collector

package
v1.6.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 30, 2020 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// UserAgent used by the client
	UserAgent = "Whids-API-Client/1.0"
	// Mega byte size
	Mega = 1 << 20
	// DefaultMaxUploadSize default maximum upload size
	DefaultMaxUploadSize = 100 * Mega
)
View Source 
const (
	// DefaultDirPerm default log directory permissions for forwarder
	DefaultDirPerm = 0700
	// DefaultLogfileSize default forwarder logfile size
	DefaultLogfileSize = logfile.MB * 5
	// DiskSpaceThreshold allow 100MB of queued events
	DiskSpaceThreshold = DefaultLogfileSize * 20
	// MinRotationInterval is the minimum rotation interval allowed
	MinRotationInterval = time.Minute
)
View Source 
const (
	// DefaultLogPerm default logfile permission for Manager
	DefaultLogPerm = 0600
	// DefaultManagerLogSize  default size for Manager's logfiles
	DefaultManagerLogSize = logfile.MB * 100
	// DefaultKeySize default size for API key generation
	DefaultKeySize = 32
	// DefaultPort default port used by Manager
	DefaultPort = "1519"
)
View Source 
const (

	// PostLogsURL API route used to post logs
	PostLogsURL = "/logs"
	// PostDumpURL API route used to dump things
	PostDumpURL = "/upload/dumps"

	// GetServerKeyURL API route used to get server key
	GetServerKeyURL = "/key"
	// GetRulesURL API route used to get Gene rules available in server
	GetRulesURL = "/rules"
	// GetRulesSha256URL API route used to retrieve sha256 of latest batch of Gene rules
	GetRulesSha256URL = "/rules/sha256"
	// GetContainerListURL API route to serve the list of containers available in the Manager
	GetContainerListURL = "/containers"
	// GetContainerURL API route to get a container
	GetContainerURL = "/container/{name}"
	// GetContainerSha256URL API route to serve sha256 of the different containers
	GetContainerSha256URL = "/container/sha256/{name}"
)

Variables

View Source 
var (
	// NoProxyTransport http transport bypassing proxy
	NoProxyTransport http.RoundTripper = &http.Transport{
		Proxy: nil,
		DialContext: (&net.Dialer{
			Timeout:   30 * time.Second,
			KeepAlive: 30 * time.Second,
			DualStack: true,
		}).DialContext,
		MaxIdleConns:          100,
		IdleConnTimeout:       90 * time.Second,
		TLSHandshakeTimeout:   10 * time.Second,
		ExpectContinueTimeout: 1 * time.Second,
	}

	// NoProxyUnsafeTransport http transport bypassing proxy and SSL verification
	NoProxyUnsafeTransport http.RoundTripper = &http.Transport{
		Proxy: nil,
		DialContext: (&net.Dialer{
			Timeout:   30 * time.Second,
			KeepAlive: 30 * time.Second,
			DualStack: true,
		}).DialContext,
		MaxIdleConns:          100,
		IdleConnTimeout:       90 * time.Second,
		TLSHandshakeTimeout:   10 * time.Second,
		ExpectContinueTimeout: 1 * time.Second,
		TLSClientConfig:       &tls.Config{InsecureSkipVerify: true},
	}
)

Functions

func KeyGen 

func KeyGen(size int) string

KeyGen is an API key generator, supposed to generate an [[:alnum:]] key

func Sha256StringArray 

func Sha256StringArray(array []string) string

Sha256StringArray utility

Types

type ClientConfig 

type ClientConfig struct {
	Host          string `json:"host"`
	Port          int    `json:"port"`
	Proto         string `json:"proto"`
	Key           string `json:"key"`
	ServerKey     string `json:"server-key"`
	Unsafe        bool   `json:"unsafe"`
	MaxUploadSize int64  `json:"max-upload-size"`
}

ClientConfig structure definition

type FileUpload 

type FileUpload struct {
	Name      string `json:"filename"`
	GUID      string `json:"guid"`
	EventHash string `json:"event-hash"`
	Content   []byte `json:"content"`
}

FileUpload structure used to forward files from the client to the manager

func (*FileUpload) Dump 

func (f *FileUpload) Dump(dir string) (err error)

Dump dumps the FileUpload into the given root directory dir

func (*FileUpload) Implode 

func (f *FileUpload) Implode() string

Implode returns the full path of the FileUpload

func (*FileUpload) Validate 

func (f *FileUpload) Validate() error

Validate that the file upload follows the expected format

type Forwarder 

type Forwarder struct {
	sync.Mutex

	Client      *ManagerClient
	TimeTresh   time.Duration
	EventTresh  uint64
	Pipe        *bytes.Buffer
	EventsPiped uint64
	Local       bool
	// contains filtered or unexported fields
}

Forwarder structure definition

func NewForwarder 

func NewForwarder(c *ForwarderConfig) (*Forwarder, error)

NewForwarder creates a new Forwarder structure Todo: needs update with client

func (*Forwarder) ArchiveLogs added in v1.6.0 

func (f *Forwarder) ArchiveLogs()

ArchiveLogs archives the old log files not compressed into compressed

func (*Forwarder) CleanOlderQueued 

func (f *Forwarder) CleanOlderQueued() error

CleanOlderQueued cleans up the older queue file

func (*Forwarder) Close 

func (f *Forwarder) Close()

Close closes the forwarder properly

func (*Forwarder) Collect 

func (f *Forwarder) Collect()

Collect sends the piped event to the remote server Todo: needs update with client

func (*Forwarder) DiskSpaceQueue 

func (f *Forwarder) DiskSpaceQueue() int64

DiskSpaceQueue compute the disk space (in bytes) taken by queued events

func (*Forwarder) HasQueuedEvents 

func (f *Forwarder) HasQueuedEvents() bool

HasQueuedEvents checks whether some events are waiting to be sent

func (*Forwarder) LogfilePath 

func (f *Forwarder) LogfilePath() string

LogfilePath returns the path of the logfile if it exists else returns empty string

func (*Forwarder) PipeEvent 

func (f *Forwarder) PipeEvent(e *evtx.GoEvtxMap)

PipeEvent pipes an event to be sent through the forwarder

func (*Forwarder) ProcessQueue 

func (f *Forwarder) ProcessQueue()

ProcessQueue processes the events queued Todo: needs update with client

func (*Forwarder) Reset 

func (f *Forwarder) Reset()

Reset resets the forwarder

func (*Forwarder) Run 

func (f *Forwarder) Run()

Run starts the Forwarder worker function

func (*Forwarder) Save 

func (f *Forwarder) Save() error

Save save the piped events to the disks

type ForwarderConfig 

type ForwarderConfig struct {
	Client  ClientConfig  `json:"manager-client"`
	Logging LoggingConfig `json:"logging"`
	Local   bool          `json:"local"`
}

ForwarderConfig structure definition

type LoggingConfig added in v1.6.0 

type LoggingConfig struct {
	Dir              string `json:"dir"`
	RotationInterval string `json:"rotation-interval"`
}

LoggingConfig structure to encode Logging configuration of the forwarder

func (*LoggingConfig) ParseRotationInterval added in v1.6.0 

func (l *LoggingConfig) ParseRotationInterval() (d time.Duration, err error)

ParseRotationInterval returns the parsed time.Duration from configuration structure.

type Manager 

type Manager struct {
	Host string
	Port string
	// contains filtered or unexported fields
}

Manager structure definition

func NewManager 

func NewManager(c *ManagerConfig) (*Manager, error)

NewManager creates a new WHIDS manager with a logfile as parameter

func (*Manager) AddAuthKey 

func (m *Manager) AddAuthKey(key string)

AddAuthKey adds an authorized key to access the manager

func (*Manager) Collect 

func (m *Manager) Collect(wt http.ResponseWriter, rq *http.Request)

Collect HTTP handler

func (*Manager) Container 

func (m *Manager) Container(wt http.ResponseWriter, rq *http.Request)

Container HTTP handler serves Gene containers to clients

func (*Manager) ContainerList 

func (m *Manager) ContainerList(wt http.ResponseWriter, rq *http.Request)

ContainerList HTTP handler to server the list of available containers

func (*Manager) ContainerSha256 

func (m *Manager) ContainerSha256(wt http.ResponseWriter, rq *http.Request)

ContainerSha256 HTTP handler to server the Sha256 of a given container

func (*Manager) IsDone added in v1.6.0 

func (m *Manager) IsDone() bool

func (*Manager) LoadContainers 

func (m *Manager) LoadContainers()

LoadContainers loads the containers into the manager the container names is given by the filename without the extension Example: /some/random/abspath/blacklist.txt will give blacklist container

func (*Manager) LoadGeneEngine 

func (m *Manager) LoadGeneEngine() error

LoadGeneEngine make the manager update the gene rules it has to serve

func (*Manager) Rules 

func (m *Manager) Rules(wt http.ResponseWriter, rq *http.Request)

Rules HTTP handler used to serve the rules

func (*Manager) RulesSha256 

func (m *Manager) RulesSha256(wt http.ResponseWriter, rq *http.Request)

RulesSha256 returns the sha256 of the latest set of rules loaded into the manager

func (*Manager) Run 

func (m *Manager) Run()

Run starts a new thread spinning the receiver

func (*Manager) ServerKey 

func (m *Manager) ServerKey(wt http.ResponseWriter, rq *http.Request)

ServerKey HTTP handler used to authenticate server on client side

func (*Manager) Shutdown 

func (m *Manager) Shutdown() error

Shutdown the Manager

func (*Manager) UploadDump 

func (m *Manager) UploadDump(wt http.ResponseWriter, rq *http.Request)

UploadDump HTTP handler used to upload dump files from client to manager

func (*Manager) Wait 

func (m *Manager) Wait()

Wait the Manager to Shutdown

type ManagerClient 

type ManagerClient struct {
	// contains filtered or unexported fields
}

ManagerClient structure definition

func NewManagerClient 

func NewManagerClient(c *ClientConfig) (*ManagerClient, error)

NewManagerClient creates a new Client to interface with the manager

func (*ManagerClient) Close 

func (m *ManagerClient) Close()

Close closes idle connections from underlying transport

func (*ManagerClient) GetContainer 

func (m *ManagerClient) GetContainer(name string) ([]string, error)

GetContainer retrieves a given container from the manager

func (*ManagerClient) GetContainerSha256 

func (m *ManagerClient) GetContainerSha256(name string) (string, error)

GetContainerSha256 retrieves a given container from the manager

func (*ManagerClient) GetContainersList 

func (m *ManagerClient) GetContainersList() ([]string, error)

GetContainersList retrieves the names of the containers available in the manager

func (*ManagerClient) GetRules 

func (m *ManagerClient) GetRules() (string, error)

GetRules retrieve the latest batch of Gene rules available on the server

func (*ManagerClient) GetRulesSha256 

func (m *ManagerClient) GetRulesSha256() (string, error)

GetRulesSha256 returns the sha256 string of the latest batch of rules available on the server

func (*ManagerClient) IsServerAuthEnforced 

func (m *ManagerClient) IsServerAuthEnforced() bool

IsServerAuthEnforced returns true if server authentication is requested by the client

func (*ManagerClient) IsServerAuthenticated 

func (m *ManagerClient) IsServerAuthenticated() (auth bool, up bool)

IsServerAuthenticated returns true if the server is authenticated and thus can be trusted

func (*ManagerClient) IsServerUp 

func (m *ManagerClient) IsServerUp() bool

IsServerUp returns true if manager server is up

func (*ManagerClient) PostDump 

func (m *ManagerClient) PostDump(f *FileUpload) error

PostDump client helper to upload a file to the Manager

func (*ManagerClient) PostLogs 

func (m *ManagerClient) PostLogs(r io.Reader) error

PostLogs posts logs to be collected

func (*ManagerClient) Prepare 

func (m *ManagerClient) Prepare(method, url string, body io.Reader) (*http.Request, error)

Prepare prepares a http.Request to be sent to the manager

func (*ManagerClient) PrepareFileUpload 

func (m *ManagerClient) PrepareFileUpload(path, guid, evthash, filename string) (*FileUpload, error)

PrepareFileUpload prepares a FileUpload from several parameters

type ManagerConfig 

type ManagerConfig struct {
	Host          string          `json:"host"`
	Port          int             `json:"port"`
	Logfile       string          `json:"logfile"`
	Key           string          `json:"key"`
	Authorized    []string        `json:"authorized"`
	TLS           TLSConfig       `json:"tls"`
	MISP          misp.MispConfig `json:"misp"`
	RulesDir      string          `json:"rules-dir"`
	DumpDir       string          `json:"dump-dir"`
	ContainersDir string          `json:"containers-dir"`
}

ManagerConfig defines manager's configuration structure

type TLSConfig 

type TLSConfig struct {
	Cert string `json:"cert"`
	Key  string `json:"key"`
}

TLSConfig structure definition

func (*TLSConfig) Empty 

func (t *TLSConfig) Empty() bool

Empty returns true if current TLSConfig is empty else false

func (*TLSConfig) Verify 

func (t *TLSConfig) Verify() error

Verify checks whether the files holding cert and key exist

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.