diff --git a/cmd/crowdsec-cli/api.go b/cmd/crowdsec-cli/api.go index 81876e8a7..4c7af50da 100644 --- a/cmd/crowdsec-cli/api.go +++ b/cmd/crowdsec-cli/api.go @@ -102,7 +102,6 @@ func pullTOP() error { if _, ok := item["scenario"]; !ok { continue } - item["scenario"] = fmt.Sprintf("api: %s", item["scenario"]) if _, ok := item["action"]; !ok { continue diff --git a/cmd/crowdsec-cli/ban.go b/cmd/crowdsec-cli/ban.go index 5507c4961..4976c87b5 100644 --- a/cmd/crowdsec-cli/ban.go +++ b/cmd/crowdsec-cli/ban.go @@ -20,10 +20,11 @@ import ( var remediationType string var atTime string -var all bool //user supplied filters var ipFilter, rangeFilter, reasonFilter, countryFilter, asFilter string +var displayLimit int +var displayAPI, displayALL bool func simpleBanToSignal(targetIP string, reason string, expirationStr string, action string, asName string, asNum string, country string, banSource string) (types.SignalOccurence, error) { var signalOcc types.SignalOccurence @@ -216,10 +217,9 @@ func BanList() error { table.SetHeader([]string{"Source", "Ip", "Reason", "Bans", "Action", "Country", "AS", "Events", "Expiration"}) dispcount := 0 - totcount := 0 apicount := 0 for _, rm := range ret { - if !all && rm["source"] == "api" { + if !displayAPI && rm["source"] == "api" { apicount++ if _, ok := uniqAS[rm["as"]]; !ok { uniqAS[rm["as"]] = true @@ -227,27 +227,55 @@ func BanList() error { if _, ok := uniqCN[rm["cn"]]; !ok { uniqCN[rm["cn"]] = true } - continue } - if dispcount < 20 { - table.Append([]string{rm["source"], rm["iptext"], rm["reason"], rm["bancount"], rm["action"], rm["cn"], rm["as"], rm["events_count"], rm["until"]}) + if displayALL { + if rm["source"] == "api" { + if displayAPI { + table.Append([]string{rm["source"], rm["iptext"], rm["reason"], rm["bancount"], rm["action"], rm["cn"], rm["as"], rm["events_count"], rm["until"]}) + dispcount++ + continue + } + } else { + table.Append([]string{rm["source"], rm["iptext"], rm["reason"], rm["bancount"], rm["action"], rm["cn"], rm["as"], rm["events_count"], rm["until"]}) + dispcount++ + continue + } + } else if dispcount < displayLimit { + if displayAPI { + if rm["source"] == "api" { + table.Append([]string{rm["source"], rm["iptext"], rm["reason"], rm["bancount"], rm["action"], rm["cn"], rm["as"], rm["events_count"], rm["until"]}) + dispcount++ + continue + } + } else { + if rm["source"] != "api" { + table.Append([]string{rm["source"], rm["iptext"], rm["reason"], rm["bancount"], rm["action"], rm["cn"], rm["as"], rm["events_count"], rm["until"]}) + dispcount++ + continue + } + } } - totcount++ - dispcount++ - } if dispcount > 0 { - if !all { - fmt.Printf("%d local decisions:\n", totcount) + if !displayAPI { + fmt.Printf("%d local decisions:\n", dispcount) + } else if displayAPI && !displayALL { + fmt.Printf("%d decision from API\n", dispcount) + } else if displayALL && displayAPI { + fmt.Printf("%d decision from crowdsec and API\n", dispcount) } table.Render() // Send output - if dispcount > 20 { + if dispcount > displayLimit && !displayALL { fmt.Printf("Additional records stripped.\n") } } else { - fmt.Printf("No local decisions.\n") + if displayAPI { + fmt.Println("No API decisions") + } else { + fmt.Println("No local decisions") + } } - if !all { + if !displayAPI { fmt.Printf("And %d records from API, %d distinct AS, %d distinct countries\n", apicount, len(uniqAS), len(uniqCN)) } } @@ -404,7 +432,8 @@ cscli ban del range 1.2.3.0/24`, Short: "List local or api bans/remediations", Long: `List the bans, by default only local decisions. -If --all/-a is specified, api-provided bans will be displayed too. +If --all/-a is specified, bans will be displayed without limit (--limit). +Default limit is 50. Time can be specified with --at and support a variety of date formats: - Jan 2 15:04:05 @@ -427,12 +456,14 @@ Time can be specified with --at and support a variety of date formats: }, } cmdBanList.PersistentFlags().StringVar(&atTime, "at", "", "List bans at given time") - cmdBanList.PersistentFlags().BoolVarP(&all, "all", "a", false, "List as well bans received from API") + cmdBanList.PersistentFlags().BoolVarP(&displayALL, "all", "a", false, "List bans without limit") + cmdBanList.PersistentFlags().BoolVarP(&displayAPI, "api", "", false, "List as well bans received from API") cmdBanList.PersistentFlags().StringVar(&ipFilter, "ip", "", "List bans for given IP") cmdBanList.PersistentFlags().StringVar(&rangeFilter, "range", "", "List bans belonging to given range") cmdBanList.PersistentFlags().StringVar(&reasonFilter, "reason", "", "List bans containing given reason") cmdBanList.PersistentFlags().StringVar(&countryFilter, "country", "", "List bans belonging to given country code") cmdBanList.PersistentFlags().StringVar(&asFilter, "as", "", "List bans belonging to given AS name") + cmdBanList.PersistentFlags().IntVar(&displayLimit, "limit", 50, "Limit of bans to display (default 50)") cmdBan.AddCommand(cmdBanList) return cmdBan diff --git a/cmd/crowdsec-cli/install.go b/cmd/crowdsec-cli/install.go index f0632c592..dc76a7eb0 100644 --- a/cmd/crowdsec-cli/install.go +++ b/cmd/crowdsec-cli/install.go @@ -71,7 +71,7 @@ you should [update cscli](./cscli_update.md). var cmdInstallParser = &cobra.Command{ Use: "parser [config]", - Short: "Install given log parser", + Short: "Install given parser", Long: `Fetch and install given parser from hub`, Example: `cscli install parser crowdsec/xxx`, Args: cobra.MinimumNArgs(1), @@ -79,7 +79,9 @@ you should [update cscli](./cscli_update.md). if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("failed to get Hub index : %v", err) } - InstallItem(args[0], cwhub.PARSERS) + for _, name := range args { + InstallItem(name, cwhub.PARSERS) + } }, } cmdInstall.AddCommand(cmdInstallParser) @@ -93,7 +95,9 @@ you should [update cscli](./cscli_update.md). if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("failed to get Hub index : %v", err) } - InstallItem(args[0], cwhub.SCENARIOS) + for _, name := range args { + InstallItem(name, cwhub.SCENARIOS) + } }, } cmdInstall.AddCommand(cmdInstallScenario) @@ -108,7 +112,9 @@ you should [update cscli](./cscli_update.md). if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("failed to get Hub index : %v", err) } - InstallItem(args[0], cwhub.COLLECTIONS) + for _, name := range args { + InstallItem(name, cwhub.COLLECTIONS) + } }, } cmdInstall.AddCommand(cmdInstallCollection) @@ -124,7 +130,9 @@ As a reminder, postoverflows are parsing configuration that will occur after the if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("failed to get Hub index : %v", err) } - InstallItem(args[0], cwhub.PARSERS_OVFLW) + for _, name := range args { + InstallItem(name, cwhub.PARSERS_OVFLW) + } }, } cmdInstall.AddCommand(cmdInstallPostoverflow) diff --git a/cmd/crowdsec-cli/remove.go b/cmd/crowdsec-cli/remove.go index 984b536e0..55c1e9baf 100644 --- a/cmd/crowdsec-cli/remove.go +++ b/cmd/crowdsec-cli/remove.go @@ -71,15 +71,13 @@ func NewRemoveCmd() *cobra.Command { log.Fatalf("Failed to get Hub index : %v", err) } - if remove_all && len(args) == 0 { + if remove_all { RemoveMany(cwhub.PARSERS, "") - } else if len(args) == 1 { - RemoveMany(cwhub.PARSERS, args[0]) } else { - _ = cmd.Help() - return + for _, name := range args { + RemoveMany(cwhub.PARSERS, name) + } } - //fmt.Println("remove/disable parser: " + strings.Join(args, " ")) }, } cmdRemove.AddCommand(cmdRemoveParser) @@ -92,13 +90,12 @@ func NewRemoveCmd() *cobra.Command { if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("Failed to get Hub index : %v", err) } - if remove_all && len(args) == 0 { + if remove_all { RemoveMany(cwhub.SCENARIOS, "") - } else if len(args) == 1 { - RemoveMany(cwhub.SCENARIOS, args[0]) } else { - _ = cmd.Help() - return + for _, name := range args { + RemoveMany(cwhub.SCENARIOS, name) + } } }, } @@ -112,13 +109,12 @@ func NewRemoveCmd() *cobra.Command { if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("Failed to get Hub index : %v", err) } - if remove_all && len(args) == 0 { + if remove_all { RemoveMany(cwhub.COLLECTIONS, "") - } else if len(args) == 1 { - RemoveMany(cwhub.COLLECTIONS, args[0]) } else { - _ = cmd.Help() - return + for _, name := range args { + RemoveMany(cwhub.COLLECTIONS, name) + } } }, } @@ -133,13 +129,12 @@ func NewRemoveCmd() *cobra.Command { if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("Failed to get Hub index : %v", err) } - if remove_all && len(args) == 0 { + if remove_all { RemoveMany(cwhub.PARSERS_OVFLW, "") - } else if len(args) == 1 { - RemoveMany(cwhub.PARSERS_OVFLW, args[0]) } else { - _ = cmd.Help() - return + for _, name := range args { + RemoveMany(cwhub.PARSERS_OVFLW, name) + } } }, } diff --git a/cmd/crowdsec-cli/upgrade.go b/cmd/crowdsec-cli/upgrade.go index da0bafc08..6fdacb03a 100644 --- a/cmd/crowdsec-cli/upgrade.go +++ b/cmd/crowdsec-cli/upgrade.go @@ -124,14 +124,14 @@ cscli upgrade --force # Overwrite tainted configuration if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("Failed to get Hub index : %v", err) } - if len(args) == 1 { - UpgradeConfig(cwhub.PARSERS, args[0]) - //UpgradeConfig(cwhub.PARSERS_OVFLW, "") - } else if upgrade_all { + if upgrade_all { UpgradeConfig(cwhub.PARSERS, "") } else { - _ = cmd.Help() + for _, name := range args { + UpgradeConfig(cwhub.PARSERS, name) + } } + }, } cmdUpgrade.AddCommand(cmdUpgradeParser) @@ -146,12 +146,12 @@ cscli upgrade --force # Overwrite tainted configuration if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("Failed to get Hub index : %v", err) } - if len(args) == 1 { - UpgradeConfig(cwhub.SCENARIOS, args[0]) - } else if upgrade_all { + if upgrade_all { UpgradeConfig(cwhub.SCENARIOS, "") } else { - _ = cmd.Help() + for _, name := range args { + UpgradeConfig(cwhub.SCENARIOS, name) + } } }, } @@ -168,12 +168,12 @@ cscli upgrade --force # Overwrite tainted configuration if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("Failed to get Hub index : %v", err) } - if len(args) == 1 { - UpgradeConfig(cwhub.COLLECTIONS, args[0]) - } else if upgrade_all { + if upgrade_all { UpgradeConfig(cwhub.COLLECTIONS, "") } else { - _ = cmd.Help() + for _, name := range args { + UpgradeConfig(cwhub.COLLECTIONS, name) + } } }, } @@ -191,12 +191,12 @@ cscli upgrade --force # Overwrite tainted configuration if err := cwhub.GetHubIdx(); err != nil { log.Fatalf("Failed to get Hub index : %v", err) } - if len(args) == 1 { - UpgradeConfig(cwhub.PARSERS_OVFLW, args[0]) - } else if upgrade_all { + if upgrade_all { UpgradeConfig(cwhub.PARSERS_OVFLW, "") } else { - _ = cmd.Help() + for _, name := range args { + UpgradeConfig(cwhub.PARSERS_OVFLW, name) + } } }, } diff --git a/pkg/cwhub/hubMgmt.go b/pkg/cwhub/hubMgmt.go index 6321e78a0..62ba902c4 100644 --- a/pkg/cwhub/hubMgmt.go +++ b/pkg/cwhub/hubMgmt.go @@ -813,9 +813,6 @@ func HubStatus(itype string, name string, list_all bool) []map[string]string { log.Errorf("type %s doesn't exist", itype) return nil } - if list_all { - log.Printf("only enabled ones") - } var mli []map[string]string /*remember, you do it for the user :)*/