Follow these steps to set up and run the API project:
git clone https://github.com/adriyansyah-mf/CentralizedFirewall
cd CentralizedFirewallUpdate the environment variables in .env according to your configuration.
nano .envdocker compose up -dThis will start the API in detached mode.
Check if the containers are up:
docker psdocker compose downdocker compose restartLet me know if you need any modifications! 🚀
- Install Firewall Agent on your node server
- Run the agent with the following command
sudo dpkg -i firewall-client_deb.deb- Create a New Group on the Firewall Manager
- Create New API Key on the Firewall Manager
- Edit the configuration file on the node server
nano /usr/local/bin/config.ini- Add the following configuration
[settings]
api_url = API-URL
api_key = API-KEY
hostname = Node Hostname (make it unique and same as the hostname on the SIEM) - Restart the firewall agent
systemctl daemon-reload
systemctl start firewall-agent- Check the status of the firewall agent
systemctl status firewall-agent- You will see the connected node on the Firewall Manager
Username: admin
Password: adminYou can change the default credential on the setting page
- Install the SIEM on your server
- Configure the SIEM to send the log to the Firewall Manager (You can do this via SOAR or SIEM configuration) The request should be POST with the following format
- The format of the log should be like this
curl -X 'POST' \
'http://api-server:8000/general/add-ip?ip=123.1.1.99&hostname=test&apikey=apikey&comment=log' \
-H 'accept: application/json' \
-d ''You can see the swagger documentation on the following link
http://api-server:8000/docsDB=changeme
JWT_SECRET=changeme
PASSWORD_SALT=changme
PASSWORD_TOKEN_KEY=changme
OPENCTI_URL=changme
OPENCTI_TOKEN=changmeIf you find this project helpful, consider supporting me through GitHub Sponsors:
