オンプレ分離版対応

nttcom · Dec 18, 2023 · 6305bec · 6305bec
1 parent 8c4974f
commit 6305bec
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 8 deletions.
diff --git a/osect_sensor/Application/edge_cron/common/common_config.py b/osect_sensor/Application/edge_cron/common/common_config.py
@@ -1,4 +1,4 @@
-LABEL_ID = ""
+LABEL_ID = "default"
 """ 複数スイッチ対応用のラベルID """
 
 PCAP_UPLOADING_FILE_PATH = "paper/sc_src/input/pcap/uploading/"
@@ -63,7 +63,7 @@
 PCAP_TO_DB_CPU = 5
 """ PCAPをログ化する際に使用するCPU数 """
 
-API_URL = "https://your url/paper/api/v1/createlogdata/post"
+API_URL = "https://core.osect-edge.ntt.com:10443/paper/api/v1/createlogdata/post"
 """ SaaS連携用APIのURL """
 
 TIME_OUT_VAL = 120
@@ -81,8 +81,11 @@
 CLIENT_CERTIFICATE_PATH = "/etc/ssl/private/client.pem"
 """クライアント認証のための証明書・秘密鍵"""
 
-SEND_VERSION_API_URL = "https://your url/paper/api/v1/sensor_status/post"
+SEND_VERSION_API_URL = "https://core.osect-edge.ntt.com:10443/paper/api/v1/sensor_status/post"
 """Suricataシグネチャのバージョンを送るURL"""
 
 SEND_REQUST_TIMEOUT = 180
 """ ログ送信時のタイムアウト値 """
+
+SSL_VERIFY = "/etc/ssl/certs/osect_core.crt"
+""" コアへのHTTPリクエスト時の検証の要否またはコアの証明書のパス """
diff --git a/osect_sensor/Application/edge_cron/cron/management/commands/pcap_to_log_to_server.py b/osect_sensor/Application/edge_cron/cron/management/commands/pcap_to_log_to_server.py
@@ -46,6 +46,7 @@
     API_URL,
     LABEL_ID,
     CLIENT_CERTIFICATE_PATH,
+    SSL_VERIFY,
 )
 
 # from common.common_function import pcap2log
@@ -376,6 +377,7 @@ def send_server(zip_list):
             files=files,
             data=data,
             timeout=SEND_REQUST_TIMEOUT,
+            verify=SSL_VERIFY,
         )
         if resp.status_code != 200:
             raise Exception(

diff --git a/osect_sensor/Application/edge_cron/cron/management/commands/send_version.py b/osect_sensor/Application/edge_cron/cron/management/commands/send_version.py
@@ -8,6 +8,7 @@
     CLIENT_CERTIFICATE_PATH,
     SEND_VERSION_API_URL,
     LABEL_ID,
+    SSL_VERIFY,
 )
 
 logger = logging.getLogger("edge_send_version")
@@ -38,6 +39,7 @@ def handle(self, *args, **options):
             SEND_VERSION_API_URL,
             cert=CLIENT_CERTIFICATE_PATH,
             data=data,
+            verify=SSL_VERIFY,
         )
         if resp.status_code != 200:
             raise Exception(

diff --git a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/suricata_update.sh b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/suricata_update.sh
@@ -30,7 +30,7 @@ fi
 
 # Download signature version number
 rm -f $DOWNLOAD_VER_FILE
-wget ${DOWNLOAD_URL_PREFIX}${DOWNLOAD_VER_FILE}
+wget --ca-certificate=/etc/ssl/certs/osect_core.crt ${DOWNLOAD_URL_PREFIX}${DOWNLOAD_VER_FILE}
 if [ $? -ne 0 ]; then
     export SURICATA_UPDATE_STATUS="failed to download ${DOWNLOAD_URL_PREFIX}${DOWNLOAD_VER_FILE}"
     echo $SURICATA_UPDATE_STATUS
@@ -49,7 +49,7 @@ fi
 
 # Download signature rules
 rm -f $DOWNLOAD_SIG_FILE
-wget ${DOWNLOAD_URL_PREFIX}${DOWNLOAD_SIG_FILE}
+wget --ca-certificate=/etc/ssl/certs/osect_core.crt ${DOWNLOAD_URL_PREFIX}${DOWNLOAD_SIG_FILE}
 if [ $? -ne 0 ]; then
     export SURICATA_UPDATE_STATUS="failed to download ${DOWNLOAD_URL_PREFIX}${DOWNLOAD_SIG_FILE}"
     echo $SURICATA_UPDATE_STATUS
@@ -59,7 +59,7 @@ fi
 
 # Compare MD5 checksum values
 rm -f ${DOWNLOAD_SIG_FILE}.md5
-REMOTE_MD5=`wget -O - ${DOWNLOAD_URL_PREFIX}${DOWNLOAD_SIG_FILE}.md5`
+REMOTE_MD5=`wget --ca-certificate=/etc/ssl/certs/osect_core.crt -O - ${DOWNLOAD_URL_PREFIX}${DOWNLOAD_SIG_FILE}.md5`
 LOCAL_MD5=`md5sum ${DOWNLOAD_SIG_FILE} | grep -o '^\S*'`
 if [ $REMOTE_MD5 != $LOCAL_MD5 ]; then
     export SURICATA_UPDATE_STATUS="incorrect md5 value"

diff --git a/osect_sensor/conf/suricata_update.conf b/osect_sensor/conf/suricata_update.conf
@@ -1,8 +1,8 @@
 # ルールダウンロード先のURL
-DOWNLOAD_URL_PREFIX=https://rules.emergingthreats.net/open/suricata-6.0/
+DOWNLOAD_URL_PREFIX=https://core.osect-edge.ntt.com/signatures/
 
 # ダウンロードするルールのファイル名
-DOWNLOAD_SIG_FILE=emerging.rules.tar.gz
+DOWNLOAD_SIG_FILE=etpro.rules.tar.gz
 
 # ルールのバージョン数が記載されたファイル名
 DOWNLOAD_VER_FILE=version.txt
diff --git a/osect_sensor/docker-compose.yml b/osect_sensor/docker-compose.yml
@@ -8,6 +8,7 @@ services:
       - pcap-logs-volume:/opt/edge_cron/paper/sc_src/input/pcap/complete/
       - logs-volume:/var/log/ot_tools/
       - ./keys/client.pem:/etc/ssl/private/client.pem
+      - ./keys/server.crt:/etc/ssl/certs/osect_core.crt
       - ./conf/suricata_update.conf:/etc/suricata_update.conf
       - ./conf/suricata.yaml:/opt/ot_tools/suricata.yaml       # suricata realtime
       - ./conf/crontab:/root/crontab
@@ -26,13 +27,17 @@ services:
         /usr/bin/supervisord --configuration=/etc/supervisor/conf.d/supervisord.conf
       '
     restart: always
+    environment:
+     - CURL_CA_BUNDLE=/etc/ssl/certs/osect_core.crt
 volumes:
   pcap-logs-volume:
+      driver: local
       driver_opts:
         type: local
         device: ./logs/pcap-logs
         o: bind
   logs-volume:
+      driver: local
       driver_opts:
         type: local
         device: ./logs/ottools