GLOBAL_ACCESS_CONFIGURATION.md

# MozDef - Global Access Configuration

## 🌐 Making MozDef Globally Accessible

**Date:** $(date)
**Status:** Configured for global access

---

## ✅ Configuration Changes

### 1. Docker Compose Port Binding
Updated `docker/compose/docker-compose.yml` to explicitly bind all ports to `0.0.0.0`:

```yaml
nginx:
  ports:
    - "0.0.0.0:80:80"      # Meteor Web Interface
    - "0.0.0.0:8080:8080"   # Loginput API
    - "0.0.0.0:8081:8081"   # REST API (now exposed)
    - "0.0.0.0:9090:9090"   # Kibana Dashboard
```

**Changes:**
- ✅ All ports now explicitly bound to `0.0.0.0` (all interfaces)
- ✅ REST API port 8081 now exposed (was commented out)
- ✅ Services accessible from external networks

---

## 🔗 Accessible Endpoints

### Server Information
- **External IP:** $(hostname -I | awk '{print $1}')
- **Hostname:** $(hostname)

### Web Interfaces
- **Meteor Web UI:** http://$(hostname -I | awk '{print $1}')
- **Kibana Dashboard:** http://$(hostname -I | awk '{print $1}'):9090

### API Endpoints
- **Loginput API:** http://$(hostname -I | awk '{print $1}'):8080
  - Status: `GET http://$(hostname -I | awk '{print $1}'):8080/status`
  - Events: `POST http://$(hostname -I | awk '{print $1}'):8080/events`

- **REST API:** http://$(hostname -I | awk '{print $1}'):8081
  - Status: `GET http://$(hostname -I | awk '{print $1}'):8081/status`
  - Various endpoints: `/api/*`

---

## 🔥 Firewall Configuration

### UFW (Ubuntu Firewall)
If using UFW, ensure ports are open:

```bash
sudo ufw allow 80/tcp
sudo ufw allow 8080/tcp
sudo ufw allow 8081/tcp
sudo ufw allow 9090/tcp
sudo ufw reload
```

### iptables
If using iptables directly:

```bash
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 8081 -j ACCEPT
iptables -A INPUT -p tcp --dport 9090 -j ACCEPT
```

### Cloud Provider Security Groups
If using AWS, GCP, Azure, or other cloud providers:
- Ensure security groups allow inbound traffic on ports 80, 8080, 8081, 9090
- Configure rules for HTTP/HTTPS traffic

---

## ✅ Verification Steps

### 1. Check Port Bindings
```bash
docker-compose -f docker/compose/docker-compose.yml -p mozdef ps
```

Should show:
```
mozdef-nginx-1: 0.0.0.0:80->80/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:8081->8081/tcp, 0.0.0.0:9090->9090/tcp
```

### 2. Check Listening Ports
```bash
netstat -tuln | grep -E ":(80|8080|8081|9090)"
# or
ss -tuln | grep -E ":(80|8080|8081|9090)"
```

Should show ports listening on `0.0.0.0` (all interfaces).

### 3. Test Local Access
```bash
EXTERNAL_IP=$(hostname -I | awk '{print $1}')
curl -I http://$EXTERNAL_IP
curl -I http://$EXTERNAL_IP:8080/status
curl -I http://$EXTERNAL_IP:8081/status
curl -I http://$EXTERNAL_IP:9090/app/kibana
```

### 4. Test External Access
From another machine or browser:
- Open: `http://YOUR_SERVER_IP`
- Should see MozDef login page

---

## 🔒 Security Considerations

### 1. HTTPS/SSL (Recommended)
For production, configure SSL/TLS:
- Use Let's Encrypt for free SSL certificates
- Configure Nginx with SSL
- Redirect HTTP to HTTPS

### 2. Authentication
- MozDef has built-in authentication
- Ensure strong passwords
- Consider 2FA if available

### 3. Firewall Rules
- Only open necessary ports
- Consider restricting access by IP if possible
- Use fail2ban for additional protection

### 4. Network Security
- Use VPN for administrative access
- Consider reverse proxy with authentication
- Monitor access logs

---

## 🚀 Quick Start Commands

### Restart Services After Configuration
```bash
cd /root/MozDef
docker-compose -f docker/compose/docker-compose.yml -p mozdef restart nginx
```

### Check Service Status
```bash
docker-compose -f docker/compose/docker-compose.yml -p mozdef ps
```

### View Logs
```bash
docker-compose -f docker/compose/docker-compose.yml -p mozdef logs -f nginx
```

### Test Event Submission
```bash
curl -X POST http://YOUR_SERVER_IP:8080/events \
  -H "Content-Type: application/json" \
  -d '{
    "timestamp": "'$(date -u +"%Y-%m-%dT%H:%M:%S+00:00")'",
    "utctimestamp": "'$(date -u +"%Y-%m-%dT%H:%M:%S+00:00")'",
    "hostname": "test.example.com",
    "processname": "test.py",
    "processid": 1234,
    "severity": "INFO",
    "summary": "Test event",
    "category": "test",
    "source": "test",
    "tags": ["test"],
    "details": {}
  }'
```

---

## 📝 Troubleshooting

### Issue: Cannot access from external network

**Check 1: Port Binding**
```bash
docker inspect mozdef-nginx-1 | grep -A 10 "Ports"
```
Should show `0.0.0.0` bindings.

**Check 2: Firewall**
```bash
sudo ufw status
# or
sudo iptables -L -n | grep -E "(80|8080|8081|9090)"
```

**Check 3: Cloud Security Groups**
- Verify security group rules allow inbound traffic
- Check network ACLs

**Check 4: Service Status**
```bash
docker-compose -f docker/compose/docker-compose.yml -p mozdef ps
```
All services should be "Up" and "healthy".

### Issue: Port already in use

If port is already in use:
```bash
# Find process using port
sudo lsof -i :80
# or
sudo netstat -tulpn | grep :80

# Stop conflicting service or change MozDef port
```

### Issue: Connection timeout

1. Check if service is running:
   ```bash
   docker-compose -f docker/compose/docker-compose.yml -p mozdef ps
   ```

2. Check service logs:
   ```bash
   docker-compose -f docker/compose/docker-compose.yml -p mozdef logs nginx
   ```

3. Verify network connectivity:
   ```bash
   ping YOUR_SERVER_IP
   telnet YOUR_SERVER_IP 80
   ```

---

## ✅ Success Criteria

- [x] All ports bound to `0.0.0.0`
- [x] REST API port 8081 exposed
- [x] Firewall rules configured
- [x] Services accessible from external network
- [x] All endpoints responding

---

## 🎯 Next Steps

1. **Test External Access:**
   - Open browser: `http://YOUR_SERVER_IP`
   - Verify MozDef login page appears

2. **Configure SSL (Optional but Recommended):**
   - Set up Let's Encrypt certificate
   - Configure HTTPS in Nginx

3. **Monitor Access:**
   - Check access logs
   - Monitor for unauthorized access attempts

4. **Document Access:**
   - Document URLs for team
   - Set up bookmarks
   - Configure monitoring

---

**Status:** ✅ Configured for global access

**Last Updated:** $(date)