Hi!
Security Onion is a great project, thank you!I am experimenting with the ELK build right now. X-Pack includes reporting for Kibana but is not free/open source.
My goal: I like to send myself periodic flashy PDFs of dashboards ;)
In a previous build, I used a simple cron job script that used wkhtmltopdf and ssmtp to log into an ELSA dashboard, generate a PDF and email it out. This worked because the login in that older build (apparently) used basic authentication. wkthmltopdf can automatically log into such pages.
The SO ELK build uses apache form authentication. Looks nice, but now wkhtmltopdf somehow isn't able to log in anymore. I looked at the http traffic and there are some redirects happening etc.
What I tried was to use wkhtmltopdf to POST the parameters httpd_username and http_password to
https://localhost/dologin.html. I also used "--cookie-jar" to get the session cookie into a file. I can see the cookie in the cookie jar file after that, so that part appears to work.
The theory is that I should then be able to use wkhtmltopdf with the cookie jar parameter and same file after that to access the dashboard within the same session (from the cookie), e.g.
https://localhost/app/kibana.
But it's not working, all I get is a PDF of the login page. It seems that there are quite a few redirects under the hood when mod_auth_forms happens, and maybe these don't quite translate to wkhtmltopdf.
So...long story cut short, the way SO does single sign-on prevents this sort of dashboard PDF ... or I screwed up something with wkhtmltopdf.
Did anyone get this to work?
Best
Ulrich
ObjectSecurity