configure Apache to proxy /elsa-query/ to port 3154

Security-Onion-Solutions · Oct 26, 2015 · 8ac6f27 · 8ac6f27
1 parent 36d3ffe
commit 8ac6f27
Show file tree

Hide file tree

Showing 8 changed files with 82 additions and 7 deletions.
diff --git a/bin/securityonion-elsa-config.sh b/bin/securityonion-elsa-config.sh
@@ -272,8 +272,8 @@ function config_webnode() {
 	echo "* Restarting cron" | $LOGGER
 	service cron restart
 
-	echo "* Opening 3154/tcp.." | $LOGGER
-	ufw allow 3154/tcp
+	#echo "* Opening 3154/tcp.." | $LOGGER
+	#ufw allow 3154/tcp
 
 	echo "* Retrieving GeoIP City databases..."	 | $LOGGER
 	mkdir -p /usr/local/share/GeoIP 

diff --git a/contrib/securityonion-elsa-web.conf b/contrib/securityonion-elsa-web.conf
@@ -8,7 +8,7 @@
     },
   	"peers": {
 		"127.0.0.1": {
-			"url": "https://127.0.0.1:3154/",
+			"url": "http://127.0.0.1:3154/",
 			"username": "elsa",
 			"apikey": "1"
 		}

diff --git a/contrib/securityonion_apache_site.conf b/contrib/securityonion_apache_site.conf
@@ -20,9 +20,9 @@ NameVirtualHost localhost:3154
 		PerlResponseHandler Plack::Handler::Apache2
 		PerlSetVar psgi_app /opt/elsa/web/lib/Web.psgi
 	</Location>
-	SSLEngine on
-	SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
-	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+	#SSLEngine on
+	#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+	#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
 	# Cleanup proxied HTTP auth
 	RewriteEngine on
 	RewriteCond %{HTTP:Authorization} ^(.*)

diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+securityonion-elsa-extras (20151011-1ubuntu1securityonion13) trusty; urgency=medium
+
+  * configure Apache to proxy /elsa-query/ to port 3154 
+
+ -- Doug Burks <doug.burks@gmail.com>  Mon, 26 Oct 2015 12:05:35 -0400
+
 securityonion-elsa-extras (20151011-1ubuntu1securityonion12) trusty; urgency=medium
 
   * improve log message about incorrect group on /etc/elsa*.conf 

diff --git a/debian/control b/debian/control
@@ -11,5 +11,6 @@ Architecture: all
 Depends: ${misc:Depends}, 
  securityonion-elsa,
  libjs-yui,
- ruby1.9.1
+ ruby1.9.1,
+ jq
 Description: SecurityOnion specific elsa config files
diff --git a/debian/patches/configure-Apache-to-proxy-elsa-query-to-port-3154 b/debian/patches/configure-Apache-to-proxy-elsa-query-to-port-3154
@@ -0,0 +1,64 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-elsa-extras (20151011-1ubuntu1securityonion13) trusty; urgency=medium
+ .
+   * configure Apache to proxy /elsa-query/ to port 3154
+Author: Doug Burks <doug.burks@gmail.com>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-elsa-extras-20151011.orig/bin/securityonion-elsa-config.sh
++++ securityonion-elsa-extras-20151011/bin/securityonion-elsa-config.sh
+@@ -272,8 +272,8 @@ function config_webnode() {
+ 	echo "* Restarting cron" | $LOGGER
+ 	service cron restart
+
+-	echo "* Opening 3154/tcp.." | $LOGGER
+-	ufw allow 3154/tcp
++	#echo "* Opening 3154/tcp.." | $LOGGER
++	#ufw allow 3154/tcp
+
+ 	echo "* Retrieving GeoIP City databases..."	 | $LOGGER
+ 	mkdir -p /usr/local/share/GeoIP 
+--- securityonion-elsa-extras-20151011.orig/contrib/securityonion-elsa-web.conf
++++ securityonion-elsa-extras-20151011/contrib/securityonion-elsa-web.conf
+@@ -8,7 +8,7 @@
+     },
+   	"peers": {
+ 		"127.0.0.1": {
+-			"url": "https://127.0.0.1:3154/",
++			"url": "http://127.0.0.1:3154/",
+ 			"username": "elsa",
+ 			"apikey": "1"
+ 		}
+--- securityonion-elsa-extras-20151011.orig/contrib/securityonion_apache_site.conf
++++ securityonion-elsa-extras-20151011/contrib/securityonion_apache_site.conf
+@@ -20,9 +20,9 @@ NameVirtualHost localhost:3154
+ 		PerlResponseHandler Plack::Handler::Apache2
+ 		PerlSetVar psgi_app /opt/elsa/web/lib/Web.psgi
+ 	</Location>
+-	SSLEngine on
+-	SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+-	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
++	#SSLEngine on
++	#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
++	#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+ 	# Cleanup proxied HTTP auth
+ 	RewriteEngine on
+ 	RewriteCond %{HTTP:Authorization} ^(.*)
diff --git a/debian/patches/series b/debian/patches/series
@@ -10,3 +10,4 @@ fix-mastersensor-checks-to-not-rely-on-snorby-database
 starman-needs-to-start-with-new-perl-environment-variables
 increase-syslog-ng.conf-version-to-3.5
 improve-log-message-about-incorrect-group-on-etcelsa*.conf
+configure-Apache-to-proxy-elsa-query-to-port-3154
diff --git a/debian/postinst b/debian/postinst
@@ -801,6 +801,9 @@ case "$1" in
 		chmod +x $FILE || echo "Error making $FILE executable."
 	fi
 
+	# Port 3154 no longer needs to be allowed in firewall
+        ufw delete allow 3154/tcp >dev/null 2>&1 || echo "Error blocking port 3154 in firewall."
+
         ;;
     abort-upgrade|abort-remove|abort-deconfigure)
         ;;