Add bloodhound community

[alcastronic]

Description

This PR adds the docker containers for the bloodhound community edition to the RedELK full installation.

When installing full

Three additional containers are deployed

• bloodhound-web-app
• postgres-db
• neo4j (This replaces the previous neo4j)

Bloodhound-community is configured with a random password like the other apps are.

Because bloodhound-community can only be present at the root of a webserver a new server configuration-template has been included with nginx-conf which will listen on port 8443. As of now, the same certificate as for the Kibana server is being used.

The server will be reachable at: https://my-server:8443/ui/login

When installing limited

When the limited option is chosen, bloodhound is not installed and the nginx config is commented out.

Known issues

• Sometimes the postgres-db password is not present in the redelk_passwords.cfg file.
• Cipher queries did not return data with a collection from my old AD-lab however, ingestion works and objects are present in the UI

[alcastronic]

Fixed an error with the awk command that retrieves the password from the .env file once set. This had prevented the password from being present in the redelk_passwords.cfg when an .env file had already existed.

[alcastronic]

Secrets are currently still placed directly into the elkserver/mounts/bloodhound-config/bloodhound.config.json config file because I did not manage to make the app connect when setting it over docker environment. However that should not make a huge difference.

An issue could occur however when the password is regenerated by the install script but the volume which is used to store the bloodhound app persistent data is not. I think this is an edgecase which is unlikely to be hit.

[alcastronic]

@MarcOverIP Did you already have had a chance to look into this. If so, Is there anything you would like to have added or changed?

[MarcOverIP]

Hi @alcastronic Im extremely happy with the work. I was offline for holidays. This week is busy, but next week I have some time allocated for this. Ill update you then.

[MarcOverIP]

Secrets are currently still placed directly into the elkserver/mounts/bloodhound-config/bloodhound.config.json config file because I did not manage to make the app connect when setting it over docker environment. However that should not make a huge difference.

An issue could occur however when the password is regenerated by the install script but the volume which is used to store the bloodhound app persistent data is not. I think this is an edgecase which is unlikely to be hit.

Agree.

[MarcOverIP]

@alcastronic seems like solid work! Thank you.

I havent done a lot of testing. But Im merging. In the case issues still arise we can troubleshoot. Merging now, keeping thread open for some time.