Beispiel #1
0
//NewRuleSystem is the constructor
func NewRuleSystem() *RuleSystem {
	eventQueue := make(chan Event.Event, 1000)

	parser, err := RuleFileParser.NewRuleFileParser(Config.GetServerConfig().RuleSystem.Rulefile)
	if err != nil {
		panic(err)
	}
	amountOfWorker := Config.GetServerConfig().RuleSystem.Worker
	workers := []ruleSystemWorker{}
	for i := 0; i < amountOfWorker; i++ {
		workers = append(workers, ruleSystemWorker{eventQueue: eventQueue, parser: *parser, quit: make(chan bool), isRunning: false})
	}
	return &RuleSystem{EventQueue: eventQueue, workers: workers, isRunning: false}
}
//NewLogServerHTTPInterface creates a new LogServerHTTPInterface
func NewLogServerHTTPInterface(influxClient client.Client) *LogServerHTTPInterface {
	httpI := NewHTTPInterface(Config.GetServerConfig().LogServer.HTTPInterface)
	logHandler := LogServerHTTPHandler{influxClient}
	ruleHTTP := &LogServerHTTPInterface{HTTPInterface: httpI}
	ruleHTTP.HTTPInterface.PublishHandler("/logs", logHandler.LogView)
	ruleHTTP.HTTPInterface.PublishHandler("/resend", logHandler.ResendEvent)
	return ruleHTTP
}
Beispiel #3
0
func isCommonNameOnBlackList(clientName string) bool {
	for _, name := range Config.GetServerConfig().TLS.BlackList {
		if clientName == name {
			return true
		}
	}
	return false
}
Beispiel #4
0
//NewExternalModule constructs a new ExternalModule, this is a singleton
func NewExternalModule() *ExternalModule {
	mutex.Lock()
	if singleExternalModule == nil {
		modulePath := Config.GetServerConfig().RuleSystem.ModulePath
		singleExternalModule = &ExternalModule{[]string{modulePath}, map[string]string{}}
	}
	mutex.Unlock()
	return singleExternalModule
}
Beispiel #5
0
//NewLogServer constructs a new LogServer
func NewLogServer() *Server {
	var influxClient client.Client
	if Config.GetServerConfig().LogServer.InfluxAddress != "" {
		u, err := url.Parse(Config.GetServerConfig().LogServer.InfluxAddress)
		if err != nil {
			panic(err)
		}
		influxClient = client.NewClient(client.Config{
			URL:      u,
			Username: Config.GetServerConfig().LogServer.InfluxUsername,
			Password: Config.GetServerConfig().LogServer.InfluxPassword,
		})
		_, err = Influx.QueryDB(influxClient, fmt.Sprintf("CREATE DATABASE %s", Config.GetServerConfig().LogServer.InfluxDatabase), Config.GetServerConfig().LogServer.InfluxDatabase)
		if err != nil {
			panic(err)
		}
	}
	return &Server{LogQueue: make(chan LogMessage, 100), quit: make(chan bool), isRunning: false, InfluxClient: influxClient}
}
Beispiel #6
0
func (rpcI *RPCInterface) serve() {
	config := TLS.GenerateServerTLSConfig(Config.GetServerConfig().TLS.Cert, Config.GetServerConfig().TLS.Key, Config.GetServerConfig().TLS.CaCert)
	listener, err := tls.Listen("tcp", rpcI.RPCListenTo, config)
	if err != nil {
		fmt.Println("listener")
		panic(err)
	}
	firstByte := make([]byte, 1)
	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Printf("server: accept: %s", err)
			break
		}
		bytesRead, err := conn.Read(firstByte)
		if err != nil {
			if err == io.EOF {
				conn.Close()
				continue
			}
			//TODO: durch log austauschen
			fmt.Println("first byte")
			panic(err)
		}
		if tlscon, ok := conn.(*tls.Conn); bytesRead == 1 && ok {
			state := tlscon.ConnectionState()
			sub := state.PeerCertificates[0].Subject
			if isCommonNameOnBlackList(sub.CommonName) || isDNSNameOnBlackList(state.PeerCertificates[0].DNSNames) {
				fmt.Println(sub.CommonName, " is blacklisted")
				conn.Close()
				continue
			}
		}
		go func() {
			defer conn.Close()
			rpc.ServeConn(conn)
		}()
	}
}
//NewRuleSystemRPCInterface creates a new RuleSystemRPCInterface
func NewRuleSystemRPCInterface(ruleSystem *RuleSystem.RuleSystem) *RuleSystemRPCInterface {
	rpc := NewRPCInterface(Config.GetServerConfig().RuleSystem.RPCInterface)
	ruleRPC := &RuleSystemRPCInterface{RPCInterface: rpc, ruleSystem: ruleSystem}
	rpc.publishHandler(&RuleSystemRPCHandler{*ruleRPC})
	return ruleRPC
}
//LogView displays the basic logs
func (handler LogServerHTTPHandler) LogView(w http.ResponseWriter, r *auth.AuthenticatedRequest) {
	result, err := Influx.QueryDB(handler.influxClient, fmt.Sprintf("select time, event, msg, serveritry, source from %s", LogServer.TableName), Config.GetServerConfig().LogServer.InfluxDatabase)
	if err != nil {
		panic(err)
	}

	table := `<html><body><table style="width:100%"><tr>`
	for _, column := range result[0].Series[0].Columns {
		table += fmt.Sprintf(`<th>%s</th>`, column)
	}
	table += "</tr>"
	for _, row := range result[0].Series[0].Values {
		table += "<tr>"
		for i, field := range row {
			var output = fmt.Sprint(field)
			if i == 1 {
				u := r.URL
				u.Path = "/resend"
				parameters := url.Values{}
				parameters.Add(GETEVENTKEY, output)
				u.RawQuery = parameters.Encode()
				output = fmt.Sprintf(`<pre><a href="%s">%s</a></pre>`, u, Strings.FormatJSON(output))
			}
			table += fmt.Sprintf(`<td>%s</td>`, output)
		}
		table += "</tr>"
	}
	table += "</table></body></html>"

	io.WriteString(w, table)
}
Beispiel #9
0
//Server start a server config depending on the config file
func Server(serverConfigPath, clientConfigPath, cpuProfile string) {
	gob.Register(map[string]interface{}{})
	if cpuProfile != "" {
		f, err := os.Create(cpuProfile)
		if err != nil {
			log.Fatal(err)
		}
		pprof.StartCPUProfile(f)
	}
	Config.InitServerConfig(serverConfigPath)
	Config.InitClientConfig(clientConfigPath)

	stoppables := []Stoppable{}

	rpcInterfaces := []string{}
	httpInterfaces := []string{}

	if Config.GetServerConfig().LogServer.Enabled {
		logServer := LogServer.NewLogServer()
		logServer.Start()
		stoppables = append(stoppables, logServer)
		fmt.Println("Starting: LogServer")
		if Config.GetServerConfig().LogServer.RPCInterface != "" {
			fmt.Println("Starting: LogServer - RPC Interface")
			logServerRPCI := rpcIncoming.NewLogServerRPCInterface(logServer.LogQueue)
			logServerRPCI.Start()
			stoppables = append(stoppables, logServerRPCI)
			rpcInterfaces = append(rpcInterfaces, Config.GetServerConfig().LogServer.RPCInterface)
		}
		if Config.GetServerConfig().LogServer.HTTPInterface != "" {
			fmt.Println("Starting: LogServer - HTTP Interface")
			logServerRPCI := httpIncoming.NewLogServerHTTPInterface(logServer.InfluxClient)
			logServerRPCI.Start()
			stoppables = append(stoppables, logServerRPCI)
			httpInterfaces = append(httpInterfaces, Config.GetServerConfig().LogServer.HTTPInterface)
		}
		time.Sleep(time.Duration(100) * time.Millisecond)
	}

	if Config.GetServerConfig().RuleSystem.Enabled {
		ruleSystem := RuleSystem.NewRuleSystem()
		ruleSystem.Start()
		stoppables = append(stoppables, ruleSystem)
		fmt.Println("Starting: RuleSystem")
		if Config.GetServerConfig().RuleSystem.RPCInterface != "" {
			fmt.Println("Starting: RuleSystem - RPC Interface")
			ruleSystemRPCI := rpcIncoming.NewRuleSystemRPCInterface(ruleSystem)
			if !Strings.Contains(rpcInterfaces, Config.GetServerConfig().RuleSystem.RPCInterface) {
				fmt.Println("Starting: RPC")
				ruleSystemRPCI.Start()
				stoppables = append(stoppables, ruleSystemRPCI)
			}
		}
	}

	if Config.GetServerConfig().Proxy.Enabled {
		fmt.Println("Starting: Proxy - RPC Interface")
		proxyRPCI := rpcIncoming.NewProxyRPCInterface()
		if !Strings.Contains(rpcInterfaces, Config.GetServerConfig().RuleSystem.RPCInterface) {
			fmt.Println("Starting: RPC")
			proxyRPCI.Start()
			stoppables = append(stoppables, proxyRPCI)
		}
	}

	interruptChannel := make(chan os.Signal, 1)
	signal.Notify(interruptChannel, syscall.SIGINT)
	signal.Notify(interruptChannel, syscall.SIGTERM)
	quit := make(chan bool)
	go func() {
		<-interruptChannel
		cleanUp(stoppables)
		quit <- true
	}()
	fmt.Println("Everything's ready!")
	//wait for the end to come
	<-quit
	if cpuProfile != "" {
		pprof.StopCPUProfile()
	}
	fmt.Println("Bye")
}
Beispiel #10
0
func genBatchPoints() (client.BatchPoints, error) {
	return client.NewBatchPoints(client.BatchPointsConfig{Database: Config.GetServerConfig().LogServer.InfluxDatabase, Precision: "us"})
}
Beispiel #11
0
//NewProxyRPCInterface creates a new ProxyRPCInterface
func NewProxyRPCInterface() *ProxyRPCInterface {
	rpc := NewRPCInterface(Config.GetServerConfig().Proxy.RPCInterface)
	ruleRPC := &ProxyRPCInterface{RPCInterface: rpc}
	rpc.publishHandler(&ProxyRPCHandler{Module.NewExternalModule()})
	return ruleRPC
}