05b54687b6
* feat: support stdout in cscli support dump * fix: skip log.info if stdout * fix: handle errors by returning to runE instead
495 lines
14 KiB
Go
495 lines
14 KiB
Go
package main
|
|
|
|
import (
|
|
"archive/zip"
|
|
"bytes"
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"path/filepath"
|
|
"regexp"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/blackfireio/osinfo"
|
|
"github.com/go-openapi/strfmt"
|
|
log "github.com/sirupsen/logrus"
|
|
"github.com/spf13/cobra"
|
|
|
|
"github.com/crowdsecurity/go-cs-lib/trace"
|
|
"github.com/crowdsecurity/go-cs-lib/version"
|
|
|
|
"github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require"
|
|
"github.com/crowdsecurity/crowdsec/pkg/apiclient"
|
|
"github.com/crowdsecurity/crowdsec/pkg/cwhub"
|
|
"github.com/crowdsecurity/crowdsec/pkg/cwversion"
|
|
"github.com/crowdsecurity/crowdsec/pkg/database"
|
|
"github.com/crowdsecurity/crowdsec/pkg/fflag"
|
|
"github.com/crowdsecurity/crowdsec/pkg/models"
|
|
)
|
|
|
|
const (
|
|
SUPPORT_METRICS_HUMAN_PATH = "metrics/metrics.human"
|
|
SUPPORT_METRICS_PROMETHEUS_PATH = "metrics/metrics.prometheus"
|
|
SUPPORT_VERSION_PATH = "version.txt"
|
|
SUPPORT_FEATURES_PATH = "features.txt"
|
|
SUPPORT_OS_INFO_PATH = "osinfo.txt"
|
|
SUPPORT_PARSERS_PATH = "hub/parsers.txt"
|
|
SUPPORT_SCENARIOS_PATH = "hub/scenarios.txt"
|
|
SUPPORT_CONTEXTS_PATH = "hub/scenarios.txt"
|
|
SUPPORT_COLLECTIONS_PATH = "hub/collections.txt"
|
|
SUPPORT_POSTOVERFLOWS_PATH = "hub/postoverflows.txt"
|
|
SUPPORT_BOUNCERS_PATH = "lapi/bouncers.txt"
|
|
SUPPORT_AGENTS_PATH = "lapi/agents.txt"
|
|
SUPPORT_CROWDSEC_CONFIG_PATH = "config/crowdsec.yaml"
|
|
SUPPORT_LAPI_STATUS_PATH = "lapi_status.txt"
|
|
SUPPORT_CAPI_STATUS_PATH = "capi_status.txt"
|
|
SUPPORT_ACQUISITION_CONFIG_BASE_PATH = "config/acquis/"
|
|
SUPPORT_CROWDSEC_PROFILE_PATH = "config/profiles.yaml"
|
|
SUPPORT_CRASH_PATH = "crash/"
|
|
)
|
|
|
|
// from https://github.com/acarl005/stripansi
|
|
var reStripAnsi = regexp.MustCompile("[\u001B\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\u0007)|(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))")
|
|
|
|
func stripAnsiString(str string) string {
|
|
// the byte version doesn't strip correctly
|
|
return reStripAnsi.ReplaceAllString(str, "")
|
|
}
|
|
|
|
func collectMetrics() ([]byte, []byte, error) {
|
|
log.Info("Collecting prometheus metrics")
|
|
|
|
if csConfig.Cscli.PrometheusUrl == "" {
|
|
log.Warn("No Prometheus URL configured, metrics will not be collected")
|
|
return nil, nil, errors.New("prometheus_uri is not set")
|
|
}
|
|
|
|
humanMetrics := bytes.NewBuffer(nil)
|
|
|
|
ms := NewMetricStore()
|
|
|
|
if err := ms.Fetch(csConfig.Cscli.PrometheusUrl); err != nil {
|
|
return nil, nil, fmt.Errorf("could not fetch prometheus metrics: %w", err)
|
|
}
|
|
|
|
if err := ms.Format(humanMetrics, nil, "human", false); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
req, err := http.NewRequest(http.MethodGet, csConfig.Cscli.PrometheusUrl, nil)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("could not create requests to prometheus endpoint: %w", err)
|
|
}
|
|
|
|
client := &http.Client{}
|
|
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("could not get metrics from prometheus endpoint: %w", err)
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
if err != nil {
|
|
return nil, nil, fmt.Errorf("could not read metrics from prometheus endpoint: %w", err)
|
|
}
|
|
|
|
return humanMetrics.Bytes(), body, nil
|
|
}
|
|
|
|
func collectVersion() []byte {
|
|
log.Info("Collecting version")
|
|
return []byte(cwversion.ShowStr())
|
|
}
|
|
|
|
func collectFeatures() []byte {
|
|
log.Info("Collecting feature flags")
|
|
|
|
enabledFeatures := fflag.Crowdsec.GetEnabledFeatures()
|
|
|
|
w := bytes.NewBuffer(nil)
|
|
for _, k := range enabledFeatures {
|
|
fmt.Fprintf(w, "%s\n", k)
|
|
}
|
|
|
|
return w.Bytes()
|
|
}
|
|
|
|
func collectOSInfo() ([]byte, error) {
|
|
log.Info("Collecting OS info")
|
|
|
|
info, err := osinfo.GetOSInfo()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
w := bytes.NewBuffer(nil)
|
|
fmt.Fprintf(w, "Architecture: %s\n", info.Architecture)
|
|
fmt.Fprintf(w, "Family: %s\n", info.Family)
|
|
fmt.Fprintf(w, "ID: %s\n", info.ID)
|
|
fmt.Fprintf(w, "Name: %s\n", info.Name)
|
|
fmt.Fprintf(w, "Codename: %s\n", info.Codename)
|
|
fmt.Fprintf(w, "Version: %s\n", info.Version)
|
|
fmt.Fprintf(w, "Build: %s\n", info.Build)
|
|
|
|
return w.Bytes(), nil
|
|
}
|
|
|
|
func collectHubItems(hub *cwhub.Hub, itemType string) []byte {
|
|
var err error
|
|
|
|
out := bytes.NewBuffer(nil)
|
|
|
|
log.Infof("Collecting %s list", itemType)
|
|
|
|
items := make(map[string][]*cwhub.Item)
|
|
|
|
if items[itemType], err = selectItems(hub, itemType, nil, true); err != nil {
|
|
log.Warnf("could not collect %s list: %s", itemType, err)
|
|
}
|
|
|
|
if err := listItems(out, []string{itemType}, items, false); err != nil {
|
|
log.Warnf("could not collect %s list: %s", itemType, err)
|
|
}
|
|
|
|
return out.Bytes()
|
|
}
|
|
|
|
func collectBouncers(dbClient *database.Client) ([]byte, error) {
|
|
out := bytes.NewBuffer(nil)
|
|
|
|
bouncers, err := dbClient.ListBouncers()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to list bouncers: %w", err)
|
|
}
|
|
|
|
getBouncersTable(out, bouncers)
|
|
|
|
return out.Bytes(), nil
|
|
}
|
|
|
|
func collectAgents(dbClient *database.Client) ([]byte, error) {
|
|
out := bytes.NewBuffer(nil)
|
|
|
|
machines, err := dbClient.ListMachines()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unable to list machines: %w", err)
|
|
}
|
|
|
|
getAgentsTable(out, machines)
|
|
|
|
return out.Bytes(), nil
|
|
}
|
|
|
|
func collectAPIStatus(login string, password string, endpoint string, prefix string, hub *cwhub.Hub) []byte {
|
|
if csConfig.API.Client == nil || csConfig.API.Client.Credentials == nil {
|
|
return []byte("No agent credentials found, are we LAPI ?")
|
|
}
|
|
|
|
pwd := strfmt.Password(password)
|
|
|
|
apiurl, err := url.Parse(endpoint)
|
|
if err != nil {
|
|
return []byte(fmt.Sprintf("cannot parse API URL: %s", err))
|
|
}
|
|
|
|
scenarios, err := hub.GetInstalledNamesByType(cwhub.SCENARIOS)
|
|
if err != nil {
|
|
return []byte(fmt.Sprintf("could not collect scenarios: %s", err))
|
|
}
|
|
|
|
Client, err = apiclient.NewDefaultClient(apiurl,
|
|
prefix,
|
|
fmt.Sprintf("crowdsec/%s", version.String()),
|
|
nil)
|
|
if err != nil {
|
|
return []byte(fmt.Sprintf("could not init client: %s", err))
|
|
}
|
|
|
|
t := models.WatcherAuthRequest{
|
|
MachineID: &login,
|
|
Password: &pwd,
|
|
Scenarios: scenarios,
|
|
}
|
|
|
|
_, _, err = Client.Auth.AuthenticateWatcher(context.Background(), t)
|
|
if err != nil {
|
|
return []byte(fmt.Sprintf("Could not authenticate to API: %s", err))
|
|
} else {
|
|
return []byte("Successfully authenticated to LAPI")
|
|
}
|
|
}
|
|
|
|
func collectCrowdsecConfig() []byte {
|
|
log.Info("Collecting crowdsec config")
|
|
|
|
config, err := os.ReadFile(*csConfig.FilePath)
|
|
if err != nil {
|
|
return []byte(fmt.Sprintf("could not read config file: %s", err))
|
|
}
|
|
|
|
r := regexp.MustCompile(`(\s+password:|\s+user:|\s+host:)\s+.*`)
|
|
|
|
return r.ReplaceAll(config, []byte("$1 ****REDACTED****"))
|
|
}
|
|
|
|
func collectCrowdsecProfile() []byte {
|
|
log.Info("Collecting crowdsec profile")
|
|
|
|
config, err := os.ReadFile(csConfig.API.Server.ProfilesPath)
|
|
if err != nil {
|
|
return []byte(fmt.Sprintf("could not read profile file: %s", err))
|
|
}
|
|
|
|
return config
|
|
}
|
|
|
|
func collectAcquisitionConfig() map[string][]byte {
|
|
log.Info("Collecting acquisition config")
|
|
|
|
ret := make(map[string][]byte)
|
|
|
|
for _, filename := range csConfig.Crowdsec.AcquisitionFiles {
|
|
fileContent, err := os.ReadFile(filename)
|
|
if err != nil {
|
|
ret[filename] = []byte(fmt.Sprintf("could not read file: %s", err))
|
|
} else {
|
|
ret[filename] = fileContent
|
|
}
|
|
}
|
|
|
|
return ret
|
|
}
|
|
|
|
func collectCrash() ([]string, error) {
|
|
log.Info("Collecting crash dumps")
|
|
return trace.List()
|
|
}
|
|
|
|
type cliSupport struct{}
|
|
|
|
func NewCLISupport() *cliSupport {
|
|
return &cliSupport{}
|
|
}
|
|
|
|
func (cli cliSupport) NewCommand() *cobra.Command {
|
|
cmd := &cobra.Command{
|
|
Use: "support [action]",
|
|
Short: "Provide commands to help during support",
|
|
Args: cobra.MinimumNArgs(1),
|
|
DisableAutoGenTag: true,
|
|
PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
|
|
return nil
|
|
},
|
|
}
|
|
|
|
cmd.AddCommand(cli.NewDumpCmd())
|
|
|
|
return cmd
|
|
}
|
|
|
|
func (cli cliSupport) NewDumpCmd() *cobra.Command {
|
|
var outFile string
|
|
|
|
cmd := &cobra.Command{
|
|
Use: "dump",
|
|
Short: "Dump all your configuration to a zip file for easier support",
|
|
Long: `Dump the following informations:
|
|
- Crowdsec version
|
|
- OS version
|
|
- Installed collections list
|
|
- Installed parsers list
|
|
- Installed scenarios list
|
|
- Installed postoverflows list
|
|
- Installed context list
|
|
- Bouncers list
|
|
- Machines list
|
|
- CAPI status
|
|
- LAPI status
|
|
- Crowdsec config (sensitive information like username and password are redacted)
|
|
- Crowdsec metrics`,
|
|
Example: `cscli support dump
|
|
cscli support dump -f /tmp/crowdsec-support.zip
|
|
`,
|
|
Args: cobra.NoArgs,
|
|
DisableAutoGenTag: true,
|
|
RunE: func(_ *cobra.Command, _ []string) error {
|
|
var err error
|
|
var skipHub, skipDB, skipCAPI, skipLAPI, skipAgent bool
|
|
infos := map[string][]byte{
|
|
SUPPORT_VERSION_PATH: collectVersion(),
|
|
SUPPORT_FEATURES_PATH: collectFeatures(),
|
|
}
|
|
|
|
if outFile == "" {
|
|
outFile = "/tmp/crowdsec-support.zip"
|
|
}
|
|
|
|
dbClient, err = database.NewClient(csConfig.DbConfig)
|
|
if err != nil {
|
|
log.Warnf("Could not connect to database: %s", err)
|
|
skipDB = true
|
|
infos[SUPPORT_BOUNCERS_PATH] = []byte(err.Error())
|
|
infos[SUPPORT_AGENTS_PATH] = []byte(err.Error())
|
|
}
|
|
|
|
if err = csConfig.LoadAPIServer(true); err != nil {
|
|
log.Warnf("could not load LAPI, skipping CAPI check")
|
|
skipLAPI = true
|
|
infos[SUPPORT_CAPI_STATUS_PATH] = []byte(err.Error())
|
|
}
|
|
|
|
if err = csConfig.LoadCrowdsec(); err != nil {
|
|
log.Warnf("could not load agent config, skipping crowdsec config check")
|
|
skipAgent = true
|
|
}
|
|
|
|
hub, err := require.Hub(csConfig, nil, nil)
|
|
if err != nil {
|
|
log.Warn("Could not init hub, running on LAPI ? Hub related information will not be collected")
|
|
skipHub = true
|
|
infos[SUPPORT_PARSERS_PATH] = []byte(err.Error())
|
|
infos[SUPPORT_SCENARIOS_PATH] = []byte(err.Error())
|
|
infos[SUPPORT_POSTOVERFLOWS_PATH] = []byte(err.Error())
|
|
infos[SUPPORT_CONTEXTS_PATH] = []byte(err.Error())
|
|
infos[SUPPORT_COLLECTIONS_PATH] = []byte(err.Error())
|
|
}
|
|
|
|
if csConfig.API.Client == nil || csConfig.API.Client.Credentials == nil {
|
|
log.Warn("no agent credentials found, skipping LAPI connectivity check")
|
|
if _, ok := infos[SUPPORT_LAPI_STATUS_PATH]; ok {
|
|
infos[SUPPORT_LAPI_STATUS_PATH] = append(infos[SUPPORT_LAPI_STATUS_PATH], []byte("\nNo LAPI credentials found")...)
|
|
}
|
|
skipLAPI = true
|
|
}
|
|
|
|
if csConfig.API.Server == nil || csConfig.API.Server.OnlineClient == nil || csConfig.API.Server.OnlineClient.Credentials == nil {
|
|
log.Warn("no CAPI credentials found, skipping CAPI connectivity check")
|
|
skipCAPI = true
|
|
}
|
|
|
|
infos[SUPPORT_METRICS_HUMAN_PATH], infos[SUPPORT_METRICS_PROMETHEUS_PATH], err = collectMetrics()
|
|
if err != nil {
|
|
log.Warnf("could not collect prometheus metrics information: %s", err)
|
|
infos[SUPPORT_METRICS_HUMAN_PATH] = []byte(err.Error())
|
|
infos[SUPPORT_METRICS_PROMETHEUS_PATH] = []byte(err.Error())
|
|
}
|
|
|
|
infos[SUPPORT_OS_INFO_PATH], err = collectOSInfo()
|
|
if err != nil {
|
|
log.Warnf("could not collect OS information: %s", err)
|
|
infos[SUPPORT_OS_INFO_PATH] = []byte(err.Error())
|
|
}
|
|
|
|
infos[SUPPORT_CROWDSEC_CONFIG_PATH] = collectCrowdsecConfig()
|
|
|
|
if !skipHub {
|
|
infos[SUPPORT_PARSERS_PATH] = collectHubItems(hub, cwhub.PARSERS)
|
|
infos[SUPPORT_SCENARIOS_PATH] = collectHubItems(hub, cwhub.SCENARIOS)
|
|
infos[SUPPORT_POSTOVERFLOWS_PATH] = collectHubItems(hub, cwhub.POSTOVERFLOWS)
|
|
infos[SUPPORT_CONTEXTS_PATH] = collectHubItems(hub, cwhub.POSTOVERFLOWS)
|
|
infos[SUPPORT_COLLECTIONS_PATH] = collectHubItems(hub, cwhub.COLLECTIONS)
|
|
}
|
|
|
|
if !skipDB {
|
|
infos[SUPPORT_BOUNCERS_PATH], err = collectBouncers(dbClient)
|
|
if err != nil {
|
|
log.Warnf("could not collect bouncers information: %s", err)
|
|
infos[SUPPORT_BOUNCERS_PATH] = []byte(err.Error())
|
|
}
|
|
|
|
infos[SUPPORT_AGENTS_PATH], err = collectAgents(dbClient)
|
|
if err != nil {
|
|
log.Warnf("could not collect agents information: %s", err)
|
|
infos[SUPPORT_AGENTS_PATH] = []byte(err.Error())
|
|
}
|
|
}
|
|
|
|
if !skipCAPI {
|
|
log.Info("Collecting CAPI status")
|
|
infos[SUPPORT_CAPI_STATUS_PATH] = collectAPIStatus(csConfig.API.Server.OnlineClient.Credentials.Login,
|
|
csConfig.API.Server.OnlineClient.Credentials.Password,
|
|
csConfig.API.Server.OnlineClient.Credentials.URL,
|
|
CAPIURLPrefix,
|
|
hub)
|
|
}
|
|
|
|
if !skipLAPI {
|
|
log.Info("Collection LAPI status")
|
|
infos[SUPPORT_LAPI_STATUS_PATH] = collectAPIStatus(csConfig.API.Client.Credentials.Login,
|
|
csConfig.API.Client.Credentials.Password,
|
|
csConfig.API.Client.Credentials.URL,
|
|
LAPIURLPrefix,
|
|
hub)
|
|
infos[SUPPORT_CROWDSEC_PROFILE_PATH] = collectCrowdsecProfile()
|
|
}
|
|
|
|
if !skipAgent {
|
|
acquis := collectAcquisitionConfig()
|
|
|
|
for filename, content := range acquis {
|
|
fname := strings.ReplaceAll(filename, string(filepath.Separator), "___")
|
|
infos[SUPPORT_ACQUISITION_CONFIG_BASE_PATH+fname] = content
|
|
}
|
|
}
|
|
|
|
crash, err := collectCrash()
|
|
if err != nil {
|
|
log.Errorf("could not collect crash dumps: %s", err)
|
|
}
|
|
|
|
for _, filename := range crash {
|
|
content, err := os.ReadFile(filename)
|
|
if err != nil {
|
|
log.Errorf("could not read crash dump %s: %s", filename, err)
|
|
}
|
|
|
|
infos[SUPPORT_CRASH_PATH+filepath.Base(filename)] = content
|
|
}
|
|
|
|
w := bytes.NewBuffer(nil)
|
|
zipWriter := zip.NewWriter(w)
|
|
|
|
for filename, data := range infos {
|
|
header := &zip.FileHeader{
|
|
Name: filename,
|
|
Method: zip.Deflate,
|
|
// TODO: retain mtime where possible (esp. trace)
|
|
Modified: time.Now(),
|
|
}
|
|
fw, err := zipWriter.CreateHeader(header)
|
|
if err != nil {
|
|
log.Errorf("Could not add zip entry for %s: %s", filename, err)
|
|
continue
|
|
}
|
|
fw.Write([]byte(stripAnsiString(string(data))))
|
|
}
|
|
|
|
err = zipWriter.Close()
|
|
if err != nil {
|
|
return fmt.Errorf("could not finalize zip file: %s", err)
|
|
}
|
|
|
|
if outFile == "-" {
|
|
_, err = os.Stdout.Write(w.Bytes())
|
|
return err
|
|
}
|
|
err = os.WriteFile(outFile, w.Bytes(), 0o600)
|
|
if err != nil {
|
|
return fmt.Errorf("could not write zip file to %s: %s", outFile, err)
|
|
}
|
|
log.Infof("Written zip file to %s", outFile)
|
|
return nil
|
|
},
|
|
}
|
|
|
|
cmd.Flags().StringVarP(&outFile, "outFile", "f", "", "File to dump the information to")
|
|
|
|
return cmd
|
|
}
|