Using a Proxy With AC-Hunter

November 28, 2023
F
Using a Proxy With AC-Hunter

Because AC-Hunter is a security tool, it’s common that it may be placed in a network segment that can’t make direct outbound connections but allows requests sent through an HTTP or HTTPS proxy. This blocks AC-Hunter from 1) checking for updated AC-Hunter versions, 2) installing and updating packages during the install, and 3) sending outbound Slack alerts.

With a short adjustment to two configuration files AC-Hunter can use your proxy for its outbound connections, both during the installation and during normal operation.

 

Setting Environment Variables to Force Using a Proxy in AC-Hunter

You have the ability to set environment variables for your containers by editing the yaml files that start them up. For example, if we want to set the Linux *_proxy variables for the API container, please do the following. Edit /opt/AC-Hunter/docker/api.yaml with:

sudo nano /opt/AC-Hunter/docker/api.yaml

In that file scroll down to the “services:” section, the “api:” section inside that, and the “environment:” section in “api:”. You’ll see some environment variables already there. Below them, add the following lines, preserving the spacing exactly as the others (in my case, there are 6 spaces before each “-“. You’ll need to replace “http://” with “https://” if the proxy expects an https connection, “1.2.3.4” with the IP address of the proxy, and “3128” with the TCP port to which the proxy is listening in all 6 lines. The “dash” is required.

- http_proxy="http://1.2.3.4:3128/"
- https_proxy="http://1.2.3.4:3128/"
- ftp_proxy="http://1.2.3.4:3128/"
- HTTP_PROXY="http://1.2.3.4:3128/"
- HTTPS_PROXY="http://1.2.3.4:3128/"
- FTP_PROXY="http://1.2.3.4:3128/"

The URL placed inside the pairs of quotes can also accept a username and password if needed to access the proxy, like:

- http_proxy="http://bart:[email protected]:3128/"
- https_proxy="http://bart:[email protected]:3128/"
- ftp_proxy="http://bart:[email protected]:3128/"
- HTTP_PROXY="http://bart:[email protected]:3128/"
- HTTPS_PROXY="http://bart:[email protected]:3128/"
- FTP_PROXY="http://bart:[email protected]:3128/"

If your proxy IP address is an IPv6 address, it needs to be surrounded by square brackets so that it’s clear which part is the IPv6 address and which part is the port:

- http_proxy="http://[fe80:cafe::7]:3128/"
- https_proxy="http://[fe80:cafe::7]:3128/"
- ftp_proxy="http://[fe80:cafe::7]:3128/"
- HTTP_PROXY="http://[fe80:cafe::7]:3128/"
- HTTPS_PROXY="http://[fe80:cafe::7]:3128/"
- FTP_PROXY="http://[fe80:cafe::7]:3128/"

Once you have the modified versions of these lines added, save and exit.

Restart AC-Hunter with:

hunt down ; sleep 10 ; hunt up -d

(You should _not_ need to add –force-recreate to the above command)

Finally, please make a backup of api.yaml somewhere so you can pull in these changes after a future upgrade.

Once these changes are in place, most command line tools that need to place outbound connections understand they should look at these environment variables to locate a proxy.

 

Forcing a Proxy During the AC-Hunter Install

If you also need to use a proxy during the initial install, you’ll have to do that at the command line for the user doing the install. Edit the file “~/.bash_profile” and add the following lines:

export http_proxy="http://1.2.3.4:3128/"
export https_proxy="http://1.2.3.4:3128/"
export ftp_proxy="http://1.2.3.4:3128/"
export HTTP_PROXY="http://1.2.3.4:3128/"
export HTTPS_PROXY="http://1.2.3.4:3128/"
export FTP_PROXY="http://1.2.3.4:3128/"

In a similar way to how you edited api.yaml above you’ll need to:

– Replace 1.2.3.4 with the IP address of your proxy (surrounding it with square brackets if it’s an IPv6 address)
– Replace “3128” with the port on which the proxy listens
– Replace “http://” with “https://” if the proxy expects HTTPS (encrypted) connections
– Add in a username and password if required to access the proxy.

Make sure you do this on all systems on which you’re installing an AC-Hunter component, and log out and log back in before trying the installation.

 

Reference

When AC-Hunter is started it uses docker-compose to actually launch the underlying programs. For more detail on setting environment variables with docker-compose, see https://docs.docker.com/compose/environment-variables/set-environment-variables/ .

 

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=8186

Category: Installation
Tags: