Support console options in console enroll (#2760)
* make dev.yaml has a valid/default console path * simplify and make more consistent help message about console opts * allow enroll to specify options to enable * allow 'all' shortcut for --enable
This commit is contained in:
Thibault "bui" Koechlin
GitHub
parent
ce32fc019e
commit
19d36c0fb2
4 changed files with 52 additions and 21 deletions
|
|
@ -7,6 +7,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/fatih/color"
|
"github.com/fatih/color"
|
||||||
"github.com/go-openapi/strfmt"
|
"github.com/go-openapi/strfmt"
|
||||||
|
|
@ -47,6 +48,7 @@ func NewConsoleCmd() *cobra.Command {
|
||||||
name := ""
|
name := ""
|
||||||
overwrite := false
|
overwrite := false
|
||||||
tags := []string{}
|
tags := []string{}
|
||||||
|
opts := []string{}
|
||||||
|
|
||||||
cmdEnroll := &cobra.Command{
|
cmdEnroll := &cobra.Command{
|
||||||
Use: "enroll [enroll-key]",
|
Use: "enroll [enroll-key]",
|
||||||
|
|
@ -56,10 +58,12 @@ Enroll this instance to https://app.crowdsec.net
|
||||||
|
|
||||||
You can get your enrollment key by creating an account on https://app.crowdsec.net.
|
You can get your enrollment key by creating an account on https://app.crowdsec.net.
|
||||||
After running this command your will need to validate the enrollment in the webapp.`,
|
After running this command your will need to validate the enrollment in the webapp.`,
|
||||||
Example: `cscli console enroll YOUR-ENROLL-KEY
|
Example: fmt.Sprintf(`cscli console enroll YOUR-ENROLL-KEY
|
||||||
cscli console enroll --name [instance_name] YOUR-ENROLL-KEY
|
cscli console enroll --name [instance_name] YOUR-ENROLL-KEY
|
||||||
cscli console enroll --name [instance_name] --tags [tag_1] --tags [tag_2] YOUR-ENROLL-KEY
|
cscli console enroll --name [instance_name] --tags [tag_1] --tags [tag_2] YOUR-ENROLL-KEY
|
||||||
`,
|
cscli console enroll --enable context,manual YOUR-ENROLL-KEY
|
||||||
|
|
||||||
|
valid options are : %s,all (see 'cscli console status' for details)`, strings.Join(csconfig.CONSOLE_CONFIGS, ",")),
|
||||||
Args: cobra.ExactArgs(1),
|
Args: cobra.ExactArgs(1),
|
||||||
DisableAutoGenTag: true,
|
DisableAutoGenTag: true,
|
||||||
RunE: func(cmd *cobra.Command, args []string) error {
|
RunE: func(cmd *cobra.Command, args []string) error {
|
||||||
|
|
@ -83,6 +87,37 @@ After running this command your will need to validate the enrollment in the weba
|
||||||
scenarios = make([]string, 0)
|
scenarios = make([]string, 0)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
enable_opts := []string{csconfig.SEND_MANUAL_SCENARIOS, csconfig.SEND_TAINTED_SCENARIOS}
|
||||||
|
if len(opts) != 0 {
|
||||||
|
for _, opt := range opts {
|
||||||
|
valid := false
|
||||||
|
if opt == "all" {
|
||||||
|
enable_opts = csconfig.CONSOLE_CONFIGS
|
||||||
|
break
|
||||||
|
}
|
||||||
|
for _, available_opt := range csconfig.CONSOLE_CONFIGS {
|
||||||
|
if opt == available_opt {
|
||||||
|
valid = true
|
||||||
|
enable := true
|
||||||
|
for _, enabled_opt := range enable_opts {
|
||||||
|
if opt == enabled_opt {
|
||||||
|
enable = false
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if enable {
|
||||||
|
enable_opts = append(enable_opts, opt)
|
||||||
|
}
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if !valid {
|
||||||
|
return fmt.Errorf("option %s doesn't exist", opt)
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
c, _ := apiclient.NewClient(&apiclient.Config{
|
c, _ := apiclient.NewClient(&apiclient.Config{
|
||||||
MachineID: csConfig.API.Server.OnlineClient.Credentials.Login,
|
MachineID: csConfig.API.Server.OnlineClient.Credentials.Login,
|
||||||
Password: password,
|
Password: password,
|
||||||
|
|
@ -100,11 +135,13 @@ After running this command your will need to validate the enrollment in the weba
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := SetConsoleOpts([]string{csconfig.SEND_MANUAL_SCENARIOS, csconfig.SEND_TAINTED_SCENARIOS}, true); err != nil {
|
if err := SetConsoleOpts(enable_opts, true); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Info("Enabled tainted&manual alerts sharing, see 'cscli console status'.")
|
for _, opt := range enable_opts {
|
||||||
|
log.Infof("Enabled %s : %s", opt, csconfig.CONSOLE_CONFIGS_HELP[opt])
|
||||||
|
}
|
||||||
log.Info("Watcher successfully enrolled. Visit https://app.crowdsec.net to accept it.")
|
log.Info("Watcher successfully enrolled. Visit https://app.crowdsec.net to accept it.")
|
||||||
log.Info("Please restart crowdsec after accepting the enrollment.")
|
log.Info("Please restart crowdsec after accepting the enrollment.")
|
||||||
return nil
|
return nil
|
||||||
|
|
@ -113,6 +150,7 @@ After running this command your will need to validate the enrollment in the weba
|
||||||
cmdEnroll.Flags().StringVarP(&name, "name", "n", "", "Name to display in the console")
|
cmdEnroll.Flags().StringVarP(&name, "name", "n", "", "Name to display in the console")
|
||||||
cmdEnroll.Flags().BoolVarP(&overwrite, "overwrite", "", false, "Force enroll the instance")
|
cmdEnroll.Flags().BoolVarP(&overwrite, "overwrite", "", false, "Force enroll the instance")
|
||||||
cmdEnroll.Flags().StringSliceVarP(&tags, "tags", "t", tags, "Tags to display in the console")
|
cmdEnroll.Flags().StringSliceVarP(&tags, "tags", "t", tags, "Tags to display in the console")
|
||||||
|
cmdEnroll.Flags().StringSliceVarP(&opts, "enable", "e", opts, "Enable console options")
|
||||||
cmdConsole.AddCommand(cmdEnroll)
|
cmdConsole.AddCommand(cmdEnroll)
|
||||||
|
|
||||||
var enableAll, disableAll bool
|
var enableAll, disableAll bool
|
||||||
|
|
|
||||||
|
|
@ -17,45 +17,30 @@ func cmdConsoleStatusTable(out io.Writer, csConfig csconfig.Config) {
|
||||||
t.SetHeaderAlignment(table.AlignLeft, table.AlignLeft, table.AlignLeft)
|
t.SetHeaderAlignment(table.AlignLeft, table.AlignLeft, table.AlignLeft)
|
||||||
|
|
||||||
for _, option := range csconfig.CONSOLE_CONFIGS {
|
for _, option := range csconfig.CONSOLE_CONFIGS {
|
||||||
|
activated := string(emoji.CrossMark)
|
||||||
switch option {
|
switch option {
|
||||||
case csconfig.SEND_CUSTOM_SCENARIOS:
|
case csconfig.SEND_CUSTOM_SCENARIOS:
|
||||||
activated := string(emoji.CrossMark)
|
|
||||||
if *csConfig.API.Server.ConsoleConfig.ShareCustomScenarios {
|
if *csConfig.API.Server.ConsoleConfig.ShareCustomScenarios {
|
||||||
activated = string(emoji.CheckMarkButton)
|
activated = string(emoji.CheckMarkButton)
|
||||||
}
|
}
|
||||||
|
|
||||||
t.AddRow(option, activated, "Send alerts from custom scenarios to the console")
|
|
||||||
|
|
||||||
case csconfig.SEND_MANUAL_SCENARIOS:
|
case csconfig.SEND_MANUAL_SCENARIOS:
|
||||||
activated := string(emoji.CrossMark)
|
|
||||||
if *csConfig.API.Server.ConsoleConfig.ShareManualDecisions {
|
if *csConfig.API.Server.ConsoleConfig.ShareManualDecisions {
|
||||||
activated = string(emoji.CheckMarkButton)
|
activated = string(emoji.CheckMarkButton)
|
||||||
}
|
}
|
||||||
|
|
||||||
t.AddRow(option, activated, "Send manual decisions to the console")
|
|
||||||
|
|
||||||
case csconfig.SEND_TAINTED_SCENARIOS:
|
case csconfig.SEND_TAINTED_SCENARIOS:
|
||||||
activated := string(emoji.CrossMark)
|
|
||||||
if *csConfig.API.Server.ConsoleConfig.ShareTaintedScenarios {
|
if *csConfig.API.Server.ConsoleConfig.ShareTaintedScenarios {
|
||||||
activated = string(emoji.CheckMarkButton)
|
activated = string(emoji.CheckMarkButton)
|
||||||
}
|
}
|
||||||
|
|
||||||
t.AddRow(option, activated, "Send alerts from tainted scenarios to the console")
|
|
||||||
case csconfig.SEND_CONTEXT:
|
case csconfig.SEND_CONTEXT:
|
||||||
activated := string(emoji.CrossMark)
|
|
||||||
if *csConfig.API.Server.ConsoleConfig.ShareContext {
|
if *csConfig.API.Server.ConsoleConfig.ShareContext {
|
||||||
activated = string(emoji.CheckMarkButton)
|
activated = string(emoji.CheckMarkButton)
|
||||||
}
|
}
|
||||||
|
|
||||||
t.AddRow(option, activated, "Send context with alerts to the console")
|
|
||||||
case csconfig.CONSOLE_MANAGEMENT:
|
case csconfig.CONSOLE_MANAGEMENT:
|
||||||
activated := string(emoji.CrossMark)
|
|
||||||
if *csConfig.API.Server.ConsoleConfig.ConsoleManagement {
|
if *csConfig.API.Server.ConsoleConfig.ConsoleManagement {
|
||||||
activated = string(emoji.CheckMarkButton)
|
activated = string(emoji.CheckMarkButton)
|
||||||
}
|
}
|
||||||
|
|
||||||
t.AddRow(option, activated, "Receive decisions from console")
|
|
||||||
}
|
}
|
||||||
|
t.AddRow(option, activated, csconfig.CONSOLE_CONFIGS_HELP[option])
|
||||||
}
|
}
|
||||||
|
|
||||||
t.Render()
|
t.Render()
|
||||||
|
|
|
||||||
|
|
@ -33,6 +33,7 @@ api:
|
||||||
client:
|
client:
|
||||||
credentials_path: ./config/local_api_credentials.yaml
|
credentials_path: ./config/local_api_credentials.yaml
|
||||||
server:
|
server:
|
||||||
|
console_path: ./config/console.yaml
|
||||||
#insecure_skip_verify: true
|
#insecure_skip_verify: true
|
||||||
listen_uri: 127.0.0.1:8081
|
listen_uri: 127.0.0.1:8081
|
||||||
profiles_path: ./config/profiles.yaml
|
profiles_path: ./config/profiles.yaml
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,13 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
var CONSOLE_CONFIGS = []string{SEND_CUSTOM_SCENARIOS, SEND_MANUAL_SCENARIOS, SEND_TAINTED_SCENARIOS, SEND_CONTEXT, CONSOLE_MANAGEMENT}
|
var CONSOLE_CONFIGS = []string{SEND_CUSTOM_SCENARIOS, SEND_MANUAL_SCENARIOS, SEND_TAINTED_SCENARIOS, SEND_CONTEXT, CONSOLE_MANAGEMENT}
|
||||||
|
var CONSOLE_CONFIGS_HELP = map[string]string{
|
||||||
|
SEND_CUSTOM_SCENARIOS: "Forward alerts from custom scenarios to the console",
|
||||||
|
SEND_MANUAL_SCENARIOS: "Forward manual decisions to the console",
|
||||||
|
SEND_TAINTED_SCENARIOS: "Forward alerts from tainted scenarios to the console",
|
||||||
|
SEND_CONTEXT: "Forward context with alerts to the console",
|
||||||
|
CONSOLE_MANAGEMENT: "Receive decisions from console",
|
||||||
|
}
|
||||||
|
|
||||||
var DefaultConsoleConfigFilePath = DefaultConfigPath("console.yaml")
|
var DefaultConsoleConfigFilePath = DefaultConfigPath("console.yaml")
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue