nifi/c2/c2-client-bundle
exceptionfactory 5bc8e49c7a NIFI-10755 Refactored SSLContext creation using nifi-security-ssl
- Added TrustManagerBuilder to nifi-security-ssl
- Removed SslContextFactory and CertificateUtils from nifi-registry
- Refactored c2-client-http
- Refactored minifi-bootstrap
- Refactored nifi-site-to-site-client
- Refactored nifi-registry-client
- Refactored nifi-registry-framework
- Refactored nifi-toolkit-admin
- Refactored nifi-toolkit-cli

Signed-off-by: Nathan Gough <thenatog@gmail.com>

This closes #6618.
2022-11-22 18:33:11 -05:00
..
c2-client-api Merge branch 'NIFI-10521-RC4' 2022-10-06 14:13:30 -07:00
c2-client-base NIFI-10679 MiNiFi C2 Update Asset Command 2022-10-28 20:09:15 +02:00
c2-client-http NIFI-10755 Refactored SSLContext creation using nifi-security-ssl 2022-11-22 18:33:11 -05:00
c2-client-service NIFI-10852 Allow commons-compress to use large OS groupid values 2022-11-21 14:05:26 -06:00
README.md NIFI-9666 Implemented MiNiFi C2 client and refactored bootstrap 2022-06-17 09:23:52 -05:00
pom.xml NIFI-10521-RC4 prepare for next development iteration 2022-10-03 10:59:36 -07:00

README.md

Apache NiFi MiNiFi Command and Control (C2) Client

The c2-client-bundle provides implementation for the client aspect of the C2 Protocol. The essence of the implementation is the heartbeat construction and the communication with the C2 server via the C2HttpClient.

Currently, relying on the C2 Protocol API is limited to sending heartbeats and processing/acknowledging UPDATE configuration operation in the response (if any). When exposed the new configuration will be downloaded and passed back to the system using the C2 protocol.

When C2 is enabled, C2ClientService will be scheduled to send heartbeats periodically, so the C2 Server can notify the client about any operations that is defined by the protocol and needs to be executed on the client side.

Using the client means that configuration changes and other operations can be triggered and controlled centrally via the C2 server making the management of clients more simple and configuring them more flexible. The client supports bidirectional TLS authentication.

Configuration

To use the client, the parameters coming from C2ClientConfig need to be properly set (this configuration class is also used for instantiating C2HeartbeatFactory and C2HttpClient)

    # The C2 Server endpoint where the heartbeat is sent
    private final String c2Url;
    
    # The C2 Server endpoint where the acknowledge is sent
    private final String c2AckUrl;
    
    # The class the agent belongs to (flow definition is tied to agent class on the server side)
    private final String agentClass;
    
    # Unique identifier for the agent if not provided it will be generated
    private final String agentIdentifier;
    
    # Directory where persistent configuration (e.g.: generated agent and device id will be persisted)
    private final String confDirectory;
    
    # Property of RuntimeManifest defined in c2-protocol. A unique identifier for the manifest
    private final String runtimeManifestIdentifier;
    
    # Property of RuntimeManifest defined in c2-protocol. The type of the runtime binary. Usually set when the runtime is built
    private final String runtimeType;
    
    # The frequency of sending the heartbeats. This property is used by the c2-client-bundle user who should schedule the client
    private final Long heartbeatPeriod;
    
    # Security properties for communication with the C2 Server
    private final String keystoreFilename;
    private final String keystorePass;
    private final String keyPass;
    private final KeystoreType keystoreType;
    private final String truststoreFilename;
    private final String truststorePass;
    private final KeystoreType truststoreType;
    private final HostnameVerifier hostnameVerifier;