diff --git a/bin/securityonion-elsa-config.sh b/bin/securityonion-elsa-config.sh index e8bc620..0b13f4f 100755 --- a/bin/securityonion-elsa-config.sh +++ b/bin/securityonion-elsa-config.sh @@ -272,8 +272,8 @@ function config_webnode() { echo "* Restarting cron" | $LOGGER service cron restart - echo "* Opening 3154/tcp.." | $LOGGER - ufw allow 3154/tcp + #echo "* Opening 3154/tcp.." | $LOGGER + #ufw allow 3154/tcp echo "* Retrieving GeoIP City databases..." | $LOGGER mkdir -p /usr/local/share/GeoIP diff --git a/contrib/securityonion-elsa-web.conf b/contrib/securityonion-elsa-web.conf index b63552b..1b972be 100644 --- a/contrib/securityonion-elsa-web.conf +++ b/contrib/securityonion-elsa-web.conf @@ -8,7 +8,7 @@ }, "peers": { "127.0.0.1": { - "url": "https://127.0.0.1:3154/", + "url": "http://127.0.0.1:3154/", "username": "elsa", "apikey": "1" } diff --git a/contrib/securityonion_apache_site.conf b/contrib/securityonion_apache_site.conf index 3a789d0..4c972cb 100644 --- a/contrib/securityonion_apache_site.conf +++ b/contrib/securityonion_apache_site.conf @@ -20,9 +20,9 @@ NameVirtualHost localhost:3154 PerlResponseHandler Plack::Handler::Apache2 PerlSetVar psgi_app /opt/elsa/web/lib/Web.psgi - SSLEngine on - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + #SSLEngine on + #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # Cleanup proxied HTTP auth RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/debian/changelog b/debian/changelog index 82c2c63..2c65a50 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +securityonion-elsa-extras (20151011-1ubuntu1securityonion13) trusty; urgency=medium + + * configure Apache to proxy /elsa-query/ to port 3154 + + -- Doug Burks Mon, 26 Oct 2015 12:05:35 -0400 + securityonion-elsa-extras (20151011-1ubuntu1securityonion12) trusty; urgency=medium * improve log message about incorrect group on /etc/elsa*.conf diff --git a/debian/control b/debian/control index d3e2cca..cbf8e7f 100644 --- a/debian/control +++ b/debian/control @@ -11,5 +11,6 @@ Architecture: all Depends: ${misc:Depends}, securityonion-elsa, libjs-yui, - ruby1.9.1 + ruby1.9.1, + jq Description: SecurityOnion specific elsa config files diff --git a/debian/patches/configure-Apache-to-proxy-elsa-query-to-port-3154 b/debian/patches/configure-Apache-to-proxy-elsa-query-to-port-3154 new file mode 100644 index 0000000..64b9e18 --- /dev/null +++ b/debian/patches/configure-Apache-to-proxy-elsa-query-to-port-3154 @@ -0,0 +1,64 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-elsa-extras (20151011-1ubuntu1securityonion13) trusty; urgency=medium + . + * configure Apache to proxy /elsa-query/ to port 3154 +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-elsa-extras-20151011.orig/bin/securityonion-elsa-config.sh ++++ securityonion-elsa-extras-20151011/bin/securityonion-elsa-config.sh +@@ -272,8 +272,8 @@ function config_webnode() { + echo "* Restarting cron" | $LOGGER + service cron restart + +- echo "* Opening 3154/tcp.." | $LOGGER +- ufw allow 3154/tcp ++ #echo "* Opening 3154/tcp.." | $LOGGER ++ #ufw allow 3154/tcp + + echo "* Retrieving GeoIP City databases..." | $LOGGER + mkdir -p /usr/local/share/GeoIP +--- securityonion-elsa-extras-20151011.orig/contrib/securityonion-elsa-web.conf ++++ securityonion-elsa-extras-20151011/contrib/securityonion-elsa-web.conf +@@ -8,7 +8,7 @@ + }, + "peers": { + "127.0.0.1": { +- "url": "https://127.0.0.1:3154/", ++ "url": "http://127.0.0.1:3154/", + "username": "elsa", + "apikey": "1" + } +--- securityonion-elsa-extras-20151011.orig/contrib/securityonion_apache_site.conf ++++ securityonion-elsa-extras-20151011/contrib/securityonion_apache_site.conf +@@ -20,9 +20,9 @@ NameVirtualHost localhost:3154 + PerlResponseHandler Plack::Handler::Apache2 + PerlSetVar psgi_app /opt/elsa/web/lib/Web.psgi + +- SSLEngine on +- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem +- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key ++ #SSLEngine on ++ #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem ++ #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + # Cleanup proxied HTTP auth + RewriteEngine on + RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/debian/patches/series b/debian/patches/series index fb10fda..185cda4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -10,3 +10,4 @@ fix-mastersensor-checks-to-not-rely-on-snorby-database starman-needs-to-start-with-new-perl-environment-variables increase-syslog-ng.conf-version-to-3.5 improve-log-message-about-incorrect-group-on-etcelsa*.conf +configure-Apache-to-proxy-elsa-query-to-port-3154 diff --git a/debian/postinst b/debian/postinst index 5c50c93..54079ad 100644 --- a/debian/postinst +++ b/debian/postinst @@ -801,6 +801,9 @@ case "$1" in chmod +x $FILE || echo "Error making $FILE executable." fi + # Port 3154 no longer needs to be allowed in firewall + ufw delete allow 3154/tcp >dev/null 2>&1 || echo "Error blocking port 3154 in firewall." + ;; abort-upgrade|abort-remove|abort-deconfigure) ;;