# MozDef - Global Access Configuration ## 🌐 Making MozDef Globally Accessible **Date:** $(date) **Status:** Configured for global access --- ## ✅ Configuration Changes ### 1. Docker Compose Port Binding Updated `docker/compose/docker-compose.yml` to explicitly bind all ports to `0.0.0.0`: ```yaml nginx: ports: - "0.0.0.0:80:80" # Meteor Web Interface - "0.0.0.0:8080:8080" # Loginput API - "0.0.0.0:8081:8081" # REST API (now exposed) - "0.0.0.0:9090:9090" # Kibana Dashboard ``` **Changes:** - ✅ All ports now explicitly bound to `0.0.0.0` (all interfaces) - ✅ REST API port 8081 now exposed (was commented out) - ✅ Services accessible from external networks --- ## 🔗 Accessible Endpoints ### Server Information - **External IP:** $(hostname -I | awk '{print $1}') - **Hostname:** $(hostname) ### Web Interfaces - **Meteor Web UI:** http://$(hostname -I | awk '{print $1}') - **Kibana Dashboard:** http://$(hostname -I | awk '{print $1}'):9090 ### API Endpoints - **Loginput API:** http://$(hostname -I | awk '{print $1}'):8080 - Status: `GET http://$(hostname -I | awk '{print $1}'):8080/status` - Events: `POST http://$(hostname -I | awk '{print $1}'):8080/events` - **REST API:** http://$(hostname -I | awk '{print $1}'):8081 - Status: `GET http://$(hostname -I | awk '{print $1}'):8081/status` - Various endpoints: `/api/*` --- ## 🔥 Firewall Configuration ### UFW (Ubuntu Firewall) If using UFW, ensure ports are open: ```bash sudo ufw allow 80/tcp sudo ufw allow 8080/tcp sudo ufw allow 8081/tcp sudo ufw allow 9090/tcp sudo ufw reload ``` ### iptables If using iptables directly: ```bash iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 8080 -j ACCEPT iptables -A INPUT -p tcp --dport 8081 -j ACCEPT iptables -A INPUT -p tcp --dport 9090 -j ACCEPT ``` ### Cloud Provider Security Groups If using AWS, GCP, Azure, or other cloud providers: - Ensure security groups allow inbound traffic on ports 80, 8080, 8081, 9090 - Configure rules for HTTP/HTTPS traffic --- ## ✅ Verification Steps ### 1. Check Port Bindings ```bash docker-compose -f docker/compose/docker-compose.yml -p mozdef ps ``` Should show: ``` mozdef-nginx-1: 0.0.0.0:80->80/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:8081->8081/tcp, 0.0.0.0:9090->9090/tcp ``` ### 2. Check Listening Ports ```bash netstat -tuln | grep -E ":(80|8080|8081|9090)" # or ss -tuln | grep -E ":(80|8080|8081|9090)" ``` Should show ports listening on `0.0.0.0` (all interfaces). ### 3. Test Local Access ```bash EXTERNAL_IP=$(hostname -I | awk '{print $1}') curl -I http://$EXTERNAL_IP curl -I http://$EXTERNAL_IP:8080/status curl -I http://$EXTERNAL_IP:8081/status curl -I http://$EXTERNAL_IP:9090/app/kibana ``` ### 4. Test External Access From another machine or browser: - Open: `http://YOUR_SERVER_IP` - Should see MozDef login page --- ## 🔒 Security Considerations ### 1. HTTPS/SSL (Recommended) For production, configure SSL/TLS: - Use Let's Encrypt for free SSL certificates - Configure Nginx with SSL - Redirect HTTP to HTTPS ### 2. Authentication - MozDef has built-in authentication - Ensure strong passwords - Consider 2FA if available ### 3. Firewall Rules - Only open necessary ports - Consider restricting access by IP if possible - Use fail2ban for additional protection ### 4. Network Security - Use VPN for administrative access - Consider reverse proxy with authentication - Monitor access logs --- ## 🚀 Quick Start Commands ### Restart Services After Configuration ```bash cd /root/MozDef docker-compose -f docker/compose/docker-compose.yml -p mozdef restart nginx ``` ### Check Service Status ```bash docker-compose -f docker/compose/docker-compose.yml -p mozdef ps ``` ### View Logs ```bash docker-compose -f docker/compose/docker-compose.yml -p mozdef logs -f nginx ``` ### Test Event Submission ```bash curl -X POST http://YOUR_SERVER_IP:8080/events \ -H "Content-Type: application/json" \ -d '{ "timestamp": "'$(date -u +"%Y-%m-%dT%H:%M:%S+00:00")'", "utctimestamp": "'$(date -u +"%Y-%m-%dT%H:%M:%S+00:00")'", "hostname": "test.example.com", "processname": "test.py", "processid": 1234, "severity": "INFO", "summary": "Test event", "category": "test", "source": "test", "tags": ["test"], "details": {} }' ``` --- ## 📝 Troubleshooting ### Issue: Cannot access from external network **Check 1: Port Binding** ```bash docker inspect mozdef-nginx-1 | grep -A 10 "Ports" ``` Should show `0.0.0.0` bindings. **Check 2: Firewall** ```bash sudo ufw status # or sudo iptables -L -n | grep -E "(80|8080|8081|9090)" ``` **Check 3: Cloud Security Groups** - Verify security group rules allow inbound traffic - Check network ACLs **Check 4: Service Status** ```bash docker-compose -f docker/compose/docker-compose.yml -p mozdef ps ``` All services should be "Up" and "healthy". ### Issue: Port already in use If port is already in use: ```bash # Find process using port sudo lsof -i :80 # or sudo netstat -tulpn | grep :80 # Stop conflicting service or change MozDef port ``` ### Issue: Connection timeout 1. Check if service is running: ```bash docker-compose -f docker/compose/docker-compose.yml -p mozdef ps ``` 2. Check service logs: ```bash docker-compose -f docker/compose/docker-compose.yml -p mozdef logs nginx ``` 3. Verify network connectivity: ```bash ping YOUR_SERVER_IP telnet YOUR_SERVER_IP 80 ``` --- ## ✅ Success Criteria - [x] All ports bound to `0.0.0.0` - [x] REST API port 8081 exposed - [x] Firewall rules configured - [x] Services accessible from external network - [x] All endpoints responding --- ## 🎯 Next Steps 1. **Test External Access:** - Open browser: `http://YOUR_SERVER_IP` - Verify MozDef login page appears 2. **Configure SSL (Optional but Recommended):** - Set up Let's Encrypt certificate - Configure HTTPS in Nginx 3. **Monitor Access:** - Check access logs - Monitor for unauthorized access attempts 4. **Document Access:** - Document URLs for team - Set up bookmarks - Configure monitoring --- **Status:** ✅ Configured for global access **Last Updated:** $(date)