This is a temporary fork of the CSIRT Gadgets bearded-avenger-deploymentkit repository.
The plan is to clean up the changes and submit PRs to the parent repositories.
- this deployment runs on Ubuntu 22.04
- cif and the dependencies run in a python 3.10 venv
- python 3.10 is the version shipped with Ubuntu 22.04
- this sets up the latest versions of cifv3 and dependencies
- this repo has integrated the csirtgadgets.cif Ansible role
- VM amd Docker
- fix sdist.yml (cif-ansible-role repo)
- Docker
- run bootstrap tests
- CentOS/RHEL support
-
do all of this as root
-
choose a backend for the installation
-
install with sqlite backend (default)
cd bearded-avenger-deploymentkit /bin/bash easybutton.sh
-
install with Elastic backend
cd bearded-avenger-deploymentkit CIF_ANSIBLE_ES='localhost:9200'; /bin/bash easybutton.sh
-
install with Elastic backend and do bootstrap tests (this just adds all 3 env vars listed below before running easybutton.sh)
cd bearded-avenger-deploymentkit /bin/bash easybutton_with_es_and_bootstrap_tests.sh
-
-
other useful env vars
env var example value info CIF_BOOTSTRAP_TEST 1 run bootstrap tests CIF_ANSIBLE_ES 'localhost:9200' install with Elastic backend CIF_ANSIBLE_SMRT_DB_PATH '/new/path' change smrt.db directory CIF_STORE_ES_UPSERT_MODE 1 ES upsert mode (use only with ES backend)
-
Requirements: have docker and docker-compose installed
-
build image (same for sqlite3 or ES backends)
cd bearded-avenger-deploymentkit docker-compose build
-
To use the sqlite backend:
docker-compose up -d
-
to use the Elastic backend:
cp overrides/docker-compose.elasticsearch.yml docker-compose.override.yml docker-compose up -d
-
get a shell on running container, switch to cif user, and test connectivity
docker-compose exec cifv3 /bin/bash sudo -u cif -i cif -p
-
optional build args to pull from private Github repo (see overrides/docker-compose.deploy_key.yml)
build arg example value info CIF_RELEASE_URL [email protected]:yourorg/cifv3_code.git ssh address for custom, cifv3 repo. if not specified uses default cifv3 repo GITHUB_DEPLOY_KEY_FILE /tmp/github_deploy_key path for github deploy key in container GITHUB_DEPLOY_KEY_BASE64 n/a base64 encoded private ssh key -
optional env vars
env var example value info CIF_TOKEN n/a cif admin token CIF_HUNTER_TOKEN n/a cif hunter token CIF_HTTPD_TOKEN n/a cif httpd token CSIRTG_SMRT_TOKEN n/a cif smrt token CIF_HTTPD_LISTEN "0.0.0.0" cif-httpd to listen externally (defaults to 127.0.0.1:5000) SERVICE_STOP_SMRT 1 prevent smrt service from running DOCKER_HTTPS 1 enable https -
DOCKER_HTTPS
-
if using the docker-compose.yml file, be sure to expose the https port
-
to override the self signed certificates, bind mount the correct certs at the following paths:
ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key;
-
-
see overrides/docker-compose.elasticsearch.yml for cif env vars for ES
-