-
Notifications
You must be signed in to change notification settings - Fork 152
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use official docker images and repack and install client
- Loading branch information
1 parent
8721da0
commit 33a136c
Showing
12 changed files
with
132 additions
and
213 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
...and-running-grr/advanced-usecases/sandbox/config/fleetspeak-frontend/components.textproto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
installing-and-running-grr/advanced-usecases/sandbox/config/grr-client/client.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,16 @@ | ||
Client.fleetspeak_enabled: true | ||
ClientBuilder.fleetspeak_bundled: true | ||
Client.foreman_check_frequency: 30 | ||
|
||
Logging.verbose: true | ||
Logging.engines: file,stderr | ||
Logging.path: / | ||
Logging.filename: /grr-client.log | ||
|
||
Client.executable_signing_public_key: "%(/config/public-key.pem|file)" | ||
Target:Linux: | ||
ClientBuilder.fleetspeak_client_config: /config/grr-client/config.textproto | ||
Target:Windows: | ||
ClientBuilder.fleetspeak_client_config: /config/grr-client/config.textproto | ||
Target:Darwin: | ||
ClientBuilder.fleetspeak_client_config: /config/grr-client/config.textproto |
6 changes: 3 additions & 3 deletions
6
installing-and-running-grr/advanced-usecases/sandbox/config/grr-client/config.textproto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,9 @@ | ||
client_certificate_header: "x-client-certificate" | ||
trusted_certs: "FRONTEND_CERTIFICATE" | ||
trusted_certs: "TRUSTED_FLEETSPEAK_CERT" | ||
server: "fleetspeak-server:10000" | ||
client_label: "" | ||
filesystem_handler: < | ||
configuration_directory: "/config/" | ||
state_file: "/fleetspeak.state" | ||
configuration_directory:"/config/grr-client/" | ||
state_file:"/fleetspeak.state" | ||
> | ||
streaming: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
49 changes: 25 additions & 24 deletions
49
installing-and-running-grr/advanced-usecases/sandbox/config/grr-server/server.local.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,42 +1,43 @@ | ||
Database.implementation: MysqlDB | ||
Blobstore.implementation: DbBlobStore | ||
|
||
API.DefaultRouter: ApiCallRouterWithoutChecks | ||
|
||
Server.initialized: true | ||
Server.fleetspeak_enabled: true | ||
Server.fleetspeak_server: fleetspeak-admin:9091 | ||
FleetspeakFrontend Context: | ||
Server.fleetspeak_message_listen_address: 0.0.0.0:11111 | ||
|
||
Mysql.host: mysql-grr | ||
Mysql.port: 3306 | ||
Mysql.database_name: grr | ||
Mysql.database: grr | ||
Mysql.database_username: grr-user | ||
Mysql.username: grr-user | ||
Client.server_urls: | ||
- http://localhost:8080/ | ||
Mysql.password: grr-password | ||
Mysql.database_name: grr | ||
Mysql.database_username: grr-user | ||
Mysql.database_password: grr-password | ||
Mysql.flow_processing_threads_max: 20 | ||
|
||
AdminUI.url: http://localhost:8000 | ||
AdminUI.bind: 0.0.0.0 | ||
AdminUI.headless: true | ||
AdminUI.use_precompiled_js: true | ||
AdminUI.csrf_secret_key: random_passphrase_123____PLEASE_REPLACE___ | ||
|
||
Logging.domain: localhost | ||
Logging.verbose: true | ||
Logging.engines: file,stderr | ||
Logging.path: /grr | ||
Logging.filename: /grr/grr-server.log | ||
Monitoring.alert_email: grr-monitoring@localhost | ||
Monitoring.emergency_access_email: grr-emergency@localhost | ||
Mysql.database_password: grr-password | ||
Mysql.password: grr-password | ||
Mysql.flow_processing_threads_max: 20 | ||
|
||
Frontend.certificate: | | ||
FRONTEND_CERTIFICATE | ||
Client.executable_signing_public_key: | | ||
%(/config/public-key.pem|file) | ||
PrivateKeys.executable_signing_private_key: | | ||
%(/config/private-key.pem|file) | ||
AdminUI.csrf_secret_key: O$YTx01F2BuxgT4DoVSI hJVuhWOxyuuxJhg#lg96ARF_fWLabzN5kjAy0UBcI9GDrUPo1v | ||
b7PyF3vj4pqRrc8oegeJ8XgIyI5X | ||
Server.fleetspeak_enabled: true | ||
Client.fleetspeak_enabled: true | ||
ClientBuilder.fleetspeak_bundled: true | ||
Target:Linux: | ||
ClientBuilder.fleetspeak_client_config: /grr/venv/fleetspeak-server-bin/etc/fleetspeak-server/linux_client.config | ||
Target:Windows: | ||
ClientBuilder.fleetspeak_client_config: /grr/venv/fleetspeak-server-bin/etc/fleetspeak-server/windows_client.config | ||
Target:Darwin: | ||
ClientBuilder.fleetspeak_client_config: /grr/venv/fleetspeak-server-bin/etc/fleetspeak-server/darwin_client.config | ||
Server.fleetspeak_server: fleetspeak-admin:9091 | ||
FleetspeakFrontend Context: | ||
Server.fleetspeak_message_listen_address: 0.0.0.0:11111 | ||
Server.initialized: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 0 additions & 46 deletions
46
installing-and-running-grr/advanced-usecases/sandbox/containers/fleetspeak/Dockerfile
This file was deleted.
Oops, something went wrong.
19 changes: 0 additions & 19 deletions
19
installing-and-running-grr/advanced-usecases/sandbox/containers/grr/client/Dockerfile
This file was deleted.
Oops, something went wrong.
43 changes: 0 additions & 43 deletions
43
installing-and-running-grr/advanced-usecases/sandbox/containers/grr/server/Dockerfile
This file was deleted.
Oops, something went wrong.
54 changes: 32 additions & 22 deletions
54
installing-and-running-grr/advanced-usecases/sandbox/createConfig.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,36 @@ | ||
#!/bin/bash | ||
openssl ecparam -list_curves | ||
|
||
# generate a private key for a curve | ||
openssl ecparam -name prime256v1 -genkey -noout -out key.pem | ||
|
||
# optional: generate corresponding public key | ||
#openssl ec -in key.pem -pubout -out public-key.pem | ||
|
||
# create a self-signed certificate | ||
openssl req -new -x509 -key key.pem -out cert.pem -days 365 -subj "/C=AU/CN=fleetspeak-server" -addext "subjectAltName = DNS:fleetspeak-server" | ||
|
||
export FRONTEND_PEM="$(cat cert.pem | sed 's/^/ /g' | sed ':a;N;$!ba;s/\n/\\n/g' | sed 's/\$/\\$/g')" | ||
export FRONTEND_CERT=$(sed ':a;N;$!ba;s/\n/\\\\n/g' cert.pem) | ||
export FRONTEND_KEY=$(sed ':a;N;$!ba;s/\n/\\\\n/g' key.pem) | ||
set -ex | ||
|
||
echo $FRONTEND_PEM | ||
echo $FRONTEND_CERT | ||
echo $FRONTEND_KEY | ||
|
||
sed -i "s@FRONTEND_CERTIFICATE@${FRONTEND_PEM}@" ./config/grr-server/server.local.yaml | ||
|
||
sed -i 's@FRONTEND_CERTIFICATE@'"$FRONTEND_CERT"'@' ./config/fleetspeak-frontend/components.textproto | ||
sed -i 's@FRONTEND_CERTIFICATE@'"$FRONTEND_CERT"'@' ./config/grr-client/config.textproto | ||
openssl ecparam -list_curves | ||
|
||
sed -i 's@FRONTEND_KEY@'"$FRONTEND_KEY"'@' ./config/fleetspeak-frontend/components.textproto | ||
# Generate key pair .pem files, which is linked in the GRR client and | ||
# server configs (client.yaml, server.local.yaml). | ||
openssl ecparam -name prime256v1 -genkey -noout -out config/private-key.pem | ||
openssl ec -in config/private-key.pem -pubout -out config/public-key.pem | ||
|
||
# Create a CA/trusted private key and cert for Fleetspeak. | ||
openssl ecparam -name prime256v1 -genkey -noout \ | ||
-out fleetspeak-ca-key.pem | ||
openssl req -new -x509 -days 365 -subj "/CN=Fleetspeak CA"\ | ||
-key fleetspeak-ca-key.pem \ | ||
-out fleetspeak-ca-cert.pem \ | ||
|
||
# Create keys for CA signed key and cert for fleetspeak. Resulting files are also | ||
# copied in the envoy container, see containers/envoy/Dockerfile). | ||
openssl ecparam -name prime256v1 -genkey -noout \ | ||
-out fleetspeak-key.pem | ||
openssl req -new -x509 -days 365 -subj "/CN=Fleetspeak CA" -addext "subjectAltName = DNS:fleetspeak-server" \ | ||
-key fleetspeak-key.pem \ | ||
-out fleetspeak-cert.pem \ | ||
-CA fleetspeak-ca-cert.pem \ | ||
-CAkey fleetspeak-ca-key.pem | ||
|
||
# Replace placeholders in fleetspeak and grr-client textproto files. | ||
TRUSTED_FLEETSPEAK_CERT=$(sed ':a;N;$!ba;s/\n/\\\\n/g' fleetspeak-ca-cert.pem) | ||
FLEETSPEAK_KEY=$(sed ':a;N;$!ba;s/\n/\\\\n/g' fleetspeak-key.pem) | ||
FLEETSPEAK_CERT=$(sed ':a;N;$!ba;s/\n/\\\\n/g' fleetspeak-cert.pem) | ||
|
||
sed -i 's@FLEETSPEAK_CERT@'"$FLEETSPEAK_CERT"'@' ./config/fleetspeak-frontend/components.textproto | ||
sed -i 's@FLEETSPEAK_KEY@'"$FLEETSPEAK_KEY"'@' ./config/fleetspeak-frontend/components.textproto | ||
sed -i 's@TRUSTED_FLEETSPEAK_CERT@'"$TRUSTED_FLEETSPEAK_CERT"'@' ./config/grr-client/config.textproto |
Oops, something went wrong.