diff --git a/Vagrantfile b/Vagrantfile
index 714b434..8dfc3b1 100755
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -3,9 +3,9 @@
Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/jammy64"
- config.vm.hostname = "paradrop-ubuntu22-01"
+ config.vm.hostname = "paradrop-ubuntu22-1"
config.vm.provider "virtualbox" do |v|
- v.name = "ubuntu22"
+ v.name = "paradrop-ubuntu22-1"
v.memory = 8192
v.cpus = 4
v.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
@@ -43,7 +43,7 @@ ACCEPT_EULA=Y DEBIAN_FRONTEND=noninteractive apt-get update -y
ACCEPT_EULA=Y DEBIAN_FRONTEND=noninteractive apt-get remove -y whoopsie apport apport-gtk ubuntu-report unattended-upgrades kerneloops plymouth thunderbird transmission-common cheese aisleriot gnome-mahjongg gnome-mines gnome-sudoku remmina mlocate
ACCEPT_EULA=Y DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
ACCEPT_EULA=Y DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
-ACCEPT_EULA=Y DEBIAN_FRONTEND=noninteractive apt-get install -y curl jq vim net-tools dnsutils screen nodejs python3-pip python3-dev make unzip htop
+ACCEPT_EULA=Y DEBIAN_FRONTEND=noninteractive apt-get install -y curl jq vim net-tools dnsutils screen nodejs python3-pip python3-dev make unzip htop clamav libopenscap8
# Setup Docker
curl -fsSL https://get.docker.com -o ./get-docker.sh
@@ -53,6 +53,20 @@ rm ./get-docker.sh
systemctl enable docker
systemctl restart docker
+# Install Trivy Scanner
+apt-get install wget apt-transport-https gnupg lsb-release
+wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+apt-get update
+apt-get install trivy
+
+# Install OpenScap Content Guides
+wget -c https://github.com/ComplianceAsCode/content/releases/download/v0.1.72/scap-security-guide-0.1.72.zip
+unzip scap-security-guide-0.1.72.zip
+mkdir -p /usr/share/scap-security-guide
+cp -rf scap-security-guide-0.1.72/* /usr/share/scap-security-guide/
+rm -rf scap-security-guide-0.1.72*
+
# Install Python Deps
pip3 install -r /paradrop/api/requirements.txt
diff --git a/api/app.py b/api/app.py
index de49b2e..fde6858 100755
--- a/api/app.py
+++ b/api/app.py
@@ -44,8 +44,7 @@ def first_run() -> bool:
"normalizer": "lowercase_normalizer"
},
"updated_at": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
+ "type": "keyword"
}
}
}
@@ -167,8 +166,7 @@ def first_run() -> bool:
"normalizer": "lowercase_normalizer"
},
"last_run": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
+ "type": "keyword"
},
"docker_stopped": {
"type": "keyword",
@@ -491,12 +489,10 @@ def first_run() -> bool:
"normalizer": "lowercase_normalizer"
},
"created_at": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
+ "type": "keyword"
},
"expire_at": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
+ "type": "keyword"
}
}
}
diff --git a/elk/clean_hosts.sh b/elk/clean_hosts.sh
new file mode 100755
index 0000000..16d72f6
--- /dev/null
+++ b/elk/clean_hosts.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -H 'Content-Type: application/json' -XPOST 'https://127.0.0.1:9200/paradrop_hosts/_delete_by_query?conflicts=proceed' -d '{"query":{"match_all": {}}}'
diff --git a/elk/es_settings.json b/elk/es_settings.json
index 4e7667d..46b1f6f 100755
--- a/elk/es_settings.json
+++ b/elk/es_settings.json
@@ -1,12 +1,10 @@
{
- "analysis" : {
+ "analysis": {
"normalizer": {
"lowercase_normalizer": {
"type": "custom",
- "filter": [
- "lowercase"
- ]
+ "filter": ["lowercase"]
}
}
}
-}
\ No newline at end of file
+}
diff --git a/elk/paradrop_audit_mapping.json b/elk/paradrop_audit_mapping.json
index a6145f9..144140d 100755
--- a/elk/paradrop_audit_mapping.json
+++ b/elk/paradrop_audit_mapping.json
@@ -9,8 +9,7 @@
"normalizer": "lowercase_normalizer"
},
"updated_at": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
+ "type": "keyword"
}
}
}
diff --git a/elk/paradrop_changes_mapping.json b/elk/paradrop_changes_mapping.json
index 5155123..dca380a 100755
--- a/elk/paradrop_changes_mapping.json
+++ b/elk/paradrop_changes_mapping.json
@@ -5,8 +5,7 @@
"normalizer": "lowercase_normalizer"
},
"changes_discovered": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
+ "type": "keyword"
}
}
}
diff --git a/elk/paradrop_event_triggers_mapping.json b/elk/paradrop_event_triggers_mapping.json
index ba32c36..db3f11e 100755
--- a/elk/paradrop_event_triggers_mapping.json
+++ b/elk/paradrop_event_triggers_mapping.json
@@ -1,27 +1,27 @@
{
-"properties": {
- "event_name": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- },
- "event_impact": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- },
- "event_enable": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- },
- "send_alert": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- },
- "event_trigger": {
- "type": "object",
- "properties": {
- "field": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
+ "properties": {
+ "event_name": {
+ "type": "keyword",
+ "normalizer": "lowercase_normalizer"
+ },
+ "event_impact": {
+ "type": "keyword",
+ "normalizer": "lowercase_normalizer"
+ },
+ "event_enable": {
+ "type": "keyword",
+ "normalizer": "lowercase_normalizer"
+ },
+ "send_alert": {
+ "type": "keyword",
+ "normalizer": "lowercase_normalizer"
+ },
+ "event_trigger": {
+ "type": "object",
+ "properties": {
+ "field": {
+ "type": "keyword",
+ "normalizer": "lowercase_normalizer"
}
}
}
diff --git a/elk/paradrop_hosts_mapping.json b/elk/paradrop_hosts_mapping.json
index 0a440fc..949b6a3 100755
--- a/elk/paradrop_hosts_mapping.json
+++ b/elk/paradrop_hosts_mapping.json
@@ -38,8 +38,7 @@
"normalizer": "lowercase_normalizer"
},
"last_run": {
- "type": "date",
- "normalizer": "lowercase_normalizer"
+ "type": "keyword"
},
"docker_stopped": {
"type": "keyword",
@@ -69,8 +68,8 @@
"type": "long"
},
"docker_images": {
- "type":"nested",
- "include_in_parent": true,
+ "type": "nested",
+ "include_in_parent": true,
"properties": {
"name": {
"type": "keyword",
@@ -79,7 +78,7 @@
"size": {
"type": "keyword",
"normalizer": "lowercase_normalizer"
- },
+ },
"created": {
"type": "keyword",
"normalizer": "lowercase_normalizer"
@@ -87,8 +86,8 @@
}
},
"docker_containers": {
- "type":"nested",
- "include_in_parent": true,
+ "type": "nested",
+ "include_in_parent": true,
"properties": {
"name": {
"type": "keyword",
@@ -163,7 +162,6 @@
}
}
}
-
}
},
"trivy": {
@@ -331,4 +329,3 @@
}
}
}
-
diff --git a/elk/paradrop_reports_mapping.json b/elk/paradrop_reports_mapping.json
index 5683db2..d4cc2e0 100755
--- a/elk/paradrop_reports_mapping.json
+++ b/elk/paradrop_reports_mapping.json
@@ -1,12 +1,12 @@
{
-"properties": {
- "report_name": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- },
- "report_description": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
+ "properties": {
+ "report_name": {
+ "type": "keyword",
+ "normalizer": "lowercase_normalizer"
+ },
+ "report_description": {
+ "type": "keyword",
+ "normalizer": "lowercase_normalizer"
+ }
}
}
-}
diff --git a/elk/paradrop_users_mapping.json b/elk/paradrop_users_mapping.json
index aea82e1..2337d39 100755
--- a/elk/paradrop_users_mapping.json
+++ b/elk/paradrop_users_mapping.json
@@ -1,28 +1,25 @@
{
-"properties": {
- "email": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- },
- "name": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- },
- "role": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- },
- "last_signin": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- },
- "created_at": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- },
- "expire_at": {
- "type": "keyword",
- "normalizer": "lowercase_normalizer"
- }
+ "properties": {
+ "email": {
+ "type": "keyword",
+ "normalizer": "lowercase_normalizer"
+ },
+ "name": {
+ "type": "keyword",
+ "normalizer": "lowercase_normalizer"
+ },
+ "role": {
+ "type": "keyword",
+ "normalizer": "lowercase_normalizer"
+ },
+ "last_signin": {
+ "type": "keyword"
+ },
+ "created_at": {
+ "type": "keyword"
+ },
+ "expire_at": {
+ "type": "keyword"
+ }
}
}
diff --git a/ui/event-triggers/index.html b/ui/event-triggers/index.html
index ee2cb9a..f31a3c7 100755
--- a/ui/event-triggers/index.html
+++ b/ui/event-triggers/index.html
@@ -200,7 +200,7 @@ Add Event Trigger
loaded_kernel_modules
memoryused_pct
memoryfree_gb
- ntp_running -> bool
+ ntp_running
openscap['error_total]
openscap['fail_total]
openscap['informational_total']
diff --git a/ui/static/js/search.js b/ui/static/js/search.js
index da8af22..575d7a4 100755
--- a/ui/static/js/search.js
+++ b/ui/static/js/search.js
@@ -429,7 +429,11 @@ async function updateTable (tableColumnsSpecifications, dataCardsSpecifications,
// We want to add icon to the first column to show that more data are available on click
// If this is first column, add click icon
if (firstColumn) {
- newColumn.innerHTML = '