icfs 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/icfs_demo_check.rb +29 -0
- data/data/docker/build-web.sh +27 -0
- data/data/docker/compose-demo.yml +41 -0
- data/data/docker/compose-init.yml +32 -0
- data/data/docker/icfs-app.rb +50 -0
- data/data/docker/icfs-cfg.yml +88 -0
- data/data/docker/icfs-init.rb +75 -0
- data/data/docker/icfs-ruby/Dockerfile +22 -0
- data/data/docker/icfs-ruby/build.sh +14 -0
- data/data/docker/nginx.conf +68 -0
- data/lib/icfs.rb +2 -3
- data/lib/icfs/api.rb +41 -41
- data/lib/icfs/cache_elastic.rb +6 -4
- data/lib/icfs/items.rb +62 -1
- data/lib/icfs/store.rb +25 -0
- data/lib/icfs/store_fs.rb +10 -0
- data/lib/icfs/store_s3.rb +11 -0
- data/lib/icfs/users.rb +2 -0
- data/lib/icfs/users_elastic.rb +5 -3
- data/lib/icfs/users_fs.rb +3 -3
- data/lib/icfs/utils/backup.rb +177 -0
- data/lib/icfs/utils/check.rb +290 -0
- data/lib/icfs/validate.rb +0 -63
- data/lib/icfs/web/auth_ssl.rb +10 -2
- data/lib/icfs/web/client.rb +2 -2
- metadata +14 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ecd555ee72ea33e646323a37019652a7fb111c4aec34146c92825fbe30fd7ded
|
4
|
+
data.tar.gz: 2c53ec9caf008aa4a6a1f187a7b2d2d4a631d19081ed83c497717f4386facbca
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5ae5fc9857d14845419257717150815b3deb7ae55e17d72e0990928916c0561dbe6c56e99bdaa4a74c3d8d92b99ead2b3f3bfcb9b34190de0dd1ac12c3d56e32
|
7
|
+
data.tar.gz: 4d98034fe142019aaed7cd7208fa6d8841942361755e58eb49fa04dbfd6b678aeea44299800ed8536088b7e5addcaa4ccc68adb94c39e63f60ded95d7bccf263
|
@@ -0,0 +1,29 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
# Investigative Case File System
|
4
|
+
#
|
5
|
+
# Copyright 2019 by Graham A. Field
|
6
|
+
#
|
7
|
+
# This program is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU General Public License version 3.
|
9
|
+
#
|
10
|
+
# This program is distributed WITHOUT ANY WARRANTY; without even the
|
11
|
+
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
12
|
+
|
13
|
+
require 'yaml'
|
14
|
+
require 'logger'
|
15
|
+
|
16
|
+
require_relative '../lib/icfs'
|
17
|
+
require_relative '../lib/icfs/utils/check'
|
18
|
+
require_relative '../lib/icfs/store_fs'
|
19
|
+
|
20
|
+
# load the config file
|
21
|
+
cfg = YAML.load_file(ARGV[0])
|
22
|
+
|
23
|
+
# objects
|
24
|
+
store = ICFS::StoreFs.new(cfg['store']['dir'])
|
25
|
+
log = Logger.new(STDOUT, level: Logger::INFO)
|
26
|
+
check = ICFS::Utils::Check.new(store, log)
|
27
|
+
|
28
|
+
# check
|
29
|
+
check.check(ARGV[1], ARGV[2].to_i, nil, {hash_all: true})
|
@@ -0,0 +1,27 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
#
|
3
|
+
# Investigative Case File System
|
4
|
+
#
|
5
|
+
# Copyright 2019 by Graham A. Field
|
6
|
+
#
|
7
|
+
# This program is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU General Public License version 3.
|
9
|
+
#
|
10
|
+
# This program is distributed WITHOUT ANY WARRANTY; without even the
|
11
|
+
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
12
|
+
|
13
|
+
# make certs
|
14
|
+
../../bin/icfs_demo_ssl_gen.rb
|
15
|
+
|
16
|
+
# copy static content
|
17
|
+
mkdir web
|
18
|
+
mkdir web/static
|
19
|
+
mkdir web/static/static
|
20
|
+
cp ../icfs.css web/static/static/
|
21
|
+
cp ../icfs.js web/static/static/
|
22
|
+
|
23
|
+
# config files
|
24
|
+
mkdir web/config
|
25
|
+
mv ca_cert.pem web/config/
|
26
|
+
mv srv_cert.pem web/config/
|
27
|
+
mv srv_key.pem web/config/
|
@@ -0,0 +1,41 @@
|
|
1
|
+
#
|
2
|
+
# Investigative Case File System
|
3
|
+
#
|
4
|
+
# Copyright 2019 by Graham A. Field
|
5
|
+
#
|
6
|
+
# This program is free software: you can redistribute it and/or modify
|
7
|
+
# it under the terms of the GNU General Public License version 3.
|
8
|
+
#
|
9
|
+
# This program is distributed WITHOUT ANY WARRANTY; without even the
|
10
|
+
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
11
|
+
|
12
|
+
version: '3'
|
13
|
+
|
14
|
+
services:
|
15
|
+
|
16
|
+
icfs-web:
|
17
|
+
image: nginx:alpine
|
18
|
+
ports:
|
19
|
+
- "443:443"
|
20
|
+
volumes:
|
21
|
+
- ./nginx.conf:/etc/nginx/nginx.conf:ro
|
22
|
+
- ./web:/usr/share/icfs:ro
|
23
|
+
|
24
|
+
icfs-app:
|
25
|
+
image: icfs-ruby
|
26
|
+
volumes:
|
27
|
+
- icfs-app:/var/lib/icfs
|
28
|
+
- ./icfs-app.rb:/usr/local/bin/icfs
|
29
|
+
- ./icfs-cfg.yml:/etc/icfs.yml
|
30
|
+
command: ["/usr/local/bin/icfs"]
|
31
|
+
|
32
|
+
icfs-elastic:
|
33
|
+
image: docker.elastic.co/elasticsearch/elasticsearch:6.7.2
|
34
|
+
environment:
|
35
|
+
- discovery.type=single-node
|
36
|
+
volumes:
|
37
|
+
- icfs-es:/usr/share/elasticsearch/data
|
38
|
+
|
39
|
+
volumes:
|
40
|
+
icfs-app:
|
41
|
+
icfs-es:
|
@@ -0,0 +1,32 @@
|
|
1
|
+
#
|
2
|
+
# Investigative Case File System
|
3
|
+
#
|
4
|
+
# Copyright 2019 by Graham A. Field
|
5
|
+
#
|
6
|
+
# This program is free software: you can redistribute it and/or modify
|
7
|
+
# it under the terms of the GNU General Public License version 3.
|
8
|
+
#
|
9
|
+
# This program is distributed WITHOUT ANY WARRANTY; without even the
|
10
|
+
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
11
|
+
|
12
|
+
version: '3'
|
13
|
+
|
14
|
+
services:
|
15
|
+
icfs-init:
|
16
|
+
image: icfs-ruby
|
17
|
+
volumes:
|
18
|
+
- ./icfs-init.rb:/usr/local/bin/icfs
|
19
|
+
- ./icfs-cfg.yml:/etc/icfs.yml
|
20
|
+
- icfs-app:/var/lib/icfs
|
21
|
+
command: ["/usr/local/bin/icfs"]
|
22
|
+
|
23
|
+
icfs-elastic:
|
24
|
+
image: docker.elastic.co/elasticsearch/elasticsearch:6.7.2
|
25
|
+
environment:
|
26
|
+
- discovery.type=single-node
|
27
|
+
volumes:
|
28
|
+
- icfs-es:/usr/share/elasticsearch/data
|
29
|
+
|
30
|
+
volumes:
|
31
|
+
icfs-app:
|
32
|
+
icfs-es:
|
@@ -0,0 +1,50 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
# Investigative Case File System
|
4
|
+
#
|
5
|
+
# Copyright 2019 by Graham A. Field
|
6
|
+
#
|
7
|
+
# This program is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU General Public License version 3.
|
9
|
+
#
|
10
|
+
# This program is distributed WITHOUT ANY WARRANTY; without even the
|
11
|
+
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
12
|
+
|
13
|
+
require 'faraday'
|
14
|
+
require 'rack'
|
15
|
+
require 'yaml'
|
16
|
+
|
17
|
+
require 'icfs'
|
18
|
+
require 'icfs/cache_elastic'
|
19
|
+
require 'icfs/store_fs'
|
20
|
+
require 'icfs/users_fs'
|
21
|
+
require 'icfs/web/client'
|
22
|
+
require 'icfs/web/auth_ssl'
|
23
|
+
require 'icfs/demo/timezone'
|
24
|
+
|
25
|
+
|
26
|
+
# load the config file
|
27
|
+
cfg = YAML.load_file('/etc/icfs.yml')
|
28
|
+
map = {}
|
29
|
+
cfg['cache']['map'].each{|key, val| map[key.to_sym] = val }
|
30
|
+
|
31
|
+
es = Faraday.new(cfg['elastic']['base'])
|
32
|
+
cache = ICFS::CacheElastic.new(map, es)
|
33
|
+
store = ICFS::StoreFs.new(cfg['store']['dir'])
|
34
|
+
users = ICFS::UsersFs.new(cfg['users']['dir'])
|
35
|
+
api = ICFS::Api.new([], users, cache, store)
|
36
|
+
web = ICFS::Web::Client.new(cfg['web']['css'], cfg['web']['script'])
|
37
|
+
|
38
|
+
user_map = {
|
39
|
+
'CN=client 1,OU=Test Client,OU=example,OU=org' => 'user1',
|
40
|
+
'CN=client 2,OU=Test Client,OU=example,OU=org' => 'user2',
|
41
|
+
'CN=client 3,OU=Test Client,OU=example,OU=org' => 'user3'
|
42
|
+
}
|
43
|
+
|
44
|
+
app = Rack::Builder.new do
|
45
|
+
use(ICFS::Web::AuthSsl, user_map, api)
|
46
|
+
use(ICFS::Demo::Timezone, cfg['web']['tz'])
|
47
|
+
run web
|
48
|
+
end
|
49
|
+
|
50
|
+
Rack::Handler::FastCGI.run(app, {Host: '0.0.0.0', Port: 9000})
|
@@ -0,0 +1,88 @@
|
|
1
|
+
#
|
2
|
+
# Investigative Case File System
|
3
|
+
#
|
4
|
+
# Copyright 2019 by Graham A. Field
|
5
|
+
#
|
6
|
+
# This program is free software: you can redistribute it and/or modify
|
7
|
+
# it under the terms of the GNU General Public License version 3.
|
8
|
+
#
|
9
|
+
# This program is distributed WITHOUT ANY WARRANTY; without even the
|
10
|
+
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
11
|
+
|
12
|
+
sleep: 15.0
|
13
|
+
|
14
|
+
cache:
|
15
|
+
map:
|
16
|
+
entry: entry
|
17
|
+
case: case
|
18
|
+
action: action
|
19
|
+
index: index
|
20
|
+
log: log
|
21
|
+
lock: lock
|
22
|
+
current: current
|
23
|
+
|
24
|
+
elastic:
|
25
|
+
base: "http://icfs-elastic:9200"
|
26
|
+
|
27
|
+
store:
|
28
|
+
dir: /var/lib/icfs/store
|
29
|
+
|
30
|
+
users:
|
31
|
+
dir: /var/lib/icfs/users
|
32
|
+
|
33
|
+
web:
|
34
|
+
css: "/static/icfs.css"
|
35
|
+
script: "/static/icfs.js"
|
36
|
+
tz: "-04:00"
|
37
|
+
|
38
|
+
init:
|
39
|
+
user: user1
|
40
|
+
urg:
|
41
|
+
- name: role1
|
42
|
+
type: role
|
43
|
+
|
44
|
+
- name: role2
|
45
|
+
type: role
|
46
|
+
|
47
|
+
- name: role3
|
48
|
+
type: role
|
49
|
+
|
50
|
+
- name: group1
|
51
|
+
type: group
|
52
|
+
|
53
|
+
- name: group2
|
54
|
+
type: group
|
55
|
+
|
56
|
+
- name: user1
|
57
|
+
type: user
|
58
|
+
roles:
|
59
|
+
- role2
|
60
|
+
- role3
|
61
|
+
groups:
|
62
|
+
- group2
|
63
|
+
perms:
|
64
|
+
- "{perm_a}"
|
65
|
+
- "{perm_b}"
|
66
|
+
|
67
|
+
- name: user2
|
68
|
+
type: user
|
69
|
+
roles:
|
70
|
+
- role1
|
71
|
+
- role2
|
72
|
+
groups:
|
73
|
+
- group1
|
74
|
+
perms:
|
75
|
+
- "{perm_b}"
|
76
|
+
|
77
|
+
templates:
|
78
|
+
- caseid: template1
|
79
|
+
template: "New Template"
|
80
|
+
access:
|
81
|
+
- perm: "[manage]"
|
82
|
+
grant:
|
83
|
+
- user1
|
84
|
+
- perm: "[write]"
|
85
|
+
grant:
|
86
|
+
- group1
|
87
|
+
entry: "Create new template"
|
88
|
+
content: "New template being created"
|
@@ -0,0 +1,75 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
# Investigative Case File System
|
4
|
+
#
|
5
|
+
# Copyright 2019 by Graham A. Field
|
6
|
+
#
|
7
|
+
# This program is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU General Public License version 3.
|
9
|
+
#
|
10
|
+
# This program is distributed WITHOUT ANY WARRANTY; without even the
|
11
|
+
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
12
|
+
|
13
|
+
require 'faraday'
|
14
|
+
require 'rack'
|
15
|
+
require 'yaml'
|
16
|
+
require 'fileutils'
|
17
|
+
|
18
|
+
require 'icfs'
|
19
|
+
require 'icfs/cache_elastic'
|
20
|
+
require 'icfs/store_fs'
|
21
|
+
require 'icfs/users_fs'
|
22
|
+
|
23
|
+
|
24
|
+
# load the config file
|
25
|
+
cfg = YAML.load_file('/etc/icfs.yml')
|
26
|
+
map = {}
|
27
|
+
cfg['cache']['map'].each{|key, val| map[key.to_sym] = val }
|
28
|
+
|
29
|
+
# sleep to allow elasticsearch to come up
|
30
|
+
if cfg['sleep']
|
31
|
+
puts 'sleeping: %f' % cfg['sleep']
|
32
|
+
sleep(cfg['sleep'])
|
33
|
+
end
|
34
|
+
|
35
|
+
es = Faraday.new(cfg['elastic']['base'])
|
36
|
+
cache = ICFS::CacheElastic.new(map, es)
|
37
|
+
store = ICFS::StoreFs.new(cfg['store']['dir'])
|
38
|
+
users = ICFS::UsersFs.new(cfg['users']['dir'])
|
39
|
+
api = ICFS::Api.new([], users, cache, store)
|
40
|
+
|
41
|
+
# create store and users
|
42
|
+
FileUtils.mkdir(cfg['store']['dir'])
|
43
|
+
puts "Created store directory: %s" % cfg['store']['dir']
|
44
|
+
FileUtils.mkdir(cfg['users']['dir'])
|
45
|
+
puts "Created users directory: %s" % cfg['users']['dir']
|
46
|
+
|
47
|
+
# add the users
|
48
|
+
cfg['init']['urg'].each do |usr|
|
49
|
+
users.write(usr)
|
50
|
+
puts "Added user/role/group: %s" % usr['name']
|
51
|
+
end
|
52
|
+
|
53
|
+
# create the indexes
|
54
|
+
cache.create(ICFS::CacheElastic::Maps)
|
55
|
+
puts "Indexes created"
|
56
|
+
|
57
|
+
# set initial user
|
58
|
+
api.user = cfg['init']['user']
|
59
|
+
|
60
|
+
# add the templates
|
61
|
+
cfg['init']['templates'].each do |tmpl|
|
62
|
+
tp = {
|
63
|
+
'template' => true,
|
64
|
+
'status' => true,
|
65
|
+
'title' => tmpl['template'],
|
66
|
+
'access' => tmpl['access'],
|
67
|
+
}
|
68
|
+
ent = {
|
69
|
+
'caseid' => tmpl['caseid'],
|
70
|
+
'title' => tmpl['entry'],
|
71
|
+
'content' => tmpl['content']
|
72
|
+
}
|
73
|
+
api.case_create(ent, tp)
|
74
|
+
puts "Created template: %s" % tmpl['caseid']
|
75
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
#
|
2
|
+
# Investigative Case File System
|
3
|
+
#
|
4
|
+
# Copyright 2019 by Graham A. Field
|
5
|
+
#
|
6
|
+
# This program is free software: you can redistribute it and/or modify
|
7
|
+
# it under the terms of the GNU General Public License version 3.
|
8
|
+
#
|
9
|
+
# This program is distributed WITHOUT ANY WARRANTY; without even the
|
10
|
+
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
11
|
+
FROM alpine
|
12
|
+
|
13
|
+
RUN apk update && apk upgrade && \
|
14
|
+
apk add ruby fcgi ruby-json tzdata && \
|
15
|
+
apk --update add --virtual build-deps ruby-dev build-base fcgi-dev && \
|
16
|
+
gem install -N rack faraday fcgi && \
|
17
|
+
apk del build-deps && \
|
18
|
+
rm -rf /var/cache/apk/*
|
19
|
+
|
20
|
+
COPY ./icfs-0.1.1.gem /icfs.gem
|
21
|
+
|
22
|
+
RUN gem install -N --local /icfs.gem && rm /icfs.gem
|
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
#
|
3
|
+
# Investigative Case File System
|
4
|
+
#
|
5
|
+
# Copyright 2019 by Graham A. Field
|
6
|
+
#
|
7
|
+
# This program is free software: you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU General Public License version 3.
|
9
|
+
#
|
10
|
+
# This program is distributed WITHOUT ANY WARRANTY; without even the
|
11
|
+
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
12
|
+
|
13
|
+
cp ../../../icfs-0.1.1.gem .
|
14
|
+
docker build -t icfs-ruby .
|
@@ -0,0 +1,68 @@
|
|
1
|
+
#
|
2
|
+
# Investigative Case File System
|
3
|
+
#
|
4
|
+
# Copyright 2019 by Graham A. Field
|
5
|
+
#
|
6
|
+
# This program is free software: you can redistribute it and/or modify
|
7
|
+
# it under the terms of the GNU General Public License version 3.
|
8
|
+
#
|
9
|
+
# This program is distributed WITHOUT ANY WARRANTY; without even the
|
10
|
+
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
11
|
+
|
12
|
+
user nginx;
|
13
|
+
worker_processes 1;
|
14
|
+
|
15
|
+
error_log /var/log/nginx/error.log warn;
|
16
|
+
pid /var/run/nginx.pid;
|
17
|
+
|
18
|
+
|
19
|
+
events {
|
20
|
+
worker_connections 1024;
|
21
|
+
}
|
22
|
+
|
23
|
+
|
24
|
+
http {
|
25
|
+
include /etc/nginx/mime.types;
|
26
|
+
default_type application/octet-stream;
|
27
|
+
|
28
|
+
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
29
|
+
'$status $body_bytes_sent "$http_referer" '
|
30
|
+
'"$http_user_agent" "$http_x_forwarded_for"';
|
31
|
+
|
32
|
+
access_log /var/log/nginx/access.log main;
|
33
|
+
|
34
|
+
sendfile on;
|
35
|
+
#tcp_nopush on;
|
36
|
+
|
37
|
+
keepalive_timeout 65;
|
38
|
+
|
39
|
+
#gzip on;
|
40
|
+
|
41
|
+
server {
|
42
|
+
listen 443 ssl http2;
|
43
|
+
server_name localhost;
|
44
|
+
|
45
|
+
ssl_certificate /usr/share/icfs/config/srv_cert.pem;
|
46
|
+
ssl_certificate_key /usr/share/icfs/config/srv_key.pem;
|
47
|
+
ssl_client_certificate /usr/share/icfs/config/ca_cert.pem;
|
48
|
+
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';
|
49
|
+
|
50
|
+
ssl_protocols TLSv1.1 TLSv1.2;
|
51
|
+
ssl_verify_client on;
|
52
|
+
|
53
|
+
location /static/ {
|
54
|
+
root /usr/share/icfs/static;
|
55
|
+
}
|
56
|
+
|
57
|
+
location /icfs/ {
|
58
|
+
fastcgi_split_path_info ^(/icfs)(.*)$;
|
59
|
+
include /etc/nginx/fastcgi.conf;
|
60
|
+
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
|
61
|
+
fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
|
62
|
+
fastcgi_param PATH_INFO $fastcgi_path_info;
|
63
|
+
|
64
|
+
fastcgi_pass icfs-app:9000;
|
65
|
+
}
|
66
|
+
|
67
|
+
}
|
68
|
+
}
|