Authentication request

[jasonblanks]

Not so much as a real issue other than just an issue for me. I love this tool, it really helps out my team and I see huge value, but I have been ask to take it down due to there being no auth and leaving images open to anyone on the network. Do you have any suggestions on how you or others are dealing with this? Also maybe a feature request to add authentication and user management.

[kevthehermit]

Django has some authentication models built in i can look to include one of those.

[kevthehermit]

Ok, so i have auth working, you can use the builtin django admin panel to manage accounts.
Is it worth having granular permissions?

i.e. read only, analyst, admin

[jasonblanks]

This is amazing, thank you for such a fast response! I think this might be where my lack of django knowledge will show. I am able to authenticate by adding myself as an admin and logging into the admin view.

git pull origin auth

2. ran server noticed error to migrate, did 'python manage.py migrate' but was getting an error after:
   Quit the server with CONTROL-C. ERROR Internal Server Error: / Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/exception.py", line 39, in inner response = get_response(request) File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 249, in _legacy_get_response response = self._get_response(request) File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 187, in _get_response response = self.process_exception_by_middleware(e, request) File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 185, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/opt/VolUtility/web/views.py", line 171, in main_page if config['auth']['enable'].lower() == 'true' and not request.user.is_authenticated: KeyError: 'auth' ERROR "GET / HTTP/1.1" 500 71371

Decided to drop databases created as I just had a test image loaded:
--mongo

show dbs
admin 0.000GB
local 0.000GB
voldb 0.000GB
voldbfs 0.005GB

dropped voldb & voldbfs and restarted server, everything is up and working now.

4. Getting the 'needs to be authenticated' when loading page,

But one problem, not sure how to authenticate, here is my lack of django is showing..

5. Added myself as a admin user to the back-end, looks good I now log in to the admin view and create a session which I can now begin using volutiltity, aces. But whats the method to create a normal user and have them login? I added a new group in the backend and added a user with just access to create a session. What is the correct way. Again, you are awesome and volutility is awesome thanks so much!

---

python manage.py changepassword administrator
CommandError: user 'administrator' does not exist
python manage.py changepassword admin
CommandError: user 'admin' does not exist

user@host> manage.py shell

from django.contrib.auth.models import User
user=User.objects.create_user('foo', password='bar')
user.is_superuser=True
user.is_staff=True
user.save()

---

Just some other thoughts on enhancement in the future, by no means overnight or if you even deam meaningful, but add an incident object using timesketch as a template where there could be multiple user accounts, bookmark & notes function, and grouping memory images within that incident object allowing teams to collaborate over images.

[kevthehermit]

I need to add the setup details. in to the wiki.
basically just run
manage.py migrate
manage.py createsuperuser
then start volutility
/admin/

Also looks like your not pulling the new element from the config file. You will need to add

[auth]
enable = True

to an existing config file.

I will do some more testing over the next ferw days before merging in to master.

Collaboration is my next thing. I want to make it easier for teams to work together but i want to avoid creating a 'crappy' ticketing / tracking system in VolUtiltiy when there are things like FIR designed to do just that.

[kevthehermit]

This is now in master and the wiki has been updated to reflect the install steps. Thanks for the suggestion.