From e548b22ffa825ebc5cab0ccacf632728972fa481 Mon Sep 17 00:00:00 2001 From: Stefano Ortolani Date: Sat, 13 May 2023 14:17:53 +0100 Subject: [PATCH] Refactor handling of syncserver variables --- docker-compose.yml | 9 +++---- server/files/configure_misp.sh | 48 +++++++++++++++++++++++++--------- template.env | 3 +-- 3 files changed, 41 insertions(+), 19 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5684d3a..ae65453 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -59,16 +59,15 @@ services: - "ADMIN_KEY=${ADMIN_KEY}" - "ADMIN_ORG=${ADMIN_ORG}" - "GPG_PASSPHRASE=${GPG_PASSPHRASE}" - # sync server settings + # sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options) - "SYNCSERVERS=${SYNCSERVERS}" - - "SYNCSERVERS_1_NAME=${SYNCSERVERS_1_NAME}" - - "SYNCSERVERS_1_UUID=${SYNCSERVERS_1_UUID}" - - "SYNCSERVERS_1_KEY=${SYNCSERVERS_1_KEY}" - | SYNCSERVERS_1_DATA= { + "remote_org_uuid": "${SYNCSERVERS_1_UUID}", + "name": "${SYNCSERVERS_1_NAME}", + "authkey": "${SYNCSERVERS_1_KEY}", "url": "${SYNCSERVERS_1_URL}", - "pull_rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"{\\\"searchanalysis\\\": \\\"2\\\"}\"}", "pull": true } diff --git a/server/files/configure_misp.sh b/server/files/configure_misp.sh index 4241308..d004ca7 100755 --- a/server/files/configure_misp.sh +++ b/server/files/configure_misp.sh @@ -155,20 +155,44 @@ update_components() { create_sync_servers() { SPLITTED_SYNCSERVERS=$(echo $SYNCSERVERS | tr ',' '\n') for ID in $SPLITTED_SYNCSERVERS; do - NAME="SYNCSERVERS_${ID}_NAME" - UUID="SYNCSERVERS_${ID}_UUID" DATA="SYNCSERVERS_${ID}_DATA" - KEY="SYNCSERVERS_${ID}_KEY" - echo "... searching sync server ${!NAME}..." - if ! get_server ${HOSTNAME} ${ADMIN_KEY} ${!NAME}; then - echo "... adding new sync server ${!NAME}..." - add_organization ${HOSTNAME} ${ADMIN_KEY} ${!NAME} false ${!UUID} - ORG_ID=$(get_organization ${HOSTNAME} ${ADMIN_KEY} ${!UUID}) - DATA=$(echo "${!DATA}" | jq --arg org_id ${ORG_ID} --arg name ${!NAME} --arg key ${!KEY} '. + {remote_org_id: $org_id, name: $name, authkey: $key}') - add_server ${HOSTNAME} ${ADMIN_KEY} "$DATA" - else - echo "... found existing sync server ${!NAME}..." + + # Validate #1 + NAME=$(echo "${!DATA}" | jq -r '.name') + if [[ -z $NAME ]]; then + echo "... error missing sync server name" + continue fi + + # Skip sync server if we can + echo "... searching sync server ${NAME}" + if get_server ${HOSTNAME} ${ADMIN_KEY} ${NAME}; then + echo "... found existing sync server ${NAME}" + continue + fi + + # Validate #2 + UUID=$(echo "${!DATA}" | jq -r '.remote_org_uuid') + if [[ -z $UUID ]]; then + echo "... error missing sync server remote_org_uuid" + continue + fi + + # Get remote organization + echo "... searching remote organization ${UUID}" + ORG_ID=$(get_organization ${HOSTNAME} ${ADMIN_KEY} ${UUID}) + if [[ -z $ORG_ID ]]; then + # Add remote organization if missing + echo "... adding missing organization ${UUID}" + add_organization ${HOSTNAME} ${ADMIN_KEY} ${NAME} false ${UUID} + ORG_ID=$(get_organization ${HOSTNAME} ${ADMIN_KEY} ${UUID}) + fi + + # Add sync server + echo "... adding new sync server ${NAME} with organization id ${ORG_ID}" + JSON_DATA=$(echo "${!DATA}" | jq --arg org_id ${ORG_ID} 'del(.remote_org_uuid) | . + {remote_org_id: $org_id}') + echo "... adding new sync server ${JSON_DATA}" + add_server ${HOSTNAME} ${ADMIN_KEY} "$JSON_DATA" done } diff --git a/template.env b/template.env index 2e33619..b09430b 100644 --- a/template.env +++ b/template.env @@ -24,8 +24,7 @@ SMARTHOST_ALIASES= # comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1) SYNCSERVERS= -# name, remote organization uuid, and key of each syncserver -# note: if you have more than one, you need to update docker-compose.yml +# note: if you have more than one syncserver, you need to update docker-compose.yml SYNCSERVERS_1_URL= SYNCSERVERS_1_NAME= SYNCSERVERS_1_UUID=