MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [conf] generate password if empty

pull/659/head v2.4.187
David Cruciani 2024-03-05 11:30:58 +01:00
parent 664c2f8a90
commit c218090463
No known key found for this signature in database
GPG Key ID: 8690CDE1E3994B9B
8 changed files with 71 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -21,3 +21,4 @@ venv*
#vscode #vscode
.vscode* .vscode*
*.sqlite *.sqlite
website/conf/config.cfg

10
website/README.md
View File

@ -35,14 +35,20 @@ Edit `config.py`
- `ADMIN_PASSWORD`: Password for Admin user if `ADMIN_USER` is True - `ADMIN_PASSWORD`: Password for Admin user if `ADMIN_USER` is True
Rename `config.cfg.sample` to `config.cfg` then edit it:
- `ADMIN_USER`: If True, config page will not be accessible
- `ADMIN_PASSWORD`: Password for Admin user if `ADMIN_USER` is True
## Launch ## Launch
```bash ```bash
./launch.sh -l ./launch.sh -l
``` ```
## Admin user ## Admin user
If admin user is active, type `/login` in url to access a login page and type the password wrote in `config.py` in `ADMIN_PASSOWRD`. If admin user is active, type `/login` in url to access a login page and type the password wrote in `config.py` in `ADMIN_PASSOWRD`.

2
website/app.py
View File

@ -7,6 +7,7 @@ from app.utils.init_modules import create_modules_db
import signal import signal
import sys import sys
import subprocess import subprocess
from app.utils.utils import gen_admin_password
def signal_handler(sig, frame): def signal_handler(sig, frame):
path = os.path.join(os.getcwd(), "launch.sh") path = os.path.join(os.getcwd(), "launch.sh")
@ -47,4 +48,5 @@ elif args.create_module:
with app.app_context(): with app.app_context():
create_modules_db() create_modules_db()
else: else:
gen_admin_password()
app.run(host=app.config.get("FLASK_URL"), port=app.config.get("FLASK_PORT")) app.run(host=app.config.get("FLASK_URL"), port=app.config.get("FLASK_PORT"))

2
website/app/__init__.py
View File

@ -5,7 +5,7 @@ from flask_migrate import Migrate
from flask_session import Session from flask_session import Session
from flask_login import LoginManager from flask_login import LoginManager
from config import config as Config from conf.config import config as Config
import os import os

24
website/app/home.py
View File

@ -15,7 +15,7 @@ home_blueprint = Blueprint(
@home_blueprint.route("/") @home_blueprint.route("/")
def home(): def home():
sess["admin_user"] = admin_user_active() sess["admin_user"] = bool(admin_user_active())
if "query" in request.args: if "query" in request.args:
return render_template("home.html", query=request.args.get("query")) return render_template("home.html", query=request.args.get("query"))
return render_template("home.html") return render_template("home.html")
@ -168,17 +168,24 @@ def download(sid):
def modules_config(): def modules_config():
"""List all modules for configuration""" """List all modules for configuration"""
sess["admin_user"] = admin_user_active() sess["admin_user"] = admin_user_active()
flag = True
if sess.get("admin_user"): if sess.get("admin_user"):
if current_user.is_authenticated: if not current_user.is_authenticated:
flag = False
if flag:
return render_template("modules_config.html") return render_template("modules_config.html")
return render_template("404.html") return render_template("404.html")
@home_blueprint.route("/modules_config_data") @home_blueprint.route("/modules_config_data")
def modules_config_data(): def modules_config_data():
"""List all modules for configuration""" """List all modules for configuration"""
sess["admin_user"] = admin_user_active() sess["admin_user"] = admin_user_active()
flag = True
if sess.get("admin_user"): if sess.get("admin_user"):
if current_user.is_authenticated: if not current_user.is_authenticated:
flag = False
if flag:
modules_config = HomeModel.get_modules_config() modules_config = HomeModel.get_modules_config()
return modules_config, 200 return modules_config, 200
return {"message": "Permission denied"}, 403 return {"message": "Permission denied"}, 403
@ -188,8 +195,11 @@ def modules_config_data():
def change_config(): def change_config():
"""Change configuation for a module""" """Change configuation for a module"""
sess["admin_user"] = admin_user_active() sess["admin_user"] = admin_user_active()
flag = True
if sess.get("admin_user"): if sess.get("admin_user"):
if current_user.is_authenticated: if not current_user.is_authenticated:
flag = False
if flag:
if "module_name" in request.json["result_dict"]: if "module_name" in request.json["result_dict"]:
res = HomeModel.change_config_core(request.json["result_dict"]) res = HomeModel.change_config_core(request.json["result_dict"])
if res: if res:
@ -202,8 +212,12 @@ def change_config():
def change_status(): def change_status():
"""Change the status of a module, active or unactive""" """Change the status of a module, active or unactive"""
sess["admin_user"] = admin_user_active() sess["admin_user"] = admin_user_active()
flag = True
if sess.get("admin_user"): if sess.get("admin_user"):
if current_user.is_authenticated: if not current_user.is_authenticated:
flag = False
# if admin is active and user is logon or if admin is not active
if flag:
if "module_id" in request.args: if "module_id" in request.args:
res = HomeModel.change_status_core(request.args.get("module_id")) res = HomeModel.change_status_core(request.args.get("module_id"))
if res: if res:

23
website/app/utils/utils.py
View File

@ -1,10 +1,15 @@
import os import os
import random
import uuid import uuid
import json import json
import requests import requests
# import jsonschema # import jsonschema
from config import Config from conf.config import Config
from pathlib import Path from pathlib import Path
import configparser
config = configparser.ConfigParser()
CONF_PATH = os.path.join(os.getcwd(), "conf", "config.cfg")
config.read(CONF_PATH)
MODULES = [] MODULES = []
@ -51,9 +56,19 @@ def get_object(obj_name):
def admin_user_active(): def admin_user_active():
return Config.ADMIN_USER config.read(CONF_PATH)
return config.getboolean("ADMIN", "ADMIN_USER")
def admin_password(): def admin_password():
return Config.ADMIN_PASSWORD return config["ADMIN"]["ADMIN_PASSWORD"]
def gen_admin_password():
if not admin_password():
chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%#[]+-:;_&*().,?0123456789'
password = ''
for _ in range(20):
password += random.choice(chars)
print(f"##########################\n## Admin password ##\n## {password} ##\n##########################")
config["ADMIN"]["ADMIN_PASSWORD"] = password
with open(CONF_PATH, "w") as conffile:
config.write(conffile)

4
website/conf/config.cfg.sample Normal file
View File

@ -0,0 +1,4 @@
[ADMIN]
admin_user = False
admin_password =

2
website/config.py → website/conf/config.py
View File

@ -4,8 +4,6 @@ class Config:
FLASK_URL = '127.0.0.1' FLASK_URL = '127.0.0.1'
FLASK_PORT = 7008 FLASK_PORT = 7008
MISP_MODULE = '127.0.0.1:6666' MISP_MODULE = '127.0.0.1:6666'
ADMIN_USER = False
ADMIN_PASSWORD = "Password1234"
class DevelopmentConfig(Config): class DevelopmentConfig(Config):
DEBUG = True DEBUG = True