Current ThreatQ Version Filter
 

Configure Proxy for Commands and Custom Connectors

With ThreatQ v6, commands and custom connectors will follow the proxy settings set in the ThreatQ UI.  See the Proxy Settings in the ThreatQ UI topic for more details.  This differs from configuring proxy for commands and custom connectors in ThreatQ v5, which requires editing the environment file.

PIP and YUM upgrade commands, as well as custom connectors and associated cron jobs, require that you set your proxy information in your environment files. This does not replace the setting the Proxy Settings in the ThreatQ UI but must be performed in addition in order to use custom connectors and the commands.

Before you begin, you should collect a list of proxy exceptions. These are entries that you do not want to add to the proxy. The exceptions can be hostnames or FQDNs. In the case where DNS is not available, you can use the /etc/hosts to ensure hostname resolution is recommended.

  1. SSH into your ThreatQ instance.

  2. Open the environment file using the vi command:

    vi /etc/environment

  3. Press the i character to enter insert mode.  Enter your following entry into the file while replacing the placeholders with your information. These settings are case-sensitive so you must include both the lowercase, ex: http, and uppercase, ex: HTTP, versions.

    You can add exceptions to the no_proxy strings to prevent specific entries that should not be forwarded to the proxy. The minimal value for no_proxy should be the loopback IP address and "localhost" plus the TQ entry for itself "threatq". Do not use CIDR notation or wildcards with no_proxy entries as they are not accepted formats. In that situation, list the IP addresses.

    If Proxy Server Requires a Password

    http_proxy=http://<username>:<password>@<Proxy IP>:<Proxy Port>
    HTTP_PROXY=http://<username>:<password>@<Proxy IP>:<Proxy Port>
    https_proxy=http://<username>:<password>@<Proxy IP>:<Proxy Port>
    HTTPS_PROXY=http://<username>:<password>@<Proxy IP>:<Proxy Port>
    no_proxy=localhost,127.0.0.1,threatq,<ThreatQ IP>, <ThreatQ Hostname>
    NO_PROXY=localhost,127.0.0.1,threatq,<ThreatQ IP>, <ThreatQ Hostname>

    If Proxy Server Does Not Require a Password

    http_proxy=http://<Proxy IP>:<Proxy Port>
    HTTP_PROXY=http://<Proxy IP>:<Proxy Port>
    https_proxy=http://<Proxy IP>:<Proxy Port>
    HTTPS_PROXY=http://<Proxy IP>:<Proxy Port>
    no_proxy=localhost,127.0.0.1,threatq,<ThreatQ IP>, <ThreatQ Hostname>
    NO_PROXY=localhost,127.0.0.1,threatq,<ThreatQ IP>, <ThreatQ Hostname>

  4. Press the ESC key and enter the following command to close the editor:

    :wq <Enter Key>

    The next several steps will show you how to ensure that custom connector CRON jobs are able to use the proxy settings. This is achieved by sourcing the environment script so that it is available to all child sessions and applications.

  5. Open the proxy.sh file using the vi command:

    vi /etc/profile.d/proxy.sh

  6. Press the i key to enter Insert mode and enter the following lines:

    set -a
source /etc/environment
set +a

    This will ensure the automatic export of any variables created.

  7. Press the ESC key and enter the following command to close the editor:

    :wq <Enter Key>

  8. Log out of your session and then log back in.

  9. Run the following command to confirm your settings:

    printenv | grep -i proxy

  10. Remove any other proxy-related files from the /etc/profile.d directory.