Integrate security extensions
This merge request will incorporate the project of my thesis (Wazuh and StackRox security extensions) and some further, smaller improvements from after the thesis.
Additionally, here is a list with ideas on how to improve the project as well as some other notes:
Issues to be resolved before the merge
- Wazuh dashboard can not be accessed with new Kaapana version when using SSO (Keycloak?). Error message is
The page isn’t redirecting properly
and there is a redirect ping pong between/security-wazuh/auth/openid/login
and/auth/realms/kaapana/protocol/openid-connect/auth?client_id=kaapana&response_type=code&redirect_uri=<HOST>%3A443%2Fsecurity-wazuh%2Fauth%2Fopenid%2Flogin&state=<STATE>&scope=openid%20profile%20email%20address%20phone
- StackRox dashboard can not be accessed with new Kaapana version when using SSO (Keycloak?). Gives a Kaapana error
Invalid parameter: redirect_uri
Potential Improvements
- !! IMPORTANT !! Wazuh credentials for interal OpenSearch -> can this use SSO as well?
- Bring the UI more in line with rest of Kaapana
- Proper notification system (persistent notifications and UI for showing them & marking them 'done') -> make it generic enough to be used throughout kaapana or use existing system (if Kaapana has one in the meantime)
- Create a UI form for adding new Wazuh agents which results in a cli command (instead of linking to the Wazuh documentation when clicking
Add new agent
) - Filtering / searching items in lists
- Save data in new persistence api
- Pagination for requests from security frontend > security backend (backend > provider requests already use pagination)
- Scan single Docker images with StackRox API (either uploaded or from registry link)
- Offline database updates for both providers
- UI for managing / showing account credentials (for API access)?
- Improve permissions for extension folders on file system
- Wazuh file integrity monitoring -> configure folders that should be scanned (
[...]/kaapana/services/applications/security-wazuh/docker-init/files/shared_agent_config.xml
has a file integrity monitoring block where<directories>
can be specified - Kaapana favicon for security frontend (currently has the default Vue icon, but afaik this is not displayed anywhere)
- Both providers have email and slack notifications: make them configurable from security pages frontend
Questions
- Persistent volumes - anything that needs to be done before the merge? Kaapana now uses
dynamicPersistentVolumes
for some charts, I have no idea how this works😄
Todos done since the end of the thesis
- Use random passwords for StackRox (Login and API), in line with how it was implemented for Wazuh
- Automatic set up of SSO for StackRox
- Use default base image, except for security frontend (does not build correctly with base-python-cpu) & Wazuh init container (oci error during runtime)
- Security backend might fail for some methods (they might need Python 3.10, not sure right now)
- Wazuh agent installation optional on server installation
- Better error page with reload / go back
- Documentation (at least the absolute minimum of mentioning the providers)
- Some cleanup