Merge branch '173-security' into 'master'

Resolve "Wazuh is not Starting" Closes #173 See merge request cyber5k/mistborn!80
5 years ago · 97d25bbce4
9 changed files with 30 additions and 12 deletions
--- a/extra/bitwarden.yml
+++ b/extra/bitwarden.yml
@ -19,7 +19,7 @@ services:
				@@ -19,7 +19,7 @@ services:
      - "traefik.http.routers.bitwarden-https.tls.certresolver=basic"
      - "traefik.http.services.bitwarden-service.loadbalancer.server.port=80"
    ports:
-      - 3012:3012/tcp
+      - "${MISTBORN_BIND_IP}:3012:3012/tcp"
    restart: unless-stopped

 networks:
--- a/extra/jitsi-meet.yml
+++ b/extra/jitsi-meet.yml
@ -216,8 +216,8 @@ services:
				@@ -216,8 +216,8 @@ services:
        image: jitsi/jvb:latest
        restart: unless-stopped
        ports:
-            - '${JVB_PORT}:${JVB_PORT}/udp'
-            - '${JVB_TCP_PORT}:${JVB_TCP_PORT}'
+            - "${MISTBORN_BIND_IP}:${JVB_PORT}:${JVB_PORT}/udp"
+            - "${MISTBORN_BIND_IP}:${JVB_TCP_PORT}:${JVB_TCP_PORT}"
        volumes:
            - ${CONFIG}/jvb:/config:Z
        env_file:
--- a/extra/syncthing.yml
+++ b/extra/syncthing.yml
@ -15,8 +15,8 @@ services:
				@@ -15,8 +15,8 @@ services:
      - ../../mistborn_volumes/extra/syncthing/data2:/data2
    ports:
      #- 8384:8384
-      - 22000:22000/tcp # listening port
-      - 21027:21027/udp # protocol discovery
+      - "${MISTBORN_BIND_IP}:22000:22000/tcp" # listening port
+      - "${MISTBORN_BIND_IP}:21027:21027/udp" # protocol discovery
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.syncthing-http.rule=Host(`syncthing.mistborn`)"
--- a/extra/tor.yml
+++ b/extra/tor.yml
@ -8,7 +8,7 @@ services:
				@@ -8,7 +8,7 @@ services:
    image: mistborn_production_tor
    container_name: mistborn_production_tor
    ports:
-      - 9150:9150/tcp
+      - "${MISTBORN_BIND_IP}:9150:9150/tcp"

 networks:
  default:
--- a/scripts/install.sh
+++ b/scripts/install.sh
@ -69,6 +69,10 @@ pushd .
				@@ -69,6 +69,10 @@ pushd .
 cd /opt/mistborn
 git submodule update --init --recursive

+# Check updates
+echo "Checking updates"
+source ./scripts/subinstallers/check_updates.sh
+
 # MISTBORN_DEFAULT_PASSWORD
 source ./scripts/subinstallers/passwd.sh

@ -90,8 +94,7 @@ else
				@@ -90,8 +94,7 @@ else
    echo "SSH key exists for $USER"
 fi

-# initial load update package list
-sudo apt-get update
+# initial load update package list during check_updates.sh

 # install figlet
 sudo -E apt-get install -y figlet
--- a/scripts/services/Mistborn-base.service
+++ b/scripts/services/Mistborn-base.service
@ -7,6 +7,7 @@ After=netfilter-persistent.service
				@@ -7,6 +7,7 @@ After=netfilter-persistent.service

 [Service]
 Restart=always
+RestartSec=15
 User=root
 Group=docker
 PermissionsStartOnly=true
--- a/scripts/services/wazuh/agent.sh
+++ b/scripts/services/wazuh/agent.sh
@ -6,10 +6,14 @@ if dpkg -s wazuh-agent &> /dev/null; then
				@@ -6,10 +6,14 @@ if dpkg -s wazuh-agent &> /dev/null; then
    exit 0
 fi

+# install curl
+echo "install curl"
+sudo -E apt-get install -y curl
+
 # prepare repo
 echo "Adding Wazuh Repository"
-curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
-echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
+curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo -E apt-key add -
+echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | sudo -E tee /etc/apt/sources.list.d/wazuh.list

 apt-get update

--- a/scripts/subinstallers/check_updates.sh
+++ b/scripts/subinstallers/check_updates.sh
@ -0,0 +1,10 @@
				@@ -0,0 +1,10 @@
+#!/bin/bash
+
+sudo apt-get update
+
+UPDATES=$(sudo apt-get dist-upgrade -s --quiet=2 | grep ^Inst | wc -l)
+
+if [[ "$UPDATES" -ne "0" ]]; then
+    echo "Please run updates and reboot before installing Mistborn: sudo apt-get update && sudo apt-get -y dist-upgrade"
+    exit 1;
+fi
--- a/scripts/subinstallers/extra/wazuh.sh
+++ b/scripts/subinstallers/extra/wazuh.sh
@ -23,14 +23,14 @@ import secrets
				@@ -23,14 +23,14 @@ import secrets
 import random
 import string

-random_pass = ([secrets.choice("@$!*?-_"),
+random_pass = ([secrets.choice("@$!*?-"),
                           secrets.choice(string.digits),
                           secrets.choice(string.ascii_lowercase),
                           secrets.choice(string.ascii_uppercase),
                           ]
                          + [secrets.choice(string.ascii_lowercase
                                           + string.ascii_uppercase
-                                           + "@$!*?-_"
+                                           + "@$!*?-"
                                           + string.digits) for i in range(12)])

 random.shuffle(random_pass)