Hugging Face's logo

ineso22
/
Mozdef

Model card Files
xet
 Community
Mozdef / GLOBAL_ACCESS_CONFIGURATION.md
ineso22's picture
ineso22
Upload folder using huggingface_hub
7c89ed7 verified
preview code
|
raw
history blame contribute delete
6.23 kB

MozDef - Global Access Configuration

🌐 Making MozDef Globally Accessible

Date: $(date) Status: Configured for global access

βœ… Configuration Changes

1. Docker Compose Port Binding

Updated docker/compose/docker-compose.yml to explicitly bind all ports to 0.0.0.0:

nginx:
  ports:
    - "0.0.0.0:80:80"      # Meteor Web Interface
    - "0.0.0.0:8080:8080"   # Loginput API
    - "0.0.0.0:8081:8081"   # REST API (now exposed)
    - "0.0.0.0:9090:9090"   # Kibana Dashboard

Changes:

  • βœ… All ports now explicitly bound to 0.0.0.0 (all interfaces)
  • βœ… REST API port 8081 now exposed (was commented out)
  • βœ… Services accessible from external networks

πŸ”— Accessible Endpoints

Server Information

  • External IP: $(hostname -I | awk '{print $1}')
  • Hostname: $(hostname)

Web Interfaces

  • Meteor Web UI: http://$(hostname -I | awk '{print $1}')
  • Kibana Dashboard: http://$(hostname -I | awk '{print $1}'):9090

API Endpoints

  • Loginput API: http://$(hostname -I | awk '{print $1}'):8080

    • Status: GET http://$(hostname -I | awk '{print $1}'):8080/status
    • Events: POST http://$(hostname -I | awk '{print $1}'):8080/events

  • REST API: http://$(hostname -I | awk '{print $1}'):8081

    • Status: GET http://$(hostname -I | awk '{print $1}'):8081/status
    • Various endpoints: /api/*

πŸ”₯ Firewall Configuration

UFW (Ubuntu Firewall)

If using UFW, ensure ports are open:

sudo ufw allow 80/tcp
sudo ufw allow 8080/tcp
sudo ufw allow 8081/tcp
sudo ufw allow 9090/tcp
sudo ufw reload

iptables

If using iptables directly:

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 8081 -j ACCEPT
iptables -A INPUT -p tcp --dport 9090 -j ACCEPT

Cloud Provider Security Groups

If using AWS, GCP, Azure, or other cloud providers:

  • Ensure security groups allow inbound traffic on ports 80, 8080, 8081, 9090
  • Configure rules for HTTP/HTTPS traffic

βœ… Verification Steps

1. Check Port Bindings 

docker-compose -f docker/compose/docker-compose.yml -p mozdef ps

Should show:

mozdef-nginx-1: 0.0.0.0:80->80/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:8081->8081/tcp, 0.0.0.0:9090->9090/tcp

2. Check Listening Ports 

netstat -tuln | grep -E ":(80|8080|8081|9090)"
# or
ss -tuln | grep -E ":(80|8080|8081|9090)"

Should show ports listening on 0.0.0.0 (all interfaces).

3. Test Local Access 

EXTERNAL_IP=$(hostname -I | awk '{print $1}')
curl -I http://$EXTERNAL_IP
curl -I http://$EXTERNAL_IP:8080/status
curl -I http://$EXTERNAL_IP:8081/status
curl -I http://$EXTERNAL_IP:9090/app/kibana

4. Test External Access

From another machine or browser:

  • Open: http://YOUR_SERVER_IP
  • Should see MozDef login page

πŸ”’ Security Considerations

1. HTTPS/SSL (Recommended)

For production, configure SSL/TLS:

  • Use Let's Encrypt for free SSL certificates
  • Configure Nginx with SSL
  • Redirect HTTP to HTTPS

2. Authentication

  • MozDef has built-in authentication
  • Ensure strong passwords
  • Consider 2FA if available

3. Firewall Rules

  • Only open necessary ports
  • Consider restricting access by IP if possible
  • Use fail2ban for additional protection

4. Network Security

  • Use VPN for administrative access
  • Consider reverse proxy with authentication
  • Monitor access logs

πŸš€ Quick Start Commands

Restart Services After Configuration 

cd /root/MozDef
docker-compose -f docker/compose/docker-compose.yml -p mozdef restart nginx

Check Service Status 

docker-compose -f docker/compose/docker-compose.yml -p mozdef ps

View Logs 

docker-compose -f docker/compose/docker-compose.yml -p mozdef logs -f nginx

Test Event Submission 

curl -X POST http://YOUR_SERVER_IP:8080/events \
  -H "Content-Type: application/json" \
  -d '{
    "timestamp": "'$(date -u +"%Y-%m-%dT%H:%M:%S+00:00")'",
    "utctimestamp": "'$(date -u +"%Y-%m-%dT%H:%M:%S+00:00")'",
    "hostname": "test.example.com",
    "processname": "test.py",
    "processid": 1234,
    "severity": "INFO",
    "summary": "Test event",
    "category": "test",
    "source": "test",
    "tags": ["test"],
    "details": {}
  }'

πŸ“ Troubleshooting

Issue: Cannot access from external network

Check 1: Port Binding

docker inspect mozdef-nginx-1 | grep -A 10 "Ports"

Should show 0.0.0.0 bindings.

Check 2: Firewall

sudo ufw status
# or
sudo iptables -L -n | grep -E "(80|8080|8081|9090)"

Check 3: Cloud Security Groups

  • Verify security group rules allow inbound traffic
  • Check network ACLs

Check 4: Service Status

docker-compose -f docker/compose/docker-compose.yml -p mozdef ps

All services should be "Up" and "healthy".

Issue: Port already in use

If port is already in use:

# Find process using port
sudo lsof -i :80
# or
sudo netstat -tulpn | grep :80

# Stop conflicting service or change MozDef port

Issue: Connection timeout

  1. Check if service is running:

    docker-compose -f docker/compose/docker-compose.yml -p mozdef ps

  2. Check service logs:

    docker-compose -f docker/compose/docker-compose.yml -p mozdef logs nginx

  3. Verify network connectivity:

    ping YOUR_SERVER_IP
telnet YOUR_SERVER_IP 80

βœ… Success Criteria

  • All ports bound to 0.0.0.0
  • REST API port 8081 exposed
  • Firewall rules configured
  • Services accessible from external network
  • All endpoints responding

🎯 Next Steps

  1. Test External Access:

    • Open browser: http://YOUR_SERVER_IP
    • Verify MozDef login page appears

  2. Configure SSL (Optional but Recommended):

    • Set up Let's Encrypt certificate
    • Configure HTTPS in Nginx

  3. Monitor Access:

    • Check access logs
    • Monitor for unauthorized access attempts

  4. Document Access:

    • Document URLs for team
    • Set up bookmarks
    • Configure monitoring

Status: βœ… Configured for global access

Last Updated: $(date)