Skip to content

Commit

Permalink
work in progress for idaholab#331, improvements to extracted_files_ht…
Browse files Browse the repository at this point in the history 
…tp_server.py and the setting/creation of ACL rules on hedgehog
  • Loading branch information
@mmguero
mmguero committed Apr 1, 2024
1 parent cedf0d6 commit 6ddc051
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 39 deletions.
4 changes: 2 additions & 2 deletions hedgehog-iso/build.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,8 +117,8 @@ if [ -d "$WORKDIR" ]; then
# assets for extracted file server
mkdir -p ./config/includes.chroot/opt/sensor/assets/img/
rsync -a "$SCRIPT_PATH/nginx/" ./config/includes.chroot/opt/sensor/assets/
cp "$SCRIPT_PATH"/docs/images/icon/favicon.ico ./config/includes.chroot/opt/sensor/assets/
cp "$SCRIPT_PATH"/docs/images/logo/Malcolm_background.png ./config/includes.chroot/opt/sensor/assets/img/bg-masthead.png
cp "$SCRIPT_PATH"/docs/images/hedgehog/logo/favicon.ico ./config/includes.chroot/opt/sensor/assets/
cp "$SCRIPT_PATH"/docs/images/hedgehog/logo/hedgehog-wallpaper-plain.png ./config/includes.chroot/opt/sensor/assets/img/bg-masthead.png
bash "$SCRIPT_PATH/shared/bin/web-ui-asset-download.sh" -o ./config/includes.chroot/opt/sensor/assets/css/
chown -R root:root ./config/includes.chroot/opt/sensor/assets/css/
find ./config/includes.chroot/opt/sensor/assets/ -type d -exec chmod 755 "{}" \;
Expand Down
8 changes: 6 additions & 2 deletions hedgehog-iso/interface/sensor_ctl/control_vars.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,16 @@ export ARKIME_FREESPACEG=7%
export ARKIME_ROTATE_INDEX=daily
export ARKIME_DEBUG_LEVEL=0

# Whether or not to serve the directory containing Zeek-extracted over HTTP at ./extracted-files/
export EXTRACTED_FILE_HTTP_SERVER_ENABLE=false
# AUTOSTART_EXTRACTED_FILE_HTTP_SERVER below controls whether or not to serve the
# directory containing Zeek-extracted over HTTP at ./extracted-files/
export EXTRACTED_FILE_HTTP_SERVER_PORT=8006
export EXTRACTED_FILE_HTTP_ASSETS_DIR=/opt/assets
# Whether or not Zeek-extracted files served over HTTP will be archived in a Zip file
export EXTRACTED_FILE_HTTP_SERVER_ZIP=false
# Specifies the password for encrypted Zeek-extracted files served over HTTP
# If EXTRACTED_FILE_HTTP_SERVER_ZIP is true this is the password for the Zip file,
# otherwise it is the AES-256-CBC decryption password
EXTRACTED_FILE_HTTP_SERVER_KEY=infected
# Whether or not to use libmagic to show MIME types for Zeek-extracted files served
export EXTRACTED_FILE_HTTP_SERVER_MAGIC=false
# HTTP server will look in subdirectories for requested filename (e.g., in "/quarantined" and "/preserved")
Expand Down
5 changes: 3 additions & 2 deletions hedgehog-raspi/generate-recipe.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,9 @@
'cp -r "%s/docs/images/hedgehog/logo/hedgehog-ascii-text.txt"* "${ROOT?}/root/"' % MALCOLM_DIR,
'cp -r "%s/nginx/landingpage/css/" "${ROOT?}/opt/sensor/assets/"' % MALCOLM_DIR,
'cp -r "%s/nginx/landingpage/js/" "${ROOT?}/opt/sensor/assets/"' % MALCOLM_DIR,
'cp -r "%s/docs/images/icon/favicon.ico" "${ROOT?}/opt/sensor/assets/"' % MALCOLM_DIR,
'cp -r "%s/docs/images/logo/Malcolm_background.png" "${ROOT?}/opt/sensor/assets/img/bg-masthead.png"' % MALCOLM_DIR,
'cp -r "%s/docs/images/hedgehog/logo/favicon.ico" "${ROOT?}/opt/sensor/assets/"' % MALCOLM_DIR,
'cp -r "%s/docs/images/hedgehog/logo/hedgehog-wallpaper-plain.png" "${ROOT?}/opt/sensor/assets/img/bg-masthead.png"'
% MALCOLM_DIR,
]

# Extend list just in case version is 4
Expand Down
69 changes: 36 additions & 33 deletions shared/bin/extracted_files_http_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@
script_name = os.path.basename(__file__)
script_path = os.path.dirname(os.path.realpath(__file__))
orig_path = os.getcwd()
filename_truncate_len = 20
filename_truncate_len_malcolm = 20
filename_truncate_len = 32


###################################################################################################
Expand Down Expand Up @@ -83,6 +84,7 @@ def do_GET(self):

fullpath, relpath = self.translate_path(self.path)
fileBaseName = os.path.basename(fullpath)
fnameDispLen = filename_truncate_len_malcolm if args.malcolm else filename_truncate_len

tomorrowStr = (datetime.now(UTC) + timedelta(days=1)).isoformat().split('.')[0]

Expand Down Expand Up @@ -232,8 +234,8 @@ def do_GET(self):
td(
a(
(
(filename[:filename_truncate_len] + '...')
if len(filename) > filename_truncate_len
(filename[:fnameDispLen] + '...')
if len(filename) > fnameDispLen
else filename
),
href=f'{filename}',
Expand All @@ -255,37 +257,38 @@ def do_GET(self):
)

# show special malcolm columns if requested
if args.malcolm and fmatch is not None:
# list carve source, IDs, and timestamp
t.add(
td(
fsource,
style="text-align: center",
),
td(
[
a(
fid,
href=f'/arkime/idark2dash/filter?start={timestampStartFilterStr}&stop={tomorrowStr}&field=event.id&value={fid}',
target="_blank",
)
for fid in fids
],
style="text-align: center",
),
td(
(
timestamp.strftime("%Y-%m-%d %H:%M:%S")
if timestamp
else timestampStr
if args.malcolm:
if fmatch is not None:
# list carve source, IDs, and timestamp
t.add(
td(
fsource,
style="text-align: center",
),
title=timestampStr,
style="text-align: center",
),
)
else:
# file name format was not recognized, so extra columns are empty
t.add(th(), th(), th())
td(
[
a(
fid,
href=f'/arkime/idark2dash/filter?start={timestampStartFilterStr}&stop={tomorrowStr}&field=event.id&value={fid}',
target="_blank",
)
for fid in fids
],
style="text-align: center",
),
td(
(
timestamp.strftime("%Y-%m-%d %H:%M:%S")
if timestamp
else timestampStr
),
title=timestampStr,
style="text-align: center",
),
)
else:
# file name format was not recognized, so extra columns are empty
t.add(th(), th(), th())

except Exception as e:
eprint(f'Error with file "{filename}": {e}')
Expand Down

0 comments on commit 6ddc051

Please sign in to comment.