mirror of https://github.com/MISP/MISP
Merge branch '2.4' of https://github.com/MISP/MISP into feature/disable_correlation
commit
da433c3549
|
@ -126,11 +126,25 @@ $config = array(
|
|||
'ldapReaderUser' => 'cn=userWithReadAccess,ou=users,dc=example,dc=com', // DN ou RDN LDAP with reader user right
|
||||
'ldapReaderPassword' => 'UserPassword', // the LDAP reader user password
|
||||
'ldapDN' => 'dc=example,dc=com',
|
||||
'ldapSearchFilter' => '', // Search filter to limit results from ldapsearh fx to specfic group. FX
|
||||
//'ldapSearchFilter' => '(objectclass=InetOrgPerson)(!(nsaccountlock=True))(memberOf=cn=misp,cn=groups,cn=accounts,dc=example,dc=com)',
|
||||
'ldapSearchAttribut' => 'uid', // filter for search
|
||||
'ldapFilter' => array(
|
||||
'mail',
|
||||
// 'memberOf', //Needed filter if roles should be added depending on group membership.
|
||||
),
|
||||
'ldapDefaultRoleId' => 3, // 3:User, 1:admin. May be good to set "1" for the first user
|
||||
//ldapDefaultRoleId can also be set as an array to support creating users into different group, depending on ldap membership.
|
||||
//This will only work if the ldap server supports memberOf
|
||||
//'ldapDefaultRoleId' => array(
|
||||
// 'misp_admin' => 1,
|
||||
// 'misp_orgadmin' => 2,
|
||||
// 'misp_user' => 3,
|
||||
// 'misp_publisher' => 4,
|
||||
// 'misp_syncuser' => 5,
|
||||
// 'misp_readonly' => 6,
|
||||
// ),
|
||||
//
|
||||
'ldapDefaultOrg' => '1', // uses 1st local org in MISP if undefined
|
||||
),
|
||||
*/
|
||||
|
|
|
@ -342,9 +342,9 @@ class EventShell extends AppShell
|
|||
$typeCount = count($types);
|
||||
$dir = new Folder(APP . DS . '/tmp/cached_exports/bro', true, 0750);
|
||||
if ($user['Role']['perm_site_admin']) {
|
||||
$file = new File($dir->pwd() . DS . 'misp.bro.ADMIN.txt');
|
||||
$file = new File($dir->pwd() . DS . 'misp.bro.ADMIN.intel');
|
||||
} else {
|
||||
$file = new File($dir->pwd() . DS . 'misp.bro.' . $user['Organisation']['name'] . '.txt');
|
||||
$file = new File($dir->pwd() . DS . 'misp.bro.' . $user['Organisation']['name'] . '.intel');
|
||||
}
|
||||
|
||||
foreach ($types as $k => $type) {
|
||||
|
|
|
@ -1956,9 +1956,9 @@ class AttributesController extends AppController {
|
|||
throw new UnauthorizedException('You have to be logged in to do that.');
|
||||
}
|
||||
}
|
||||
$filename = 'misp.' . $type . '.txt';
|
||||
$filename = 'misp.' . $type . '.intel';
|
||||
if ($eventId) {
|
||||
$filename = 'misp.' . $type . '.event_' . $eventId . '.txt';
|
||||
$filename = 'misp.' . $type . '.event_' . $eventId . '.intel';
|
||||
}
|
||||
$responseFile = implode(PHP_EOL, $this->Attribute->bro($this->Auth->user(), $type, $tags, $eventId, $from, $to, $last, $enforceWarninglist)) . PHP_EOL;
|
||||
$this->response->body($responseFile);
|
||||
|
|
|
@ -23,6 +23,20 @@ class ApacheAuthenticate extends BaseAuthenticate {
|
|||
* @param CakeResponse $response Unused response object.
|
||||
* @return mixed False on login failure. An array of User data on success.
|
||||
*/
|
||||
private function isUserMemberOf($group, $ldapUserData) {
|
||||
// return true of false depeding on if user is a member of group.
|
||||
$returnCode = false;
|
||||
unset($ldapUserData[0]['memberof']["count"]);
|
||||
foreach ($ldapUserData[1]['memberof'] as $result) {
|
||||
$r = explode(",", $result, 2);
|
||||
$ldapgroup = explode("=", $r[0]);
|
||||
if ($ldapgroup[0] == $group) {
|
||||
$returnCode = true;
|
||||
}
|
||||
}
|
||||
return $returnCode;
|
||||
}
|
||||
|
||||
public function authenticate(CakeRequest $request, CakeResponse $response) {
|
||||
|
||||
// Get information user for MISP auth
|
||||
|
@ -33,7 +47,7 @@ class ApacheAuthenticate extends BaseAuthenticate {
|
|||
$ldapdn = Configure::read('ApacheSecureAuth.ldapDN');
|
||||
$ldaprdn = Configure::read('ApacheSecureAuth.ldapReaderUser'); // DN ou RDN LDAP
|
||||
$ldappass = Configure::read('ApacheSecureAuth.ldapReaderPassword');
|
||||
|
||||
$ldapSearchFilter = Configure::read('ApacheSecureAuth.ldapSearchFilter');
|
||||
// LDAP connection
|
||||
$ldapconn = ldap_connect(Configure::read('ApacheSecureAuth.ldapServer'))
|
||||
or die('LDAP server connection failed');
|
||||
|
@ -48,8 +62,13 @@ class ApacheAuthenticate extends BaseAuthenticate {
|
|||
if (!$ldapbind) {
|
||||
die("LDAP bind failed");
|
||||
}
|
||||
// example: '(uuid=ApacheUser)'
|
||||
// example for searchFiler: '(objectclass=InetOrgPerson)(!(nsaccountlock=True))(memberOf=cn=misp,cn=groups,cn=accounts,dc=example,dc=com)'
|
||||
// example for searchAttribut: '(uuid=ApacheUser)'
|
||||
if (!empty($ldapSearchFilter)) {
|
||||
$filter = '(&' . $ldapSearchFilter . '(' . Configure::read('ApacheSecureAuth.ldapSearchAttribut') . '=' . $_SERVER[$envvar] . '))';
|
||||
} else {
|
||||
$filter = '(' . Configure::read('ApacheSecureAuth.ldapSearchAttribut') . '=' . $_SERVER[$envvar] . ')';
|
||||
}
|
||||
// example: mail
|
||||
$getLdapUserInfo = Configure::read('ApacheSecureAuth.ldapFilter');
|
||||
|
||||
|
@ -91,6 +110,18 @@ class ApacheAuthenticate extends BaseAuthenticate {
|
|||
$org_id = $firstOrg['Organisation']['id'];
|
||||
}
|
||||
|
||||
// Set roleid depending on group membership
|
||||
$roleIds = Configure::read('ApacheSecureAuth.ldapDefaultRoleId');
|
||||
if (is_array($roleIds)) {
|
||||
foreach ($roleIds as $key => $id) {
|
||||
if ($this->isUserMemberOf($key, $ldapUserData)) {
|
||||
$roleId = $roleIds[$key];
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$roleId = $roleIds;
|
||||
}
|
||||
|
||||
// create user
|
||||
$userData = array('User' => array(
|
||||
'email' => $mispUsername,
|
||||
|
@ -100,7 +131,7 @@ class ApacheAuthenticate extends BaseAuthenticate {
|
|||
'authkey' => $userModel->generateAuthKey(),
|
||||
'nids_sid' => 4000000,
|
||||
'newsread' => date('Y-m-d'),
|
||||
'role_id' => Configure::read('ApacheSecureAuth.ldapDefaultRoleId'),
|
||||
'role_id' => $roleId,
|
||||
'change_pw' => 0
|
||||
));
|
||||
// save user
|
||||
|
|
|
@ -2209,6 +2209,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
$event = array('Event' => $event);
|
||||
$created_id = 0;
|
||||
$event['Event']['locked'] = 1;
|
||||
$result['result'] = $this->Event->_add($event, true, $this->Auth->user(), '', null, false, null, $created_id, $validationIssues);
|
||||
$result['id'] = $created_id;
|
||||
$result['validationIssues'] = $validationIssues;
|
||||
|
@ -2221,6 +2222,7 @@ class EventsController extends AppController {
|
|||
unset($temp['Event']['Orgc']);
|
||||
}
|
||||
$created_id = 0;
|
||||
$temp['Event']['locked'] = 1;
|
||||
$result = $this->Event->_add($temp, true, $this->Auth->user(), '', null, false, null, $created_id, $validationIssues);
|
||||
$results = array(0 => array('info' => $temp['Event']['info'], 'result' => $result, 'id' => $created_id, 'validationIssues' => $validationIssues));
|
||||
}
|
||||
|
|
|
@ -123,9 +123,9 @@ class BroExport {
|
|||
);
|
||||
}
|
||||
return sprintf($ruleFormat,
|
||||
$attribute['value'], // value - for composite values only the relevant element is taken
|
||||
$this->replaceIllegalChars($attribute['value']), // value - for composite values only the relevant element is taken
|
||||
'Intel::' . $brotype, // type
|
||||
$attribute['comment'],
|
||||
$this->replaceIllegalChars($attribute['comment']),
|
||||
'T', // meta.do_notice
|
||||
'-' // meta.if_in
|
||||
);
|
||||
|
|
|
@ -99,7 +99,7 @@ class Event extends AppModel {
|
|||
'description' => 'Click this to download all network related attributes that you have access to under the Snort rule format. Only published events and attributes marked as IDS Signature are exported. Administration is able to maintain a whitelist containing host, domain name and IP numbers to exclude from the NIDS export.',
|
||||
),
|
||||
'bro' => array(
|
||||
'extension' => '.txt',
|
||||
'extension' => '.intel',
|
||||
'type' => 'Bro',
|
||||
'requiresPublished' => 1,
|
||||
'canHaveAttachments' => false,
|
||||
|
|
|
@ -1602,7 +1602,7 @@ class Server extends AppModel {
|
|||
$temp = array();
|
||||
foreach ($rules as $operator => $elements) {
|
||||
foreach ($elements as $k => $element) {
|
||||
if ($operator === 'NOT') $elements[$k] = '!' . $element;
|
||||
if ($operator === 'NOT') $element = '!' . $element;
|
||||
if (!empty($element)) $temp[] = $element;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
}
|
||||
if (isset($cluster['meta'])) {
|
||||
foreach ($cluster['meta'] as $metaKey => $metaField) {
|
||||
if ($metaField != 'synonyms') {
|
||||
if ($metaKey != 'synonyms') {
|
||||
$cluster_fields[] = array('key' => $metaKey, 'value' => $metaField);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit ff17ac998e213ad205436c0c230959375bb70b09
|
||||
Subproject commit 0d97a18f2d871e8f507010c55015ce2aee5e3254
|
|
@ -85,21 +85,27 @@ def generateObservable(indicator, attribute):
|
|||
def resolveFileObservable(indicator, attribute):
|
||||
hashValue = ""
|
||||
filenameValue = ""
|
||||
fuzzy = False
|
||||
if (attribute["type"] in hash_type_attributes["composite"]):
|
||||
values = attribute["value"].split('|')
|
||||
filenameValue = values[0]
|
||||
hashValue = values[1]
|
||||
indicator.add_indicator_type("File Hash Watchlist")
|
||||
composite = attribute["type"].split('|')
|
||||
if (composite[1] == "ssdeep"):
|
||||
fuzzy = True
|
||||
else:
|
||||
if (attribute["type"] in ("filename", "attachment")):
|
||||
filenameValue = attribute["value"]
|
||||
else:
|
||||
hashValue = attribute["value"]
|
||||
indicator.add_indicator_type("File Hash Watchlist")
|
||||
observable = generateFileObservable(filenameValue, hashValue)
|
||||
if (attribute["type"] == "ssdeep"):
|
||||
fuzzy = True
|
||||
observable = generateFileObservable(filenameValue, hashValue, fuzzy)
|
||||
return observable
|
||||
|
||||
def generateFileObservable(filenameValue, hashValue):
|
||||
def generateFileObservable(filenameValue, hashValue, fuzzy):
|
||||
file_object = File()
|
||||
if (filenameValue != ""):
|
||||
if (("/" in filenameValue) or ("\\" in filenameValue)):
|
||||
|
@ -112,6 +118,12 @@ def generateFileObservable(filenameValue, hashValue):
|
|||
file_object.file_name.condition = "Equals"
|
||||
if (hashValue != ""):
|
||||
file_object.add_hash(Hash(hash_value=hashValue, exact=True))
|
||||
if (fuzzy):
|
||||
file_object._fields["Hashes"]._inner[0].simple_hash_value = None
|
||||
file_object._fields["Hashes"]._inner[0].fuzzy_hash_value = hashValue
|
||||
file_object._fields["Hashes"]._inner[0].fuzzy_hash_value.condition = "Equals"
|
||||
file_object._fields["Hashes"]._inner[0].type_ = Hash.TYPE_SSDEEP
|
||||
file_object._fields["Hashes"]._inner[0].type_.condition = "Equals"
|
||||
return file_object
|
||||
|
||||
def resolveIPType(attribute_value, attribute_type):
|
||||
|
|
Loading…
Reference in New Issue