Skip to content

TAXII Server 1.x

Jump to bottom
stmtstk edited this page Feb 21, 2022 · 2 revisions

S-TIP runs as a TAXII version 1.x Server by installing opentaxii.

This section describes opentaxii installation and link with S-TIP.

1. Install S-TIP TXS (TAXII-Server)

sudo ./setup_txs.sh

2. Create cert files

Following commands are examples of creating self-signed certification, it is insecure.

You should replace them for legitimate cert files if a secure connection is needed.

# create cert files
openssl genrsa 2048 > server.key
openssl req -new -key server.key > server.csr
 (Input each information if needed)
openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt

# move cert files
sudo mv server.key /etc/supervisor/conf.d/cert/
sudo mv server.crt /etc/supervisor/conf.d/cert/

# chmod / remove cert files
sudo chmod 600 /etc/supervisor/conf.d/cert/server.key
sudo chmod 600 /etc/supervisor/conf.d/cert/server.crt
rm server.csr

3. Configuration

Modify the IP address "192.168.1.1" to your TAXII server IP address in 3 files.

  • Modify stip-txs/bin/taxii_server file
#!/bin/sh
export PYTHONPATH=/opt/s-tip/txs/src:/opt/s-tip/rs/src
export OPENTAXII_CONFIG=/opt/s-tip/txs/conf/config.yaml
export DJANGO_SETTINGS_MODULE=ctirs.settings

gunicorn3 opentaxii.http:app --bind 192.168.1.1:9000 --daemon <- Change "192.168.1.1" to your IP Address
  • Modify /opt/s-tip/txs/conf/config.yaml file
 domain: "192.168.1.1:9000"  <- Change "192.168.1.1" to your IP Address
 support_basic_auth: yes

 persistence_api:
   class: api.StipTaxiiServerAPI
 :
  • Modify /etc/supervisor/conf.d/stip-taxii-server.ini file
 [program:stip-taxii-server]
 command =
    gunicorn3 opentaxii.http:app
        --bind 192.168.1.1:9000 <- Change "192.168.1.1" to your IP Address
        --workers 1
        --log-level info
        --log-file -
:

TAXII Server works HTTPS by default. For http, remove the following lines.

        --keyfile /etc/supervisor/conf.d/cert/server.key
        --certfile /etc/supervisor/conf.d/cert/server.crt
  • Create a collection for TAXII Server

  1. Log in to RS (port 10001) as admin user and click the menu "Configuration" -> "Taxii Server".

  2. Create new TAXII collection (e.g. "my_collection").

  3. Click "Detail" and choose Information Sources (e.g. s-tip-sns). At least one STIX file must be stored in S-TIP. This name is included in the STIX file as "stix:InformationSource".

  4. Click "Modify & Restart" button.

  • Start supervisor service
sudo supervisord -c /etc/supervisor/supervisord.conf
supervisorctl restart all
  • Check gunicorn & supervisor processes

Example:

$ ps aux |grep gunicorn3
stip      8543  0.0  0.5  61456 23724 ?        S    10:11   0:00 /usr/bin/python3 /usr/bin/gunicorn3 opentaxii.http:app --bind 192.168.1.1:9000 --workers 1 --log-level info --log-file - --timeout 300 --keyfile /etc/supervisor/conf.d/cert/server.key --certfile /etc/supervisor/conf.d/cert/server.crt
stip      8546  0.4  2.7 319656 111360 ?       Sl   10:11   0:01 /usr/bin/python3 /usr/bin/gunicorn3 opentaxii.http:app --bind 192.168.1.1:9000 --workers 1 --log-level info --log-file - --timeout 300 --keyfile /etc/supervisor/conf.d/cert/server.key --certfile /etc/supervisor/conf.d/cert/server.crt
stip      8914  0.0  0.0  13136   984 pts/1    S+   10:15   0:00 grep --color=auto gunicorn

$ ps aux |grep supervisor
stip      8543  0.0  0.5  61456 23724 ?        S    10:11   0:00 /usr/bin/python3 /usr/bin/gunicorn3 opentaxii.http:app --bind 192.168.1.1:9000 --workers 1 --log-level info --log-file - --timeout 300 --keyfile /etc/supervisor/conf.d/cert/server.key --certfile /etc/supervisor/conf.d/cert/server.crt
stip      8546  0.3  2.7 319656 111360 ?       Sl   10:11   0:01 /usr/bin/python3 /usr/bin/gunicorn3 opentaxii.http:app --bind 192.168.1.1:9000 --workers 1 --log-level info --log-file - --timeout 300 --keyfile /etc/supervisor/conf.d/cert/server.key --certfile /etc/supervisor/conf.d/cert/server.crt
stip      8966  0.0  0.0  13136  1060 pts/1    S+   10:17   0:00 grep --color=auto supervisor
root     12814  0.0  0.5  77404 21400 ?        Ss   Dec25   0:09 /usr/bin/python3 /usr/local/bin/supervisord

3. Automatic Start

Following is an example on Ubuntu.

  • Create supervisord script

Download example initscripts for supervisord. Then specify DAEMON_ARGS as "-c /etc/supervisor/supervisord.conf".

sudo vi /etc/init.d/supervisord
sudo chmod +x /etc/init.d/supervisord
sudo update-rc.d supervisord defaults
  • Create supervisord service with systemd
sudo vi /lib/systemd/system/supervisord.service

Specify "ExecStart=/etc/init.d/supervisord start".

  • Enable supervisord service
sudo systemctl enable supervisord
  • FAQ

If you have an error about Permisson denied /root/.stixmarx, please run sudo mkdir /root/.stixmarx; sudo chown 0666 /root/.stixmarx/.

stixmarx is one of the STIX converter libraries.

The library requires storing some JSON files into ~/.stixmarx. S-TIP TXS runs via supervisor and supervisor runs as a root user. On the other hand, supervisor runs S-TIP TXS as a stip user. So stixmarx can not create /root/.stixmarx.

Clone this wiki locally