Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Analyzers/Responders not getting downloaded when using trustStore #457

Open
michal0000000 opened this issue Sep 26, 2023 · 0 comments
Open

Comments

@michal0000000
Copy link

michal0000000 commented Sep 26, 2023

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian 6.1.38-1
OS version (client) Win 11
Cortex version / git hash 3.1.0-1
Package Type Docker / Kubernetes

Problem Description

Cortex fails to download analyzers/responders when https.proxy and trustStore java options are added.

Steps to Reproduce

  1. Mouint cortex-application.conf to /etc/cortex/application.conf
  2. Mount the truststore to /opt/cortex/lx-ca-bundle.jks
  3. Deploy the cortex.yaml file below
  4. Don't profit

Complementary information

The jks bundle contains default certs from /etc/ssl/certs/ca-certificates.crt as well as my own CA certs. I need the truststore in order for LDAPS auth to work. Separately, both settings work fine. When I try to use them together I get the following error. I though it might be the proxy doing ssl inspection and providing some other certs that's not present in the jks truststore, but that is not the case. In the log files it also seems the connection to TH's website went though fine.

Logs

[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083] REGISTERED
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431] REGISTERED
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431] CONNECT: proxy.domain.sk/:8000
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083] CONNECT: proxy.domain.sk/:8000
[�[36mdebug�[0m] p.s.a.o.a.n.c.NettyConnectListener - Using new Channel '[id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000]' for 'CONNECT' to 'download.thehive-project.org:443'
[�[36mdebug�[0m] p.s.a.o.a.n.c.NettyConnectListener - Using new Channel '[id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000]' for 'CONNECT' to 'download.thehive-project.org:443'
[�[36mdebug�[0m] p.s.a.i.n.u.Recycler - -Dio.netty.recycler.maxCapacityPerThread: 4096
[�[36mdebug�[0m] p.s.a.i.n.u.Recycler - -Dio.netty.recycler.maxSharedCapacityFactor: 2
[�[36mdebug�[0m] p.s.a.i.n.u.Recycler - -Dio.netty.recycler.linkCapacity: 16
[�[36mdebug�[0m] p.s.a.i.n.u.Recycler - -Dio.netty.recycler.ratio: 8
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] WRITE: 123B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 43 4f 4e 4e 45 43 54 20 64 6f 77 6e 6c 6f 61 64 |CONNECT download|
|00000010| 2e 74 68 65 68 69 76 65 2d 70 72 6f 6a 65 63 74 |.thehive-project|
|00000020| 2e 6f 72 67 3a 34 34 33 20 48 54 54 50 2f 31 2e |.org:443 HTTP/1.|
|00000030| 31 0d 0a 68 6f 73 74 3a 20 64 6f 77 6e 6c 6f 61 |1..host: downloa|
|00000040| 64 2e 74 68 65 68 69 76 65 2d 70 72 6f 6a 65 63 |d.thehive-projec|
|00000050| 74 2e 6f 72 67 0d 0a 61 63 63 65 70 74 3a 20 2a |t.org..accept: *|
|00000060| 2f 2a 0d 0a 75 73 65 72 2d 61 67 65 6e 74 3a 20 |/*..user-agent: |
|00000070| 41 48 43 2f 32 2e 31 0d 0a 0d 0a                |AHC/2.1....     |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] WRITE: 123B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 43 4f 4e 4e 45 43 54 20 64 6f 77 6e 6c 6f 61 64 |CONNECT download|
|00000010| 2e 74 68 65 68 69 76 65 2d 70 72 6f 6a 65 63 74 |.thehive-project|
|00000020| 2e 6f 72 67 3a 34 34 33 20 48 54 54 50 2f 31 2e |.org:443 HTTP/1.|
|00000030| 31 0d 0a 68 6f 73 74 3a 20 64 6f 77 6e 6c 6f 61 |1..host: downloa|
|00000040| 64 2e 74 68 65 68 69 76 65 2d 70 72 6f 6a 65 63 |d.thehive-projec|
|00000050| 74 2e 6f 72 67 0d 0a 61 63 63 65 70 74 3a 20 2a |t.org..accept: *|
|00000060| 2f 2a 0d 0a 75 73 65 72 2d 61 67 65 6e 74 3a 20 |/*..user-agent: |
|00000070| 41 48 43 2f 32 2e 31 0d 0a 0d 0a                |AHC/2.1....     |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] ACTIVE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] ACTIVE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] READ: 39B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 48 54 54 50 2f 31 2e 30 20 32 30 30 20 43 6f 6e |HTTP/1.0 200 Con|
|00000010| 6e 65 63 74 69 6f 6e 20 65 73 74 61 62 6c 69 73 |nection establis|
|00000020| 68 65 64 0d 0a 0d 0a                            |hed....         |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] READ: 39B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 48 54 54 50 2f 31 2e 30 20 32 30 30 20 43 6f 6e |HTTP/1.0 200 Con|
|00000010| 6e 65 63 74 69 6f 6e 20 65 73 74 61 62 6c 69 73 |nection establis|
|00000020| 68 65 64 0d 0a 0d 0a                            |hed....         |
+--------+-------------------------------------------------+----------------+
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - 

Request DefaultFullHttpRequest(decodeResult: success, version: HTTP/1.1, content: EmptyByteBufBE)
CONNECT download.thehive-project.org:443 HTTP/1.1
host: download.thehive-project.org
accept: */*
user-agent: AHC/2.1

Response DefaultHttpResponse(decodeResult: success, version: HTTP/1.0)
HTTP/1.0 200 Connection established

[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - 

Request DefaultFullHttpRequest(decodeResult: success, version: HTTP/1.1, content: EmptyByteBufBE)
CONNECT download.thehive-project.org:443 HTTP/1.1
host: download.thehive-project.org
accept: */*
user-agent: AHC/2.1

Response DefaultHttpResponse(decodeResult: success, version: HTTP/1.0)
HTTP/1.0 200 Connection established

[�[36mdebug�[0m] p.s.a.o.a.n.h.i.ConnectSuccessInterceptor - Connecting to proxy play.shaded.ahc.org.asynchttpclient.proxy.ProxyServer@6453ba5b for scheme https
[�[36mdebug�[0m] p.s.a.o.a.n.h.i.ConnectSuccessInterceptor - Connecting to proxy play.shaded.ahc.org.asynchttpclient.proxy.ProxyServer@5afe2770 for scheme https
[�[36mdebug�[0m] o.j.hk2.logger - Shutdown ServiceLocator ServiceLocatorImpl(jersey-common-rd-locator,0,1518037877)
[�[36mdebug�[0m] o.j.hk2.logger - ServiceLocator ServiceLocatorImpl(jersey-common-rd-locator,0,1518037877) has been shutdown
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] WRITE: 304B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 16 03 03 01 2b 01 00 01 27 03 03 04 fd 52 19 72 |....+...'....R.r|
|00000010| d7 f8 a3 14 0d c5 2e d3 11 ad ac 93 5a fd fe 07 |............Z...|
...
|00000110| 01 06 01 04 02 03 03 03 01 03 02 02 03 02 01 02 |................|
|00000120| 02 00 17 00 00 00 2b 00 07 06 03 03 03 02 03 01 |......+.........|
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] WRITE: 304B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 16 03 03 01 2b 01 00 01 27 03 03 e5 26 cb 0d b9 |....+...'...&...|
|00000010| 0c 5e 61 f8 7d 58 d6 b3 31 3d 01 22 0e 60 f2 72 |.^a.}X..1=.".`.r|
...
|00000110| 01 06 01 04 02 03 03 03 01 03 02 02 03 02 01 02 |................|
|00000120| 02 00 17 00 00 00 2b 00 07 06 03 03 03 02 03 01 |......+.........|
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] READ COMPLETE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] READ COMPLETE
[�[36mdebug�[0m] o.j.hk2.logger - Created ServiceLocator ServiceLocatorImpl(__HK2_Generated_0,1,1770496307)
[�[34mtrace�[0m] o.g.j.i.ServiceFinder - Loading next class: org.glassfish.jersey.jackson.internal.JacksonAutoDiscoverable
[�[37minfo�[0m] o.g.j.p.i.ExecutorProviders - Selected ExecutorServiceProvider implementation [org.glassfish.jersey.client.DefaultClientAsyncExecutorProvider] to be used for injection of executor qualified by [org.glassfish.jersey.client.ClientAsyncExecutor] annotation.
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] READ: 1024B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 16 03 03 00 61 02 00 00 5d 03 03 cd 60 9e 7e 1c |....a...]...`.~.|
|00000010| df 44 c6 b7 5a d1 82 4b 2e 41 60 79 8d 7b 1b f9 |.D..Z..K.A`y.{..|
...
|000003e0| 60 6a 49 e6 4b 2c 4b 31 ed 48 c3 93 ad 38 10 61 |`jI.K,K1.H...8.a|
|000003f0| 5b 00 76 00 e8 3e d0 da 3e f5 06 35 32 e7 57 28 |[.v..>..>..52.W(|
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] READ: 1024B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 16 03 03 00 61 02 00 00 5d 03 03 d9 95 c6 9c 35 |....a...]......5|
|00000010| 60 53 25 36 b0 4c 3d b8 4c 77 22 4f 58 7e a4 e7 |`S%6.L=.Lw"OX~..|
...
|000003e0| 60 6a 49 e6 4b 2c 4b 31 ed 48 c3 93 ad 38 10 61 |`jI.K,K1.H...8.a|
|000003f0| 5b 00 76 00 e8 3e d0 da 3e f5 06 35 32 e7 57 28 |[.v..>..>..52.W(|
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] READ COMPLETE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] READ: 3420B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| bc 89 6b c9 03 d3 cb d1 11 6b ec eb 69 e1 77 7d |..k......k..i.w}|
|00000010| 6d 06 bd 6e 00 00 01 89 b1 27 1a 4c 00 00 04 03 |m..n.....'.L....|
...
|00000d40| ad 78 56 b8 18 b2 25 c4 07 57 e0 1a f3 9a 1d 03 |.xV...%..W......|
|00000d50| e9 cc 70 16 03 03 00 04 0e 00 00 00             |..p.........    |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] READ COMPLETE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] READ: 3420B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| bc 89 6b c9 03 d3 cb d1 11 6b ec eb 69 e1 77 7d |..k......k..i.w}|
|00000010| 6d 06 bd 6e 00 00 01 89 b1 27 1a 4c 00 00 04 03 |m..n.....'.L....|
....
|00000d40| e0 56 b1 96 50 66 13 69 d1 4a 5c 42 f2 38 70 92 |.V..Pf.i.J\B.8p.|
|00000d50| 58 b1 f1 16 03 03 00 04 0e 00 00 00             |X...........    |
+--------+-------------------------------------------------+----------------+
[�[33mwarn�[0m] o.t.c.s.WorkerSrv - Worker path (https://download.thehive-project.org/analyzers.json) is not found
[�[33mwarn�[0m] o.t.c.s.WorkerSrv - Worker path (https://download.thehive-project.org/responders.json) is not found
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] WRITE: 7B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 15 03 03 00 02 02 2e                            |.......         |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] CLOSE
[�[37minfo�[0m] o.t.c.s.WorkerSrv - New worker list:

	

[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] WRITE: 7B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 15 03 03 00 02 02 2e                            |.......         |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] CLOSE
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Unexpected I/O exception on channel [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000]
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
	at sun.security.validator.Validator.validate(Validator.java:271)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:278)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Unexpected I/O exception on channel [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000]
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
	at sun.security.validator.Validator.validate(Validator.java:271)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:278)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
	at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Was unable to recover Future: NettyResponseFuture{currentRetry=0,
	isDone=1,
	isCancelled=0,
	asyncHandler=play.api.libs.ws.ahc.StandaloneAhcWSClient$$anon$1@35e86a5f,
	nettyRequest=play.shaded.ahc.org.asynchttpclient.netty.request.NettyRequest@3a5b3a89,
	future=java.util.concurrent.CompletableFuture@65681fa6[Completed exceptionally],
	uri=https://download.thehive-project.org/responders.json,
	keepAlive=false,
	redirectCount=0,
	timeoutsHolder=null,
	inAuth=0,
	touch=1695712997992}
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Was unable to recover Future: NettyResponseFuture{currentRetry=0,
	isDone=1,
	isCancelled=0,
	asyncHandler=play.api.libs.ws.ahc.StandaloneAhcWSClient$$anon$1@2f77a458,
	nettyRequest=play.shaded.ahc.org.asynchttpclient.netty.request.NettyRequest@12c25445,
	future=java.util.concurrent.CompletableFuture@17f37b89[Completed exceptionally],
	uri=https://download.thehive-project.org/analyzers.json,
	keepAlive=false,
	redirectCount=0,
	timeoutsHolder=null,
	inAuth=0,
	touch=1695712997992}
[�[36mdebug�[0m] p.s.a.o.a.n.c.ChannelManager - Closing Channel [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000] 
[�[36mdebug�[0m] p.s.a.o.a.n.c.ChannelManager - Closing Channel [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000] 
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000] READ COMPLETE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000] READ COMPLETE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000] INACTIVE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000] INACTIVE
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Channel Closed: [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000] with attribute DISCARD
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000] UNREGISTERED
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Channel Closed: [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000] with attribute DISCARD
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000] UNREGISTERED

cortex-application.conf

play.ws.proxy {
      host = proxy.domain.sk
      port = 8000
    }

    auth {
       provider = [local,ldap]
       ldap {
         serverName = "ad.domain.sk:636"
         useSSL = true
         bindDN = "redacted"
         bindPW = "redacted"
         baseDN = "redacted"
         filter = "LDAP filter"
       }
    }
    wsConfig.ssl.trustManager {
      stores = [
        {
          type: "JKS"
          path: "/opt/cortex/conf/lx-ca-bundle.jks"
          password: "redacted"
        }
      ]
    }
    job { runner = [docker] }
    ## ElasticSearch
    search {
      index = cortex
      uri = "http://es-service.thehive:9200"
    }

cortex.yaml manifest

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: cortex
  namespace: thehive
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cortex
  template:
    metadata:
      labels:
        app:
          cortex
    spec:
      containers:
      - name: cortex
        image: thehiveproject/cortex:3.1.0-1
        args:
          - "--job-directory"
          - "/opt/cortex/jobs"
          - "--analyzer-url"
          - "https://download.thehive-project.org/analyzers.json"
          - "--responder-url"
          - "https://download.thehive-project.org/responders.json"
        volumeMounts:
        - name: jks-keystore-cortex
                 mountPath: /opt/cortex/conf/lx-ca-bundle.jks
          readOnly: false
          subPath: lx-ca-bundle.jks
        - name: cortex-config
          mountPath: /etc/cortex/application.conf
          readOnly: true
          subPath: application.conf
        - name: cortex-tmp
          mountPath: /tmp
        - name: docker-socket
          mountPath: /var/run/docker.sock
        - name: cortex-job-storage
          mountPath: /opt/cortex/jobs
        - name: cortex-entrypoint
          mountPath: /opt/cortex/entrypoint
          subPath: entrypoint
        - name: logback-xml
          mountPath: /etc/cortex/logback.xml
          subPath: logback.xml
        ports:
        - containerPort: 9001
        env:
          - name: "_JAVA_OPTIONS"
            value: "-Djavax.net.ssl.trustStore=/opt/cortex/conf/lx-ca-bundle.jks -Dhttp.proxyHost=http://proxy.domain.sk -Dhttp.proxyPort=8080 -Dhttps.proxyHost=http://proxy.domain.sk -Dhttps.proxyPort=8000"
        volumes:
      - name: cortex-entrypoint
        configMap:
          defaultMode: 0555
          name: cortex-entrypoint
          items:
          - key: cortex-entrypoint.sh
            path: entrypoint
      - name: jks-keystore-cortex
        configMap:
          name: ca-jks-keystore-cortex
          items:
          - key: lx-ca-bundle-cortex.jks
            path: lx-ca-bundle.jks
      - name: logback-xml
        configMap:
          name: cortex-entrypoint
          items:
            - key: logback.xml
              path: logback.xml
      - name: cortex-config
        configMap:
          name: config-files
          items:
            - key: cortex-application.conf
              path: application.conf
      - name: cortex-tmp
        emptyDir: {}
      - name: docker-socket
        hostPath:
          path: /var/run/docker.sock
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant