D4
/
d4-core
mirror of https://github.com/D4-project/d4-core
2
0
Fork 0
Code Issues Releases Wiki Activity
d4-core/server
History
Koen Van Impe 27aa5b1df9 Contributions to the documentation small type for "registered" 
- Clarifications for basic install of the client
- Clarifications for basic install of the server
- Fix small types registered instead of registred
 		2023-12-22 18:31:40 +01:00
..
analyzer fix: [Analyzer - close socket] use shutdown fct 2020-03-17 17:58:13 +01:00
configs chg: [D4Server] add server port in config 2021-03-31 11:43:54 +02:00
documentation chg: [core] add redis server in config 2019-11-25 16:28:20 +01:00
gen_cert chg: [install] copy crt and key to Flash folder 2019-09-23 11:32:05 +02:00
lib Contributions to the documentation small type for "registered" 2023-12-22 18:31:40 +01:00
update chg: [Analyzer Queue] add template: edit queue 2020-03-03 14:14:35 +01:00
web fix: [web] fix #47 2023-03-02 15:41:45 +01:00
workers fix: [d4-server] worker launcher: don't add invalid HMAC or empty data stream to workers queue 2021-04-20 15:43:03 +02:00
.gitignore chg: [server + workers] add config file + add option to specify save directory 2019-03-26 15:21:36 +01:00
Dockerfile.analyzer-d4-passivedns use d4 github. Will works if pull request is accepted and Environmental variables allowed to control REDIS servers config 2019-06-11 16:41:31 -06:00
Dockerfile.d4-server use d4 github. Will works if pull request is accepted and Environmental variables allowed to control REDIS servers config 2019-06-11 16:41:31 -06:00
LAUNCH.sh chg: [Sensors API + UI] add sensors monitoring 2020-11-10 11:11:23 +01:00
README.md Contributions to the documentation small type for "registered" 2023-12-22 18:31:40 +01:00
docker-compose.yml that works 2019-06-11 16:37:11 -06:00
install_server.sh Update install_server.sh 2023-11-28 20:30:33 +00:00
requirement.txt Update requirement.txt 2023-11-28 18:51:38 +00:00
sensors_manager.py fic: [Sensors monitoring] typo 2020-11-10 15:09:12 +01:00
server.py Contributions to the documentation small type for "registered" 2023-12-22 18:31:40 +01:00

README.md

D4 core

D4 core server

D4 core server is a complete server to handle clients (sensors) including the decapsulation of the D4 protocol, control of sensor registrations, management of decoding protocols and dispatching to adequate decoders/analysers.

Requirements

  • Python 3.6
  • GNU/Linux distribution

Installation

Install D4 server

Clone the repository and install necessary packages. Installation requires sudo permissions.

git clone https://github.com/D4-project/d4-core.git
cd d4-core
cd server
./install_server.sh

When the installation is finished, scroll back to where + ./create_default_user.py is displayed. The next lines contain the default generated user and should resemble the snippet below. Take a temporary note of the password, you are required to change the password on first login.

new user created: admin@admin.test
password: <redacted>
token: <redacted>

Then create or add a pem in d4-core/server :

cd gen_cert
./gen_root.sh
./gen_cert.sh
cd ..
Launch D4 server
./LAUNCH.sh -l

The web interface is accessible via http://127.0.0.1:7000/

If you cannot access the web interface on localhost (for example because the system is running on a remote host), then stop the server, change the listening host IP and restart the server. In the below example it's changed to 0.0.0.0 (all interfaces). Make sure that the IP is not unintentionally publicly exposed.

./LAUNCH.sh -k
sed -i '/\[Flask_Server\]/{:a;N;/host = 127\.0\.0\.1/!ba;s/host = 127\.0\.0\.1/host = 0.0.0.0/}' configs/server.conf
./LAUNCH.sh -l

Updating web assets

To update javascript libs run:

cd web
./update_web.sh

API

API Documentation

Notes

  • All server logs are located in d4-core/server/logs/
  • Close D4 Server: ./LAUNCH.sh -k

D4 core server

Dashboard:

Connected Sensors:

Sensors Status:

Server Management:

analyzer Queues:

Troubleshooting

Worker 1, tcpdump: Permission denied

Could be related to AppArmor:

sudo cat /var/log/syslog | grep denied

Run the following command as root:

aa-complain /usr/sbin/tcpdump
WARNING - Not registered UUID=UUID4, connection closed

This happens after you have registered a new sensor, but have not approved the registration. In order to approve the sensor, go in the web interface to Server Management, and click Pending Sensors.