This is a test of standard under development, provided for illustration purposes only.
Tries to implement FirewallD-based SLPF actuator for OpenC2 over HTTPS.
No warranty whatsoever.
git clone https://github.com/korc/openc2-firewalld && cd openc2-firewalld
sudo apt install gnutls-bin golang firewalld
mkdir -p run-$$ && cd run-$$
../test/gen-certs.sh
go run ../cmd/oc2-proxy-server -cmdschema ../test/command-schema.json -respschema ../test/response-schema.json &
sudo systemctl start firewalld && sudo go run ../cmd/firewalld-oc2-client &
../test/test-request.sh ../test/test-query.json
go run github.com/korc/openc2-firewalld/cmd/oc2-proxy-server
-listen string
Listen address (default "localhost:1512")-cert string
Server certificate (default "server.crt"). Empty string (""
) will turn off TLS.-key string
Private key for certificate (default "server.key")-cacert string
Client CA certificate (default "ca.crt")-path string
URL path to OpenC2 endpoint (default "/oc2")-www string
Path to static html pages (ex: a copy ofopenc2-cmdgen
)
go run github.com/korc/openc2-firewalld/cmd/firewalld-oc2-client
-cert string
Client X509 certificate (default "client.crt")-id string
Asset ID to use-interval float
wait interval in seconds (default 10)-key string
Private key for x509 certificate (default "client.key")-server string
OpenC2 server URL (default "http://localhost:1512/oc2")-zone string
Zone to manipulate (default "public")
- No options
- generates
server
,client
andca
PEM-encoded.crt
and.key
files. client.crt
will be signed byca.crt
.xxx.tmpl
contain templates for certificates.