beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
crowdsec/cmd/crowdsec-cli/console.go
alteredCoder 40103275df remove alias and tag from cscli console
2021-10-26 15:13:36 +02:00

451 lines
16 KiB
Go
Raw Blame History

package main
import (
"context"
"encoding/json"
"errors"
"fmt"
"io/fs"
"net/url"
"os"
"strings"
"time"
"github.com/crowdsecurity/crowdsec/pkg/apiclient"
"github.com/crowdsecurity/crowdsec/pkg/csconfig"
"github.com/crowdsecurity/crowdsec/pkg/cwhub"
"github.com/crowdsecurity/crowdsec/pkg/cwversion"
"github.com/crowdsecurity/crowdsec/pkg/database"
"github.com/crowdsecurity/crowdsec/pkg/models"
"github.com/crowdsecurity/crowdsec/pkg/types"
"github.com/enescakir/emoji"
"github.com/go-openapi/strfmt"
"github.com/olekukonko/tablewriter"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"gopkg.in/yaml.v2"
)
func IsInSlice(a string, b []string) bool {
for _, v := range b {
if a == v {
return true
}
}
return false
}
func FetchScenariosListFromDB() ([]string, error) {
scenarios := make([]string, 0)
machines, err := dbClient.ListMachines()
if err != nil {
return nil, fmt.Errorf("while listing machines: %s", err)
}
//merge all scenarios together
for _, v := range machines {
machineScenarios := strings.Split(v.Scenarios, ",")
log.Debugf("%d scenarios for machine %d", len(machineScenarios), v.ID)
for _, sv := range machineScenarios {
if !IsInSlice(sv, scenarios) && sv != "" {
scenarios = append(scenarios, sv)
}
}
}
log.Debugf("Returning list of scenarios : %+v", scenarios)
return scenarios, nil
}
func NewConsoleCmd() *cobra.Command {
var cmdConsole = &cobra.Command{
Use: "console [action]",
Short: "Manage interaction with Crowdsec console (https://app.crowdsec.net)",
Args: cobra.MinimumNArgs(1),
DisableAutoGenTag: true,
PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
if err := csConfig.LoadAPIServer(); err != nil {
var fdErr *fs.PathError
if errors.As(err, &fdErr) {
log.Fatalf("Unable to load Local API : %s", fdErr)
} else {
log.Fatalf("Unable to load required Local API Configuration : %s", err)
}
}
if csConfig.DisableAPI {
log.Fatal("Local API is disabled, please run this command on the local API machine")
}
if csConfig.API.Server.OnlineClient == nil {
log.Fatalf("no configuration for Central API (CAPI) in '%s'", *csConfig.FilePath)
}
if csConfig.API.Server.OnlineClient.Credentials == nil {
log.Fatal("You must configure Central API (CAPI) with `cscli capi register` before enrolling your instance")
}
return nil
},
}
cmdEnroll := &cobra.Command{
Use: "enroll [enroll-key]",
Short: "Enroll this instance to https://app.crowdsec.net [requires local API]",
Long: `
Enroll this instance to https://app.crowdsec.net
You can get your enrollment key by creating an account on https://app.crowdsec.net.
After running this command your will need to validate the enrollment in the webapp.`,
Example: `cscli console enroll YOUR-ENROLL-KEY
`,
Args: cobra.ExactArgs(1),
DisableAutoGenTag: true,
Run: func(cmd *cobra.Command, args []string) {
password := strfmt.Password(csConfig.API.Server.OnlineClient.Credentials.Password)
apiURL, err := url.Parse(csConfig.API.Server.OnlineClient.Credentials.URL)
if err != nil {
log.Fatalf("Could not parse CAPI URL : %s", err)
}
if err := csConfig.LoadHub(); err != nil {
log.Fatalf(err.Error())
}
if err := cwhub.GetHubIdx(csConfig.Hub); err != nil {
log.Fatalf("Failed to load hub index : %s", err)
log.Infoln("Run 'sudo cscli hub update' to get the hub index")
}
scenarios, err := cwhub.GetUpstreamInstalledScenariosAsString()
if err != nil {
log.Fatalf("failed to get scenarios : %s", err.Error())
}
if len(scenarios) == 0 {
scenarios = make([]string, 0)
}
c, _ := apiclient.NewClient(&apiclient.Config{
MachineID: csConfig.API.Server.OnlineClient.Credentials.Login,
Password: password,
Scenarios: scenarios,
UserAgent: fmt.Sprintf("crowdsec/%s", cwversion.VersionStr()),
URL: apiURL,
VersionPrefix: "v2",
})
_, err = c.Auth.EnrollWatcher(context.Background(), args[0])
if err != nil {
log.Fatalf("Could not enroll instance: %s", err)
}
log.Infof("Watcher successfully enrolled. Visit https://app.crowdsec.net to accept it.")
},
}
cmdConsole.AddCommand(cmdEnroll)
var enableAll, disableAll bool
cmdEnable := &cobra.Command{
Use: "enable [feature-flag]",
Short: "Enable a feature flag",
Example: "enable alerts-tainted",
Long: `
Enable given information push to the central API. Allows to empower the console`,
ValidArgs: csconfig.CONSOLE_CONFIGS,
DisableAutoGenTag: true,
Run: func(cmd *cobra.Command, args []string) {
if enableAll {
SetConsoleOpts(csconfig.CONSOLE_CONFIGS, true)
} else {
SetConsoleOpts(args, true)
}
if err := csConfig.API.Server.DumpConsoleConfig(); err != nil {
log.Fatalf("failed writing console config : %s", err)
}
if enableAll {
log.Infof("All features have been enabled successfully")
} else {
log.Infof("%v have been enabled", args)
}
log.Infof(ReloadMessage())
},
}
cmdEnable.Flags().BoolVarP(&enableAll, "all", "a", false, "Enable all feature flags")
cmdConsole.AddCommand(cmdEnable)
cmdDisable := &cobra.Command{
Use: "disable [feature-flag]",
Short: "Disable a feature flag",
Example: "disable alerts-tainted",
Long: `
Disable given information push to the central API.`,
ValidArgs: csconfig.CONSOLE_CONFIGS,
DisableAutoGenTag: true,
Run: func(cmd *cobra.Command, args []string) {
if disableAll {
SetConsoleOpts(csconfig.CONSOLE_CONFIGS, false)
} else {
SetConsoleOpts(args, false)
}
if err := csConfig.API.Server.DumpConsoleConfig(); err != nil {
log.Fatalf("failed writing console config : %s", err)
}
if disableAll {
log.Infof("All features have been disabled")
} else {
log.Infof("%v have been disabled", args)
}
log.Infof(ReloadMessage())
},
}
cmdDisable.Flags().BoolVarP(&disableAll, "all", "a", false, "Enable all feature flags")
cmdConsole.AddCommand(cmdDisable)
cmdConsoleStatus := &cobra.Command{
Use: "status [feature-flag]",
Short: "Shows status of one or all feature flags",
Example: "status alerts-tainted",
DisableAutoGenTag: true,
Run: func(cmd *cobra.Command, args []string) {
switch csConfig.Cscli.Output {
case "human":
table := tablewriter.NewWriter(os.Stdout)
table.SetHeaderAlignment(tablewriter.ALIGN_LEFT)
table.SetAlignment(tablewriter.ALIGN_LEFT)
table.SetHeader([]string{"Option Name", "Activated", "Description"})
for _, option := range csconfig.CONSOLE_CONFIGS {
switch option {
case csconfig.SEND_CUSTOM_SCENARIOS:
activated := fmt.Sprintf("%s", emoji.CrossMark)
if *csConfig.API.Server.ConsoleConfig.ShareCustomScenarios == true {
activated = fmt.Sprintf("%s", emoji.CheckMarkButton)
}
table.Append([]string{option, activated, "Send alerts from custom scenarios to the console"})
case csconfig.SEND_MANUAL_SCENARIOS:
activated := fmt.Sprintf("%s", emoji.CrossMark)
if *csConfig.API.Server.ConsoleConfig.ShareManualDecisions == true {
activated = fmt.Sprintf("%s", emoji.CheckMarkButton)
}
table.Append([]string{option, activated, "Send manual decisions to the console"})
case csconfig.SEND_TAINTED_SCENARIOS:
activated := fmt.Sprintf("%s", emoji.CrossMark)
if *csConfig.API.Server.ConsoleConfig.ShareTaintedScenarios == true {
activated = fmt.Sprintf("%s", emoji.CheckMarkButton)
}
table.Append([]string{option, activated, "Send alerts from tainted scenarios to the console"})
case csconfig.SEND_SIMULATED_DECISIONS:
activated := fmt.Sprintf("%s", emoji.CrossMark)
if *csConfig.API.Server.ConsoleConfig.ShareSimulatedDecisions == true {
activated = fmt.Sprintf("%s", emoji.CheckMarkButton)
}
table.Append([]string{option, activated, "Send alerts from scenarios in simulation mode to the console"})
}
}
table.Render()
case "json":
data, err := json.MarshalIndent(csConfig.API.Server.ConsoleConfig, "", " ")
if err != nil {
log.Fatalf("failed to marshal configuration: %s", err)
}
fmt.Printf("%s\n", string(data))
case "raw":
data, err := yaml.Marshal(csConfig.API.Server.ConsoleConfig)
if err != nil {
log.Fatalf("failed to marshal configuration: %s", err)
}
fmt.Printf("%s\n", string(data))
}
},
}
cmdConsole.AddCommand(cmdConsoleStatus)
cmdConsoleSync := &cobra.Command{
Use: "sync",
Short: "Sync current decisions to console",
DisableAutoGenTag: true,
Run: func(cmd *cobra.Command, args []string) {
var err error
if err := csConfig.LoadDBConfig(); err != nil {
log.Errorf("This command requires direct database access (must be run on the local API machine)")
log.Fatalf(err.Error())
}
dbClient, err = database.NewClient(csConfig.DbConfig)
if err != nil {
log.Fatalf("unable to create new database client: %s", err)
}
password := strfmt.Password(csConfig.API.Server.OnlineClient.Credentials.Password)
apiurl, err := url.Parse(csConfig.API.Server.OnlineClient.Credentials.URL)
if err != nil {
log.Fatalf("parsing api url ('%s'): %s", csConfig.API.Server.OnlineClient.Credentials.URL, err)
}
if err := csConfig.LoadHub(); err != nil {
log.Fatalf(err.Error())
}
if err := cwhub.GetHubIdx(csConfig.Hub); err != nil {
log.Fatalf("Failed to load hub index : %s", err)
log.Infoln("Run 'sudo cscli hub update' to get the hub index")
}
scenarios, err := cwhub.GetUpstreamInstalledScenariosAsString()
if err != nil {
log.Fatalf("failed to get scenarios : %s", err.Error())
}
if len(scenarios) == 0 {
log.Fatalf("no scenarios installed, abort")
}
Client, err = apiclient.NewClient(&apiclient.Config{
MachineID: csConfig.API.Server.OnlineClient.Credentials.Login,
Password: password,
UserAgent: fmt.Sprintf("crowdsec/%s", cwversion.VersionStr()),
URL: apiurl,
VersionPrefix: "v2",
Scenarios: scenarios,
UpdateScenario: FetchScenariosListFromDB,
})
if err != nil {
log.Fatalf("init default client: %s", err)
}
filter := make(map[string][]string)
filter["has_active_decision"] = []string{"true"}
alertsWithDecisions, err := dbClient.QueryAlertWithFilter(filter)
if err != nil {
log.Fatalf(err.Error())
}
alertList := make([]*models.Alert, 0)
for _, alert := range alertsWithDecisions {
startAt := alert.StartedAt.String()
StopAt := alert.StoppedAt.String()
formatedAlert := models.Alert{
ID: int64(alert.ID),
MachineID: machineID,
CreatedAt: alert.CreatedAt.Format(time.RFC3339),
Scenario: &alert.Scenario,
ScenarioVersion: &alert.ScenarioVersion,
ScenarioHash: &alert.ScenarioHash,
Message: &alert.Message,
EventsCount: &alert.EventsCount,
StartAt: &startAt,
StopAt: &StopAt,
Capacity: &alert.Capacity,
Leakspeed: &alert.LeakSpeed,
Simulated: &alert.Simulated,
Source: &models.Source{
Scope: &alert.SourceScope,
Value: &alert.SourceValue,
IP: alert.SourceIp,
Range: alert.SourceRange,
AsNumber: alert.SourceAsNumber,
AsName: alert.SourceAsName,
Cn: alert.SourceCountry,
Latitude: alert.SourceLatitude,
Longitude: alert.SourceLongitude,
},
}
for _, decisionItem := range alert.Edges.Decisions {
duration := decisionItem.Until.Sub(time.Now()).String()
formatedAlert.Decisions = append(formatedAlert.Decisions, &models.Decision{
Duration: &duration, // transform into time.Time ?
Scenario: &decisionItem.Scenario,
Type: &decisionItem.Type,
Scope: &decisionItem.Scope,
Value: &decisionItem.Value,
Origin: &decisionItem.Origin,
Simulated: formatedAlert.Simulated,
ID: int64(decisionItem.ID),
})
}
alertList = append(alertList, &formatedAlert)
}
_, _, err = Client.Decisions.SyncDecisions(context.Background(), alertList)
if err != nil {
log.Fatalf("unable to sync decisions with console: %s", err.Error())
}
log.Infof("Decisions have been synchronized successfully")
},
}
cmdConsole.AddCommand(cmdConsoleSync)
return cmdConsole
}
func SetConsoleOpts(args []string, wanted bool) {
for _, arg := range args {
switch arg {
case csconfig.SEND_CUSTOM_SCENARIOS:
/*for each flag check if it's already set before setting it*/
if csConfig.API.Server.ConsoleConfig.ShareCustomScenarios != nil {
if *csConfig.API.Server.ConsoleConfig.ShareCustomScenarios == wanted {
log.Infof("%s already set to %t", csconfig.SEND_CUSTOM_SCENARIOS, wanted)
} else {
log.Infof("%s set to %t", csconfig.SEND_CUSTOM_SCENARIOS, wanted)
*csConfig.API.Server.ConsoleConfig.ShareCustomScenarios = wanted
}
} else {
log.Infof("%s set to %t", csconfig.SEND_CUSTOM_SCENARIOS, wanted)
csConfig.API.Server.ConsoleConfig.ShareCustomScenarios = types.BoolPtr(wanted)
}
case csconfig.SEND_TAINTED_SCENARIOS:
/*for each flag check if it's already set before setting it*/
if csConfig.API.Server.ConsoleConfig.ShareTaintedScenarios != nil {
if *csConfig.API.Server.ConsoleConfig.ShareTaintedScenarios == wanted {
log.Infof("%s already set to %t", csconfig.SEND_TAINTED_SCENARIOS, wanted)
} else {
log.Infof("%s set to %t", csconfig.SEND_TAINTED_SCENARIOS, wanted)
*csConfig.API.Server.ConsoleConfig.ShareTaintedScenarios = wanted
}
} else {
log.Infof("%s set to %t", csconfig.SEND_TAINTED_SCENARIOS, wanted)
csConfig.API.Server.ConsoleConfig.ShareTaintedScenarios = types.BoolPtr(wanted)
}
case csconfig.SEND_MANUAL_SCENARIOS:
/*for each flag check if it's already set before setting it*/
if csConfig.API.Server.ConsoleConfig.ShareManualDecisions != nil {
if *csConfig.API.Server.ConsoleConfig.ShareManualDecisions == wanted {
log.Infof("%s already set to %t", csconfig.SEND_MANUAL_SCENARIOS, wanted)
} else {
log.Infof("%s set to %t", csconfig.SEND_MANUAL_SCENARIOS, wanted)
*csConfig.API.Server.ConsoleConfig.ShareManualDecisions = wanted
}
} else {
log.Infof("%s set to %t", csconfig.SEND_MANUAL_SCENARIOS, wanted)
csConfig.API.Server.ConsoleConfig.ShareManualDecisions = types.BoolPtr(wanted)
}
case csconfig.SEND_LIVE_DECISIONS:
/*for each flag check if it's already set before setting it*/
if csConfig.API.Server.ConsoleConfig.ShareDecisions != nil {
if *csConfig.API.Server.ConsoleConfig.ShareDecisions == wanted {
log.Infof("%s already set to %t", csconfig.SEND_LIVE_DECISIONS, wanted)
} else {
log.Infof("%s set to %t", csconfig.SEND_LIVE_DECISIONS, wanted)
*csConfig.API.Server.ConsoleConfig.ShareDecisions = wanted
}
} else {
log.Infof("%s set to %t", csconfig.SEND_LIVE_DECISIONS, wanted)
csConfig.API.Server.ConsoleConfig.ShareDecisions = types.BoolPtr(wanted)
}
case csconfig.SEND_SIMULATED_DECISIONS:
/*for each flag check if it's already set before setting it*/
if csConfig.API.Server.ConsoleConfig.ShareSimulatedDecisions != nil {
if *csConfig.API.Server.ConsoleConfig.ShareSimulatedDecisions == wanted {
log.Infof("%s already set to %t", csconfig.SEND_SIMULATED_DECISIONS, wanted)
} else {
log.Infof("%s set to %t", csconfig.SEND_SIMULATED_DECISIONS, wanted)
*csConfig.API.Server.ConsoleConfig.ShareSimulatedDecisions = wanted
}
} else {
log.Infof("%s set to %t", csconfig.SEND_SIMULATED_DECISIONS, wanted)
csConfig.API.Server.ConsoleConfig.ShareSimulatedDecisions = types.BoolPtr(wanted)
}
default:
log.Fatalf("unknown flag %s", arg)
}
}
}
Reference in a new issue View git blame Copy permalink