diff --git a/KR-12.features b/KR-12.features new file mode 100644 index 0000000000000000000000000000000000000000..33fe5ec864ceacfc070fe50785301f2c8398463c --- /dev/null +++ b/KR-12.features @@ -0,0 +1,13 @@ +Feature: PIACERE Runtime environment + +Scenario: Inspect PIACERE Security Monitoring - basic metrics +Given An initiated IaC deployment +When The user navigates to the IaC deployment record in the IDE +And The user requests see Security Monitoring Dashboard +Then The user's browser is launched with the Security Monitoring Dashboard shown (Kibana Dashboard) + +Scenario: Inspect PIACERE Security Monitoring - Self-learning +Given An initiated IaC deployment +When The user navigates to the IaC deployment record in the IDE +And The user requests see Security Monitoring Self-learning Dashboard +Then The user's browser is launched with the Security Monitoring Dashboard shown (dedicated Grafana Dashboard) \ No newline at end of file diff --git a/config/internal_users.yml b/config/internal_users.yml new file mode 100644 index 0000000000000000000000000000000000000000..324604735d0f21b0e0127283afa0b4fdce98e8f7 --- /dev/null +++ b/config/internal_users.yml @@ -0,0 +1,63 @@ +--- +# This is the internal user database +# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh + +_meta: + type: "internalusers" + config_version: 2 + +# Define your internal users here + +## Demo users + +# admin: +# hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG" +# reserved: true +# backend_roles: +# - "admin" +# description: "Demo admin user" + +admin: + hash: "$2y$12$E0o13NrFEP9cT09HYRPbz.8EKNRIegYnbJkLhqhK7soNysH3k4BWS" + #hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG" + reserved: true + backend_roles: + - "admin" + description: "PIACERE admin user" + +kibanaserver: + hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." + reserved: true + description: "Demo kibanaserver user" + +kibanaro: + hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" + reserved: false + backend_roles: + - "kibanauser" + - "readall" + attributes: + attribute1: "value1" + attribute2: "value2" + attribute3: "value3" + description: "Demo kibanaro user" + +logstash: + hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" + reserved: false + backend_roles: + - "logstash" + description: "Demo logstash user" + +readall: + hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" + reserved: false + backend_roles: + - "readall" + description: "Demo readall user" + +snapshotrestore: + hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" + reserved: false + backend_roles: + - "snapshotrestore" \ No newline at end of file diff --git a/config/security-roles_mapping.yml b/config/security-roles_mapping.yml new file mode 100644 index 0000000000000000000000000000000000000000..c37f4b745b26068b5e44eb6d844475692bb09e7c --- /dev/null +++ b/config/security-roles_mapping.yml @@ -0,0 +1,49 @@ +--- +# In this file users, backendroles and hosts can be mapped to Open Distro Security roles. +# Permissions for Opendistro roles are configured in roles.yml + +_meta: + type: "rolesmapping" + config_version: 2 + +# Define your roles mapping here + +## Demo roles mapping + +all_access: + reserved: false + backend_roles: + - "admin" + description: "Maps admin to all_access" + +own_index: + reserved: false + users: + - "*" + description: "Allow full access to an index named like the username" + +logstash: + reserved: false + backend_roles: + - "logstash" + +kibana_user: + reserved: false + backend_roles: + - "kibanauser" + description: "Maps kibanauser to kibana_user" + +readall: + reserved: false + backend_roles: + - "readall" + +manage_snapshots: + reserved: false + backend_roles: + - "snapshotrestore" + +kibana_server: + reserved: true + users: + - "kibanaserver" \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index b5884c4586c307026ba184fc977b0610f310d5c6..1f8612127c1607e3f4cc5c7df62738f118032eec 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,17 +3,18 @@ version: '3.7' ## Runs all the needed services on the piacere-network services: - sm-c: - extends: - file: sm-controller/docker-compose.yml - service: sm-controller - depends_on: - - elasticsearch - links: - - elasticsearch:elasticsearch + + # sm-c: + # extends: + # file: sm-controller/docker-compose.yml + # service: sm-controller + # depends_on: + # - elasticsearch + # links: + # - elasticsearch:elasticsearch wazuh: - image: wazuh/wazuh-odfe:4.2.5 + image: wazuh/wazuh-odfe:4.2.7 hostname: wazuh-manager restart: always ports: @@ -24,7 +25,7 @@ services: environment: - ELASTICSEARCH_URL=https://elasticsearch:9200 - ELASTIC_USERNAME=admin - - ELASTIC_PASSWORD=admin + - ELASTIC_PASSWORD=p14c3r3P14c3r3 - FILEBEAT_SSL_VERIFICATION_MODE=none volumes: - ossec_api_configuration:/var/ossec/api/configuration @@ -40,7 +41,8 @@ services: - filebeat_var:/var/lib/filebeat elasticsearch: - image: amazon/opendistro-for-elasticsearch:1.13.2 + #image: opensearchproject/opensearch:latest ## FOR THE FUTURE + image: amazon/opendistro-for-elasticsearch:1.13.3 hostname: elasticsearch restart: always ports: @@ -49,8 +51,12 @@ services: - discovery.type=single-node - cluster.name=wazuh-cluster - network.host=0.0.0.0 + #- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # Set min and max JVM heap sizes to at least 50% of system RAM - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - bootstrap.memory_lock=true + - bootstrap.memory_lock=true # Disable JVM heap memory swapping + volumes: + - ${PWD}/config/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml + - ${PWD}/config/security-roles_mapping.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml ulimits: memlock: soft: -1 @@ -60,18 +66,17 @@ services: hard: 65536 kibana: - image: wazuh/wazuh-kibana-odfe:4.2.5 + image: wazuh/wazuh-kibana-odfe:4.2.7 hostname: kibana restart: always ports: - 443:5601 environment: - ELASTICSEARCH_USERNAME=admin - - ELASTICSEARCH_PASSWORD=admin + - ELASTICSEARCH_PASSWORD=p14c3r3P14c3r3 - SERVER_SSL_ENABLED=true - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key - depends_on: - elasticsearch links: diff --git a/out/Security monitoring PIACERE/Security monitoring PIACERE.png b/out/Security monitoring PIACERE/Security monitoring PIACERE.png new file mode 100644 index 0000000000000000000000000000000000000000..752145666405ce2e408e6b3af7dcbc71d0052e40 Binary files /dev/null and b/out/Security monitoring PIACERE/Security monitoring PIACERE.png differ