0ct0pu5/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

support simulation mode

Browse source
This commit is contained in:
Thibault bui Koechlin 2020-07-10 17:17:53 +02:00
parent 004fd84be9
commit 3585467f14
4 changed files with 60 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
cmd/crowdsec/output.go
View file

@ -33,6 +33,10 @@ LOOP:
log.Infof("Done shutdown down output") log.Infof("Done shutdown down output")
break LOOP break LOOP
case event := <-overflow: case event := <-overflow:
//if global simulation -> everything is simulation unless told otherwise
if cConfig.SimulationCfg != nil && cConfig.SimulationCfg.Simulation {
event.Overflow.Simulation = true
}
if cConfig.Profiling { if cConfig.Profiling {
start = time.Now() start = time.Now()
} }
@ -47,6 +51,14 @@ LOOP:
if err != nil { if err != nil {
return fmt.Errorf("postoverflow failed : %s", err) return fmt.Errorf("postoverflow failed : %s", err)
} }
//check scenarios in simulation
if cConfig.SimulationCfg != nil {
for _, scenario_name := range cConfig.SimulationCfg.Exclusions {
if event.Overflow.Scenario == scenario_name {
event.Overflow.Simulation = !event.Overflow.Simulation
}
}
}
if event.Overflow.Scenario == "" && event.Overflow.MapKey != "" { if event.Overflow.Scenario == "" && event.Overflow.MapKey != "" {
//log.Infof("Deleting expired entry %s", event.Overflow.MapKey) //log.Infof("Deleting expired entry %s", event.Overflow.MapKey)

75
pkg/csconfig/config.go
View file

@ -15,29 +15,36 @@ import (
"gopkg.in/yaml.v2" "gopkg.in/yaml.v2"
) )
type SimulationConfig struct {
Simulation bool `yaml:"simulation"`
Exclusions []string `yaml:"exclusions,omitempty"`
}
// CrowdSec is the structure of the crowdsec configuration // CrowdSec is the structure of the crowdsec configuration
type CrowdSec struct { type CrowdSec struct {
WorkingFolder string `yaml:"working_dir,omitempty"` WorkingFolder string `yaml:"working_dir,omitempty"`
DataFolder string `yaml:"data_dir,omitempty"` DataFolder string `yaml:"data_dir,omitempty"`
ConfigFolder string `yaml:"config_dir,omitempty"` ConfigFolder string `yaml:"config_dir,omitempty"`
AcquisitionFile string `yaml:"acquis_path,omitempty"` AcquisitionFile string `yaml:"acquis_path,omitempty"`
SingleFile string //for forensic mode SingleFile string //for forensic mode
SingleFileLabel string //for forensic mode SingleFileLabel string //for forensic mode
PIDFolder string `yaml:"pid_dir,omitempty"` PIDFolder string `yaml:"pid_dir,omitempty"`
LogFolder string `yaml:"log_dir,omitempty"` LogFolder string `yaml:"log_dir,omitempty"`
LogMode string `yaml:"log_mode,omitempty"` //like file, syslog or stdout ? LogMode string `yaml:"log_mode,omitempty"` //like file, syslog or stdout ?
LogLevel log.Level `yaml:"log_level,omitempty"` //trace,debug,info,warning,error LogLevel log.Level `yaml:"log_level,omitempty"` //trace,debug,info,warning,error
Daemonize bool `yaml:"daemon,omitempty"` //true -> go background Daemonize bool `yaml:"daemon,omitempty"` //true -> go background
Profiling bool `yaml:"profiling,omitempty"` //true -> enable runtime profiling Profiling bool `yaml:"profiling,omitempty"` //true -> enable runtime profiling
APIMode bool `yaml:"apimode,omitempty"` //true -> enable api push APIMode bool `yaml:"apimode,omitempty"` //true -> enable api push
CsCliFolder string `yaml:"cscli_dir"` //cscli folder CsCliFolder string `yaml:"cscli_dir"` //cscli folder
NbParsers int `yaml:"parser_routines"` //the number of go routines to start for parsing NbParsers int `yaml:"parser_routines"` //the number of go routines to start for parsing
Linter bool SimulationCfgPath string `yaml:"simulation_path,omitempty"`
Prometheus bool SimulationCfg *SimulationConfig
HTTPListen string `yaml:"http_listen,omitempty"` Linter bool
RestoreMode string Prometheus bool
DumpBuckets bool HTTPListen string `yaml:"http_listen,omitempty"`
OutputConfig *outputs.OutputFactory `yaml:"plugin"` RestoreMode string
DumpBuckets bool
OutputConfig *outputs.OutputFactory `yaml:"plugin"`
} }
// NewCrowdSecConfig create a new crowdsec configuration with default configuration // NewCrowdSecConfig create a new crowdsec configuration with default configuration
@ -73,8 +80,18 @@ func (c *CrowdSec) GetCliConfig(configFile *string) error {
c.AcquisitionFile = filepath.Clean(c.ConfigFolder + "/acquis.yaml") c.AcquisitionFile = filepath.Clean(c.ConfigFolder + "/acquis.yaml")
} }
} }
if c.SimulationCfgPath != "" {
rcfg, err := ioutil.ReadFile(c.SimulationCfgPath)
if err != nil {
return fmt.Errorf("while reading '%s' : %s", c.SimulationCfgPath, err)
}
simCfg := SimulationConfig{}
if err := yaml.UnmarshalStrict(rcfg, &simCfg); err != nil {
return fmt.Errorf("while parsing '%s' : %s", c.SimulationCfgPath, err)
}
c.SimulationCfg = &simCfg
}
return nil return nil
} }
// GetOPT return flags parsed from command line // GetOPT return flags parsed from command line
@ -111,18 +128,8 @@ func (c *CrowdSec) GetOPT() error {
c.SingleFileLabel = *catFileType c.SingleFileLabel = *catFileType
} }
/*overriden by cfg file*/ if err := c.GetCliConfig(configFile); err != nil {
if *configFile != "" { log.Fatalf("Error while loading configuration : %s", err)
rcfg, err := ioutil.ReadFile(*configFile)
if err != nil {
return fmt.Errorf("read '%s' : %s", *configFile, err)
}
if err := yaml.UnmarshalStrict(rcfg, c); err != nil {
return fmt.Errorf("parse '%s' : %s", *configFile, err)
}
if c.AcquisitionFile == "" {
c.AcquisitionFile = filepath.Clean(c.ConfigFolder + "/acquis.yaml")
}
} }
if *AcquisitionFile != "" { if *AcquisitionFile != "" {

9
pkg/outputs/ouputs.go
View file

@ -44,13 +44,16 @@ func OvflwToOrder(sig types.SignalOccurence, prof types.Profile) (*types.BanOrde
var ordr types.BanOrder var ordr types.BanOrder
var warn error var warn error
if sig.Simulation {
ordr.MeasureType = "simulation:"
}
//Identify remediation type //Identify remediation type
if prof.Remediation.Ban { if prof.Remediation.Ban {
ordr.MeasureType = "ban" ordr.MeasureType += "ban"
} else if prof.Remediation.Slow { } else if prof.Remediation.Slow {
ordr.MeasureType = "slow" ordr.MeasureType += "slow"
} else if prof.Remediation.Captcha { } else if prof.Remediation.Captcha {
ordr.MeasureType = "captcha" ordr.MeasureType += "captcha"
} else { } else {
/*if the profil has no remediation, no order */ /*if the profil has no remediation, no order */
return nil, nil, fmt.Errorf("no remediation") return nil, nil, fmt.Errorf("no remediation")

1
pkg/types/signal_occurence.go
View file

@ -38,6 +38,7 @@ type SignalOccurence struct {
Capacity int `json:"capacity,omitempty"` Capacity int `json:"capacity,omitempty"`
Leak_speed time.Duration `json:"leak_speed,omitempty"` Leak_speed time.Duration `json:"leak_speed,omitempty"`
Whitelisted bool `gorm:"-"` Whitelisted bool `gorm:"-"`
Simulation bool `gorm:"-"`
Reprocess bool //Reprocess, when true, will make the overflow being processed again as a fresh log would Reprocess bool //Reprocess, when true, will make the overflow being processed again as a fresh log would
Labels map[string]string `gorm:"-"` Labels map[string]string `gorm:"-"`
} }