Skip to content

Lifars/ioc-checker-server

Repository files navigation

IOC Checker Server

Build

Building this software requires JDK 1.8 or later (OpenJDK is sufficient).

Open a terminal in the project directory and

  • on a Windows machine run
    gradlew.bat clean shadowJar
  • on a Linux machine run
    ./gradlew clean shadowJar

Running

Run with default configuration

cd build/libs

java -jar ioc-checker-server-[VERSION].jar

This will launch an instance with H2 empty in-memory database listening on port 8080.

Run with non-empty database

java -jar ioc-checker-server.jar --admin-email [email protected] --admin-pass admin --probe-name probe1 --probe-key probeKey --dummy-ioc --default-feed-sources

The command above will create:

  • Admin user with login [email protected] and password admin
  • Probe credentials with name probe1 and api key probeKey
    • These credentials are used by ioc-checker-probe to authenticate
    • Some dummy IOC
    • Register a default feed source that will populate IOC from MISP Project. By default, the first feed harvest will start a few seconds after the launch with 2 hour period.

Running in production with PostgreSQL and SSL

Enabling SSL

To enable SSL you can:

  • Use some reverse proxy like nginx, see for example this guide usingLet's encrypt certificate (navigate to Option 2)

or

  • Configure server itself using for example self signed certificate. This option will be assumed from now on.

Setup PostgreSQL

Let's assume you have an running PostgreSQL with * User with login privilege and some password (user = login role in PostgreSQL jargon) * An empty database with granted privileges to user iocchecker-user

Configuring the ioc-checker-server

  • Create a new file called application.conf in the same directory a this app's executable jar. Read it thoroughly and configure it as you fit.

    ktor {
      deployment {
        port = 8080 // HTTP port
        sslPort = 8443 // HTTPS port 
        watch = [ http2 ]
      }
      application {
        modules = [com.lifars.ioc.server.ApplicationKt.module]
      }
      security { // ATENTION HERE <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ATTENTION HERE
        ssl {
          keyStore = Place the JKS keystore path
          keyAlias = Place the JKS keystore alias
          keyStorePassword = Place the JKS keystore password
          privateKeyPassword = Place the private key password
        }
      }
    }
    
    // PostgreSQL, persistent // ATENTION HERE <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ATTENTION HERE
    db {
        driver = "org.postgresql.Driver"
        jdbcUrl = "jdbc:postgresql://URL-TO-THE-DATABASE:5432/DATABASE-NAME"
        username = PostgreSQL login name 
        password = PostgreSQL login password
    }
    
    feed {
        every = 2 // hours // How often feeds should be harvested
        storage = "data/feeds.db" // Internal database with visited sites. Just keep it as is.
    }
    
    auth {
      probe {
        pepper = "Pepper for the probe authentication. Change it to something random."
        realm = "IOC Server Probes" // Leave it as is
      }
      user {
        pepper = "Pepper for the user authentication. Change it to something random."
        realm = "IOC Server Users" // Leave it as is
        jwt {
          secret = "Jwt secret. Change this to something random."
          timeout = 600 // minutes // JWT token expiration
          issuer = "IOC-Server" // Leave it as is
          audience = "IOC-Server-Users" // Leave it as is
        }
      }
    }

Run with the new configuration file

cd build/libs

java -jar ioc-checker-server-[VERSION].jar -config=application.conf 

Run with the new configuration file & populate database tables.

java -jar ioc-checker-server.jar -config=application.conf --admin-email [email protected] --admin-pass admin --probe-name probe1 --probe-key probeKey --dummy-ioc --default-feed-sources