Documentation ¶
Index ¶
- Constants
- Variables
- func KeyGen(size int) string
- func Sha256StringArray(array []string) string
- type ClientConfig
- type FileUpload
- type Forwarder
- func (f *Forwarder) ArchiveLogs()
- func (f *Forwarder) CleanOlderQueued() error
- func (f *Forwarder) Close()
- func (f *Forwarder) Collect()
- func (f *Forwarder) DiskSpaceQueue() int64
- func (f *Forwarder) HasQueuedEvents() bool
- func (f *Forwarder) LogfilePath() string
- func (f *Forwarder) PipeEvent(e *evtx.GoEvtxMap)
- func (f *Forwarder) ProcessQueue()
- func (f *Forwarder) Reset()
- func (f *Forwarder) Run()
- func (f *Forwarder) Save() error
- type ForwarderConfig
- type LoggingConfig
- type Manager
- func (m *Manager) AddAuthKey(key string)
- func (m *Manager) Collect(wt http.ResponseWriter, rq *http.Request)
- func (m *Manager) Container(wt http.ResponseWriter, rq *http.Request)
- func (m *Manager) ContainerList(wt http.ResponseWriter, rq *http.Request)
- func (m *Manager) ContainerSha256(wt http.ResponseWriter, rq *http.Request)
- func (m *Manager) IsDone() bool
- func (m *Manager) LoadContainers()
- func (m *Manager) LoadGeneEngine() error
- func (m *Manager) Rules(wt http.ResponseWriter, rq *http.Request)
- func (m *Manager) RulesSha256(wt http.ResponseWriter, rq *http.Request)
- func (m *Manager) Run()
- func (m *Manager) ServerKey(wt http.ResponseWriter, rq *http.Request)
- func (m *Manager) Shutdown() error
- func (m *Manager) UploadDump(wt http.ResponseWriter, rq *http.Request)
- func (m *Manager) Wait()
- type ManagerClient
- func (m *ManagerClient) Close()
- func (m *ManagerClient) GetContainer(name string) ([]string, error)
- func (m *ManagerClient) GetContainerSha256(name string) (string, error)
- func (m *ManagerClient) GetContainersList() ([]string, error)
- func (m *ManagerClient) GetRules() (string, error)
- func (m *ManagerClient) GetRulesSha256() (string, error)
- func (m *ManagerClient) IsServerAuthEnforced() bool
- func (m *ManagerClient) IsServerAuthenticated() (auth bool, up bool)
- func (m *ManagerClient) IsServerUp() bool
- func (m *ManagerClient) PostDump(f *FileUpload) error
- func (m *ManagerClient) PostLogs(r io.Reader) error
- func (m *ManagerClient) Prepare(method, url string, body io.Reader) (*http.Request, error)
- func (m *ManagerClient) PrepareFileUpload(path, guid, evthash, filename string) (*FileUpload, error)
- type ManagerConfig
- type TLSConfig
Constants ¶
const ( // UserAgent used by the client UserAgent = "Whids-API-Client/1.0" // Mega byte size Mega = 1 << 20 // DefaultMaxUploadSize default maximum upload size DefaultMaxUploadSize = 100 * Mega )
const ( // DefaultDirPerm default log directory permissions for forwarder DefaultDirPerm = 0700 // DefaultLogfileSize default forwarder logfile size DefaultLogfileSize = logfile.MB * 5 // DiskSpaceThreshold allow 100MB of queued events DiskSpaceThreshold = DefaultLogfileSize * 20 // MinRotationInterval is the minimum rotation interval allowed MinRotationInterval = time.Minute )
const ( // DefaultLogPerm default logfile permission for Manager DefaultLogPerm = 0600 // DefaultManagerLogSize default size for Manager's logfiles DefaultManagerLogSize = logfile.MB * 100 // DefaultKeySize default size for API key generation DefaultKeySize = 32 // DefaultPort default port used by Manager DefaultPort = "1519" )
const ( // PostLogsURL API route used to post logs PostLogsURL = "/logs" // PostDumpURL API route used to dump things PostDumpURL = "/upload/dumps" // GetServerKeyURL API route used to get server key GetServerKeyURL = "/key" // GetRulesURL API route used to get Gene rules available in server GetRulesURL = "/rules" // GetRulesSha256URL API route used to retrieve sha256 of latest batch of Gene rules GetRulesSha256URL = "/rules/sha256" // GetContainerListURL API route to serve the list of containers available in the Manager GetContainerListURL = "/containers" // GetContainerURL API route to get a container GetContainerURL = "/container/{name}" // GetContainerSha256URL API route to serve sha256 of the different containers GetContainerSha256URL = "/container/sha256/{name}" )
Variables ¶
var ( // NoProxyTransport http transport bypassing proxy NoProxyTransport http.RoundTripper = &http.Transport{ Proxy: nil, DialContext: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, DualStack: true, }).DialContext, MaxIdleConns: 100, IdleConnTimeout: 90 * time.Second, TLSHandshakeTimeout: 10 * time.Second, ExpectContinueTimeout: 1 * time.Second, } // NoProxyUnsafeTransport http transport bypassing proxy and SSL verification NoProxyUnsafeTransport http.RoundTripper = &http.Transport{ Proxy: nil, DialContext: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, DualStack: true, }).DialContext, MaxIdleConns: 100, IdleConnTimeout: 90 * time.Second, TLSHandshakeTimeout: 10 * time.Second, ExpectContinueTimeout: 1 * time.Second, TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } )
Functions ¶
Types ¶
type ClientConfig ¶
type ClientConfig struct { Host string `json:"host"` Port int `json:"port"` Proto string `json:"proto"` Key string `json:"key"` ServerKey string `json:"server-key"` Unsafe bool `json:"unsafe"` MaxUploadSize int64 `json:"max-upload-size"` }
ClientConfig structure definition
type FileUpload ¶
type FileUpload struct { Name string `json:"filename"` GUID string `json:"guid"` EventHash string `json:"event-hash"` Content []byte `json:"content"` }
FileUpload structure used to forward files from the client to the manager
func (*FileUpload) Dump ¶
func (f *FileUpload) Dump(dir string) (err error)
Dump dumps the FileUpload into the given root directory dir
func (*FileUpload) Implode ¶
func (f *FileUpload) Implode() string
Implode returns the full path of the FileUpload
func (*FileUpload) Validate ¶
func (f *FileUpload) Validate() error
Validate that the file upload follows the expected format
type Forwarder ¶
type Forwarder struct { sync.Mutex Client *ManagerClient TimeTresh time.Duration EventTresh uint64 Pipe *bytes.Buffer EventsPiped uint64 Local bool // contains filtered or unexported fields }
Forwarder structure definition
func NewForwarder ¶
func NewForwarder(c *ForwarderConfig) (*Forwarder, error)
NewForwarder creates a new Forwarder structure Todo: needs update with client
func (*Forwarder) ArchiveLogs ¶ added in v1.6.0
func (f *Forwarder) ArchiveLogs()
ArchiveLogs archives the old log files not compressed into compressed
func (*Forwarder) CleanOlderQueued ¶
CleanOlderQueued cleans up the older queue file
func (*Forwarder) Collect ¶
func (f *Forwarder) Collect()
Collect sends the piped event to the remote server Todo: needs update with client
func (*Forwarder) DiskSpaceQueue ¶
DiskSpaceQueue compute the disk space (in bytes) taken by queued events
func (*Forwarder) HasQueuedEvents ¶
HasQueuedEvents checks whether some events are waiting to be sent
func (*Forwarder) LogfilePath ¶
LogfilePath returns the path of the logfile if it exists else returns empty string
func (*Forwarder) ProcessQueue ¶
func (f *Forwarder) ProcessQueue()
ProcessQueue processes the events queued Todo: needs update with client
type ForwarderConfig ¶
type ForwarderConfig struct { Client ClientConfig `json:"manager-client"` Logging LoggingConfig `json:"logging"` Local bool `json:"local"` }
ForwarderConfig structure definition
type LoggingConfig ¶ added in v1.6.0
type LoggingConfig struct { Dir string `json:"dir"` RotationInterval string `json:"rotation-interval"` }
LoggingConfig structure to encode Logging configuration of the forwarder
func (*LoggingConfig) ParseRotationInterval ¶ added in v1.6.0
func (l *LoggingConfig) ParseRotationInterval() (d time.Duration, err error)
ParseRotationInterval returns the parsed time.Duration from configuration structure.
type Manager ¶
Manager structure definition
func NewManager ¶
func NewManager(c *ManagerConfig) (*Manager, error)
NewManager creates a new WHIDS manager with a logfile as parameter
func (*Manager) AddAuthKey ¶
AddAuthKey adds an authorized key to access the manager
func (*Manager) Collect ¶
func (m *Manager) Collect(wt http.ResponseWriter, rq *http.Request)
Collect HTTP handler
func (*Manager) Container ¶
func (m *Manager) Container(wt http.ResponseWriter, rq *http.Request)
Container HTTP handler serves Gene containers to clients
func (*Manager) ContainerList ¶
func (m *Manager) ContainerList(wt http.ResponseWriter, rq *http.Request)
ContainerList HTTP handler to server the list of available containers
func (*Manager) ContainerSha256 ¶
func (m *Manager) ContainerSha256(wt http.ResponseWriter, rq *http.Request)
ContainerSha256 HTTP handler to server the Sha256 of a given container
func (*Manager) LoadContainers ¶
func (m *Manager) LoadContainers()
LoadContainers loads the containers into the manager the container names is given by the filename without the extension Example: /some/random/abspath/blacklist.txt will give blacklist container
func (*Manager) LoadGeneEngine ¶
LoadGeneEngine make the manager update the gene rules it has to serve
func (*Manager) Rules ¶
func (m *Manager) Rules(wt http.ResponseWriter, rq *http.Request)
Rules HTTP handler used to serve the rules
func (*Manager) RulesSha256 ¶
func (m *Manager) RulesSha256(wt http.ResponseWriter, rq *http.Request)
RulesSha256 returns the sha256 of the latest set of rules loaded into the manager
func (*Manager) ServerKey ¶
func (m *Manager) ServerKey(wt http.ResponseWriter, rq *http.Request)
ServerKey HTTP handler used to authenticate server on client side
func (*Manager) UploadDump ¶
func (m *Manager) UploadDump(wt http.ResponseWriter, rq *http.Request)
UploadDump HTTP handler used to upload dump files from client to manager
type ManagerClient ¶
type ManagerClient struct {
// contains filtered or unexported fields
}
ManagerClient structure definition
func NewManagerClient ¶
func NewManagerClient(c *ClientConfig) (*ManagerClient, error)
NewManagerClient creates a new Client to interface with the manager
func (*ManagerClient) Close ¶
func (m *ManagerClient) Close()
Close closes idle connections from underlying transport
func (*ManagerClient) GetContainer ¶
func (m *ManagerClient) GetContainer(name string) ([]string, error)
GetContainer retrieves a given container from the manager
func (*ManagerClient) GetContainerSha256 ¶
func (m *ManagerClient) GetContainerSha256(name string) (string, error)
GetContainerSha256 retrieves a given container from the manager
func (*ManagerClient) GetContainersList ¶
func (m *ManagerClient) GetContainersList() ([]string, error)
GetContainersList retrieves the names of the containers available in the manager
func (*ManagerClient) GetRules ¶
func (m *ManagerClient) GetRules() (string, error)
GetRules retrieve the latest batch of Gene rules available on the server
func (*ManagerClient) GetRulesSha256 ¶
func (m *ManagerClient) GetRulesSha256() (string, error)
GetRulesSha256 returns the sha256 string of the latest batch of rules available on the server
func (*ManagerClient) IsServerAuthEnforced ¶
func (m *ManagerClient) IsServerAuthEnforced() bool
IsServerAuthEnforced returns true if server authentication is requested by the client
func (*ManagerClient) IsServerAuthenticated ¶
func (m *ManagerClient) IsServerAuthenticated() (auth bool, up bool)
IsServerAuthenticated returns true if the server is authenticated and thus can be trusted
func (*ManagerClient) IsServerUp ¶
func (m *ManagerClient) IsServerUp() bool
IsServerUp returns true if manager server is up
func (*ManagerClient) PostDump ¶
func (m *ManagerClient) PostDump(f *FileUpload) error
PostDump client helper to upload a file to the Manager
func (*ManagerClient) PostLogs ¶
func (m *ManagerClient) PostLogs(r io.Reader) error
PostLogs posts logs to be collected
func (*ManagerClient) PrepareFileUpload ¶
func (m *ManagerClient) PrepareFileUpload(path, guid, evthash, filename string) (*FileUpload, error)
PrepareFileUpload prepares a FileUpload from several parameters
type ManagerConfig ¶
type ManagerConfig struct { Host string `json:"host"` Port int `json:"port"` Logfile string `json:"logfile"` Key string `json:"key"` Authorized []string `json:"authorized"` TLS TLSConfig `json:"tls"` MISP misp.MispConfig `json:"misp"` RulesDir string `json:"rules-dir"` DumpDir string `json:"dump-dir"` ContainersDir string `json:"containers-dir"` }
ManagerConfig defines manager's configuration structure