Disable SOC authentication for monitoring kiosk

[I-Simon-I]

Hi !

I'd like to know if there is a way to disable the login page for a specific IP address when accessing Security Onion ?

The goal is to have a kiosk that will rotate tabs between Grafana and other dashboards without needing to enter credentials and such

Thx for this amazing project !

[rosswakelin]

I would love to see this as well. We have come across a LARGE number of monitoring/alerting toolsets that just don't understand the concept of wall screens and rotating display. SIGH

[I-Simon-I]

I know you can disable authentication for Kibana but I'd love to do it for the SOC as well to keep the "Alerts" tab active

[TOoSmOotH]

We have come across a LARGE number of monitoring/alerting toolsets that just don't understand the concept of wall screens and rotating display. SIGH

I understand the concept of wall screens and rotating displays. I also understand the type of data that is in SO and what can be done with some of that data. You should NEVER allow access to SO by just IP alone. The solution here is pretty simple. Create a limited auditor user to use to log into SOC. The limited auditor role was added to the roles for exactly the use case of a screen in a operations center. https://docs.securityonion.net/en/2.3/rbac.html#default-roles

Then adjust your timeout value to be a week or so.
https://docs.securityonion.net/en/2.3/soc-customization.html#session-timeout

[I-Simon-I]

That would be a good solution indeed, would this value work for example ?

kratos:
  sessiontimeout: 20y

Thx for your time !

[TOoSmOotH]

That would be a good solution indeed, would this value work for example ?

kratos:
  sessiontimeout: 20y

Thx for your time !

This setting applies to all users so this would be a really bad idea. A week will get you in trouble with most auditors. But lucky for you you are free to change it to whatever you like. I don't know if it will work for years so you might have to set it to 175200h.