Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

give easier option for transferring SSL client files from Malcolm to forwarder #177

Closed
mmguero opened this issue Mar 30, 2023 · 1 comment
Assignees
Labels
beats Relating to Malcolm's use of Beats iso relating to the ISO-installed environment for Malcolm and/or Hedgehog logstash Relating to Malcolm's use of Logstash security Related to issues with bearing on the security of Malcolm itself sensor For issues dealing with the Hedgehog OS capture sensor

Comments

@mmguero
Copy link
Collaborator

mmguero commented Mar 30, 2023

this is related to #158, but I think the workflow is easier:

Here's an improved workflow for getting SSL certificates from Malcolm to Hedgehog:

On Malcolm:

  1. ./scripts/auth_setup
  2. go through answers (you can say "no" to everything except the last question... maybe I should make this a menu)
  3. "Transfer self-signed client-certificates to a remote log forwarder?" yes
  4. "Run configure-capture on the remote log forwarder, select 'Configure Forwarding,' then 'Receive client SSL files...'" is displayed
  5. A dialog is displayed, ending with a one-time-use code phrase for the transfer

On Hedgehog:

  1. configure-capture
  2. select "Configure Forwarding"
  3. select "Receive client SSL files for filebeat from Malcolm"
  4. "Run auth_setup on Malcolm 'Transfer self-signed client certificates...'" is displayed
  5. enter "Malcolm server IP"
  6. enter "Single-use code phrase"

TRANSFER COMMENCES using croc with the Malcolm instance itself acting as a local relay.

The result is that without enabling SSH the files get transfered from ./filebeat/certs on Malcolm to /opt/sensor/sensor_ctl/logstash-client-certificates/ on Hedgehog.

@mmguero mmguero added beats Relating to Malcolm's use of Beats logstash Relating to Malcolm's use of Logstash iso relating to the ISO-installed environment for Malcolm and/or Hedgehog sensor For issues dealing with the Hedgehog OS capture sensor security Related to issues with bearing on the security of Malcolm itself labels Mar 30, 2023
@mmguero mmguero self-assigned this Mar 30, 2023
@mmguero mmguero added this to Malcolm Mar 30, 2023
@mmguero mmguero moved this to Testing in Malcolm Mar 31, 2023
@mmguero
Copy link
Collaborator Author

mmguero commented Apr 4, 2023

Here's what the final version of this looks like:

transfer.mp4

@mmguero mmguero moved this from Testing to Done in Malcolm Apr 4, 2023
@mmguero mmguero closed this as completed Apr 4, 2023
mmguero added a commit that referenced this issue Apr 5, 2023
Malcolm v23.04.0 is a release with enhancements, component version updates and bug fixes.

IMPORTANT NOTE: In March 2023 Docker Inc. announced its decision to sunset the "Docker Free Team" plan, which prompted us to decide to migrate away from Docker Hub to the Github Container Registry or "ghcr" (see #163). Due to public backlash, Docker Inc. reversed its decision. However, the Malcolm project will continue with the decision to use GHCR beginning with this release (Malcolm v23.04.0) and moving forward. If you're updating an existing instance of Malcolm, it's recommended that you back up your `docker-compose.yml` and `docker-compose-standalone.yml` files, replace them with the ones from this release and re-run `./scripts/install.py --configure` to ensure that you're pointing at the latest images (this is actually always good practice when moving to a new release of Malcolm).

v23.03.0...v23.04.0

* Enhancements
    - autostart `install.py --configure` on Malcolm ISO first boot (#157)
    - clarify information about auth_setup's use of external OpenSearch connections (#160)
    - migrate away from DockerHub container registry (#163)
    - give easier option for transferring SSL client files from Malcolm to forwarder (#177)
        + added `tx-rx-secure.sh` script as wrapper around [croc](https://github.com/schollz/croc) automatically creating and using a local-only relay

* Component version updates
    - [Zeek v5.2.0](https://github.com/zeek/zeek/releases) (#161)
    - [fluent bit v2.0.10](https://fluentbit.io/announcements/v2.0.10/)
    - [NetBox v3.4.7](https://github.com/netbox-community/netbox/releases/tag/v3.4.7)

* Fixes
    - XFCE4's "save session on exit" causes conflict with Hedgehog kiosk mode if firefox instance is started upon session restore (#164)
    - docker-compose move from go-yaml/v3 breaks Malcolm's docker-compose YAML files (#178, docker/compose#10411)
    - increase index.mapping.nested_fields.limit in opensearch index template (#180)
mmguero added a commit to cisagov/Malcolm that referenced this issue Apr 5, 2023
Malcolm v23.04.0 is a release with enhancements, component version updates and bug fixes.

IMPORTANT NOTE: In March 2023 Docker Inc. announced its decision to sunset the "Docker Free Team" plan, which prompted us to decide to migrate away from Docker Hub to the Github Container Registry or "ghcr" (see idaholab#163). Due to public backlash, Docker Inc. reversed its decision. However, the Malcolm project will continue with the decision to use GHCR beginning with this release (Malcolm v23.04.0) and moving forward. If you're updating an existing instance of Malcolm, it's recommended that you back up your `docker-compose.yml` and `docker-compose-standalone.yml` files, replace them with the ones from this release and re-run `./scripts/install.py --configure` to ensure that you're pointing at the latest images (this is actually always good practice when moving to a new release of Malcolm).

v23.03.0...v23.04.0

* Enhancements
    - autostart `install.py --configure` on Malcolm ISO first boot (idaholab#157)
    - clarify information about auth_setup's use of external OpenSearch connections (idaholab#160)
    - migrate away from DockerHub container registry (idaholab#163)
    - give easier option for transferring SSL client files from Malcolm to forwarder (idaholab#177)
        + added `tx-rx-secure.sh` script as wrapper around [croc](https://github.com/schollz/croc) automatically creating and using a local-only relay

* Component version updates
    - [Zeek v5.2.0](https://github.com/zeek/zeek/releases) (idaholab#161)
    - [fluent bit v2.0.10](https://fluentbit.io/announcements/v2.0.10/)
    - [NetBox v3.4.7](https://github.com/netbox-community/netbox/releases/tag/v3.4.7)

* Fixes
    - XFCE4's "save session on exit" causes conflict with Hedgehog kiosk mode if firefox instance is started upon session restore (idaholab#164)
    - docker-compose move from go-yaml/v3 breaks Malcolm's docker-compose YAML files (idaholab#178, docker/compose#10411)
    - increase index.mapping.nested_fields.limit in opensearch index template (idaholab#180)
@mmguero mmguero moved this from Done to Released in Malcolm Apr 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
beats Relating to Malcolm's use of Beats iso relating to the ISO-installed environment for Malcolm and/or Hedgehog logstash Relating to Malcolm's use of Logstash security Related to issues with bearing on the security of Malcolm itself sensor For issues dealing with the Hedgehog OS capture sensor
Projects
Status: Released
Development

No branches or pull requests

1 participant