Update docs

This commit is contained in:
Sean Whalen
2022-12-23 20:17:56 -05:00
parent fa462d9ed1
commit 6a3870499c
15 changed files with 231 additions and 234 deletions
+4 -4
View File
@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Overview: module code &mdash; parsedmarc 8.3.2 documentation</title>
<title>Overview: module code &mdash; parsedmarc 8.4.0 documentation</title>
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
<!--[if lt IE 9]>
@@ -29,7 +29,7 @@
<a href="../index.html" class="icon icon-home"> parsedmarc
</a>
<div class="version">
8.3.2
8.4.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
@@ -54,8 +54,8 @@
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html" class="icon icon-home"></a> &raquo;</li>
<li>Overview: module code</li>
<li><a href="../index.html" class="icon icon-home"></a></li>
<li class="breadcrumb-item active">Overview: module code</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
+6 -6
View File
@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>parsedmarc &mdash; parsedmarc 8.3.2 documentation</title>
<title>parsedmarc &mdash; parsedmarc 8.4.0 documentation</title>
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/css/theme.css" type="text/css" />
<!--[if lt IE 9]>
@@ -29,7 +29,7 @@
<a href="../index.html" class="icon icon-home"> parsedmarc
</a>
<div class="version">
8.3.2
8.4.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
@@ -54,9 +54,9 @@
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html" class="icon icon-home"></a> &raquo;</li>
<li><a href="index.html">Module code</a> &raquo;</li>
<li>parsedmarc</li>
<li><a href="../index.html" class="icon icon-home"></a></li>
<li class="breadcrumb-item"><a href="index.html">Module code</a></li>
<li class="breadcrumb-item active">parsedmarc</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
@@ -102,7 +102,7 @@
<span class="kn">from</span> <span class="nn">parsedmarc.utils</span> <span class="kn">import</span> <span class="n">parse_email</span>
<span class="kn">from</span> <span class="nn">parsedmarc.utils</span> <span class="kn">import</span> <span class="n">timestamp_to_human</span><span class="p">,</span> <span class="n">human_timestamp_to_datetime</span>
<span class="n">__version__</span> <span class="o">=</span> <span class="s2">&quot;8.3.2&quot;</span>
<span class="n">__version__</span> <span class="o">=</span> <span class="s2">&quot;8.4.0&quot;</span>
<span class="n">logger</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">&quot;parsedmarc v</span><span class="si">{0}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">__version__</span><span class="p">))</span>
+6 -6
View File
@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>parsedmarc.elastic &mdash; parsedmarc 8.3.2 documentation</title>
<title>parsedmarc.elastic &mdash; parsedmarc 8.4.0 documentation</title>
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../../_static/css/theme.css" type="text/css" />
<!--[if lt IE 9]>
@@ -29,7 +29,7 @@
<a href="../../index.html" class="icon icon-home"> parsedmarc
</a>
<div class="version">
8.3.2
8.4.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
@@ -54,10 +54,10 @@
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../../index.html" class="icon icon-home"></a> &raquo;</li>
<li><a href="../index.html">Module code</a> &raquo;</li>
<li><a href="../parsedmarc.html">parsedmarc</a> &raquo;</li>
<li>parsedmarc.elastic</li>
<li><a href="../../index.html" class="icon icon-home"></a></li>
<li class="breadcrumb-item"><a href="../index.html">Module code</a></li>
<li class="breadcrumb-item"><a href="../parsedmarc.html">parsedmarc</a></li>
<li class="breadcrumb-item active">parsedmarc.elastic</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
+6 -6
View File
@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>parsedmarc.splunk &mdash; parsedmarc 8.3.2 documentation</title>
<title>parsedmarc.splunk &mdash; parsedmarc 8.4.0 documentation</title>
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../../_static/css/theme.css" type="text/css" />
<!--[if lt IE 9]>
@@ -29,7 +29,7 @@
<a href="../../index.html" class="icon icon-home"> parsedmarc
</a>
<div class="version">
8.3.2
8.4.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
@@ -54,10 +54,10 @@
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../../index.html" class="icon icon-home"></a> &raquo;</li>
<li><a href="../index.html">Module code</a> &raquo;</li>
<li><a href="../parsedmarc.html">parsedmarc</a> &raquo;</li>
<li>parsedmarc.splunk</li>
<li><a href="../../index.html" class="icon icon-home"></a></li>
<li class="breadcrumb-item"><a href="../index.html">Module code</a></li>
<li class="breadcrumb-item"><a href="../parsedmarc.html">parsedmarc</a></li>
<li class="breadcrumb-item active">parsedmarc.splunk</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
+13 -6
View File
@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>parsedmarc.utils &mdash; parsedmarc 8.3.2 documentation</title>
<title>parsedmarc.utils &mdash; parsedmarc 8.4.0 documentation</title>
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../../_static/css/theme.css" type="text/css" />
<!--[if lt IE 9]>
@@ -29,7 +29,7 @@
<a href="../../index.html" class="icon icon-home"> parsedmarc
</a>
<div class="version">
8.3.2
8.4.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
@@ -54,10 +54,10 @@
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../../index.html" class="icon icon-home"></a> &raquo;</li>
<li><a href="../index.html">Module code</a> &raquo;</li>
<li><a href="../parsedmarc.html">parsedmarc</a> &raquo;</li>
<li>parsedmarc.utils</li>
<li><a href="../../index.html" class="icon icon-home"></a></li>
<li class="breadcrumb-item"><a href="../index.html">Module code</a></li>
<li class="breadcrumb-item"><a href="../parsedmarc.html">parsedmarc</a></li>
<li class="breadcrumb-item active">parsedmarc.utils</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
@@ -361,6 +361,13 @@
<span class="s2">&quot;dbip-country.mmdb&quot;</span><span class="p">,</span>
<span class="p">]</span>
<span class="k">if</span> <span class="n">db_path</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
<span class="k">if</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">isfile</span><span class="p">(</span><span class="n">db_path</span><span class="p">)</span> <span class="ow">is</span> <span class="kc">False</span><span class="p">:</span>
<span class="n">db_path</span> <span class="o">=</span> <span class="kc">None</span>
<span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;No file exists at </span><span class="si">{</span><span class="n">db_path</span><span class="si">}</span><span class="s2">. Falling back to an &quot;</span>
<span class="s2">&quot;included copy of the IPDB IP to Country &quot;</span>
<span class="s2">&quot;Lite database.&quot;</span><span class="p">)</span>
<span class="k">if</span> <span class="n">db_path</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
<span class="k">for</span> <span class="n">system_path</span> <span class="ow">in</span> <span class="n">db_paths</span><span class="p">:</span>
<span class="k">if</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">exists</span><span class="p">(</span><span class="n">system_path</span><span class="p">):</span>
+89 -101
View File
@@ -203,8 +203,8 @@ The full set of configuration options are:
- `batch_size` - int: Number of messages to read and process
before saving. Default `10`. Use `0` for no limit.
- `check_timeout` - int: Number of seconds to wait for a IMAP
IDLE response or the number of seconds until the next mai
check (Default: `30`)
IDLE response or the number of seconds until the next
mail check (Default: `30`)
- `imap`
- `host` - str: The IMAP server hostname or IP address
- `port` - int: The IMAP server port (Default: `993`)
@@ -246,6 +246,9 @@ The full set of configuration options are:
could be a shared mailbox if the user has access to the mailbox
- `token_file` - str: Path to save the token file
(Default: `.token`)
- `allow_unencrypted_storage` - bool: Allows the Azure Identity
module to fall back to unencrypted token cache (Default: False).
Even if enabled, the cache will always try encrypted storage first.
:::{note}
You must create an app registration in Azure AD and have an
@@ -290,7 +293,7 @@ The full set of configuration options are:
- `number_of_shards` - int: The number of shards to use when
creating the index (Default: `1`)
- `number_of_replicas` - int: The number of replicas to use when
creating the index (Default: `1`)
creating the index (Default: `0`)
- `splunk_hec`
- `url` - str: The URL of the Splunk HTTP Events Collector (HEC)
- `token` - str: The HEC token
@@ -385,6 +388,32 @@ known samples you want to save to that folder
(e.g. malicious samples and non-sensitive legitimate samples).
:::
:::{warning}
Elasticsearch 8 change limits policy for shards, restricting by
default to 1000. parsedmarc use a shard per analyzed day. If you
have more than ~3 years of data, you will need to update this
limit.
Check current usage (from Management -> Dev Tools -> Console):
```
GET /_cluster/health?pretty
...
"active_primary_shards": 932,
"active_shards": 932,
...
}
```
Update the limit to 2k per exemple:
```
PUT _cluster/settings
{
"persistent" : {
"cluster.max_shards_per_node" : 2000
}
}
```
Be warned that increasing this value increase ressources usage.
:::
## Sample aggregate report output
Here are the results from parsing the[example](https://dmarc.org/wiki/FAQ#I_need_to_implement_aggregate_reports.2C_what_do_they_look_like.3F)
@@ -636,6 +665,9 @@ On Debian 10 (Buster) or later, run:
```bash
sudo apt-get install -y geoipupdate
```
:::{note}
[Component "contrib"] is required in your apt sources.
:::
On Ubuntu systems run:
@@ -739,10 +771,16 @@ explicitly tell `virtualenv` to use `python3.9` instead
sudo -u parsedmarc virtualenv -p python3.9 /opt/parsedmarc/venv
```
Activate the virtualenv
```bash
source /opt/parsedmarc/venv/bin/activate
```
To install or upgrade `parsedmarc` inside the virtualenv, run:
```bash
sudo -u parsedmarc /opt/parsedmarc/venv -U parsedmarc
sudo -u parsedmarc /opt/parsedmarc/venv/bin/pip install -U parsedmarc
```
### Optional dependencies
@@ -966,20 +1004,20 @@ On Debian/Ubuntu based systems, run:
```bash
sudo apt-get install -y apt-transport-https
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt-get update
sudo apt-get install -y default-jre-headless elasticsearch kibana
sudo apt-get install -y elasticsearch kibana
```
For CentOS, RHEL, and other RPM systems, follow the Elastic RPM guides for
[Elasticsearch] and [Kibana].
:::{warning}
The default JVM heap size for Elasticsearch is very small (1g), which will
cause it to crash under a heavy load. To fix this, increase the minimum and
maximum JVM heap sizes in `/etc/elasticsearch/jvm.options` to more
reasonable levels, depending on your server's resources.
:::{note}
Previously, the default JVM heap size for Elasticsearch was very small (1g),
which will cause it to crash under a heavy load. To fix this, increase the
minimum and maximum JVM heap sizes in `/etc/elasticsearch/jvm.options` to
more reasonable levels, depending on your server's resources.
Make sure the system has at least 2 GB more RAM then the assigned JVM
heap size.
@@ -994,7 +1032,7 @@ For example, to set a 4 GB heap size, set
-Xmx4g
```
See <https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html>
See <https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#heap-size-settings>
for more information.
:::
@@ -1006,28 +1044,6 @@ sudo service elasticsearch start
sudo service kibana start
```
Without the commercial [X-Pack] or [ReadonlyREST] products, Kibana
does not have any authentication
mechanism of its own. You can use nginx as a reverse proxy that
provides basic authentication.
```bash
sudo apt-get install -y nginx apache2-utils
```
Or, on CentOS:
```bash
sudo yum install -y nginx httpd-tools
```
Create a directory to store the certificates and keys:
```bash
mkdir ~/ssl
cd ~/ssl
```
To create a self-signed certificate, run:
```bash
@@ -1052,85 +1068,52 @@ rm -f kibana.csr
Move the keys into place and secure them:
```bash
cd
sudo mv ssl /etc/nginx
sudo chown -R root:www-data /etc/nginx/ssl
sudo chmod -R u=rX,g=rX,o= /etc/nginx/ssl
sudo mv kibana.* /etc/kibana
sudo chmod 660 /etc/kibana/kibana.key
```
Disable the default nginx configuration:
Activate the HTTPS server in Kibana
```bash
sudo rm /etc/nginx/sites-enabled/default
sudo vim /etc/kibana/kibana.yml
```
Add the following configuration
```
server.host: "SERVER_IP"
server.publicBaseUrl: "https://SERVER_IP"
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/kibana.crt
server.ssl.key: /etc/kibana/kibana.key
```
Create the web server configuration
```bash
sudo nano /etc/nginx/sites-available/kibana
sudo systemctl restart kibana
```
```nginx
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/kibana.crt;
ssl_certificate_key /etc/nginx/ssl/kibana.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# Uncomment this next line if you are using a signed, trusted cert
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
auth_basic "Login required";
auth_basic_user_file /etc/nginx/htpasswd;
location / {
proxy_pass http://127.0.0.1:5601;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
return 301 https://$host$request_uri;
}
```
Enable the nginx configuration for Kibana:
Enroll Kibana in Elasticsearch
```bash
sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
```
Add a user to basic authentication:
Then access to your webserver at https://SERVER_IP:5601, accept the self-signed
certificate and paste the token in the "Enrollment token" field.
```bash
sudo htpasswd -c /etc/nginx/htpasswd exampleuser
sudo /usr/share/kibana/bin/kibana-verification-code
```
Then put the verification code to your web browser.
Where `exampleuser` is the name of the user you want to add.
Secure the permissions of the httpasswd file:
End Kibana configuration
```bash
sudo chown root:www-data /etc/nginx/htpasswd
sudo chmod u=rw,g=r,o= /etc/nginx/htpasswd
sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
sudo /usr/share/kibana/bin/kibana-encryption-keys generate
sudo vim /etc/kibana/kibana.yml
```
Add previously generated encryption keys
```
xpack.encryptedSavedObjects.encryptionKey: xxxx...xxxx
xpack.reporting.encryptionKey: xxxx...xxxx
xpack.security.encryptionKey: xxxx...xxxx
```
Restart nginx:
```bash
sudo service nginx restart
sudo systemctl restart kibana
sudo systemctl restart elasticsearch
```
Now that Elasticsearch is up and running, use `parsedmarc` to send data to
@@ -1138,8 +1121,12 @@ it.
Download (right click the link and click save as) [export.ndjson].
Connect to kibana using the "elastic" user and the password you previously provide
on the console ("End Kibana configuration" part).
Import `export.ndjson` the Saved Objects tab of the Stack management
page of Kibana.
page of Kibana. (Hamburger menu -> "Management" -> "Stack Management" ->
"Kibana" -> "Saved Objects")
It will give you the option to overwrite existing saved dashboards or
visualizations, which could be used to restore them if you or someone else
@@ -1271,7 +1258,7 @@ service parsedmarc status
:::{note}
In the event of a crash, systemd will restart the service after 10
minutes, but the `service parsedmarc status` command will only show
the logs for the current process. To vew the logs for previous runs
the logs for the current process. To view the logs for previous runs
as well as the current process (newest to oldest), run:
```bash
@@ -1667,6 +1654,7 @@ Some additional steps are needed for Linux hosts.
- {ref}`search`
[cloudflare's public resolvers]: https://1.1.1.1/
[Component "contrib"]: https://wiki.debian.org/SourcesList#Component
[contributors]: https://github.com/domainaware/parsedmarc/graphs/contributors
[creative commons attribution 4.0 international license]: https://creativecommons.org/licenses/by/4.0/
[demystifying dmarc]: https://seanthegeek.net/459/demystifying-dmarc/
+1 -1
View File
@@ -1 +1 @@
.fa:before{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-style:normal;font-weight:400;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#FontAwesome) format("svg")}.fa:before{font-family:FontAwesome;font-style:normal;font-weight:400;line-height:1}.fa:before,a .fa{text-decoration:inherit}.fa:before,a .fa,li .fa{display:inline-block}li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-caret-down:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before,.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before,.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before,.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60}.rst-versions .rst-current-version:after{clear:both;content:"";display:block}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}
.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-style:normal;font-weight:400;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#FontAwesome) format("svg")}.fa:before{font-family:FontAwesome;font-style:normal;font-weight:400;line-height:1}.fa:before,a .fa{text-decoration:inherit}.fa:before,a .fa,li .fa{display:inline-block}li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-caret-down:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before,.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before,.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before,.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60}.rst-versions .rst-current-version:after{clear:both;content:"";display:block}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}
File diff suppressed because one or more lines are too long
+1 -1
View File
@@ -1,6 +1,6 @@
var DOCUMENTATION_OPTIONS = {
URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'),
VERSION: '8.3.2',
VERSION: '8.4.0',
LANGUAGE: 'en',
COLLAPSE_INDEX: false,
BUILDER: 'html',
+4 -4
View File
@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Index &mdash; parsedmarc 8.3.2 documentation</title>
<title>Index &mdash; parsedmarc 8.4.0 documentation</title>
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
<!--[if lt IE 9]>
@@ -29,7 +29,7 @@
<a href="index.html" class="icon icon-home"> parsedmarc
</a>
<div class="version">
8.3.2
8.4.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
@@ -54,8 +54,8 @@
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="index.html" class="icon icon-home"></a> &raquo;</li>
<li>Index</li>
<li><a href="index.html" class="icon icon-home"></a></li>
<li class="breadcrumb-item active">Index</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
+90 -88
View File
@@ -4,7 +4,7 @@
<meta charset="utf-8" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>parsedmarc documentation - Open source DMARC report analyzer and visualizer &mdash; parsedmarc 8.3.2 documentation</title>
<title>parsedmarc documentation - Open source DMARC report analyzer and visualizer &mdash; parsedmarc 8.4.0 documentation</title>
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
<!--[if lt IE 9]>
@@ -30,7 +30,7 @@
<a href="#" class="icon icon-home"> parsedmarc
</a>
<div class="version">
8.3.2
8.4.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
@@ -185,8 +185,8 @@
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="#" class="icon icon-home"></a> &raquo;</li>
<li>parsedmarc documentation - Open source DMARC report analyzer and visualizer</li>
<li><a href="#" class="icon icon-home"></a></li>
<li class="breadcrumb-item active">parsedmarc documentation - Open source DMARC report analyzer and visualizer</li>
<li class="wy-breadcrumbs-aside">
<a href="_sources/index.md.txt" rel="nofollow"> View page source</a>
</li>
@@ -394,8 +394,8 @@ Gmail) to sort processed emails into (Default: <code class="docutils literal not
<li><p><code class="docutils literal notranslate"><span class="pre">batch_size</span></code> - int: Number of messages to read and process
before saving. Default <code class="docutils literal notranslate"><span class="pre">10</span></code>. Use <code class="docutils literal notranslate"><span class="pre">0</span></code> for no limit.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">check_timeout</span></code> - int: Number of seconds to wait for a IMAP
IDLE response or the number of seconds until the next mai
check (Default: <code class="docutils literal notranslate"><span class="pre">30</span></code>)</p></li>
IDLE response or the number of seconds until the next
mail check (Default: <code class="docutils literal notranslate"><span class="pre">30</span></code>)</p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">imap</span></code></p>
@@ -442,7 +442,10 @@ for all auth methods except UsernamePassword.</p></li>
current user if using the UsernamePassword auth method, but
could be a shared mailbox if the user has access to the mailbox</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">token_file</span></code> - str: Path to save the token file
(Default: <code class="docutils literal notranslate"><span class="pre">.token</span></code>)</p>
(Default: <code class="docutils literal notranslate"><span class="pre">.token</span></code>)</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">allow_unencrypted_storage</span></code> - bool: Allows the Azure Identity
module to fall back to unencrypted token cache (Default: False).
Even if enabled, the cache will always try encrypted storage first.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>You must create an app registration in Azure AD and have an
@@ -489,7 +492,7 @@ or URLs (e.g. <code class="docutils literal notranslate"><span class="pre">127.0
<li><p><code class="docutils literal notranslate"><span class="pre">number_of_shards</span></code> - int: The number of shards to use when
creating the index (Default: <code class="docutils literal notranslate"><span class="pre">1</span></code>)</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">number_of_replicas</span></code> - int: The number of replicas to use when
creating the index (Default: <code class="docutils literal notranslate"><span class="pre">1</span></code>)</p></li>
creating the index (Default: <code class="docutils literal notranslate"><span class="pre">0</span></code>)</p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">splunk_hec</span></code></p>
@@ -600,6 +603,32 @@ reports in your DMARC inbox, but run <code class="docutils literal notranslate">
known samples you want to save to that folder
(e.g. malicious samples and non-sensitive legitimate samples).</p>
</div>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>Elasticsearch 8 change limits policy for shards, restricting by
default to 1000. parsedmarc use a shard per analyzed day. If you
have more than ~3 years of data, you will need to update this
limit.
Check current usage (from Management -&gt; Dev Tools -&gt; Console):</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>GET /_cluster/health?pretty
...
&quot;active_primary_shards&quot;: 932,
&quot;active_shards&quot;: 932,
...
}
</pre></div>
</div>
<p>Update the limit to 2k per exemple:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">PUT</span> <span class="n">_cluster</span><span class="o">/</span><span class="n">settings</span>
<span class="p">{</span>
<span class="s2">&quot;persistent&quot;</span> <span class="p">:</span> <span class="p">{</span>
<span class="s2">&quot;cluster.max_shards_per_node&quot;</span> <span class="p">:</span> <span class="mi">2000</span>
<span class="p">}</span>
<span class="p">}</span>
</pre></div>
</div>
<p>Be warned that increasing this value increase ressources usage.</p>
</div>
</section>
<section id="sample-aggregate-report-output">
<h2>Sample aggregate report output<a class="headerlink" href="#sample-aggregate-report-output" title="Permalink to this heading"></a></h2>
@@ -844,6 +873,10 @@ these databases as they are released, so MaxMinds databases and the
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo apt-get install -y geoipupdate
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p><a class="reference external" href="https://wiki.debian.org/SourcesList#Component">Component “contrib”</a> is required in your apt sources.</p>
</div>
<p>On Ubuntu systems run:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo add-apt-repository ppa:maxmind/ppa
sudo apt update
@@ -919,8 +952,12 @@ explicitly tell <code class="docutils literal notranslate"><span class="pre">vir
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo -u parsedmarc virtualenv -p python3.9 /opt/parsedmarc/venv
</pre></div>
</div>
<p>Activate the virtualenv</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span><span class="nb">source</span> /opt/parsedmarc/venv/bin/activate
</pre></div>
</div>
<p>To install or upgrade <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> inside the virtualenv, run:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo -u parsedmarc /opt/parsedmarc/venv -U parsedmarc
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo -u parsedmarc /opt/parsedmarc/venv/bin/pip install -U parsedmarc
</pre></div>
</div>
</section>
@@ -1118,20 +1155,20 @@ config file:</p>
</div>
<p>On Debian/Ubuntu based systems, run:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo apt-get install -y apt-transport-https
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch <span class="p">|</span> sudo apt-key add -
<span class="nb">echo</span> <span class="s2">&quot;deb https://artifacts.elastic.co/packages/7.x/apt stable main&quot;</span> <span class="p">|</span> sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch <span class="p">|</span> sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
<span class="nb">echo</span> <span class="s2">&quot;deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main&quot;</span> <span class="p">|</span> sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt-get update
sudo apt-get install -y default-jre-headless elasticsearch kibana
sudo apt-get install -y elasticsearch kibana
</pre></div>
</div>
<p>For CentOS, RHEL, and other RPM systems, follow the Elastic RPM guides for
<a class="reference external" href="https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html">Elasticsearch</a> and <a class="reference external" href="https://www.elastic.co/guide/en/kibana/current/rpm.html">Kibana</a>.</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>The default JVM heap size for Elasticsearch is very small (1g), which will
cause it to crash under a heavy load. To fix this, increase the minimum and
maximum JVM heap sizes in <code class="docutils literal notranslate"><span class="pre">/etc/elasticsearch/jvm.options</span></code> to more
reasonable levels, depending on your servers resources.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Previously, the default JVM heap size for Elasticsearch was very small (1g),
which will cause it to crash under a heavy load. To fix this, increase the
minimum and maximum JVM heap sizes in <code class="docutils literal notranslate"><span class="pre">/etc/elasticsearch/jvm.options</span></code> to
more reasonable levels, depending on your servers resources.</p>
<p>Make sure the system has at least 2 GB more RAM then the assigned JVM
heap size.</p>
<p>Always set the minimum and maximum JVM heap sizes to the same
@@ -1141,7 +1178,7 @@ value.</p>
-Xmx4g
</pre></div>
</div>
<p>See <a class="reference external" href="https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html">https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html</a>
<p>See <a class="reference external" href="https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#heap-size-settings">https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#heap-size-settings</a>
for more information.</p>
</div>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo systemctl daemon-reload
@@ -1151,22 +1188,6 @@ sudo service elasticsearch start
sudo service kibana start
</pre></div>
</div>
<p>Without the commercial <a class="reference external" href="https://www.elastic.co/products/x-pack">X-Pack</a> or <a class="reference external" href="https://readonlyrest.com/">ReadonlyREST</a> products, Kibana
does not have any authentication
mechanism of its own. You can use nginx as a reverse proxy that
provides basic authentication.</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo apt-get install -y nginx apache2-utils
</pre></div>
</div>
<p>Or, on CentOS:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo yum install -y nginx httpd-tools
</pre></div>
</div>
<p>Create a directory to store the certificates and keys:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>mkdir ~/ssl
<span class="nb">cd</span> ~/ssl
</pre></div>
</div>
<p>To create a self-signed certificate, run:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>openssl req -x509 -nodes -days <span class="m">365</span> -newkey rsa:4096 -keyout kibana.key -out kibana.crt
</pre></div>
@@ -1182,78 +1203,59 @@ domain name), which is the IP address or domain name that you will bebana on. it
</pre></div>
</div>
<p>Move the keys into place and secure them:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span><span class="nb">cd</span>
sudo mv ssl /etc/nginx
sudo chown -R root:www-data /etc/nginx/ssl
sudo chmod -R <span class="nv">u</span><span class="o">=</span>rX,g<span class="o">=</span>rX,o<span class="o">=</span> /etc/nginx/ssl
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo mv kibana.* /etc/kibana
sudo chmod <span class="m">660</span> /etc/kibana/kibana.key
</pre></div>
</div>
<p>Disable the default nginx configuration:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo rm /etc/nginx/sites-enabled/default
<p>Activate the HTTPS server in Kibana</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo vim /etc/kibana/kibana.yml
</pre></div>
</div>
<p>Create the web server configuration</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo nano /etc/nginx/sites-available/kibana
<p>Add the following configuration</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">server</span><span class="o">.</span><span class="n">host</span><span class="p">:</span> <span class="s2">&quot;SERVER_IP&quot;</span>
<span class="n">server</span><span class="o">.</span><span class="n">publicBaseUrl</span><span class="p">:</span> <span class="s2">&quot;https://SERVER_IP&quot;</span>
<span class="n">server</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">enabled</span><span class="p">:</span> <span class="n">true</span>
<span class="n">server</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">certificate</span><span class="p">:</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">kibana</span><span class="o">/</span><span class="n">kibana</span><span class="o">.</span><span class="n">crt</span>
<span class="n">server</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">key</span><span class="p">:</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">kibana</span><span class="o">/</span><span class="n">kibana</span><span class="o">.</span><span class="n">key</span>
</pre></div>
</div>
<div class="highlight-nginx notranslate"><div class="highlight"><pre><span></span><span class="k">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">443</span><span class="w"> </span><span class="s">ssl</span><span class="w"> </span><span class="s">http2</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">ssl_certificate</span><span class="w"> </span><span class="s">/etc/nginx/ssl/kibana.crt</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">ssl_certificate_key</span><span class="w"> </span><span class="s">/etc/nginx/ssl/kibana.key</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">ssl_session_timeout</span><span class="w"> </span><span class="s">1d</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">ssl_session_cache</span><span class="w"> </span><span class="s">shared:SSL:50m</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">ssl_session_tickets</span><span class="w"> </span><span class="no">off</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># modern configuration. tweak to your needs.</span>
<span class="w"> </span><span class="kn">ssl_protocols</span><span class="w"> </span><span class="s">TLSv1.2</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">ssl_ciphers</span><span class="w"> </span><span class="s">&#39;ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256&#39;</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">ssl_prefer_server_ciphers</span><span class="w"> </span><span class="no">on</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># Uncomment this next line if you are using a signed, trusted cert</span>
<span class="w"> </span><span class="c1">#add_header Strict-Transport-Security &quot;max-age=63072000; includeSubdomains; preload&quot;;</span>
<span class="w"> </span><span class="kn">add_header</span><span class="w"> </span><span class="s">X-Frame-Options</span><span class="w"> </span><span class="s">SAMEORIGIN</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">add_header</span><span class="w"> </span><span class="s">X-Content-Type-Options</span><span class="w"> </span><span class="s">nosniff</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">auth_basic</span><span class="w"> </span><span class="s">&quot;Login</span><span class="w"> </span><span class="s">required&quot;</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">auth_basic_user_file</span><span class="w"> </span><span class="s">/etc/nginx/htpasswd</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">location</span><span class="w"> </span><span class="s">/</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:5601</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$host</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="k">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="kn">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="kn">return</span><span class="w"> </span><span class="mi">301</span><span class="w"> </span><span class="s">https://</span><span class="nv">$host$request_uri</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo systemctl restart kibana
</pre></div>
</div>
<p>Enable the nginx configuration for Kibana:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo ln -s /etc/nginx/sites-available/kibana /etc/nginx/sites-enabled/kibana
<p>Enroll Kibana in Elasticsearch</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
</pre></div>
</div>
<p>Add a user to basic authentication:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo htpasswd -c /etc/nginx/htpasswd exampleuser
<p>Then access to your webserver at https://SERVER_IP:5601, accept the self-signed
certificate and paste the token in the “Enrollment token” field.</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo /usr/share/kibana/bin/kibana-verification-code
</pre></div>
</div>
<p>Where <code class="docutils literal notranslate"><span class="pre">exampleuser</span></code> is the name of the user you want to add.</p>
<p>Secure the permissions of the httpasswd file:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo chown root:www-data /etc/nginx/htpasswd
sudo chmod <span class="nv">u</span><span class="o">=</span>rw,g<span class="o">=</span>r,o<span class="o">=</span> /etc/nginx/htpasswd
<p>Then put the verification code to your web browser.</p>
<p>End Kibana configuration</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
sudo /usr/share/kibana/bin/kibana-encryption-keys generate
sudo vim /etc/kibana/kibana.yml
</pre></div>
</div>
<p>Restart nginx:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo service nginx restart
<p>Add previously generated encryption keys</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">xpack</span><span class="o">.</span><span class="n">encryptedSavedObjects</span><span class="o">.</span><span class="n">encryptionKey</span><span class="p">:</span> <span class="n">xxxx</span><span class="o">...</span><span class="n">xxxx</span>
<span class="n">xpack</span><span class="o">.</span><span class="n">reporting</span><span class="o">.</span><span class="n">encryptionKey</span><span class="p">:</span> <span class="n">xxxx</span><span class="o">...</span><span class="n">xxxx</span>
<span class="n">xpack</span><span class="o">.</span><span class="n">security</span><span class="o">.</span><span class="n">encryptionKey</span><span class="p">:</span> <span class="n">xxxx</span><span class="o">...</span><span class="n">xxxx</span>
</pre></div>
</div>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>sudo systemctl restart kibana
sudo systemctl restart elasticsearch
</pre></div>
</div>
<p>Now that Elasticsearch is up and running, use <code class="docutils literal notranslate"><span class="pre">parsedmarc</span></code> to send data to
it.</p>
<p>Download (right click the link and click save as) <a class="reference external" href="https://raw.githubusercontent.com/domainaware/parsedmarc/master/kibana/export.ndjson">export.ndjson</a>.</p>
<p>Connect to kibana using the “elastic” user and the password you previously provide
on the console (“End Kibana configuration” part).</p>
<p>Import <code class="docutils literal notranslate"><span class="pre">export.ndjson</span></code> the Saved Objects tab of the Stack management
page of Kibana.</p>
page of Kibana. (Hamburger menu -&gt; “Management” -&gt; “Stack Management” -&gt;
“Kibana” -&gt; “Saved Objects”)</p>
<p>It will give you the option to overwrite existing saved dashboards or
visualizations, which could be used to restore them if you or someone else
breaks them, as there are no permissions/access controls in Kibana without
@@ -1361,7 +1363,7 @@ sudo service parsedmarc restart
<p class="admonition-title">Note</p>
<p>In the event of a crash, systemd will restart the service after 10
minutes, but the <code class="docutils literal notranslate"><span class="pre">service</span> <span class="pre">parsedmarc</span> <span class="pre">status</span></code> command will only show
the logs for the current process. To vew the logs for previous runs
the logs for the current process. To view the logs for previous runs
as well as the current process (newest to oldest), run:</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>journalctl -u parsedmarc.service -r
</pre></div>
BIN
View File
Binary file not shown.
+4 -4
View File
@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Python Module Index &mdash; parsedmarc 8.3.2 documentation</title>
<title>Python Module Index &mdash; parsedmarc 8.4.0 documentation</title>
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
<!--[if lt IE 9]>
@@ -32,7 +32,7 @@
<a href="index.html" class="icon icon-home"> parsedmarc
</a>
<div class="version">
8.3.2
8.4.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
@@ -57,8 +57,8 @@
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="index.html" class="icon icon-home"></a> &raquo;</li>
<li>Python Module Index</li>
<li><a href="index.html" class="icon icon-home"></a></li>
<li class="breadcrumb-item active">Python Module Index</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
+4 -4
View File
@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Search &mdash; parsedmarc 8.3.2 documentation</title>
<title>Search &mdash; parsedmarc 8.4.0 documentation</title>
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
@@ -32,7 +32,7 @@
<a href="index.html" class="icon icon-home"> parsedmarc
</a>
<div class="version">
8.3.2
8.4.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="#" method="get">
@@ -57,8 +57,8 @@
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="index.html" class="icon icon-home"></a> &raquo;</li>
<li>Search</li>
<li><a href="index.html" class="icon icon-home"></a></li>
<li class="breadcrumb-item active">Search</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
+1 -1
View File
File diff suppressed because one or more lines are too long