func main() {
esmap, _ := ioutil.ReadFile("/opt/nighthawk/lib/elastic/ElasticMapping.json")
nightHawk.LoadConfigFile("/opt/nighthawk/etc/nighthawk.json")
var esIndexUrl string = ""
esIndexUrl = GetElasticUrl(nightHawk.ELASTIC_INDEX)
resp, err := nightHawk.HttpOperation("GET", esIndexUrl, nightHawk.ELASTIC_AUTHCODE, nightHawk.ELASTIC_SSL, nil)
if err != nil {
panic(err.Error())
}
if resp.StatusCode == 200 || resp.StatusCode == 201 {
reader := bufio.NewReader(os.Stdin)
fmt.Printf("Index Already exists. Do you want to recreate [y/n]: ")
user_input, _ := reader.ReadString('\n')
if strings.ToLower(user_input[:1]) == "y" {
esIndexUrl = GetElasticUrl("investigation1")
// Delete current index
resp, err := nightHawk.HttpOperation("DELETE", esIndexUrl, nightHawk.ELASTIC_AUTHCODE, nightHawk.ELASTIC_SSL, nil)
if err != nil {
panic(err.Error())
}
if resp.StatusCode != 200 && resp.StatusCode != 201 {
body, _ := ioutil.ReadAll(resp.Body)
fmt.Println(string(body))
os.Exit(1)
}
os.Remove("/opt/nighthawk/var/run/elasticsearch/elastic.init")
CreateElasticIndex(esIndexUrl, esmap)
}
} else {
esIndexUrl = GetElasticUrl("investigation1")
CreateElasticIndex(esIndexUrl, esmap)
}
}
func main() {
runtime.GOMAXPROCS(nightHawk.MAXPROCS)
// Setting commandline argument parser
var runopt RuntimeOptions
flag.StringVar(&runopt.CaseName, "N", "", "Case name collected triage. If this value is not supplied system generated case name is used.")
flag.StringVar(&runopt.ComputerName, "C", "", "Computer name")
flag.StringVar(&runopt.ConfigFile, "c", nightHawk.CONFIG, "nightHawk configuration file")
flag.StringVar(&runopt.CaseDate, "D", "", "Case date for collected triage. If this value is not supplied current date is used.")
flag.StringVar(&runopt.CaseAnalyst, "a", "", "Case analyst working with collected triage")
flag.StringVar(&runopt.Filename, "f", "", "File containing triage file")
flag.StringVar(&runopt.Debug, "d", "none", "Specify debug generator to be debugged. For list of available generator use \"-d list\" ")
flag.BoolVar(&runopt.Version, "V", false, "Display version information")
flag.BoolVar(&runopt.Verbose, "v", false, "Show verbose message on console")
flag.Parse()
if runopt.Version {
nightHawk.ShowVersion()
os.Exit(0)
}
if runopt.Debug == "list" {
nightHawk.ShowAuditGenerators()
os.Exit(0)
}
if !nightHawk.LoadConfigFile(runopt.ConfigFile) {
ExitOnError("Error encounter reading configuration file", nightHawk.ERROR_CONFIG_FILE_READ)
}
if runopt.Verbose {
nightHawk.VERBOSE = true
}
if runopt.CaseName == "" {
runopt.CaseName = nightHawk.GenerateCaseName()
}
if runopt.CaseDate == "" {
runopt.CaseDate = fmt.Sprintf("%s", time.Now().UTC().Format(nightHawk.Layout))
}
if runopt.Filename == "" {
ExitOnError("Triage file must be supplied", nightHawk.ERROR_NO_TRIAGE_FILE)
}
// __end_of_commandline_parsing
var caseinfo = nightHawk.CaseInformation{CaseName: runopt.CaseName, CaseDate: runopt.CaseDate, CaseAnalyst: runopt.CaseAnalyst}
sourcetype := nightHawk.SourceDataFileType(runopt.Filename)
if sourcetype == nightHawk.MOD_XML {
if runopt.ComputerName == "" {
ExitOnError("Computer Name is requried while processing single audit file", nightHawk.ERROR_AUDIT_COMPUTERNAME_REQUIRED)
}
errno := LoadSingleAuditFile(caseinfo, runopt.ComputerName, runopt.Filename)
if errno > 0 {
ExitOnError("Error occured processing single file", errno)
}
} else if sourcetype == nightHawk.MOD_MANS {
errno := LoadHxAuditFile(caseinfo, runopt.Filename, runopt.Debug)
if errno > 0 {
ExitOnError("Error occured processing Hx triage file", errno)
}
} else if sourcetype == nightHawk.MOD_ZIP {
errno := LoadRedlineAuditFile(caseinfo, runopt.Filename, runopt.Debug)
if errno > 0 {
ExitOnError("Error occured processing Redline triage file", errno)
}
} else if sourcetype == nightHawk.MOD_REDDIR {
errno := LoadRedlineAuditDirectory(caseinfo, runopt.Filename, runopt.Debug)
if errno > 0 {
ExitOnError("Unsupported source file", errno)
}
}
} // __end_main__