mirror of
https://github.com/domainaware/parsedmarc.git
synced 2026-07-03 15:34:19 +00:00
Update docs
This commit is contained in:
+4
-4
@@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>Overview: module code — parsedmarc 8.3.2 documentation</title>
|
||||
<title>Overview: module code — parsedmarc 8.4.0 documentation</title>
|
||||
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
|
||||
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
|
||||
<!--[if lt IE 9]>
|
||||
@@ -29,7 +29,7 @@
|
||||
<a href="../index.html" class="icon icon-home"> parsedmarc
|
||||
</a>
|
||||
<div class="version">
|
||||
8.3.2
|
||||
8.4.0
|
||||
</div>
|
||||
<div role="search">
|
||||
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
|
||||
@@ -54,8 +54,8 @@
|
||||
<div class="rst-content">
|
||||
<div role="navigation" aria-label="Page navigation">
|
||||
<ul class="wy-breadcrumbs">
|
||||
<li><a href="../index.html" class="icon icon-home"></a> »</li>
|
||||
<li>Overview: module code</li>
|
||||
<li><a href="../index.html" class="icon icon-home"></a></li>
|
||||
<li class="breadcrumb-item active">Overview: module code</li>
|
||||
<li class="wy-breadcrumbs-aside">
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>parsedmarc — parsedmarc 8.3.2 documentation</title>
|
||||
<title>parsedmarc — parsedmarc 8.4.0 documentation</title>
|
||||
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
|
||||
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
|
||||
<!--[if lt IE 9]>
|
||||
@@ -29,7 +29,7 @@
|
||||
<a href="../index.html" class="icon icon-home"> parsedmarc
|
||||
</a>
|
||||
<div class="version">
|
||||
8.3.2
|
||||
8.4.0
|
||||
</div>
|
||||
<div role="search">
|
||||
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
|
||||
@@ -54,9 +54,9 @@
|
||||
<div class="rst-content">
|
||||
<div role="navigation" aria-label="Page navigation">
|
||||
<ul class="wy-breadcrumbs">
|
||||
<li><a href="../index.html" class="icon icon-home"></a> »</li>
|
||||
<li><a href="index.html">Module code</a> »</li>
|
||||
<li>parsedmarc</li>
|
||||
<li><a href="../index.html" class="icon icon-home"></a></li>
|
||||
<li class="breadcrumb-item"><a href="index.html">Module code</a></li>
|
||||
<li class="breadcrumb-item active">parsedmarc</li>
|
||||
<li class="wy-breadcrumbs-aside">
|
||||
</li>
|
||||
</ul>
|
||||
@@ -102,7 +102,7 @@
|
||||
<span class="kn">from</span> <span class="nn">parsedmarc.utils</span> <span class="kn">import</span> <span class="n">parse_email</span>
|
||||
<span class="kn">from</span> <span class="nn">parsedmarc.utils</span> <span class="kn">import</span> <span class="n">timestamp_to_human</span><span class="p">,</span> <span class="n">human_timestamp_to_datetime</span>
|
||||
|
||||
<span class="n">__version__</span> <span class="o">=</span> <span class="s2">"8.3.2"</span>
|
||||
<span class="n">__version__</span> <span class="o">=</span> <span class="s2">"8.4.0"</span>
|
||||
|
||||
<span class="n">logger</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">"parsedmarc v</span><span class="si">{0}</span><span class="s2">"</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">__version__</span><span class="p">))</span>
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>parsedmarc.elastic — parsedmarc 8.3.2 documentation</title>
|
||||
<title>parsedmarc.elastic — parsedmarc 8.4.0 documentation</title>
|
||||
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
|
||||
<link rel="stylesheet" href="../../_static/css/theme.css" type="text/css" />
|
||||
<!--[if lt IE 9]>
|
||||
@@ -29,7 +29,7 @@
|
||||
<a href="../../index.html" class="icon icon-home"> parsedmarc
|
||||
</a>
|
||||
<div class="version">
|
||||
8.3.2
|
||||
8.4.0
|
||||
</div>
|
||||
<div role="search">
|
||||
<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
|
||||
@@ -54,10 +54,10 @@
|
||||
<div class="rst-content">
|
||||
<div role="navigation" aria-label="Page navigation">
|
||||
<ul class="wy-breadcrumbs">
|
||||
<li><a href="../../index.html" class="icon icon-home"></a> »</li>
|
||||
<li><a href="../index.html">Module code</a> »</li>
|
||||
<li><a href="../parsedmarc.html">parsedmarc</a> »</li>
|
||||
<li>parsedmarc.elastic</li>
|
||||
<li><a href="../../index.html" class="icon icon-home"></a></li>
|
||||
<li class="breadcrumb-item"><a href="../index.html">Module code</a></li>
|
||||
<li class="breadcrumb-item"><a href="../parsedmarc.html">parsedmarc</a></li>
|
||||
<li class="breadcrumb-item active">parsedmarc.elastic</li>
|
||||
<li class="wy-breadcrumbs-aside">
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>parsedmarc.splunk — parsedmarc 8.3.2 documentation</title>
|
||||
<title>parsedmarc.splunk — parsedmarc 8.4.0 documentation</title>
|
||||
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
|
||||
<link rel="stylesheet" href="../../_static/css/theme.css" type="text/css" />
|
||||
<!--[if lt IE 9]>
|
||||
@@ -29,7 +29,7 @@
|
||||
<a href="../../index.html" class="icon icon-home"> parsedmarc
|
||||
</a>
|
||||
<div class="version">
|
||||
8.3.2
|
||||
8.4.0
|
||||
</div>
|
||||
<div role="search">
|
||||
<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
|
||||
@@ -54,10 +54,10 @@
|
||||
<div class="rst-content">
|
||||
<div role="navigation" aria-label="Page navigation">
|
||||
<ul class="wy-breadcrumbs">
|
||||
<li><a href="../../index.html" class="icon icon-home"></a> »</li>
|
||||
<li><a href="../index.html">Module code</a> »</li>
|
||||
<li><a href="../parsedmarc.html">parsedmarc</a> »</li>
|
||||
<li>parsedmarc.splunk</li>
|
||||
<li><a href="../../index.html" class="icon icon-home"></a></li>
|
||||
<li class="breadcrumb-item"><a href="../index.html">Module code</a></li>
|
||||
<li class="breadcrumb-item"><a href="../parsedmarc.html">parsedmarc</a></li>
|
||||
<li class="breadcrumb-item active">parsedmarc.splunk</li>
|
||||
<li class="wy-breadcrumbs-aside">
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>parsedmarc.utils — parsedmarc 8.3.2 documentation</title>
|
||||
<title>parsedmarc.utils — parsedmarc 8.4.0 documentation</title>
|
||||
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
|
||||
<link rel="stylesheet" href="../../_static/css/theme.css" type="text/css" />
|
||||
<!--[if lt IE 9]>
|
||||
@@ -29,7 +29,7 @@
|
||||
<a href="../../index.html" class="icon icon-home"> parsedmarc
|
||||
</a>
|
||||
<div class="version">
|
||||
8.3.2
|
||||
8.4.0
|
||||
</div>
|
||||
<div role="search">
|
||||
<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
|
||||
@@ -54,10 +54,10 @@
|
||||
<div class="rst-content">
|
||||
<div role="navigation" aria-label="Page navigation">
|
||||
<ul class="wy-breadcrumbs">
|
||||
<li><a href="../../index.html" class="icon icon-home"></a> »</li>
|
||||
<li><a href="../index.html">Module code</a> »</li>
|
||||
<li><a href="../parsedmarc.html">parsedmarc</a> »</li>
|
||||
<li>parsedmarc.utils</li>
|
||||
<li><a href="../../index.html" class="icon icon-home"></a></li>
|
||||
<li class="breadcrumb-item"><a href="../index.html">Module code</a></li>
|
||||
<li class="breadcrumb-item"><a href="../parsedmarc.html">parsedmarc</a></li>
|
||||
<li class="breadcrumb-item active">parsedmarc.utils</li>
|
||||
<li class="wy-breadcrumbs-aside">
|
||||
</li>
|
||||
</ul>
|
||||
@@ -361,6 +361,13 @@
|
||||
<span class="s2">"dbip-country.mmdb"</span><span class="p">,</span>
|
||||
<span class="p">]</span>
|
||||
|
||||
<span class="k">if</span> <span class="n">db_path</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
|
||||
<span class="k">if</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">isfile</span><span class="p">(</span><span class="n">db_path</span><span class="p">)</span> <span class="ow">is</span> <span class="kc">False</span><span class="p">:</span>
|
||||
<span class="n">db_path</span> <span class="o">=</span> <span class="kc">None</span>
|
||||
<span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="sa">f</span><span class="s2">"No file exists at </span><span class="si">{</span><span class="n">db_path</span><span class="si">}</span><span class="s2">. Falling back to an "</span>
|
||||
<span class="s2">"included copy of the IPDB IP to Country "</span>
|
||||
<span class="s2">"Lite database."</span><span class="p">)</span>
|
||||
|
||||
<span class="k">if</span> <span class="n">db_path</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
||||
<span class="k">for</span> <span class="n">system_path</span> <span class="ow">in</span> <span class="n">db_paths</span><span class="p">:</span>
|
||||
<span class="k">if</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">exists</span><span class="p">(</span><span class="n">system_path</span><span class="p">):</span>
|
||||
|
||||
+89
-101
@@ -203,8 +203,8 @@ The full set of configuration options are:
|
||||
- `batch_size` - int: Number of messages to read and process
|
||||
before saving. Default `10`. Use `0` for no limit.
|
||||
- `check_timeout` - int: Number of seconds to wait for a IMAP
|
||||
IDLE response or the number of seconds until the next mai
|
||||
check (Default: `30`)
|
||||
IDLE response or the number of seconds until the next
|
||||
mail check (Default: `30`)
|
||||
- `imap`
|
||||
- `host` - str: The IMAP server hostname or IP address
|
||||
- `port` - int: The IMAP server port (Default: `993`)
|
||||
@@ -246,6 +246,9 @@ The full set of configuration options are:
|
||||
could be a shared mailbox if the user has access to the mailbox
|
||||
- `token_file` - str: Path to save the token file
|
||||
(Default: `.token`)
|
||||
- `allow_unencrypted_storage` - bool: Allows the Azure Identity
|
||||
module to fall back to unencrypted token cache (Default: False).
|
||||
Even if enabled, the cache will always try encrypted storage first.
|
||||
|
||||
:::{note}
|
||||
You must create an app registration in Azure AD and have an
|
||||
@@ -290,7 +293,7 @@ The full set of configuration options are:
|
||||
- `number_of_shards` - int: The number of shards to use when
|
||||
creating the index (Default: `1`)
|
||||
- `number_of_replicas` - int: The number of replicas to use when
|
||||
creating the index (Default: `1`)
|
||||
creating the index (Default: `0`)
|
||||
- `splunk_hec`
|
||||
- `url` - str: The URL of the Splunk HTTP Events Collector (HEC)
|
||||
- `token` - str: The HEC token
|
||||
@@ -385,6 +388,32 @@ known samples you want to save to that folder
|
||||
(e.g. malicious samples and non-sensitive legitimate samples).
|
||||
:::
|
||||
|
||||
:::{warning}
|
||||
Elasticsearch 8 change limits policy for shards, restricting by
|
||||
default to 1000. parsedmarc use a shard per analyzed day. If you
|
||||
have more than ~3 years of data, you will need to update this
|
||||
limit.
|
||||
Check current usage (from Management -> Dev Tools -> Console):
|
||||
```
|
||||
GET /_cluster/health?pretty
|
||||
...
|
||||
"active_primary_shards": 932,
|
||||
"active_shards": 932,
|
||||
...
|
||||
}
|
||||
```
|
||||
Update the limit to 2k per exemple:
|
||||
```
|
||||
PUT _cluster/settings
|
||||
{
|
||||
"persistent" : {
|
||||
"cluster.max_shards_per_node" : 2000
|
||||
}
|
||||
}
|
||||
```
|
||||
Be warned that increasing this value increase ressources usage.
|
||||
:::
|
||||
|
||||
## Sample aggregate report output
|
||||
|
||||
Here are the results from parsing the[example](https://dmarc.org/wiki/FAQ#I_need_to_implement_aggregate_reports.2C_what_do_they_look_like.3F)
|
||||
@@ -636,6 +665,9 @@ On Debian 10 (Buster) or later, run:
|
||||
```bash
|
||||
sudo apt-get install -y geoipupdate
|
||||
```
|
||||
:::{note}
|
||||
[Component "contrib"] is required in your apt sources.
|
||||
:::
|
||||
|
||||
On Ubuntu systems run:
|
||||
|
||||
@@ -739,10 +771,16 @@ explicitly tell `virtualenv` to use `python3.9` instead
|
||||
sudo -u parsedmarc virtualenv -p python3.9 /opt/parsedmarc/venv
|
||||
```
|
||||
|
||||
Activate the virtualenv
|
||||
|
||||
```bash
|
||||
source /opt/parsedmarc/venv/bin/activate
|
||||
```
|
||||
|
||||
To install or upgrade `parsedmarc` inside the virtualenv, run:
|
||||
|
||||
```bash
|
||||
sudo -u parsedmarc /opt/parsedmarc/venv -U parsedmarc
|
||||
sudo -u parsedmarc /opt/parsedmarc/venv/bin/pip install -U parsedmarc
|
||||
```
|
||||
|
||||
### Optional dependencies
|
||||
@@ -966,20 +1004,20 @@ On Debian/Ubuntu based systems, run:
|
||||
|
||||
```bash
|
||||
sudo apt-get install -y apt-transport-https
|
||||
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
|
||||
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
|
||||
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
|
||||
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y default-jre-headless elasticsearch kibana
|
||||
sudo apt-get install -y elasticsearch kibana
|
||||
```
|
||||
|
||||
For CentOS, RHEL, and other RPM systems, follow the Elastic RPM guides for
|
||||
[Elasticsearch] and [Kibana].
|
||||
|
||||
:::{warning}
|
||||
The default JVM heap size for Elasticsearch is very small (1g), which will
|
||||
cause it to crash under a heavy load. To fix this, increase the minimum and
|
||||
maximum JVM heap sizes in `/etc/elasticsearch/jvm.options` to more
|
||||
reasonable levels, depending on your server's resources.
|
||||
:::{note}
|
||||
Previously, the default JVM heap size for Elasticsearch was very small (1g),
|
||||
which will cause it to crash under a heavy load. To fix this, increase the
|
||||
minimum and maximum JVM heap sizes in `/etc/elasticsearch/jvm.options` to
|
||||
more reasonable levels, depending on your server's resources.
|
||||
|
||||
Make sure the system has at least 2 GB more RAM then the assigned JVM
|
||||
heap size.
|
||||
@@ -994,7 +1032,7 @@ For example, to set a 4 GB heap size, set
|
||||
-Xmx4g
|
||||
```
|
||||
|
||||
See <https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html>
|
||||
See <https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#heap-size-settings>
|
||||
for more information.
|
||||
:::
|
||||
|
||||
@@ -1006,28 +1044,6 @@ sudo service elasticsearch start
|
||||
sudo service kibana start
|
||||
```
|
||||
|
||||
Without the commercial [X-Pack] or [ReadonlyREST] products, Kibana
|
||||
does not have any authentication
|
||||
mechanism of its own. You can use nginx as a reverse proxy that
|
||||
provides basic authentication.
|
||||
|
||||
```bash
|
||||
sudo apt-get install -y nginx apache2-utils
|
||||
```
|
||||
|
||||
Or, on CentOS:
|
||||
|
||||
```bash
|
||||
sudo yum install -y nginx httpd-tools
|
||||
```
|
||||
|
||||
Create a directory to store the certificates and keys:
|
||||
|
||||
```bash
|
||||
mkdir ~/ssl
|
||||
cd ~/ssl
|
||||
```
|
||||
|
||||
To create a self-signed certificate, run:
|
||||
|
||||
```bash
|
||||
@@ -1052,85 +1068,52 @@ rm -f kibana.csr
|
||||
Move the keys into place and secure them:
|
||||
|
||||
```bash
|
||||
cd
|
||||
sudo mv ssl /etc/nginx
|
||||
sudo chown -R root:www-data /etc/nginx/ssl
|
||||
sudo chmod -R u=rX,g=rX,o= /etc/nginx/ssl
|
||||
sudo mv kibana.* /etc/kibana
|
||||
sudo chmod 660 /etc/kibana/kibana.key
|
||||
```
|
||||
|
||||
Disable the default nginx configuration:
|
||||
|
||||
Activate the HTTPS server in Kibana
|
||||
```bash
|
||||
sudo rm /etc/nginx/sites-enabled/default
|
||||
sudo vim /etc/kibana/kibana.yml
|
||||
```
|
||||
Add the following configuration
|
||||
```
|
||||
server.host: "SERVER_IP"
|
||||
server.publicBaseUrl: "https://SERVER_IP"
|
||||
server.ssl.enabled: true
|
||||
server.ssl.certificate: /etc/kibana/kibana.crt
|
||||
server.ssl.key: /etc/kibana/kibana.key
|
||||
```
|
||||
|
||||
Create the web server configuration
|
||||
|
||||
```bash
|
||||
sudo nano /etc/nginx/sites-available/kibana
|
||||
sudo systemctl restart kibana
|
||||
```
|
||||
|
||||
```nginx
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
ssl_certificate /etc/nginx/ssl/kibana.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/kibana.key;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
|
||||
# modern configuration. tweak to your needs.
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
# Uncomment this next line if you are using a signed, trusted cert
|
||||
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
auth_basic "Login required";
|
||||
auth_basic_user_file /etc/nginx/htpasswd;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:5601;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
```
|
||||
|
||||
Enable the nginx configuration for Kibana:
|
||||
|
||||
Enroll Kibana in Elasticsearch
|
||||
```bash
|
||||
sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
|
||||
sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
|
||||
```
|
||||
|
||||
Add a user to basic authentication:
|
||||
|
||||
Then access to your webserver at https://SERVER_IP:5601, accept the self-signed
|
||||
certificate and paste the token in the "Enrollment token" field.
|
||||
```bash
|
||||
sudo htpasswd -c /etc/nginx/htpasswd exampleuser
|
||||
sudo /usr/share/kibana/bin/kibana-verification-code
|
||||
```
|
||||
Then put the verification code to your web browser.
|
||||
|
||||
Where `exampleuser` is the name of the user you want to add.
|
||||
|
||||
Secure the permissions of the httpasswd file:
|
||||
|
||||
End Kibana configuration
|
||||
```bash
|
||||
sudo chown root:www-data /etc/nginx/htpasswd
|
||||
sudo chmod u=rw,g=r,o= /etc/nginx/htpasswd
|
||||
sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
|
||||
sudo /usr/share/kibana/bin/kibana-encryption-keys generate
|
||||
sudo vim /etc/kibana/kibana.yml
|
||||
```
|
||||
Add previously generated encryption keys
|
||||
```
|
||||
xpack.encryptedSavedObjects.encryptionKey: xxxx...xxxx
|
||||
xpack.reporting.encryptionKey: xxxx...xxxx
|
||||
xpack.security.encryptionKey: xxxx...xxxx
|
||||
```
|
||||
|
||||
Restart nginx:
|
||||
|
||||
```bash
|
||||
sudo service nginx restart
|
||||
sudo systemctl restart kibana
|
||||
sudo systemctl restart elasticsearch
|
||||
```
|
||||
|
||||
Now that Elasticsearch is up and running, use `parsedmarc` to send data to
|
||||
@@ -1138,8 +1121,12 @@ it.
|
||||
|
||||
Download (right click the link and click save as) [export.ndjson].
|
||||
|
||||
Connect to kibana using the "elastic" user and the password you previously provide
|
||||
on the console ("End Kibana configuration" part).
|
||||
|
||||
Import `export.ndjson` the Saved Objects tab of the Stack management
|
||||
page of Kibana.
|
||||
page of Kibana. (Hamburger menu -> "Management" -> "Stack Management" ->
|
||||
"Kibana" -> "Saved Objects")
|
||||
|
||||
It will give you the option to overwrite existing saved dashboards or
|
||||
visualizations, which could be used to restore them if you or someone else
|
||||
@@ -1271,7 +1258,7 @@ service parsedmarc status
|
||||
:::{note}
|
||||
In the event of a crash, systemd will restart the service after 10
|
||||
minutes, but the `service parsedmarc status` command will only show
|
||||
the logs for the current process. To vew the logs for previous runs
|
||||
the logs for the current process. To view the logs for previous runs
|
||||
as well as the current process (newest to oldest), run:
|
||||
|
||||
```bash
|
||||
@@ -1667,6 +1654,7 @@ Some additional steps are needed for Linux hosts.
|
||||
- {ref}`search`
|
||||
|
||||
[cloudflare's public resolvers]: https://1.1.1.1/
|
||||
[Component "contrib"]: https://wiki.debian.org/SourcesList#Component
|
||||
[contributors]: https://github.com/domainaware/parsedmarc/graphs/contributors
|
||||
[creative commons attribution 4.0 international license]: https://creativecommons.org/licenses/by/4.0/
|
||||
[demystifying dmarc]: https://seanthegeek.net/459/demystifying-dmarc/
|
||||
|
||||
@@ -1 +1 @@
|
||||
.fa:before{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-style:normal;font-weight:400;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#FontAwesome) format("svg")}.fa:before{font-family:FontAwesome;font-style:normal;font-weight:400;line-height:1}.fa:before,a .fa{text-decoration:inherit}.fa:before,a .fa,li .fa{display:inline-block}li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-caret-down:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before,.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before,.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before,.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60}.rst-versions .rst-current-version:after{clear:both;content:"";display:block}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}
|
||||
.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-style:normal;font-weight:400;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#FontAwesome) format("svg")}.fa:before{font-family:FontAwesome;font-style:normal;font-weight:400;line-height:1}.fa:before,a .fa{text-decoration:inherit}.fa:before,a .fa,li .fa{display:inline-block}li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-caret-down:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before,.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before,.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before,.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60}.rst-versions .rst-current-version:after{clear:both;content:"";display:block}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}
|
||||
File diff suppressed because one or more lines are too long
@@ -1,6 +1,6 @@
|
||||
var DOCUMENTATION_OPTIONS = {
|
||||
URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'),
|
||||
VERSION: '8.3.2',
|
||||
VERSION: '8.4.0',
|
||||
LANGUAGE: 'en',
|
||||
COLLAPSE_INDEX: false,
|
||||
BUILDER: 'html',
|
||||
|
||||
+4
-4
@@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>Index — parsedmarc 8.3.2 documentation</title>
|
||||
<title>Index — parsedmarc 8.4.0 documentation</title>
|
||||
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
|
||||
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
|
||||
<!--[if lt IE 9]>
|
||||
@@ -29,7 +29,7 @@
|
||||
<a href="index.html" class="icon icon-home"> parsedmarc
|
||||
</a>
|
||||
<div class="version">
|
||||
8.3.2
|
||||
8.4.0
|
||||
</div>
|
||||
<div role="search">
|
||||
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
|
||||
@@ -54,8 +54,8 @@
|
||||
<div class="rst-content">
|
||||
<div role="navigation" aria-label="Page navigation">
|
||||
<ul class="wy-breadcrumbs">
|
||||
<li><a href="index.html" class="icon icon-home"></a> »</li>
|
||||
<li>Index</li>
|
||||
<li><a href="index.html" class="icon icon-home"></a></li>
|
||||
<li class="breadcrumb-item active">Index</li>
|
||||
<li class="wy-breadcrumbs-aside">
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
+90
-88
@@ -4,7 +4,7 @@
|
||||
<meta charset="utf-8" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>parsedmarc documentation - Open source DMARC report analyzer and visualizer — parsedmarc 8.3.2 documentation</title>
|
||||
<title>parsedmarc documentation - Open source DMARC report analyzer and visualizer — parsedmarc 8.4.0 documentation</title>
|
||||
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
|
||||
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
|
||||
<!--[if lt IE 9]>
|
||||
@@ -30,7 +30,7 @@
|
||||
<a href="#" class="icon icon-home"> parsedmarc
|
||||
</a>
|
||||
<div class="version">
|
||||
8.3.2
|
||||
8.4.0
|
||||
</div>
|
||||
<div role="search">
|
||||
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
|
||||
@@ -185,8 +185,8 @@
|
||||
<div class="rst-content">
|
||||
<div role="navigation" aria-label="Page navigation">
|
||||
<ul class="wy-breadcrumbs">
|
||||
<li><a href="#" class="icon icon-home"></a> »</li>
|
||||
<li>parsedmarc documentation - Open source DMARC report analyzer and visualizer</li>
|
||||
<li><a href="#" class="icon icon-home"></a></li>
|
||||
<li class="breadcrumb-item active">parsedmarc documentation - Open source DMARC report analyzer and visualizer</li>
|
||||
<li class="wy-breadcrumbs-aside">
|
||||
<a href="_sources/index.md.txt" rel="nofollow"> View page source</a>
|
||||
</li>
|
||||
@@ -394,8 +394,8 @@ Gmail) to sort processed emails into (Default: <code class="docutils literal not
|
||||
<li><p><code class="docutils literal notranslate"><span class="pre">batch_size</span></code> - int: Number of messages to read and process
|
||||
before saving. Default <code class="docutils literal notranslate"><span class="pre">10</span></code>. Use <code class="docutils literal notranslate"><span class="pre">0</span></code> for no limit.</p></li>
|
||||
<li><p><code class="docutils literal notranslate"><span class="pre">check_timeout</span></code> - int: Number of seconds to wait for a IMAP
|
||||
IDLE response or the number of seconds until the next mai
|
||||
check (Default: <code class="docutils literal notranslate"><span class="pre">30</span></code>)</p></li>
|
||||
IDLE response or the number of seconds until the next
|
||||
mail check (Default: <code class="docutils literal notranslate"><span class="pre">30</span></code>)</p></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><p><code class="docutils literal notranslate"><span class="pre">imap</span></code></p>
|
||||
@@ -442,7 +442,10 @@ for all auth methods except UsernamePassword.</p></li>
|
||||
current user if using the UsernamePassword auth method, but
|
||||
could be a shared mailbox if the user has access to the mailbox</p></li>
|
||||
<li><p><code class="docutils literal notranslate"><span class="pre">token_file</span></code> - str: Path to save the token file
|
||||
(Default: <code class="docutils literal notranslate"><span class="pre">.token</span></code>)</p>
|
||||
(Default: <code class="docutils literal notranslate"><span class="pre">.token</span></code>)</p></li>
|
||||
<li><p><code class="docutils literal notranslate"><span class="pre">allow_unencrypted_storage</span></code> - bool: Allows the Azure Identity
|
||||
module to fall back to unencrypted token cache (Default: False).
|
||||
Even if enabled, the cache will always try encrypted storage first.</p>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>You must create an app registration in Azure AD and have an
|
||||
@@ -489,7 +492,7 @@ or URLs (e.g. <code class="docutils literal notranslate"><span class="pre">127.0
|
||||
<li><p><code class="docutils literal notranslate"><span class="pre">number_of_shards</span></code> - int: The number of shards to use when
|
||||
creating the index (Default: <code class="docutils literal notranslate"><span class="pre">1</span></code>)</p></li>
|
||||
<li><p><code class="docutils literal notranslate"><span class="pre">number_of_replicas</span></code> - int: The number of replicas to use when
|
||||
creating the index (Default: <code class="docutils literal notranslate"><span class="pre">1</span></code>)</p></li>
|
||||
creating the index (Default: <code class="docutils literal notranslate"><span class="pre">0</span></code>)</p></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><p><code class="docutils literal notranslate"><span class="pre">splunk_hec</span></code></p>
|
||||
@@ -600,6 +603,32 @@ reports in your DMARC inbox, but run <code class="docutils literal notranslate">
|
||||
known samples you want to save to that folder
|
||||
(e.g. malicious samples and non-sensitive legitimate samples).</p>
|
||||
</div>
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title">Warning</p>
|
||||
<p>Elasticsearch 8 change limits policy for shards, restricting by
|
||||
default to 1000. parsedmarc use a shard per analyzed day. If you
|
||||
have more than ~3 years of data, you will need to update this
|
||||
limit.
|
||||
Check current usage (from Management -> Dev Tools -> Console):</p>
|
||||
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>GET /_cluster/health?pretty
|
||||
...
|
||||
"active_primary_shards": 932,
|
||||
"active_shards": 932,
|
||||
...
|
||||
}
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Update the limit to 2k per exemple:</p>
|
||||
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">PUT</span> <span class="n">_cluster</span><span class="o">/</span><span class="n">settings</span>
|
||||
<span class="p">{</span>
|
||||
<span class="s2">"persistent"</span> <span class="p">:</span> <span class="p">{</span>
|
||||
<span class="s2">"cluster.max_shards_per_node"</span> <span class="p">:</span> <span class="mi">2000</span>
|
||||
<span class="p">}</span>
|
||||
<span class="p">}</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Be warned that increasing this value increase ressources usage.</p>
|
||||
</div>
|
||||
</section>
|
||||
<section id="sample-aggregate-report-output">
|
||||
<h2>Sample aggregate report output<a class="headerlink" href="#sample-aggregate-report-output" title="Permalink to this heading"></a></h2>
|
||||
@@ -844,6 +873,10 @@ these databases as they are released, so MaxMind’s databases and the
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo apt-get install -y geoipupdate
|
||||
</pre></div>
|
||||
</div>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p><a class="reference external" href="https://wiki.debian.org/SourcesList#Component">Component “contrib”</a> is required in your apt sources.</p>
|
||||
</div>
|
||||
<p>On Ubuntu systems run:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo add-apt-repository ppa:maxmind/ppa
|
||||
sudo apt update
|
||||
@@ -919,8 +952,12 @@ explicitly tell <code class="docutils literal notranslate"><span class="pre">vir
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo -u parsedmarc virtualenv -p python3.9 /opt/parsedmarc/venv
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Activate the virtualenv</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span><span class="nb">source</span> /opt/parsedmarc/venv/bin/activate
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>To install or upgrade <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> inside the virtualenv, run:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo -u parsedmarc /opt/parsedmarc/venv -U parsedmarc
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo -u parsedmarc /opt/parsedmarc/venv/bin/pip install -U parsedmarc
|
||||
</pre></div>
|
||||
</div>
|
||||
</section>
|
||||
@@ -1118,20 +1155,20 @@ config file:</p>
|
||||
</div>
|
||||
<p>On Debian/Ubuntu based systems, run:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo apt-get install -y apt-transport-https
|
||||
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch <span class="p">|</span> sudo apt-key add -
|
||||
<span class="nb">echo</span> <span class="s2">"deb https://artifacts.elastic.co/packages/7.x/apt stable main"</span> <span class="p">|</span> sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
|
||||
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch <span class="p">|</span> sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
|
||||
<span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main"</span> <span class="p">|</span> sudo tee /etc/apt/sources.list.d/elastic-8.x.list
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y default-jre-headless elasticsearch kibana
|
||||
sudo apt-get install -y elasticsearch kibana
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>For CentOS, RHEL, and other RPM systems, follow the Elastic RPM guides for
|
||||
<a class="reference external" href="https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html">Elasticsearch</a> and <a class="reference external" href="https://www.elastic.co/guide/en/kibana/current/rpm.html">Kibana</a>.</p>
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title">Warning</p>
|
||||
<p>The default JVM heap size for Elasticsearch is very small (1g), which will
|
||||
cause it to crash under a heavy load. To fix this, increase the minimum and
|
||||
maximum JVM heap sizes in <code class="docutils literal notranslate"><span class="pre">/etc/elasticsearch/jvm.options</span></code> to more
|
||||
reasonable levels, depending on your server’s resources.</p>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>Previously, the default JVM heap size for Elasticsearch was very small (1g),
|
||||
which will cause it to crash under a heavy load. To fix this, increase the
|
||||
minimum and maximum JVM heap sizes in <code class="docutils literal notranslate"><span class="pre">/etc/elasticsearch/jvm.options</span></code> to
|
||||
more reasonable levels, depending on your server’s resources.</p>
|
||||
<p>Make sure the system has at least 2 GB more RAM then the assigned JVM
|
||||
heap size.</p>
|
||||
<p>Always set the minimum and maximum JVM heap sizes to the same
|
||||
@@ -1141,7 +1178,7 @@ value.</p>
|
||||
-Xmx4g
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>See <a class="reference external" href="https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html">https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html</a>
|
||||
<p>See <a class="reference external" href="https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#heap-size-settings">https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#heap-size-settings</a>
|
||||
for more information.</p>
|
||||
</div>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo systemctl daemon-reload
|
||||
@@ -1151,22 +1188,6 @@ sudo service elasticsearch start
|
||||
sudo service kibana start
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Without the commercial <a class="reference external" href="https://www.elastic.co/products/x-pack">X-Pack</a> or <a class="reference external" href="https://readonlyrest.com/">ReadonlyREST</a> products, Kibana
|
||||
does not have any authentication
|
||||
mechanism of its own. You can use nginx as a reverse proxy that
|
||||
provides basic authentication.</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo apt-get install -y nginx apache2-utils
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Or, on CentOS:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo yum install -y nginx httpd-tools
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Create a directory to store the certificates and keys:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>mkdir ~/ssl
|
||||
<span class="nb">cd</span> ~/ssl
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>To create a self-signed certificate, run:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>openssl req -x509 -nodes -days <span class="m">365</span> -newkey rsa:4096 -keyout kibana.key -out kibana.crt
|
||||
</pre></div>
|
||||
@@ -1182,78 +1203,59 @@ domain name), which is the IP address or domain name that you will bebana on. it
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Move the keys into place and secure them:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span><span class="nb">cd</span>
|
||||
sudo mv ssl /etc/nginx
|
||||
sudo chown -R root:www-data /etc/nginx/ssl
|
||||
sudo chmod -R <span class="nv">u</span><span class="o">=</span>rX,g<span class="o">=</span>rX,o<span class="o">=</span> /etc/nginx/ssl
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo mv kibana.* /etc/kibana
|
||||
sudo chmod <span class="m">660</span> /etc/kibana/kibana.key
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Disable the default nginx configuration:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo rm /etc/nginx/sites-enabled/default
|
||||
<p>Activate the HTTPS server in Kibana</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo vim /etc/kibana/kibana.yml
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Create the web server configuration</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo nano /etc/nginx/sites-available/kibana
|
||||
<p>Add the following configuration</p>
|
||||
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">server</span><span class="o">.</span><span class="n">host</span><span class="p">:</span> <span class="s2">"SERVER_IP"</span>
|
||||
<span class="n">server</span><span class="o">.</span><span class="n">publicBaseUrl</span><span class="p">:</span> <span class="s2">"https://SERVER_IP"</span>
|
||||
<span class="n">server</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">enabled</span><span class="p">:</span> <span class="n">true</span>
|
||||
<span class="n">server</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">certificate</span><span class="p">:</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">kibana</span><span class="o">/</span><span class="n">kibana</span><span class="o">.</span><span class="n">crt</span>
|
||||
<span class="n">server</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">key</span><span class="p">:</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">kibana</span><span class="o">/</span><span class="n">kibana</span><span class="o">.</span><span class="n">key</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<div class="highlight-nginx notranslate"><div class="highlight"><pre><span></span><span class="k">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="s">ssl</span><span class="w"> </span><span class="s">http2</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">ssl_certificate</span><span class="w"> </span><span class="s">/etc/nginx/ssl/kibana.crt</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">ssl_certificate_key</span><span class="w"> </span><span class="s">/etc/nginx/ssl/kibana.key</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">ssl_session_timeout</span><span class="w"> </span><span class="s">1d</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">ssl_session_cache</span><span class="w"> </span><span class="s">shared:SSL:50m</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">ssl_session_tickets</span><span class="w"> </span><span class="no">off</span><span class="p">;</span><span class="w"></span>
|
||||
|
||||
|
||||
<span class="w"> </span><span class="c1"># modern configuration. tweak to your needs.</span>
|
||||
<span class="w"> </span><span class="kn">ssl_protocols</span><span class="w"> </span><span class="s">TLSv1.2</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">ssl_ciphers</span><span class="w"> </span><span class="s">'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">ssl_prefer_server_ciphers</span><span class="w"> </span><span class="no">on</span><span class="p">;</span><span class="w"></span>
|
||||
|
||||
<span class="w"> </span><span class="c1"># Uncomment this next line if you are using a signed, trusted cert</span>
|
||||
<span class="w"> </span><span class="c1">#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";</span>
|
||||
<span class="w"> </span><span class="kn">add_header</span><span class="w"> </span><span class="s">X-Frame-Options</span><span class="w"> </span><span class="s">SAMEORIGIN</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">add_header</span><span class="w"> </span><span class="s">X-Content-Type-Options</span><span class="w"> </span><span class="s">nosniff</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">auth_basic</span><span class="w"> </span><span class="s">"Login</span><span class="w"> </span><span class="s">required"</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">auth_basic_user_file</span><span class="w"> </span><span class="s">/etc/nginx/htpasswd</span><span class="p">;</span><span class="w"></span>
|
||||
|
||||
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:5601</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$host</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="p">}</span><span class="w"></span>
|
||||
<span class="p">}</span><span class="w"></span>
|
||||
|
||||
<span class="k">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="w"> </span><span class="kn">return</span><span class="w"> </span><span class="mi">301</span><span class="w"> </span><span class="s">https://</span><span class="nv">$host$request_uri</span><span class="p">;</span><span class="w"></span>
|
||||
<span class="p">}</span><span class="w"></span>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo systemctl restart kibana
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Enable the nginx configuration for Kibana:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
|
||||
<p>Enroll Kibana in Elasticsearch</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Add a user to basic authentication:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo htpasswd -c /etc/nginx/htpasswd exampleuser
|
||||
<p>Then access to your webserver at https://SERVER_IP:5601, accept the self-signed
|
||||
certificate and paste the token in the “Enrollment token” field.</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo /usr/share/kibana/bin/kibana-verification-code
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Where <code class="docutils literal notranslate"><span class="pre">exampleuser</span></code> is the name of the user you want to add.</p>
|
||||
<p>Secure the permissions of the httpasswd file:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo chown root:www-data /etc/nginx/htpasswd
|
||||
sudo chmod <span class="nv">u</span><span class="o">=</span>rw,g<span class="o">=</span>r,o<span class="o">=</span> /etc/nginx/htpasswd
|
||||
<p>Then put the verification code to your web browser.</p>
|
||||
<p>End Kibana configuration</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
|
||||
sudo /usr/share/kibana/bin/kibana-encryption-keys generate
|
||||
sudo vim /etc/kibana/kibana.yml
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Restart nginx:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo service nginx restart
|
||||
<p>Add previously generated encryption keys</p>
|
||||
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">xpack</span><span class="o">.</span><span class="n">encryptedSavedObjects</span><span class="o">.</span><span class="n">encryptionKey</span><span class="p">:</span> <span class="n">xxxx</span><span class="o">...</span><span class="n">xxxx</span>
|
||||
<span class="n">xpack</span><span class="o">.</span><span class="n">reporting</span><span class="o">.</span><span class="n">encryptionKey</span><span class="p">:</span> <span class="n">xxxx</span><span class="o">...</span><span class="n">xxxx</span>
|
||||
<span class="n">xpack</span><span class="o">.</span><span class="n">security</span><span class="o">.</span><span class="n">encryptionKey</span><span class="p">:</span> <span class="n">xxxx</span><span class="o">...</span><span class="n">xxxx</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo systemctl restart kibana
|
||||
sudo systemctl restart elasticsearch
|
||||
</pre></div>
|
||||
</div>
|
||||
<p>Now that Elasticsearch is up and running, use <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> to send data to
|
||||
it.</p>
|
||||
<p>Download (right click the link and click save as) <a class="reference external" href="https://raw.githubusercontent.com/domainaware/parsedmarc/master/kibana/export.ndjson">export.ndjson</a>.</p>
|
||||
<p>Connect to kibana using the “elastic” user and the password you previously provide
|
||||
on the console (“End Kibana configuration” part).</p>
|
||||
<p>Import <code class="docutils literal notranslate"><span class="pre">export.ndjson</span></code> the Saved Objects tab of the Stack management
|
||||
page of Kibana.</p>
|
||||
page of Kibana. (Hamburger menu -> “Management” -> “Stack Management” ->
|
||||
“Kibana” -> “Saved Objects”)</p>
|
||||
<p>It will give you the option to overwrite existing saved dashboards or
|
||||
visualizations, which could be used to restore them if you or someone else
|
||||
breaks them, as there are no permissions/access controls in Kibana without
|
||||
@@ -1361,7 +1363,7 @@ sudo service parsedmarc restart
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>In the event of a crash, systemd will restart the service after 10
|
||||
minutes, but the <code class="docutils literal notranslate"><span class="pre">service</span> <span class="pre">parsedmarc</span> <span class="pre">status</span></code> command will only show
|
||||
the logs for the current process. To vew the logs for previous runs
|
||||
the logs for the current process. To view the logs for previous runs
|
||||
as well as the current process (newest to oldest), run:</p>
|
||||
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>journalctl -u parsedmarc.service -r
|
||||
</pre></div>
|
||||
|
||||
BIN
Binary file not shown.
+4
-4
@@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>Python Module Index — parsedmarc 8.3.2 documentation</title>
|
||||
<title>Python Module Index — parsedmarc 8.4.0 documentation</title>
|
||||
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
|
||||
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
|
||||
<!--[if lt IE 9]>
|
||||
@@ -32,7 +32,7 @@
|
||||
<a href="index.html" class="icon icon-home"> parsedmarc
|
||||
</a>
|
||||
<div class="version">
|
||||
8.3.2
|
||||
8.4.0
|
||||
</div>
|
||||
<div role="search">
|
||||
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
|
||||
@@ -57,8 +57,8 @@
|
||||
<div class="rst-content">
|
||||
<div role="navigation" aria-label="Page navigation">
|
||||
<ul class="wy-breadcrumbs">
|
||||
<li><a href="index.html" class="icon icon-home"></a> »</li>
|
||||
<li>Python Module Index</li>
|
||||
<li><a href="index.html" class="icon icon-home"></a></li>
|
||||
<li class="breadcrumb-item active">Python Module Index</li>
|
||||
<li class="wy-breadcrumbs-aside">
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
+4
-4
@@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>Search — parsedmarc 8.3.2 documentation</title>
|
||||
<title>Search — parsedmarc 8.4.0 documentation</title>
|
||||
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
|
||||
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
|
||||
|
||||
@@ -32,7 +32,7 @@
|
||||
<a href="index.html" class="icon icon-home"> parsedmarc
|
||||
</a>
|
||||
<div class="version">
|
||||
8.3.2
|
||||
8.4.0
|
||||
</div>
|
||||
<div role="search">
|
||||
<form id="rtd-search-form" class="wy-form" action="#" method="get">
|
||||
@@ -57,8 +57,8 @@
|
||||
<div class="rst-content">
|
||||
<div role="navigation" aria-label="Page navigation">
|
||||
<ul class="wy-breadcrumbs">
|
||||
<li><a href="index.html" class="icon icon-home"></a> »</li>
|
||||
<li>Search</li>
|
||||
<li><a href="index.html" class="icon icon-home"></a></li>
|
||||
<li class="breadcrumb-item active">Search</li>
|
||||
<li class="wy-breadcrumbs-aside">
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
+1
-1
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user