68 | ```bash 69 | opensoc-ui stop 70 | ``` 71 | 72 | and to restart it use: 73 | 74 | ```bash 75 | opensoc-ui restart 76 | ``` 77 | 78 | For logs: 79 | ```bash 80 | opensoc-ui logs 81 | ``` 82 | 83 | ___ 84 | 85 | ## Configuration 86 | 87 | The OpenSOC-UI is configured using a JSON file. 88 | 89 | ##### Fields 90 | 91 | * ```auth```: Set to ```true``` to enable authentication with ldap. 92 | 93 | * ```host```: IP address the server should listen on. 94 | 95 | * ```port```: Port the server should listen on. 96 | 97 | * ```secret```: A random string that used to sign cookies. 98 | 99 | * ```elasticsearch```: Must be a JSON object with the following keys: 100 | * ```url```: URI to OpenSOC ElasticSearch cluster. 101 | 102 | * ```ldap```: Only required if ```auth``` is set to true. Must be a JSON object with the following keys: 103 | * ```url```: URI to LDAP service. 104 | * ```searchBase```: LDAP search base. 105 | * ```adminDn```: LDAP admin distinguished name. 106 | * ```adminPassword```: LDAP admin password. 107 | 108 | * ```pcap```: Must be a JSON object with the following keys: 109 | * ```url```: URI to the OpenSOC PCAP API service. The PCAP service uses the prefix ```pcap/pcapGetter```. This should be included as it is a configurable in the PCAP service. For clarification, see the example config below. 110 | * ```mock```: This should be set to ```false```. 111 | 112 | * ```permissions```: Must be a JSON object with the following keys: 113 | * ```pcap```: List of AD/LDAP groups that should have access to raw pcap data. 114 | 115 | 116 | ##### Example config 117 | 118 | The following is an example ```config.json``` file. This config will not work for you in production but is meant to serve as an example. It assumes that ElasticSearch, LDAP, and the OpenSOC PCAP service are running on 192.168.100.1: 119 | 120 | ```json 121 | { 122 | "secret": "b^~BN-IdQ9gdp5sa2K$N=d5DV06eN7Y", 123 | "elasticsearch": { 124 | "url": "http://192.168.100.1:9200" 125 | }, 126 | "ldap": { 127 | "url": "ldap://192.168.100.1:389", 128 | "searchBase": "dc=opensoc,dc=dev", 129 | "searchFilter": "(mail={{username}})", 130 | "searchAttributes": ["cn", "uid", "mail", "givenName", "sn", "memberOf"], 131 | "adminDn": "cn=admin,dc=opensoc,dc=dev", 132 | "adminPassword": "opensoc" 133 | }, 134 | "pcap": { 135 | "url": "http://192.168.100.1/pcap/pcapGetter", 136 | "mock": false 137 | }, 138 | "permissions": { 139 | "pcap": ["cn=investigators,ou=groups,dc=opensoc,dc=dev"] 140 | } 141 | } 142 | ``` 143 | 144 | ___ 145 | 146 | ## Development 147 | 148 | 149 | These instructions are only for local development on the OpenSOC UI. Development is done in an Ubuntu 14.04(trusty) virtual machine that is provisioned using vagrant. It is intended to provided an isolated environment with all the dependencies and services either installed or stubbed. None of these instructions should be used for deployments. If that was not clear enough, these instructions are **NOT FOR DEPLOYMENT**. 150 | 151 | #### Step 1: Install Virtualbox and Vagrant 152 | 153 | Download the latest package for your platform here: 154 | 155 | 1. [Virtualbox](https://www.virtualbox.org/wiki/Downloads) 156 | 2. [Vagrant](https://www.vagrantup.com/downloads.html) 157 | 158 | #### Step 2: Get the code 159 | 160 | ```bash 161 | git clone git@github.com:OpenSOC/opensoc-ui.git 162 | cd opensoc-ui 163 | git submodule update --init 164 | ``` 165 | 166 | #### Step 3: Download and provision the development environment 167 | 168 | ```bash 169 | vagrant up 170 | ``` 171 | 172 | You might see a couple warnings, but usually these can be ignored. Check for any obvious errors as this can cause problems running the portal later. 173 | 174 | #### Step 4: SSH into the vm 175 | All dependencies will be installed in the VM. The repository root is shared between the host and VM. The shared volume is mounted at /vagrant. Use the following command to ssh into the newly built VM: 176 | 177 | ```bash 178 | vagrant ssh 179 | cd /vagrant 180 | ``` 181 | 182 | #### Step 5: Ensure tests pass 183 | 184 | You can now run the tests: 185 | 186 | ```bash 187 | npm test 188 | ``` 189 | 190 | #### Step 6: Launch the server 191 | 192 | The ```nodemon``` utility automatically watches for changed files and reloads the node server automatically. Run the following commands from with the vagrant vm. 193 | 194 | ```bash 195 | vagrant ssh 196 | cd /vagrant 197 | npm install -g nodemon 198 | nodemon 199 | ``` 200 | 201 | You can then access the OpenSOC ui at ```http://localhost:5000```. 202 | 203 | Two default accounts: mail: joesmith@opensoc.dev, maryfodder@opensoc.dev 204 | The default password is: opensoc 205 | 206 | 207 | ### Seed data for development 208 | 209 | When the VM is provisioned, elasticsearch and LDAP are provided some seed data to get you started. This fake data tries to mimic data from the OpenSOC platform to set you up for local development without running the entire platform. Occasionally, you may need to regenerate your seed data. To do this, use the following command. 210 | 211 | ```bash 212 | script/es_gen.js 213 | ``` 214 | 215 | On the other hand, to duplicate another ES installation use: 216 | 217 | ```bash 218 | ES_HOST=changeme.com script/es_fetch.js 219 | ``` 220 | 221 | You should now have seed data in ```seed/es```. You can load this into the dev ES instance with: 222 | 223 | ```bash 224 | script/es_seed 225 | ``` 226 | 227 | For authentication, make sure you set up the LDAP directory structure with: 228 | 229 | ```bash 230 | script/ldap_seed 231 | ``` -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | # Vagrantfile API/syntax version. Don't touch unless you know what you're doing! 5 | VAGRANTFILE_API_VERSION = "2" 6 | 7 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| 8 | # All Vagrant configuration is done here. The most common configuration 9 | # options are documented and commented below. For a complete reference, 10 | # please see the online documentation at vagrantup.com. 11 | 12 | # Every Vagrant virtual environment requires a box to build off of. 13 | config.vm.box = "ubuntu/trusty64" 14 | 15 | config.vm.provision "shell", path: 'script/provision' 16 | 17 | 18 | # Nodemon server 19 | config.vm.network :forwarded_port, guest: 5000, host: 5000 20 | 21 | # Elasticsearch 22 | config.vm.network :forwarded_port, guest: 9200, host: 9200 23 | 24 | # Disable automatic box update checking. If you disable this, then 25 | # boxes will only be checked for updates when the user runs 26 | # `vagrant box outdated`. This is not recommended. 27 | # config.vm.box_check_update = false 28 | 29 | # Create a private network, which allows host-only access to the machine 30 | # using a specific IP. 31 | config.vm.network "private_network", ip: "192.168.33.10" 32 | 33 | # Create a public network, which generally matched to bridged network. 34 | # Bridged networks make the machine appear as another physical device on 35 | # your network. 36 | # config.vm.network "public_network" 37 | 38 | # If true, then any SSH connections made will enable agent forwarding. 39 | # Default value: false 40 | # config.ssh.forward_agent = true 41 | 42 | # Share an additional folder to the guest VM. The first argument is 43 | # the path on the host to the actual folder. The second argument is 44 | # the path on the guest to mount the folder. And the optional third 45 | # argument is a set of non-required options. 46 | # config.vm.synced_folder "../data", "/vagrant_data" 47 | 48 | # Provider-specific configuration so you can fine-tune various 49 | # backing providers for Vagrant. These expose provider-specific options. 50 | # Example for VirtualBox: 51 | # 52 | config.vm.provider "virtualbox" do |vb| 53 | # # Don't boot with headless mode 54 | # vb.gui = true 55 | # 56 | # # Use VBoxManage to customize the VM. For example to change memory: 57 | vb.customize ["modifyvm", :id, "--memory", "2048"] 58 | end 59 | # 60 | # View the documentation for the provider you're using for more 61 | # information on available options. 62 | 63 | # Enable provisioning with CFEngine. CFEngine Community packages are 64 | # automatically installed. For example, configure the host as a 65 | # policy server and optionally a policy file to run: 66 | # 67 | # config.vm.provision "cfengine" do |cf| 68 | # cf.am_policy_hub = true 69 | # # cf.run_file = "motd.cf" 70 | # end 71 | # 72 | # You can also configure and bootstrap a client to an existing 73 | # policy server: 74 | # 75 | # config.vm.provision "cfengine" do |cf| 76 | # cf.policy_server_address = "10.0.2.15" 77 | # end 78 | 79 | # Enable provisioning with Puppet stand alone. Puppet manifests 80 | # are contained in a directory path relative to this Vagrantfile. 81 | # You will need to create the manifests directory and a manifest in 82 | # the file default.pp in the manifests_path directory. 83 | # 84 | # config.vm.provision "puppet" do |puppet| 85 | # puppet.manifests_path = "manifests" 86 | # puppet.manifest_file = "site.pp" 87 | # end 88 | 89 | # Enable provisioning with chef solo, specifying a cookbooks path, roles 90 | # path, and data_bags path (all relative to this Vagrantfile), and adding 91 | # some recipes and/or roles. 92 | # 93 | # config.vm.provision "chef_solo" do |chef| 94 | # chef.cookbooks_path = "../my-recipes/cookbooks" 95 | # chef.roles_path = "../my-recipes/roles" 96 | # chef.data_bags_path = "../my-recipes/data_bags" 97 | # chef.add_recipe "mysql" 98 | # chef.add_role "web" 99 | # 100 | # # You may also specify custom JSON attributes: 101 | # chef.json = { :mysql_password => "foo" } 102 | # end 103 | 104 | # Enable provisioning with chef server, specifying the chef server URL, 105 | # and the path to the validation key (relative to this Vagrantfile). 106 | # 107 | # The Opscode Platform uses HTTPS. Substitute your organization for 108 | # ORGNAME in the URL and validation key. 109 | # 110 | # If you have your own Chef Server, use the appropriate URL, which may be 111 | # HTTP instead of HTTPS depending on your configuration. Also change the 112 | # validation key to validation.pem. 113 | # 114 | # config.vm.provision "chef_client" do |chef| 115 | # chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME" 116 | # chef.validation_key_path = "ORGNAME-validator.pem" 117 | # end 118 | # 119 | # If you're using the Opscode platform, your validator client is 120 | # ORGNAME-validator, replacing ORGNAME with your organization name. 121 | # 122 | # If you have your own Chef Server, the default validation client name is 123 | # chef-validator, unless you changed the configuration. 124 | # 125 | # chef.validation_client_name = "ORGNAME-validator" 126 | end 127 | -------------------------------------------------------------------------------- /bin/cli: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Follow symlinks to $0 to find ourselves. 4 | src="${BASH_SOURCE[0]}" 5 | while [ -h "$src" ]; do 6 | bindir="$( cd -P "$( dirname "$src" )" && pwd )" 7 | src="$(readlink "$src")" 8 | [[ $src != /* ]] && src="$bindir/$src" 9 | done 10 | 11 | bindir="$( cd -P "$( dirname "$src" )" && pwd )" 12 | 13 | # Locate the install root 14 | root=`dirname "$bindir"` 15 | 16 | forever="$root/node_modules/forever/bin/forever" 17 | script="$root/server.js" 18 | 19 | case "$1" in 20 | start) 21 | extra_opts="--spinSleepTime 1000 --minUptime 30000" 22 | ;; 23 | list) 24 | script="" 25 | ;; 26 | logs) 27 | script="" 28 | ;; 29 | -h) 30 | echo "Usage: $0 [start|restart|stop|list|logs]" 31 | exit 32 | esac 33 | 34 | NODE_ENV=production $forever ${*:1} $extra_opts $script 35 | -------------------------------------------------------------------------------- /lib/config-kibana.js: -------------------------------------------------------------------------------- 1 | /** @scratch /configuration/config.js/1 2 | * 3 | * == Configuration 4 | * config.js is where you will find the core Kibana configuration. This file contains parameter that 5 | * must be set before kibana is run for the first time. 6 | */ 7 | define(['settings'], 8 | function (Settings) { 9 | "use strict"; 10 | 11 | /** @scratch /configuration/config.js/2 12 | * 13 | * === Parameters 14 | */ 15 | return new Settings({ 16 | 17 | /** @scratch /configuration/config.js/5 18 | * 19 | * ==== elasticsearch 20 | * 21 | * The URL to your elasticsearch server. You almost certainly don't 22 | * want +http://localhost:9200+ here. Even if Kibana and Elasticsearch are on 23 | * the same host. By default this will attempt to reach ES at the same host you have 24 | * kibana installed on. You probably want to set it to the FQDN of your 25 | * elasticsearch host 26 | * 27 | * Note: this can also be an object if you want to pass options to the http client. For example: 28 | * 29 | * +elasticsearch: {server: "http://localhost:9200", withCredentials: true}+ 30 | * 31 | */ 32 | elasticsearch: location.protocol + '//' + location.host + '/__es', 33 | 34 | /** @scratch /configuration/config.js/5 35 | * 36 | * ==== default_route 37 | * 38 | * This is the default landing page when you don't specify a dashboard to load. You can specify 39 | * files, scripts or saved dashboards here. For example, if you had saved a dashboard called 40 | * `WebLogs' to elasticsearch you might use: 41 | * 42 | * default_route: '/dashboard/elasticsearch/WebLogs', 43 | */ 44 | default_route : '/dashboard/file/default.json', 45 | // default_route: '/dashboard/elasticsearch/Your Basic Dashboard', 46 | 47 | /** @scratch /configuration/config.js/5 48 | * 49 | * ==== kibana-int 50 | * 51 | * The default ES index to use for storing Kibana specific object 52 | * such as stored dashboards 53 | */ 54 | kibana_index: "kibana-int", 55 | 56 | /** @scratch /configuration/config.js/5 57 | * 58 | * ==== panel_name 59 | * 60 | * An array of panel modules available. Panels will only be loaded when they are defined in the 61 | * dashboard, but this list is used in the "add panel" interface. 62 | */ 63 | panel_names: [ 64 | 'alertmap', 65 | 'histogram', 66 | 'map', 67 | 'goal', 68 | 'table', 69 | 'filtering', 70 | 'timepicker', 71 | 'text', 72 | 'pcap', 73 | 'hits', 74 | 'column', 75 | 'trends', 76 | 'bettermap', 77 | 'query', 78 | 'terms', 79 | 'stats', 80 | 'sparklines' 81 | ] 82 | }); 83 | }); 84 | -------------------------------------------------------------------------------- /lib/config.js: -------------------------------------------------------------------------------- 1 | var _ = require('lodash'); 2 | var fs = require('fs'); 3 | var path = require('path'); 4 | 5 | // Default config. 6 | var config = { 7 | "debug": true, 8 | 9 | "host": "0.0.0.0", 10 | "port": 5000, 11 | 12 | "secret": "b^~BN-IdQ9{gdp5sa2K$N=d5DV06eN7Y)sjZf:69dUj.3JWq=o", 13 | "static": "static", 14 | 15 | "auth": true, 16 | 17 | "elasticsearch": { 18 | "url": "http://127.0.0.1:9200" 19 | }, 20 | 21 | "ldap": { 22 | "url": "ldap://127.0.0.1:389", 23 | "searchBase": "dc=opensoc,dc=dev", 24 | "searchFilter": "(mail={{username}})", 25 | "searchAttributes": ["cn", "uid", "mail", "givenName", "sn", "memberOf"], 26 | "adminDn": "cn=admin,dc=opensoc,dc=dev", 27 | "adminPassword": "opensoc" 28 | }, 29 | 30 | "pcap": { 31 | "url": "http://127.0.0.1:5000/sample/pcap", 32 | "mock": true 33 | }, 34 | 35 | "permissions": { 36 | "pcap": ["cn=investigators,ou=groups,dc=opensoc,dc=dev"] 37 | } 38 | }; 39 | 40 | // Development config loaded from top level config.json. 41 | try { 42 | config = _.merge(config, require('../config')); 43 | console.log('Loaded config overrides:', path); 44 | return config; 45 | } catch(err) { 46 | if (err.code != 'MODULE_NOT_FOUND') { 47 | throw err; 48 | } 49 | } 50 | 51 | // Production config loaded from npm package settings. 52 | if (process.env.NODE_ENV == 'production') { 53 | var homedir = ( 54 | process.env.HOME || 55 | process.env.HOMEPATH || 56 | process.env.USERPROFILE 57 | ); 58 | 59 | var user_config_path = path.join(homedir, '.opensoc-ui'); 60 | var config_path = fs.existsSync(user_config_path) ? user_config_path : 61 | process.env.npm_package_config_path || process.env.OPENSOC_UI_CONFIG; 62 | 63 | if (!config_path) { 64 | console.log('Error: No config file provided.'); 65 | console.log('Set the environment variable "OPENSOC_UI_CONFIG"'); 66 | console.log('to the path of your json configuration file.'); 67 | process.exit(1); 68 | } 69 | 70 | config.debug = false; 71 | config.auth = false; 72 | config.pcap.mock = false; 73 | config.static = 'static_dist'; 74 | 75 | try { 76 | console.log('Loading config from ', config_path) 77 | var config_prod = JSON.parse(fs.readFileSync(config_path, 'utf8')); 78 | config = _.merge(config, config_prod); 79 | } catch(err) { 80 | if (err.name == 'SyntaxError') { 81 | console.log('Malformed JSON in config file: ', config_path); 82 | process.exit(1); 83 | } 84 | else if (err.code == 'ENOENT') { 85 | console.log('Unable to find config file: ', config_path); 86 | process.exit(1); 87 | } 88 | 89 | throw err; 90 | } 91 | } 92 | 93 | exports = module.exports = config; 94 | -------------------------------------------------------------------------------- /lib/modules/es-proxy.js: -------------------------------------------------------------------------------- 1 | exports = module.exports = function(config) { 2 | var httpProxy = require('http-proxy'); 3 | var proxy = httpProxy.createProxy(); 4 | 5 | proxy.on('error', function (err, req, res) { 6 | console.log("[proxyError]", err); 7 | }); 8 | 9 | return function(req, res, next) { 10 | if (config.auth && !req.user) { 11 | res.send(403, 'Forbidden!'); 12 | return; 13 | } 14 | 15 | delete req.headers.cookie; 16 | proxy.web(req, res, { 17 | target: config.elasticsearch.url 18 | }); 19 | }; 20 | }; 21 | -------------------------------------------------------------------------------- /lib/modules/login.js: -------------------------------------------------------------------------------- 1 | exports = module.exports = function(app, config) { 2 | var _ = require('lodash'); 3 | var passport = require('passport'); 4 | var ldapauth = require('passport-ldapauth'); 5 | 6 | // LDAP integration 7 | passport.use(new ldapauth.Strategy({ 8 | usernameField: 'email', 9 | passwordField: 'password', 10 | server: config.ldap 11 | }, function (user, done) { 12 | return done(null, user); 13 | })); 14 | 15 | // Serialize LDAP user into session. 16 | passport.serializeUser(function (ldapUser, done) { 17 | // ensure that memberOf is an array. 18 | var memberOf = ldapUser.memberOf || []; 19 | memberOf = _.isArray(memberOf) ? memberOf : [memberOf]; 20 | ldapUser.memberOf = memberOf; 21 | 22 | // LDAP permissions 23 | ldapUser.permissions = {}; 24 | var permissions = _.keys(config.permissions); 25 | _.each(permissions, function (perm) { 26 | ldapUser.permissions[perm] = false 27 | _.each(config.permissions[perm], function(group) { 28 | if (_.contains(memberOf, group)) { 29 | ldapUser.permissions[perm] = true; 30 | } 31 | }) 32 | }); 33 | 34 | done(null, JSON.stringify(ldapUser)); 35 | }); 36 | 37 | // De-serialize user from session. 38 | passport.deserializeUser(function (ldapUser, done) { 39 | try { 40 | done(null, JSON.parse(ldapUser)); 41 | } catch(err) { 42 | done(null, null); 43 | } 44 | }); 45 | 46 | app.get('/', function (req, res, next) { 47 | if (!req.user) { 48 | res.redirect('/login'); 49 | return; 50 | } 51 | 52 | res.render('index', { 53 | user: JSON.stringify(req.user), 54 | config: JSON.stringify({ 55 | elasticsearch: config.elasticsearch.url 56 | }) 57 | }); 58 | }); 59 | 60 | app.get('/login', function (req, res) { 61 | res.render('login', { flash: req.flash() }); 62 | }); 63 | 64 | app.post('/login', passport.authenticate('ldapauth', { 65 | successRedirect: '/', 66 | failureRedirect: '/login', 67 | failureFlash: true 68 | })); 69 | 70 | app.get('/logout', function (req, res) { 71 | req.logout(); 72 | res.redirect('/login'); 73 | }); 74 | }; -------------------------------------------------------------------------------- /lib/modules/pcap.js: -------------------------------------------------------------------------------- 1 | function readRawBytes(size, transit) { 2 | var buffer = new Buffer(size); 3 | var bytesRead = 0; 4 | var bytesLeft, dataLeft, len, leftOver; 5 | var data, offset; 6 | 7 | while (bytesRead < size) { 8 | if (!data || offset >= data.length) { 9 | offset = 0; 10 | data = transit.shift(); 11 | } 12 | 13 | bytesLeft = size - bytesRead; 14 | dataLeft = data.length - offset; 15 | len = bytesLeft < dataLeft ? bytesLeft : dataLeft; 16 | data.copy(buffer, bytesRead, offset, offset + len); 17 | bytesRead += len; 18 | offset += len; 19 | } 20 | 21 | if (offset < data.length) { 22 | dataLeft = data.length - offset; 23 | leftOver = new Buffer(dataLeft); 24 | data.copy(leftOver, 0, offset, offset + dataLeft); 25 | transit.unshift(leftOver); 26 | } 27 | 28 | return buffer; 29 | } 30 | 31 | 32 | exports = module.exports = function(app, config) { 33 | var _ = require('lodash'); 34 | var fs = require('fs'); 35 | var spawn = require('child_process').spawn; 36 | var querystring = require('querystring'); 37 | var XmlStream = require('xml-stream'); 38 | 39 | // Mock pcap service for use in development 40 | if (config.pcap.mock) { 41 | app.get('/sample/pcap/:command', function(req, res) { 42 | res.sendFile('/vagrant/seed/opensoc.pcap'); 43 | }); 44 | } 45 | 46 | app.get('/pcap/:command', function(req, res) { 47 | if (config.auth && (!req.user || !req.user.permissions.pcap)) { 48 | res.send(403, 'Forbidden!'); 49 | return; 50 | } 51 | 52 | var transit = []; 53 | var raw = req.query.raw; 54 | var pcapUrl = config.pcap.url + '/' + req.param('command'); 55 | var params = _.defaults({}, req.query); 56 | delete params[raw]; 57 | pcapUrl += '?' + querystring.stringify(params); 58 | 59 | var curl = spawn('curl', ['-s', pcapUrl]); 60 | 61 | if (raw) { 62 | res.set('Content-Type', 'application/cap'); 63 | res.set('Content-Disposition', 'attachment; filename="opensoc.pcap"') 64 | curl.stdout.pipe(res); 65 | return; 66 | } 67 | 68 | res.set('Content-Encoding', 'gzip'); 69 | res.set('Content-Type', 'text/event-stream'); 70 | 71 | var gzip = spawn('gzip'); 72 | var tshark = spawn('tshark', ['-l', '-i', '-', '-T', 'pdml']); 73 | var xml = new XmlStream(tshark.stdout); 74 | 75 | xml.collect('proto'); 76 | xml.collect('field'); 77 | 78 | gzip.stdout.pipe(res); 79 | curl.stdout.pipe(tshark.stdin); 80 | curl.stdout.on('data', function (data) { 81 | transit.push(data); 82 | }); 83 | 84 | gzip.stdout.on('end', function() { 85 | gzip.stdout.unpipe(res.stdin); 86 | gzip.kill('SIGKILL'); 87 | }); 88 | 89 | var npcaps = 0; 90 | xml.on('end', function() { 91 | gzip.stdin.end(); 92 | curl.stdout.unpipe(tshark.stdin); 93 | curl.kill('SIGKILL'); 94 | tshark.kill('SIGKILL'); 95 | }); 96 | 97 | xml.on('endElement: packet', function(packet) { 98 | var psize = parseInt(packet.proto[0].$.size); 99 | npcaps || readRawBytes(24, transit); // skip global header 100 | readRawBytes(16, transit); // skip packet header 101 | packet.hexdump = readRawBytes(psize, transit).toString('hex'); 102 | gzip.stdin.write('data: ' + JSON.stringify(packet) + '\n\n'); 103 | npcaps++; 104 | }); 105 | }); 106 | }; 107 | -------------------------------------------------------------------------------- /lib/opensoc-ui.js: -------------------------------------------------------------------------------- 1 | var _ = require('lodash'); 2 | var http = require('http'); 3 | var path = require('path'); 4 | 5 | var express = require('express'); 6 | 7 | var connect = require('connect'); 8 | var flash = require('connect-flash'); 9 | 10 | var cookieParser = require('cookie-parser'); 11 | var bodyParser = require('body-parser'); 12 | var cookieSession = require('cookie-session'); 13 | 14 | var passport = require('passport'); 15 | var ldapauth = require('passport-ldapauth'); 16 | 17 | var esProxy = require('./modules/es-proxy'); 18 | var login = require('./modules/login'); 19 | var pcap = require('./modules/pcap'); 20 | 21 | var config = require('./config'); 22 | 23 | var app = express(); 24 | app.set('view engine', 'jade'); 25 | app.set('views', path.join(__dirname, 'views/')); 26 | 27 | // Cookie middleware 28 | app.use(connect.logger('dev')); 29 | app.use(flash()); 30 | app.use(cookieParser()); 31 | app.use(cookieSession({ 32 | secret: config.secret, 33 | cookie: {maxAge: 1 * 24 * 60 * 60 * 1000} // 1-day sessions 34 | })); 35 | 36 | if (config.auth) { 37 | app.use(passport.initialize()); 38 | app.use(passport.session()); 39 | } 40 | 41 | app.use("/__es", esProxy(config)); 42 | 43 | app.use(bodyParser.urlencoded({extended: true})); 44 | app.use(bodyParser.json()); 45 | 46 | 47 | // Setup routes 48 | if (config.auth) { 49 | login(app, config); 50 | } 51 | 52 | pcap(app, config); 53 | 54 | 55 | app.get('/config.js', function (req, res) { 56 | if (config.auth && !req.user) { 57 | res.send(403, 'Forbidden!'); 58 | return; 59 | } 60 | 61 | res.sendFile('config-kibana.js', {root: __dirname}); 62 | }); 63 | 64 | // Serve static assets 65 | app.use(connect.static(path.join(__dirname, config.static))); 66 | 67 | // Start server 68 | if (process.env.NODE_ENV != 'TEST') { 69 | console.log('Starting server on port', config.port, '...'); 70 | var server = http.createServer(app); 71 | server.listen(config.port, config.host); 72 | } 73 | 74 | exports.app = app; 75 | -------------------------------------------------------------------------------- /lib/static: -------------------------------------------------------------------------------- 1 | ../kibana/src -------------------------------------------------------------------------------- /lib/views/index.jade: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | html 7 | head 8 | meta(charset='utf-8') 9 | meta(http-equiv='X-UA-Compatible', content='IE=edge,chrome=1') 10 | meta(name='viewport', content='width=device-width') 11 | title Kibana 3{{dashboard.current.title ? " - "+dashboard.current.title : ""}} 12 | link(rel='stylesheet', href='css/bootstrap.light.min.css', title='Light') 13 | link(rel='stylesheet', href='css/timepicker.css') 14 | link(rel='stylesheet', href='css/animate.min.css') 15 | link(rel='stylesheet', href='css/normalize.min.css') 16 | // load the root require context 17 | script(src='vendor/require/require.js') 18 | script(src='app/components/require.config.js') 19 | script. 20 | user=!{user} 21 | config=!{config} 22 | require(['app'], function () {}) 23 | style 24 | body. 25 | 30 | 31 | 32 | 33 | 34 | 35 |
36 | 37 | {{alert.title}}
{{$index + 1}} alert(s)
38 |
39 |
40 |
41 |
42 | {{dashboard.current.title}} 43 | 44 |
    45 |
46 |
47 |
48 |
49 | 50 |
51 | -------------------------------------------------------------------------------- /lib/views/login.jade: -------------------------------------------------------------------------------- 1 | doctype html 2 | html 3 | head 4 | meta(charset='utf-8') 5 | meta(http-equiv='X-UA-Compatible', content='IE=edge,chrome=1') 6 | meta(name='viewport', content='width=device-width') 7 | title OpenSOC - Login 8 | link(rel='stylesheet', href='css/bootstrap.dark.min.css', title='Dark') 9 | link(rel='stylesheet', href='css/timepicker.css') 10 | link(rel='stylesheet', href='css/animate.min.css') 11 | link(rel='stylesheet', href='css/normalize.min.css') 12 | style. 13 | .login-form { 14 | margin-top: 60px; 15 | border: 1px solid #666; 16 | padding: 20px; 17 | } 18 | 19 | td.count { 20 | background-color: #ee0000; 21 | } 22 | body 23 | noscript 24 | .container 25 | center 26 | h3 You must enable javascript to use Kibana 27 | link(rel='stylesheet', href='css/bootstrap.dark.min.css') 28 | link(rel='stylesheet', href='css/bootstrap-responsive.min.css') 29 | link(rel='stylesheet', href='css/font-awesome.min.css') 30 | .container-fluid 31 | .row-fluid 32 | .span6.offset3 33 | form.form-horizontal.login-form(action='/login', method='POST') 34 | fieldset 35 | legend Login 36 | if flash.error 37 | .alert.alert-error=flash.error 38 | div(class="#{flash.error ? 'control-group error' : 'control-group'}") 39 | label.control-label(for='inputEmail') Email 40 | .controls 41 | input#inputEmail(type='text', name='email', placeholder='Email') 42 | 43 | div(class="#{flash.error ? 'control-group error' : 'control-group'}") 44 | label.control-label(for='inputPassword') Password 45 | .controls 46 | input#inputPassword(type='password', name='password', placeholder='Password') 47 | .control-group 48 | .controls 49 | button.btn(type='submit') Sign in 50 | //
51 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "opensoc-ui", 3 | "version": "0.0.15", 4 | "description": "OpenSOC Portal", 5 | "main": "server.js", 6 | "files": [ 7 | "bin", 8 | "lib", 9 | "LICENSE", 10 | "README.md", 11 | "server.js" 12 | ], 13 | "bin": { 14 | "opensoc-ui": "./bin/cli" 15 | }, 16 | "scripts": { 17 | "prepublish": "cd kibana && rm -rf dist && grunt build && cp -rf dist ../lib/static_dist", 18 | "test": "NODE_ENV=TEST ./node_modules/istanbul/lib/cli.js cover ./node_modules/mocha/bin/_mocha -- --check-leaks -R spec" 19 | }, 20 | "repository": { 21 | "type": "git", 22 | "url": "git://github.com/OpenSOC/opensoc-ui.git" 23 | }, 24 | "author": "OpenSOC Team", 25 | "license": "Apache-2.0", 26 | "bugs": { 27 | "url": "https://github.com/OpenSOC/opensoc-ui/issues" 28 | }, 29 | "preferGlobal": true, 30 | "homepage": "https://github.com/OpenSOC/opensoc-ui", 31 | "config": { 32 | "path": "" 33 | }, 34 | "dependencies": { 35 | "async": "^0.9.0", 36 | "bcrypt": "^0.7.8", 37 | "bluebird": "^1.2.4", 38 | "checkit": "^0.2.0-pre", 39 | "cluster": "~0.7.7", 40 | "connect": "^2.16.2", 41 | "connect-flash": "^0.1.1", 42 | "connect-redis": "^2.0.0", 43 | "express": "^4.2.0", 44 | "jade": "^1.3.1", 45 | "kappa": "^0.14.3", 46 | "lodash": "^2.4.1", 47 | "lusca": "^1.0.0", 48 | "passport": "^0.2.0", 49 | "passport-ldapauth": "^0.2.0", 50 | "passport-local": "^1.0.0", 51 | "redis": "^0.10.2", 52 | "ws": "^0.4.31", 53 | "xxhashjs": "0.0.5", 54 | "http-proxy": "1.11.1", 55 | "cookie-parser": "~1.3.2", 56 | "body-parser": "~1.6.5", 57 | "cookie-session": "~1.0.2", 58 | "xml-stream": "~0.4.4", 59 | "forever": "~0.13.0" 60 | }, 61 | "devDependencies": { 62 | "chai": "^1.9.1", 63 | "chance": "^0.5.6", 64 | "glob": "^3.2.9", 65 | "grunt": "^0.4.4", 66 | "grunt-bowercopy": "^1.0.0", 67 | "istanbul": "^0.2.7", 68 | "karma": "^0.12.14", 69 | "karma-coverage": "^0.2.1", 70 | "karma-mocha": "^0.1.3", 71 | "karma-osx-reporter": "0.0.4", 72 | "karma-sinon-chai": "^0.1.5", 73 | "mocha": "^1.19.0", 74 | "sinon": "^1.9.1", 75 | "supertest": "^0.11.0" 76 | } 77 | } 78 | -------------------------------------------------------------------------------- /script/es_fetch: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | /* 4 | * fetch.js 5 | * A small utility to fetch records from Elasticsearch and save as JSON 6 | * 7 | */ 8 | 9 | var http = require('http') 10 | , fs = require('fs') 11 | , _ = require('lodash'); 12 | 13 | var options = { 14 | host: process.env.ES_HOST || 'localhost', 15 | port: 9200 16 | }; 17 | 18 | var size = 1000; 19 | var fields = [ '_source' ]; 20 | 21 | // indices to pull test data from 22 | var indices = [ 23 | 'sourcefire', 24 | 'qosmos', 25 | 'qradar', 26 | 'fireeye', 27 | 'bro-201405050800' 28 | ]; 29 | 30 | var retrieve = function (index, i) { 31 | options.path = 32 | '/' + index + '/_search?size=' + size + '&fields=' + fields.join(','); 33 | 34 | http.get(options, function (response) { 35 | var data = []; 36 | 37 | response.on('data', function (chunk) { 38 | data.push(chunk); 39 | }); 40 | 41 | response.on('end', function () { 42 | var filePath = 'seed/es/' + index + '.json' 43 | , results = _.pluck(JSON.parse(data.join('')).hits.hits, '_source'); 44 | 45 | var output = results.map(function (v) { 46 | return JSON.stringify(v); 47 | }); 48 | 49 | // ES-friendly bulk format 50 | var fmt = "{\"index\": { \"_index\": \"" + index + 51 | "\", \"_type\": \"" + index + "\"}}\n"; 52 | var toWrite = fmt + output.join("\n" + fmt) + "\n"; 53 | 54 | fs.writeFile(filePath, toWrite, function (err) { 55 | if (err) { 56 | throw err; 57 | } 58 | }); 59 | }); 60 | }); 61 | }; 62 | 63 | indices.forEach(retrieve); 64 | -------------------------------------------------------------------------------- /script/es_gen.js: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | /* 4 | * es_gen.js 5 | * A small utility that generates json seed data for Elasticsearch 6 | * 7 | */ 8 | 9 | 10 | var _ = require('lodash'); 11 | var Chance = require('chance'); 12 | var fs = require('fs'); 13 | 14 | var chance = new Chance(); 15 | var documentsPerIndex = 1000; 16 | var numEnrichedMachines = 100; 17 | var numOtherMachines = 200; 18 | 19 | var oneMonthAgo = new Date(); 20 | oneMonthAgo.setMonth(oneMonthAgo.getMonth() - 1); 21 | 22 | var startTimestamp = oneMonthAgo.getTime(); 23 | var endTimestamp = startTimestamp + (90 * 24 * 60 * 60 * 1000); 24 | var sources = [ 25 | 'bro', 26 | 'fireeye', 27 | 'lancope', 28 | 'qosmos', 29 | 'qradar', 30 | 'sourcefire' 31 | ]; 32 | 33 | 34 | var inventory = []; 35 | var assetValues = ['important', 'mundane']; 36 | var assetTypes = ['printer', 'server', 'router']; 37 | var alertType = ['error', 'warning', 'alert']; 38 | var clusters = ['preprod', 'cluster A', 'cluster B']; 39 | var protocols = ['tcp', 'udp']; 40 | var protocolMap = {tcp: 6, udp: 17}; 41 | 42 | function pad(n, width, z) { 43 | z = z || '0'; 44 | n = n + ''; 45 | return n.length >= width ? n : new Array(width - n.length + 1).join(z) + n; 46 | } 47 | 48 | function ipToHex(ip) { 49 | var parts = ip.split('.'); 50 | for (var i = 0; i < parts.length; i++) { 51 | parts[i] = parseInt(parts[i]).toString(16); 52 | if (parts[i].length == 1) { 53 | parts[i] = '0' + parts[i]; 54 | } 55 | } 56 | return parts.join(''); 57 | } 58 | 59 | function choice(arr) { 60 | return arr[Math.floor(Math.random() * arr.length)]; 61 | } 62 | 63 | function randomAlerts(source, event) { 64 | var alerts = []; 65 | var instance = pad(chance.integer({min: 1, max: 3}), 3); 66 | var priorities = ['High', 'Medium', 'Low']; 67 | 68 | for(var i = 0; i < chance.integer({min: -5, max: 3}); i++) { 69 | var alertId = chance.guid(); 70 | event.alerts.push(alertId); 71 | alerts.push({ 72 | alert_id: alertId, 73 | timestamp: event.message.timestamp, 74 | priority: choice(priorities), 75 | designated_host: choice([ 76 | event.message.ip_src_addr, 77 | event.message.ip_dst_addr 78 | ]), 79 | description: chance.sentence(), 80 | environment: { 81 | customer: 'mtd', 82 | instance: 'dev', 83 | datacenter: choice(clusters) 84 | }, 85 | topology: { 86 | topology: source, 87 | topology_instance: source[0].toUpperCase() + instance 88 | }, 89 | enrichment: event.enrichment 90 | }); 91 | } 92 | return alerts; 93 | } 94 | 95 | function randomEvent(source) { 96 | var dst = choice(inventory); 97 | var src = choice(inventory); 98 | var protocol = choice(protocols); 99 | 100 | return { 101 | alerts: [], 102 | message: { 103 | ip_dst_addr: dst.ip, 104 | ip_src_addr: src.ip, 105 | ip_dst_port: chance.integer({min: 22, max: 65535}), 106 | ip_src_port: chance.integer({min: 22, max: 65535}), 107 | protocol: protocol, 108 | original_string: chance.paragraph(), 109 | timestamp: chance.integer({min: startTimestamp, max: endTimestamp}) 110 | }, 111 | enrichment: { 112 | geo: { 113 | ip_dst_addr: dst.geo, 114 | ip_src_addr: src.geo 115 | }, 116 | host: { 117 | ip_dst_addr: dst.host, 118 | ip_src_addr: src.host 119 | } 120 | } 121 | }; 122 | } 123 | 124 | function randomPcap(event, offset) { 125 | offset = offset || 0; 126 | return { 127 | ip_src_addr: event.message.ip_src_addr, 128 | ip_dst_addr: event.message.ip_dst_addr, 129 | ip_src_port: event.message.ip_src_port, 130 | ip_dst_port: event.message.ip_dst_port, 131 | protocol: protocolMap[event.message.protocol], 132 | message: { 133 | ts_micro: Math.floor(event.message.timestamp * 1000) + offset, 134 | ip_id: chance.integer({min: 0, max: 99999}), 135 | frag_offset: chance.integer({min: 0, max: 99999}), 136 | pcap_id: [ 137 | ipToHex(event.message.ip_src_addr), 138 | ipToHex(event.message.ip_dst_addr), 139 | protocolMap[event.message.protocol], 140 | event.message.ip_src_port, 141 | event.message.ip_dst_port, 142 | ].join('-') 143 | } 144 | }; 145 | } 146 | 147 | for (var i = 0; i < numEnrichedMachines; i++) { 148 | inventory.push({ 149 | ip: chance.ip(), 150 | geo: { 151 | country: 'US', 152 | dmaCode: chance.integer({min: 500, max: 700}), 153 | city: chance.city(), 154 | postalCode: chance.zip(), 155 | latitude: chance.latitude({fixed: 4}), 156 | longitude: chance.longitude({fixed: 4}), 157 | locID: chance.integer({min: 10000, max: 30000}), 158 | location_point: chance.coordinates({fixed: 2}), 159 | }, 160 | host: { 161 | known_info: { 162 | asset_value: choice(assetValues), 163 | type: choice(assetTypes), 164 | local: choice(['YES', 'NO']) 165 | } 166 | } 167 | }); 168 | } 169 | 170 | for (var i = 0; i < numOtherMachines; i++) { 171 | inventory.push({ip: chance.ip()}); 172 | } 173 | 174 | for (var i = 0; i < sources.length; i++) { 175 | var source = sources[i]; 176 | var filename = source + '.json'; 177 | var json = fs.createWriteStream('seed/es/' + filename); 178 | var objects = []; 179 | 180 | for (var j = 0; j < documentsPerIndex; j++) { 181 | var index = source + '_index'; 182 | var type = source + '_doc'; 183 | 184 | var eventData = randomEvent(source); 185 | var alertData = randomAlerts(source, eventData); 186 | for (var k = 0; k < alertData.length; k++) { 187 | eventData.alerts.push(alertData[k].alert_id); 188 | } 189 | 190 | objects.push(JSON.stringify({index: {_index: index, _type: type}})); 191 | objects.push(JSON.stringify(eventData)); 192 | 193 | objects.push(JSON.stringify({index: {_index: 'alert', _type: source + '_alert'}})); 194 | for (var k = 0; k < alertData.length; k++) { 195 | objects.push(JSON.stringify(alertData[k])); 196 | } 197 | 198 | for (var l = 0; l < chance.integer({min: 1, max: 50}); l++) { 199 | objects.push(JSON.stringify({index: {_index: 'pcap_all', _type: 'pcap_doc'}})); 200 | objects.push(JSON.stringify(randomPcap(eventData, l * 1000))); 201 | } 202 | } 203 | 204 | json.write(objects.join('\n')); 205 | json.close(); 206 | } 207 | -------------------------------------------------------------------------------- /script/es_seed: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # Delete all existing indices. 4 | curl -XDELETE 'http://localhost:9200/_all/' 5 | 6 | # Create the PCAP index. 7 | curl -XPUT 'http://localhost:9200/pcap_all/' -d '{ 8 | "settings": { 9 | "index.codec.bloom.load": false, 10 | "index.compound_on_flush": false, 11 | "index.compound_format": false, 12 | "index.merge.policy.use_compound_file": false, 13 | "index.refresh_interval": 120, 14 | "index.action.write_consistency": false, 15 | "index.translog.flush_threshold_ops": 100000, 16 | "index.compound_on_flush": false, 17 | "index.compound_format": false, 18 | "index.merge.policy.use_compound_file": false 19 | }, 20 | "mappings": { 21 | "pcap_doc": { 22 | "_all": { 23 | "enabled": false 24 | }, 25 | "_source": { 26 | "includes": ["message.ts_micro", "message.pcap_id", "message.ip_id", "message.frag_offset"] 27 | }, 28 | "properties": { 29 | "message" : { 30 | "properties":{ 31 | "pcap_id": { 32 | "type": "string", 33 | "index": "not_analyzed", 34 | "postings_format": "Lucene41" 35 | }, 36 | "ip_protocol": { 37 | "type": "long", 38 | "precision_step": 64 39 | }, 40 | "ip_src_addr": { 41 | "type": "string", 42 | "index": "not_analyzed", 43 | "postings_format": "Lucene41" 44 | }, 45 | "ip_src_port": { 46 | "type": "long", 47 | "precision_step": 64 48 | }, 49 | "ip_dst_addr": { 50 | "type": "string", 51 | "index": "not_analyzed", 52 | "postings_format": "Lucene41" 53 | }, 54 | "ip_dst_port": { 55 | "type": "long", 56 | "precision_step": 64 57 | }, 58 | "ts_micro": { 59 | "type": "long", 60 | "precision_step": 64 61 | }, 62 | "ip_id": { 63 | "type": "long", 64 | "precision_step": 64, 65 | "index": "no" 66 | }, 67 | "frag_offset": { 68 | "type": "long", 69 | "precision_step": 64, 70 | "index": "no" 71 | } 72 | } 73 | } 74 | } 75 | } 76 | } 77 | }' 78 | 79 | # Seed Elasticsearch. 80 | for file in seed/es/*.json 81 | do 82 | curl -s -XPOST --data-binary @$file 'http://localhost:9200/_bulk' 83 | done 84 | 85 | echo "\nDone." 86 | -------------------------------------------------------------------------------- /script/ldap_seed: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | cd /vagrant/seed/ldap 4 | sudo ldapadd -h localhost -p 389 -D 'cn=admin,dc=opensoc,dc=dev' -w opensoc -f content.ldif 5 | cd - 6 | -------------------------------------------------------------------------------- /script/provision: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # This file is meant to be executed inside the Vagrant development VM 4 | 5 | # Prevent dpkg-reconfigure interactive sessions 6 | export DEBIAN_FRONTEND=noninteractive 7 | 8 | 9 | ### BEGIN SAMPLE PCAP DATA ### 10 | apt-get update 11 | apt-get install -y libpcap-dev tshark 12 | curl -s 'http://www.snaketrap.co.uk/pcaps/hbot.pcap' -o /vagrant/seed/hbot.pcap 13 | ### END SAMPLE PCAP DATA ### 14 | 15 | 16 | ### BEGIN OPENLDAP ### 17 | # slapd doesn't seem to work right unless you configure it via debconf 18 | # The password for all users is opensoc 19 | debconf-set-selections /vagrant/seed/slapd.seed 20 | apt-get update 21 | apt-get -y install slapd ldap-utils 22 | 23 | cd /vagrant/seed/ldap 24 | ldapmodify -Y EXTERNAL -H ldapi:/// -f logging.ldif 25 | ldapmodify -Y EXTERNAL -H ldapi:/// -f config.ldif 26 | ldapadd -D cn=admin,cn=config -w "opensoc" -H ldapi:/// -f memberof_add.ldif 27 | ldapadd -D cn=admin,cn=config -w "opensoc" -H ldapi:/// -f memberof_config.ldif 28 | 29 | # SEED LDAP 30 | ldapadd -h localhost -p 389 -D "cn=admin,dc=opensoc,dc=dev" -w opensoc -f content.ldif 31 | cd - 32 | ### END OPENLDAP ### 33 | 34 | 35 | ### BEGIN ELASTICSEARCH ### 36 | # TODO(ram): Upgrade ElasticSearch to 1.3.0 37 | apt-get -y install openjdk-7-jre-headless 38 | wget --quiet https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.1.1.deb 39 | dpkg -i elasticsearch-1.1.1.deb 40 | rm -rf elasticsearch-1.1.1.deb 41 | cd /usr/share/elasticsearch 42 | bin/plugin -install mobz/elasticsearch-head 43 | cd - 44 | update-rc.d elasticsearch defaults 95 10 45 | service elasticsearch restart 46 | 47 | # SEED ELASTICSEARCH 48 | cd /vagrant 49 | su vagrant -c "script/es_gen.js" 50 | su vagrant -c "script/es_seed" 51 | cd - 52 | ### END ELASTICSEARCH ### 53 | 54 | ### NODE SETUP ### 55 | apt-get update 56 | apt-get install -y nodejs npm git 57 | 58 | ln -s /usr/bin/nodejs /usr/bin/node 59 | npm install -g nodemon 60 | npm install -g grunt-cli 61 | 62 | cd /vagrant/kibana 63 | rm -rf node_modules dist 64 | su vagrant -c "npm install" 65 | cd - 66 | 67 | cd /vagrant 68 | rm -rf node_modules 69 | su vagrant -c "npm install" 70 | su vagrant -c "echo 'export NODE_ENV=vagrant' >> /home/vagrant/.bashrc" 71 | su vagrant -c "ln -s /vagrant/.nodemonignore ~/.nodemonignore" 72 | cd - 73 | ### END NODE SETUP ### 74 | -------------------------------------------------------------------------------- /seed/es/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OpenSOC/opensoc-ui/4c1379cd7dc9094cefe1f4bd1399783cc218ad6d/seed/es/.gitkeep -------------------------------------------------------------------------------- /seed/ldap/config.ldif: -------------------------------------------------------------------------------- 1 | dn: cn=config 2 | changetype: modify 3 | 4 | dn: olcDatabase={0}config,cn=config 5 | changetype: modify 6 | add: olcRootDN 7 | olcRootDN: cn=admin,cn=config 8 | 9 | dn: olcDatabase={0}config,cn=config 10 | changetype: modify 11 | add: olcRootPW 12 | olcRootPW: {MD5}y/05lb1L2umvqo6VrZBGkw== 13 | 14 | dn: olcDatabase={0}config,cn=config 15 | changetype: modify 16 | delete: olcAccess 17 | -------------------------------------------------------------------------------- /seed/ldap/content.ldif: -------------------------------------------------------------------------------- 1 | dn: ou=groups,dc=opensoc,dc=dev 2 | objectclass: organizationalUnit 3 | objectclass: top 4 | ou: groups 5 | 6 | dn: ou=users,dc=opensoc,dc=dev 7 | objectclass: organizationalUnit 8 | objectclass: top 9 | ou: users 10 | 11 | dn: cn=joesmith,ou=users,dc=opensoc,dc=dev 12 | cn: joesmith 13 | givenname: Joe 14 | sn: Smith 15 | mail: joesmith@opensoc.dev 16 | objectclass: inetOrgPerson 17 | objectclass: top 18 | uid: joesmith 19 | userpassword: {MD5}y/05lb1L2umvqo6VrZBGkw== 20 | 21 | dn: cn=maryfodder,ou=users,dc=opensoc,dc=dev 22 | cn: maryfodder 23 | givenname: Mary 24 | sn: Fodder 25 | mail: maryfodder@opensoc.dev 26 | objectclass: inetOrgPerson 27 | objectclass: top 28 | uid: maryfodder 29 | userpassword: {MD5}y/05lb1L2umvqo6VrZBGkw== 30 | 31 | dn: cn=analysts,ou=groups,dc=opensoc,dc=dev 32 | objectclass: groupOfNames 33 | cn: analysts 34 | member: cn=joesmith,ou=users,dc=opensoc,dc=dev 35 | 36 | dn: cn=investigators,ou=groups,dc=opensoc,dc=dev 37 | objectclass: groupOfNames 38 | cn: investigators 39 | member: cn=maryfodder,ou=users,dc=opensoc,dc=dev 40 | 41 | dn: cn=soc,ou=groups,dc=opensoc,dc=dev 42 | objectclass: groupOfNames 43 | cn: soc 44 | member: cn=joesmith,ou=users,dc=opensoc,dc=dev 45 | member: cn=maryfodder,ou=users,dc=opensoc,dc=dev 46 | -------------------------------------------------------------------------------- /seed/ldap/logging.ldif: -------------------------------------------------------------------------------- 1 | 2 | dn: cn=config 3 | changetype: modify 4 | add: olcLogLevel 5 | olcLogLevel: stats 6 | 7 | -------------------------------------------------------------------------------- /seed/ldap/memberof_add.ldif: -------------------------------------------------------------------------------- 1 | dn: cn=module,cn=config 2 | objectClass: olcModuleList 3 | cn: module 4 | olcModulePath: /usr/lib/ldap 5 | olcModuleLoad: memberof 6 | -------------------------------------------------------------------------------- /seed/ldap/memberof_config.ldif: -------------------------------------------------------------------------------- 1 | dn: olcOverlay=memberof,olcDatabase={1}hdb,cn=config 2 | objectClass: olcMemberOf 3 | objectClass: olcOverlayConfig 4 | objectClass: olcConfig 5 | objectClass: top 6 | olcOverlay: memberof 7 | olcMemberOfDangling: ignore 8 | olcMemberOfRefInt: TRUE 9 | olcMemberOfGroupOC: groupOfNames 10 | olcMemberOfMemberAD: member 11 | olcMemberOfMemberOfAD: memberOf 12 | -------------------------------------------------------------------------------- /seed/opensoc.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OpenSOC/opensoc-ui/4c1379cd7dc9094cefe1f4bd1399783cc218ad6d/seed/opensoc.pcap -------------------------------------------------------------------------------- /seed/slapd.seed: -------------------------------------------------------------------------------- 1 | 2 | slapd slapd/password1 password opensoc 3 | slapd slapd/password2 password opensoc 4 | slapd slapd/purge_database boolean false 5 | slapd slapd/allow_ldap_v2 boolean false 6 | slapd slapd/invalid_config boolean true 7 | slapd shared/organization string OpenSOC 8 | slapd slapd/dump_database select when needed 9 | slapd slapd/domain string opensoc.dev 10 | slapd slapd/backend select HDB 11 | slapd slapd/no_configuration boolean false 12 | slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION 13 | slapd slapd/move_old_database boolean true 14 | 15 | -------------------------------------------------------------------------------- /server.js: -------------------------------------------------------------------------------- 1 | if (process.env.NODE_ENV && process.env.NODE_ENV !== 'production') { 2 | module.exports = require('./lib/opensoc-ui'); 3 | } else { 4 | // Start cluster 5 | var cluster = require('cluster'); 6 | var numCPUs = require('os').cpus().length; 7 | 8 | if (cluster.isMaster) { 9 | for (var i = 0; i < numCPUs; i++) { 10 | cluster.fork(); 11 | } 12 | 13 | cluster.on('exit', function (worker, code, signal) { 14 | console.log('worker ' + worker.process.pid + ' died'); 15 | }); 16 | } else { 17 | require('./lib/opensoc-ui'); 18 | } 19 | } -------------------------------------------------------------------------------- /test/opensoc-ui-test.js: -------------------------------------------------------------------------------- 1 | /* global assert:true */ 2 | 3 | var assert = require('chai').assert 4 | , request = require('supertest') 5 | , app = require('../lib/opensoc-ui').app; 6 | 7 | describe('index', function () { 8 | it('responds with success', function (done) { 9 | request(app). 10 | get('/'). 11 | set('Accept', 'text/html'). 12 | expect('Content-Type', /html/). 13 | expect(302, done); // unauthed 14 | }); 15 | }); 16 | -------------------------------------------------------------------------------- /test/session-test.js: -------------------------------------------------------------------------------- 1 | /*global assert: true*/ 2 | 3 | if (!process.env.IN_TRAVIS) { 4 | var assert = require('chai').assert 5 | , request = require('supertest') 6 | , app = require('../lib/opensoc-ui').app; 7 | 8 | describe('sessions', function () { 9 | describe('log in / log out', function () { 10 | var session = request.agent(app); 11 | 12 | it('redirects to login unless logged in', function (done) { 13 | session. 14 | get('/'). 15 | end(function (err, res) { 16 | assert.equal(res.statusCode, 302); 17 | assert.equal(res.header['location'], '/login'); 18 | done(); 19 | }); 20 | }); 21 | 22 | it('logs in', function (done) { 23 | session. 24 | post('/login'). 25 | send({ email: 'joesmith@opensoc.dev', password: 'opensoc' }). 26 | end(function (err, res) { 27 | // redirects to home 28 | assert.equal(res.header['location'], '/'); 29 | assert.equal(res.statusCode, 302); 30 | done(); 31 | }); 32 | }); 33 | 34 | it('logs out', function (done) { 35 | session. 36 | get('/logout'). 37 | end(function (err, res) { 38 | // redirects to login 39 | assert.equal(res.header['location'], '/login'); 40 | assert.notMatch(res.header['set-cookie'], /joesmith/); 41 | assert.equal(res.statusCode, 302); 42 | done(); 43 | }); 44 | }); 45 | }); 46 | 47 | describe('session not set', function () { 48 | var session = request.agent(app); 49 | 50 | it('fails log in', function (done) { 51 | session. 52 | post('/login'). 53 | send({ email: 'joesmith@opensoc.dev', password: 'foobar' }). 54 | end(function (err, res) { 55 | assert.equal(res.header['location'], '/login'); 56 | assert.notMatch(res.header['set-cookie'], /joesmith/); 57 | assert.equal(res.statusCode, 302); 58 | done(); 59 | }); 60 | }); 61 | }); 62 | }); 63 | } 64 | --------------------------------------------------------------------------------