Merge pull request #46 from ZachChristensen28/development

Version 1.4.2
ZachChristensen28 · Jun 3, 2021 · cd89e3a · cd89e3a
2 parents 404a312 + f360975
commit cd89e3a
Show file tree

Hide file tree

Showing 9 changed files with 87 additions and 55 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
  Info | Description
 ------|----------
-Version | 1.4.1 - See on [Splunkbase](https://splunkbase.splunk.com/app/4538/)
+Version | 1.4.2 - See on [Splunkbase](https://splunkbase.splunk.com/app/4538/)
 Vendor Product Version | [OPNsense® 21.1](https://opnsense.org/)
 Add-on has a web UI | No. This add-on does not contain any views.
 
@@ -14,15 +14,16 @@ Add-on has a web UI | No. This add-on does not contain any views.
 The TA-opnsense Add-on allows Splunk data administrators to map the OPNsense® firewall events to the [CIM](https://docs.splunk.com/Splexicon:CommonInformationModel) enabling the data to be used with other Splunk Apps, such as Enterprise Security.
 
 ```TEXT
-Version 1.4.1
+Version 1.4.2
 
-- Fixed incorrect sourcetype transform for modular input - issue #41
-- Increased the truncate limit to allow large events.
+- Adding support for absolute paths in modular input setup for certificatesm- #44
+- Fixed issue with the Verify Certificate checkbox not working properly - #47
 ```
 
 ## Documentation
 
 Full documentation can be found at https://splunk-opnsense-ta-documentation.rtfd.io.
 
 ## Bugs
+
 Please open an issue at [github.com](https://github.com/ZachChristensen28/TA-opnsense)
diff --git a/README/ta_opnsense_account.conf.spec b/README/ta_opnsense_account.conf.spec
@@ -1,3 +1,4 @@
+@placement search-head
 [<name>]
 username = 
 password = 

diff --git a/README/ta_opnsense_settings.conf.spec b/README/ta_opnsense_settings.conf.spec
@@ -1,3 +1,4 @@
+@placement search-head
 [proxy]
 proxy_enabled = 
 proxy_type = 

diff --git a/app.manifest b/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "TA-opnsense",
-      "version": "1.4.1"
+      "version": "1.4.2"
     },
     "author": [
       {
@@ -47,7 +47,7 @@
   },
   "dependencies": null,
   "tasks": [
-    "input://opnsense_system_information"
+    "opnsense_system_information"
   ],
   "inputGroups": null,
   "incompatibleApps": null,
@@ -58,4 +58,4 @@
   "targetWorkloads": [
     "*"
   ]
-}
+}
diff --git a/appserver/static/js/build/globalConfig.json b/appserver/static/js/build/globalConfig.json
@@ -109,16 +109,16 @@
                             "label": "OPNsense Certificate",
                             "type": "text",
                             "required": false,
-                            "help": "Name of certificate relative to $SPLUNK_HOME/etc/auth",
+                            "help": "Name of certificate relative to $SPLUNK_HOME/etc/auth or an absolute path.",
                             "options": {
                                 "placeholder": "OPNsense.crt"
                             },
                             "validators": [
                                 {
                                     "type": "string",
                                     "minLength": 1,
-                                    "maxLength": 50,
-                                    "errorMsg": "Length of the OPNSense host should be between 1 and 50"
+                                    "maxLength": 500,
+                                    "errorMsg": "Length Path should be between 1 and 500"
                                 }
                             ]
                         },
@@ -394,4 +394,4 @@
             ]
         }
     }
-}
+}
diff --git a/bin/TA_opnsense_rh_account.py b/bin/TA_opnsense_rh_account.py
@@ -20,18 +20,18 @@
         encrypted=False,
         default=None,
         validator=validator.String(
-            min_len=1, 
-            max_len=200, 
+            min_len=1,
+            max_len=200,
         )
-    ), 
+    ),
     field.RestField(
         'password',
         required=True,
         encrypted=True,
         default=None,
         validator=validator.String(
-            min_len=1, 
-            max_len=8192, 
+            min_len=1,
+            max_len=8192,
         )
     ),
     field.RestField(
@@ -40,8 +40,8 @@
         encrypted=False,
         default=None,
         validator=validator.String(
-            min_len=1, 
-            max_len=50, 
+            min_len=1,
+            max_len=50,
         )
     ),
     field.RestField(
@@ -50,8 +50,8 @@
         encrypted=False,
         default=None,
         validator=validator.String(
-            min_len=1, 
-            max_len=50, 
+            min_len=1,
+            max_len=500,
         )
     ),
     field.RestField(

diff --git a/bin/input_module_opnsense_system_information.py b/bin/input_module_opnsense_system_information.py
@@ -7,8 +7,6 @@
 from requests import RequestException
 import opnsense_constants as const
 
-cert_dir = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'auth')
-
 
 def validate_input(helper, definition):
     # We have nothing to verify
@@ -24,16 +22,33 @@ def collect_events(helper, ew):
     certificate = account["certificate"]
     verify_cert = account["verify_cert"]
 
-    if verify_cert:
-        cert = os.path.join(cert_dir, certificate)
-        if not os.path.isfile(cert):
-            helper.log_error(f'msg="Certificate not found", action="failed", hostname="{host}"')
-            helper.log_debug(f'msg="missing certificate", certificate_location="{cert}", action="failed", hostname="{host}"')
+    if verify_cert == "1":
+        # Check for absolute path
+        if os.path.isfile(certificate):
+            check_cert = certificate
+
+        # Check for Relative path to $SPLUNK_HOME/etc/auth
+        elif os.path.isfile(os.path.join(os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'auth'), certificate)):
+            check_cert = os.path.join(os.path.join(
+                os.environ['SPLUNK_HOME'], 'etc', 'auth'), certificate)
+
+        # Fail to locate certificate
+        else:
+            helper.log_error(
+                f'msg="Certificate not found", action="failed", hostname="{host}"')
+            helper.log_debug(
+                f'msg="missing certificate", certificate_location="{certificate}", action="failed", hostname="{host}"')
             return False
-        helper.log_info(f'msg="found certificate", action="success", hostname="{host}"')
-        helper.log_debug(f'msg="found certificate", certificate_location="{cert}", action="success", hostname="{host}"')
+
+        helper.log_info(
+            f'msg="found certificate", action="success", hostname="{host}"')
+        helper.log_debug(
+            f'msg="found certificate", certificate_location="{check_cert}", action="success", hostname="{host}"')
+
     else:
-        cert = False
+        helper.log_info(
+            f'msg="Certificate Check Disabled", hostname="{host}"')
+        check_cert = False
 
     # Get Log Level
     log_level = helper.get_log_level()
@@ -74,7 +89,8 @@ def check_run(key, event_name):
 
         if helper.get_check_point(key):
             old_state = int(helper.get_check_point(key))
-            helper.log_info(f'event_name="{event_name}", msg="Checkpoint found", hostname="{host}"')
+            helper.log_info(
+                f'event_name="{event_name}", msg="Checkpoint found", hostname="{host}"')
             helper.log_debug(
                 f'event_name="{event_name}", msg="Checkpoint information", checkpoint="{old_state}", interval="{interval}", hostname="{host}"')
 
@@ -84,10 +100,12 @@ def check_run(key, event_name):
                     f'action="aborted", hostname="{host}"')
                 return False
             else:
-                helper.log_info(f'event_name="{event_name}", msg="Running scheduled Interval", hostname="{host}"')
+                helper.log_info(
+                    f'event_name="{event_name}", msg="Running scheduled Interval", hostname="{host}"')
 
         else:
-            helper.log_info(f'event_name="{event_name}", msg="Checkpoint file not found", hostname="{host}"')
+            helper.log_info(
+                f'event_name="{event_name}", msg="Checkpoint file not found", hostname="{host}"')
 
         return True
 
@@ -104,25 +122,33 @@ def sendit(key, url, event_name):
             return False, None
 
         try:
-            r = requests.get(url, proxies=proxy_config, auth=(api_key, api_secret), verify=cert)
-            helper.log_debug(f'msg="connection info", proxy_config="{proxy_config}", certificate="{cert}", hostname="{host}"')
+            r = requests.get(url, proxies=proxy_config, auth=(
+                api_key, api_secret), verify=check_cert)
+            helper.log_debug(
+                f'msg="connection info", proxy_config="{proxy_config}", certificate="{check_cert}", hostname="{host}"')
 
             if r.status_code == 200:
-                helper.log_info(f'event_name="{event_name}", msg="connection established", action="success", hostname="{host}"')
+                helper.log_info(
+                    f'event_name="{event_name}", msg="connection established", action="success", hostname="{host}"')
                 return True, json.loads(r.text)
             else:
-                helper.log_info(f'event_name="{event_name}", msg="connection failed", action="failed", hostname="{host}"')
-                helper.log_debug(f'event_name="{event_name}", status_code="{r.status_code}", action="failed", hostname="{host}"')
+                helper.log_info(
+                    f'event_name="{event_name}", msg="connection failed", action="failed", hostname="{host}"')
+                helper.log_debug(
+                    f'event_name="{event_name}", status_code="{r.status_code}", action="failed", hostname="{host}"')
                 return False, None
 
         except RequestException as e:
-            helper.log_error(f'event_name="{event_name}", msg="Unable to make api call", hostname="{host}"')
-            helper.log_debug(f'event_name="{event_name}", error_msg="{e}", hostname="{host}"')
+            helper.log_error(
+                f'event_name="{event_name}", msg="Unable to make api call", hostname="{host}"')
+            helper.log_debug(
+                f'event_name="{event_name}", error_msg="{e}", hostname="{host}"')
             return False, None
 
     def get_system_status():
         event_name = 'system_status'
-        helper.log_info(f'event_name="{event_name}", msg="starting system status collection", hostname="{host}"')
+        helper.log_info(
+            f'event_name="{event_name}", msg="starting system status collection", hostname="{host}"')
         key = f'opnsense_system_{host}'
         url = f'https://{host}/{const.api_firmware_status}'
         r_succeeded, response = sendit(key, url, event_name)
@@ -141,12 +167,14 @@ def get_system_status():
         helper.save_check_point(key, new_state)
         helper.log_info(
             f'event_name="{event_name}", msg="Updating Checkpoint", checkpoint="{new_state}", hostname="{host}"')
-        helper.log_info(f'event_name="{event_name}", msg="completed", action="success", hostname="{host}"')
+        helper.log_info(
+            f'event_name="{event_name}", msg="completed", action="success", hostname="{host}"')
         return True
 
     def get_plugin_info():
         event_name = 'plugin_info'
-        helper.log_info(f'event_name="{event_name}", msg="starting system plugin information collection", hostname="{host}"')
+        helper.log_info(
+            f'event_name="{event_name}", msg="starting system plugin information collection", hostname="{host}"')
         key = f'opnsense_info_{host}'
         url = f'https://{host}/{const.api_firmware_info}'
         r_succeeded, response = sendit(key, url, event_name)
@@ -168,7 +196,8 @@ def get_plugin_info():
         for item in response['plugin']:
             if item['installed'] == '1':
                 item['collection_type'] = 'plugin'
-                event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), host=host, data=json.dumps(item))
+                event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(
+                ), sourcetype=helper.get_sourcetype(), host=host, data=json.dumps(item))
                 ew.write_event(event)
                 plugin_count += 1
 

diff --git a/default/app.conf b/default/app.conf
@@ -6,7 +6,7 @@
 state_change_requires_restart = true
 is_configured = false
 state = enabled
-build = 2
+build = 3
 
 [ui]
 is_visible = 1
@@ -15,7 +15,7 @@ label = OPNsense Add-on for Splunk
 [launcher]
 author = Zach Christensen
 description = This Technology Add-on provides CIM compliant field extractions, eventtypes and tags for the OPNsense Firewall
-version = 1.4.1
+version = 1.4.2
 
 [package]
 id = TA-opnsense

diff --git a/default/restmap.conf b/default/restmap.conf
@@ -7,19 +7,19 @@ match = /
 members = TA_opnsense_account, TA_opnsense_settings, TA_opnsense_opnsense_system_information
 
 [admin_external:TA_opnsense_account]
-handlertype = python
-python.version=python3
-handlerfile = TA_opnsense_rh_account.py
+handlertype    = python
+python.version = python3
+handlerfile    = TA_opnsense_rh_account.py
 handleractions = edit, list, remove, create
 
 [admin_external:TA_opnsense_settings]
-handlertype = python
-python.version=python3
-handlerfile = TA_opnsense_rh_settings.py
+handlertype    = python
+python.version = python3
+handlerfile    = TA_opnsense_rh_settings.py
 handleractions = edit, list
 
 [admin_external:TA_opnsense_opnsense_system_information]
-handlertype = python
-python.version=python3
-handlerfile = TA_opnsense_rh_opnsense_system_information.py
+handlertype    = python
+python.version = python3
+handlerfile    = TA_opnsense_rh_opnsense_system_information.py
 handleractions = edit, list, remove, create