OpenC3 Security Layer

We take OpenC3 — an open-source command, control, and communication platform, as an example of a mission-critical application. Tirreno, in this case, acts as a forensic layer to track user actions, prevent account takeovers, help detect insider threats, and identify unusual access patterns.

Setting up data capture on an OpenC3 cluster requires only adding a Ruby middleware and building a custom image of one container.

Prerequisites

• Docker CLI

• Installed Tirreno platform.

Attention

Before implementing the provided Docker configuration in a production environment, testing it in a development or staging environment is crucial. Using these settings without prior testing and validation is strongly discouraged and done entirely at your own risk.

Tirreno Integration

Basics

In order to enable integration with Tirreno, information about the original OpenC3 requests has to be transmitted to the Tirreno API.

To achieve this we need to add a middleware to openc3-cosmos-cmd-tlm-api container, build own image and use it in Docker compose file.

Configuration Details

Firstly we need to clone OpenC3/cosmos repository

git clone https://github.com/OpenC3/cosmos

Navigate to cloned repository, copy the following into openc3-cosmos-cmd-tlm-api/lib/collect.rb and substitute Sensor URL and Api-Key:

require 'uri'
require 'net/http'
require 'json'

class CollectMiddleware
  def initialize(app)
    @app = app
  end

  def call(env)
    req = Rack::Request.new(env)

    body = req.body.read rescue ''
    req.body.rewind if req.body.respond_to?(:rewind)
    rpc = JSON.parse(body, allow_nan: true) rescue {}

    user                = env['HTTP_AUTHORIZATION'] || 'anonymus'
    event_time          = Time.now.strftime("%Y-%m-%d %H:%M:%S.%L")
    client_ip           = req.ip
    event_type_local    = rpc['method'] || ''
    http_method         = req.request_method
    user_agent          = env['HTTP_USER_AGENT'] || req.user_agent
    resource_path       = req.fullpath
    accept_lang         = env['HTTP_ACCEPT_LANGUAGE'] || req.accept_language
    event_type          = 'page_view'

    status, headers, response = @app.call(env)

    form = URI.encode_www_form(
      userName:           user,
      eventTime:          event_time,
      ipAddress:          client_ip,
      httpCode:           status,
      httpMethod:         http_method,
      eventType:          event_type,
      userAgent:          user_agent,
      url:                resource_path,
      browserLanguage:    accept_lang,
    )

    uri  = URI.parse('http://localhost/tirreno/sensor/')
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = (uri.scheme == 'https')
    headers = {
      'Content-Type'  => 'application/x-www-form-urlencoded',
      'Api-Key'       => 'XXXXXXXXXXXXXXXXXXXXXXXXX',
    }
    begin
      http.post(uri.path, form, headers)
      Rails.logger.info("Audit sent: #{resp.code} #{resp.body}")
    rescue => e
      Rails.logger.error("Audit failed: #{e.class.name} #{e.message}")
    end

    [status, headers, response]
  end
end

Add these two lines into openc3-cosmos-cmd-tlm-api/config.ru:

require_relative 'lib/collect'

use CollectMiddleware

So full updated file should look like:

# This file is used by Rack-based servers to start the application.

require_relative 'config/environment'
require 'prometheus/middleware/collector'
require 'prometheus/middleware/exporter'
require_relative 'lib/collect'

use CollectMiddleware
use Prometheus::Middleware::Collector
use Prometheus::Middleware::Exporter, {:path => '/openc3-api/metrics'}

run Rails.application
Rails.application.load_server

Then navigate to openc3-cosmos-cmd-tlm-api directory (cd openc3-cosmos-cmd-tlm-api).

And run docker build -t tirreno-custom/openc3-cosmos-cmd-tlm-api:latest .

Final Steps

After building custom image of openc3-cosmos-cmd-tlm-api container we should start regular Docker OpenC3 COSMOS build.

Clone OpenC3/cosmos-project repository:

git clone https://github.com/OpenC3/cosmos-project

Navigate to cloned repository and edit compose.yaml file by replacing line

image: "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-cosmos-cmd-tlm-api${OPENC3_IMAGE_SUFFIX}:${OPENC3_TAG}"

in openc3-cosmos-cmd-tlm-api section with

image: "tirreno-custom/openc3-cosmos-cmd-tlm-api:latest"

so docker compose will use custom image instead of one from OpenC3 registry.

That’s it! The only step left is starting OpenC3 build as in main installation instruction with ./openc3.sh run.