From 5d8fed7ad4cede73dd973e6be28708a2d0be04e5 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 15 Jan 2025 16:17:44 -0700 Subject: [PATCH] WIP omron fins integration, cisagov/Malcolm#554 --- dashboards/scripts/index-refresh.py | 3 ++ nginx/nginx.conf | 71 +++++++++++++++++++---------- nginx/nginx_readonly.conf | 70 ++++++++++++++++++---------- 3 files changed, 97 insertions(+), 47 deletions(-) diff --git a/dashboards/scripts/index-refresh.py b/dashboards/scripts/index-refresh.py index bb14970e8..9b6ec989a 100755 --- a/dashboards/scripts/index-refresh.py +++ b/dashboards/scripts/index-refresh.py @@ -397,6 +397,9 @@ def main(): 'urlTemplate' ] = '/netbox/search/?q={{value}}&obj_types=dcim.site&lookup=iexact' + elif field['name'] == 'zeek.files.extracted_uri': + fieldFormatInfo['params']['urlTemplate'] = '/{{value}}' + else: # for Arkime to query by database field name, see arkime issue/PR 1461/1463 valQuote = '"' if field['type'] == 'string' else '' diff --git a/nginx/nginx.conf b/nginx/nginx.conf index cc63e6787..d31c82556 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -170,6 +170,53 @@ http { proxy_set_header X-Remote-Auth $authenticated_user; } + # extracted file download + location ~* ^/extracted-files\b(.*) { + include /etc/nginx/nginx_auth_rt.conf; + # thanks to https://stackoverflow.com/a/31440150, handle spaces in names + set $filereq $1; + proxy_pass http://extracted-file-http-server$filereq$is_args$args; + proxy_redirect off; + proxy_set_header Host file-monitor.malcolm.local; + } + + # extracted file download hedgehog redirect + location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) { + include /etc/nginx/nginx_auth_rt.conf; + include /etc/nginx/nginx_system_resolver.conf; + set $upstream $1:8006; + set $filereq $2; + rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break; + proxy_pass https://$upstream; + proxy_ssl_verify off; + proxy_set_header Host $1; + proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1"; + } + + # extracted files from dashboards link (because Dashboards is prepending its own prefix, we have to handle it) + location ~* ^/dashboards/app/extracted-files/(.*) { + set $forwarded_scheme $scheme; + if ($http_x_forwarded_proto = 'https') { + set $forwarded_scheme https; + } + set $fwuri $1; + rewrite ^/dashboards/app/extracted-files/(.*) $forwarded_scheme://$host/extracted-files/$1 redirect; + proxy_pass http://extracted-file-http-server; + proxy_redirect off; + proxy_set_header Host file-monitor.malcolm.local; + } + location ~* ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) { + include /etc/nginx/nginx_auth_rt.conf; + include /etc/nginx/nginx_system_resolver.conf; + set $upstream $1:8006; + set $filereq $2; + rewrite ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break; + proxy_pass https://$upstream; + proxy_ssl_verify off; + proxy_set_header Host $1; + proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1"; + } + # Arkime -> Dashboards shortcut location ~* /idark2dash(.*) { set $filter_start_time now-1d; @@ -223,30 +270,6 @@ http { proxy_set_header Host dashboards-helper.malcolm.local; } - # extracted file download - location ~* ^/extracted-files\b(.*) { - include /etc/nginx/nginx_auth_rt.conf; - # thanks to https://stackoverflow.com/a/31440150, handle spaces in names - set $filereq $1; - proxy_pass http://extracted-file-http-server$filereq$is_args$args; - proxy_redirect off; - proxy_set_header Host file-monitor.malcolm.local; - } - - # extracted file download hedgehog redirect - location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) { - include /etc/nginx/nginx_auth_rt.conf; - include /etc/nginx/nginx_system_resolver.conf; - set $upstream $1:8006; - set $filereq $2; - # TODO: check, do i need is_args/args here? - rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break; - proxy_pass https://$upstream; - proxy_ssl_verify off; - proxy_set_header Host $1; - proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1"; - } - # Fix cyberchef JS module(s) # https://localhost/arkime/session/190924-KgO9H30qhdREw7ltsDXn1Rgp/modules/Regex.js location ~* ^/arkime/session/.*/(modules/.*\.js) { diff --git a/nginx/nginx_readonly.conf b/nginx/nginx_readonly.conf index 2fd67aba1..d642d55ce 100644 --- a/nginx/nginx_readonly.conf +++ b/nginx/nginx_readonly.conf @@ -131,6 +131,53 @@ http { proxy_set_header X-Remote-Auth $authenticated_user; } + # extracted file download + location ~* ^/extracted-files\b(.*) { + include /etc/nginx/nginx_auth_rt.conf; + # thanks to https://stackoverflow.com/a/31440150, handle spaces in names + set $filereq $1; + proxy_pass http://extracted-file-http-server$filereq$is_args$args; + proxy_redirect off; + proxy_set_header Host file-monitor.malcolm.local; + } + + # extracted file download hedgehog redirect + location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) { + include /etc/nginx/nginx_system_resolver.conf; + set $upstream $1:8006; + set $filereq $2; + # TODO: check, do i need is_args/args here? + rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break; + proxy_pass https://$upstream; + proxy_ssl_verify off; + proxy_set_header Host $1; + proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1"; + } + + # extracted files from dashboards link (because Dashboards is prepending its own prefix, we have to handle it) + location ~* ^/dashboards/app/extracted-files/(.*) { + set $forwarded_scheme $scheme; + if ($http_x_forwarded_proto = 'https') { + set $forwarded_scheme https; + } + set $fwuri $1; + rewrite ^/dashboards/app/extracted-files/(.*) $forwarded_scheme://$host/extracted-files/$1 redirect; + proxy_pass http://extracted-file-http-server; + proxy_redirect off; + proxy_set_header Host file-monitor.malcolm.local; + } + location ~* ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) { + include /etc/nginx/nginx_auth_rt.conf; + include /etc/nginx/nginx_system_resolver.conf; + set $upstream $1:8006; + set $filereq $2; + rewrite ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break; + proxy_pass https://$upstream; + proxy_ssl_verify off; + proxy_set_header Host $1; + proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1"; + } + # Dashboards -> Arkime shortcut location ~* /iddash2ark/(.*) { set $forwarded_scheme $scheme; @@ -158,29 +205,6 @@ http { proxy_set_header Host dashboards-helper.malcolm.local; } - # extracted file download - location ~* ^/extracted-files\b(.*) { - include /etc/nginx/nginx_auth_rt.conf; - # thanks to https://stackoverflow.com/a/31440150, handle spaces in names - set $filereq $1; - proxy_pass http://extracted-file-http-server$filereq$is_args$args; - proxy_redirect off; - proxy_set_header Host file-monitor.malcolm.local; - } - - # extracted file download hedgehog redirect - location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) { - include /etc/nginx/nginx_system_resolver.conf; - set $upstream $1:8006; - set $filereq $2; - # TODO: check, do i need is_args/args here? - rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break; - proxy_pass https://$upstream; - proxy_ssl_verify off; - proxy_set_header Host $1; - proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1"; - } - # favicon, logos, banners, etc. include /etc/nginx/nginx_image_aliases.conf;