
v1.5.6 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 13, 2023 License: MIT Imports: 20 Imported by: 0




View Source
const (
	CONSOLE_MANAGEMENT     = "console_management"
	SEND_CONTEXT           = "context"


View Source
View Source
var DefaultConsoleConfigFilePath = DefaultConfigPath("console.yaml")


func DefaultConfigPath

func DefaultConfigPath(elem ...string) string

DefaultConfigPath returns the default path for a configuration resource "elem" parameters are path components relative to the default cfg directory.

func DefaultDataPath

func DefaultDataPath(elem ...string) string

DefaultDataPath returns the default path for a data resource. "elem" parameters are path components relative to the default data directory.

func ListFeatureFlags

func ListFeatureFlags() string

ListFeatureFlags returns a list of the enabled feature flags.

func LoadFeatureFlagsEnv

func LoadFeatureFlagsEnv(logger *log.Logger) error

LoadFeatureFlagsEnv parses the environment variables to enable feature flags.

func LoadFeatureFlagsFile

func LoadFeatureFlagsFile(configPath string, logger *log.Logger) error

LoadFeatureFlags parses feature.yaml to enable feature flags. The file is in the same directory as config.yaml, which is provided as the fist parameter. This can be different than ConfigPaths.ConfigDir


type APICfg

type APICfg struct {
	Client *LocalApiClientCfg `yaml:"client"`
	Server *LocalApiServerCfg `yaml:"server"`
	CTI    *CTICfg            `yaml:"cti"`

type ApiCredentialsCfg

type ApiCredentialsCfg struct {
	PapiURL    string `yaml:"papi_url,omitempty" json:"papi_url,omitempty"`
	URL        string `yaml:"url,omitempty" json:"url,omitempty"`
	Login      string `yaml:"login,omitempty" json:"login,omitempty"`
	Password   string `yaml:"password,omitempty" json:"-"`
	CACertPath string `yaml:"ca_cert_path,omitempty"`
	KeyPath    string `yaml:"key_path,omitempty"`
	CertPath   string `yaml:"cert_path,omitempty"`

type AuthGCCfg

type AuthGCCfg struct {
	Cert                  *string `yaml:"cert,omitempty"`
	CertDuration          *time.Duration
	Api                   *string `yaml:"api_key,omitempty"`
	ApiDuration           *time.Duration
	LoginPassword         *string `yaml:"login_password,omitempty"`
	LoginPasswordDuration *time.Duration

type CTICfg

type CTICfg struct {
	Key          *string        `yaml:"key,omitempty"`
	CacheTimeout *time.Duration `yaml:"cache_timeout,omitempty"`
	CacheSize    *int           `yaml:"cache_size,omitempty"`
	Enabled      *bool          `yaml:"enabled,omitempty"`
	LogLevel     *log.Level     `yaml:"log_level,omitempty"`

func (*CTICfg) Load

func (a *CTICfg) Load() error

type CapiWhitelist

type CapiWhitelist struct {
	Ips   []net.IP     `yaml:"ips,omitempty"`
	Cidrs []*net.IPNet `yaml:"cidrs,omitempty"`

type CommonCfg

type CommonCfg struct {
	Daemonize      bool
	PidDir         string     `yaml:"pid_dir,omitempty"` // TODO: This is just for backward compat. Remove this later
	LogMedia       string     `yaml:"log_media"`
	LogDir         string     `yaml:"log_dir,omitempty"` //if LogMedia = file
	LogLevel       *log.Level `yaml:"log_level"`
	WorkingDir     string     `yaml:"working_dir,omitempty"` ///var/run
	CompressLogs   *bool      `yaml:"compress_logs,omitempty"`
	LogMaxSize     int        `yaml:"log_max_size,omitempty"`
	LogMaxAge      int        `yaml:"log_max_age,omitempty"`
	LogMaxFiles    int        `yaml:"log_max_files,omitempty"`
	ForceColorLogs bool       `yaml:"force_color_logs,omitempty"`

daemonization/service related stuff

type Config

type Config struct {
	//just a path to ourself :p
	FilePath     *string             `yaml:"-"`
	Self         []byte              `yaml:"-"`
	Common       *CommonCfg          `yaml:"common,omitempty"`
	Prometheus   *PrometheusCfg      `yaml:"prometheus,omitempty"`
	Crowdsec     *CrowdsecServiceCfg `yaml:"crowdsec_service,omitempty"`
	Cscli        *CscliCfg           `yaml:"cscli,omitempty"`
	DbConfig     *DatabaseCfg        `yaml:"db_config,omitempty"`
	API          *APICfg             `yaml:"api,omitempty"`
	ConfigPaths  *ConfigurationPaths `yaml:"config_paths,omitempty"`
	PluginConfig *PluginCfg          `yaml:"plugin_config,omitempty"`
	DisableAPI   bool                `yaml:"-"`
	DisableAgent bool                `yaml:"-"`
	Hub          *Hub                `yaml:"-"`

Config contains top-level defaults -> overridden by configuration file -> overridden by CLI flags

func NewConfig

func NewConfig(configFile string, disableAgent bool, disableAPI bool, quiet bool) (*Config, string, error)

func NewDefaultConfig

func NewDefaultConfig() *Config

func (*Config) Dump

func (c *Config) Dump() error

func (*Config) LoadAPIClient

func (c *Config) LoadAPIClient() error

func (*Config) LoadAPIServer

func (c *Config) LoadAPIServer() error

func (*Config) LoadCSCLI

func (c *Config) LoadCSCLI() error

func (*Config) LoadCommon

func (c *Config) LoadCommon() error

func (*Config) LoadConfigurationPaths

func (c *Config) LoadConfigurationPaths() error

func (*Config) LoadCrowdsec

func (c *Config) LoadCrowdsec() error

func (*Config) LoadDBConfig

func (c *Config) LoadDBConfig() error

func (*Config) LoadHub

func (c *Config) LoadHub() error

func (*Config) LoadPrometheus

func (c *Config) LoadPrometheus() error

func (*Config) LoadSimulation

func (c *Config) LoadSimulation() error

type ConfigurationPaths

type ConfigurationPaths struct {
	ConfigDir          string `yaml:"config_dir"`
	DataDir            string `yaml:"data_dir,omitempty"`
	SimulationFilePath string `yaml:"simulation_path,omitempty"`
	HubIndexFile       string `yaml:"index_path,omitempty"` //path of the .index.json
	HubDir             string `yaml:"hub_dir,omitempty"`
	PluginDir          string `yaml:"plugin_dir,omitempty"`
	NotificationDir    string `yaml:"notification_dir,omitempty"`

type ConsoleConfig

type ConsoleConfig struct {
	ShareManualDecisions  *bool `yaml:"share_manual_decisions"`
	ShareTaintedScenarios *bool `yaml:"share_tainted"`
	ShareCustomScenarios  *bool `yaml:"share_custom"`
	ConsoleManagement     *bool `yaml:"console_management"`
	ShareContext          *bool `yaml:"share_context"`

type CrowdsecServiceCfg

type CrowdsecServiceCfg struct {
	Enable                    *bool             `yaml:"enable"`
	AcquisitionFilePath       string            `yaml:"acquisition_path,omitempty"`
	AcquisitionDirPath        string            `yaml:"acquisition_dir,omitempty"`
	ConsoleContextPath        string            `yaml:"console_context_path"`
	ConsoleContextValueLength int               `yaml:"console_context_value_length"`
	AcquisitionFiles          []string          `yaml:"-"`
	ParserRoutinesCount       int               `yaml:"parser_routines"`
	BucketsRoutinesCount      int               `yaml:"buckets_routines"`
	OutputRoutinesCount       int               `yaml:"output_routines"`
	SimulationConfig          *SimulationConfig `yaml:"-"`
	LintOnly                  bool              `yaml:"-"`                          // if set to true, exit after loading configs
	BucketStateFile           string            `yaml:"state_input_file,omitempty"` // if we need to unserialize buckets at start
	BucketStateDumpDir        string            `yaml:"state_output_dir,omitempty"` // if we need to unserialize buckets on shutdown
	BucketsGCEnabled          bool              `yaml:"-"`                          // we need to garbage collect buckets when in forensic mode

	HubDir             string              `yaml:"-"`
	DataDir            string              `yaml:"-"`
	ConfigDir          string              `yaml:"-"`
	HubIndexFile       string              `yaml:"-"`
	SimulationFilePath string              `yaml:"-"`
	ContextToSend      map[string][]string `yaml:"-"`

CrowdsecServiceCfg contains the location of parsers/scenarios/... and acquisition files

func (*CrowdsecServiceCfg) DumpContextConfigFile

func (c *CrowdsecServiceCfg) DumpContextConfigFile() error

type CscliCfg

type CscliCfg struct {
	Output             string            `yaml:"output,omitempty"`
	Color              string            `yaml:"color,omitempty"`
	HubBranch          string            `yaml:"hub_branch"`
	SimulationConfig   *SimulationConfig `yaml:"-"`
	DbConfig           *DatabaseCfg      `yaml:"-"`
	HubDir             string            `yaml:"-"`
	DataDir            string            `yaml:"-"`
	ConfigDir          string            `yaml:"-"`
	HubIndexFile       string            `yaml:"-"`
	SimulationFilePath string            `yaml:"-"`
	PrometheusUrl      string            `yaml:"prometheus_uri"`

cscli specific config, such as hub directory

type DatabaseCfg

type DatabaseCfg struct {
	User         string      `yaml:"user"`
	Password     string      `yaml:"password"`
	DbName       string      `yaml:"db_name"`
	Sslmode      string      `yaml:"sslmode"`
	Host         string      `yaml:"host"`
	Port         int         `yaml:"port"`
	DbPath       string      `yaml:"db_path"`
	Type         string      `yaml:"type"`
	Flush        *FlushDBCfg `yaml:"flush"`
	LogLevel     *log.Level  `yaml:"log_level"`
	MaxOpenConns *int        `yaml:"max_open_conns,omitempty"`
	UseWal       *bool       `yaml:"use_wal,omitempty"`

func (*DatabaseCfg) ConnectionDialect

func (d *DatabaseCfg) ConnectionDialect() (string, string, error)

func (*DatabaseCfg) ConnectionString

func (d *DatabaseCfg) ConnectionString() string

type FlushDBCfg

type FlushDBCfg struct {
	MaxItems   *int       `yaml:"max_items,omitempty"`
	MaxAge     *string    `yaml:"max_age,omitempty"`
	BouncersGC *AuthGCCfg `yaml:"bouncers_autodelete,omitempty"`
	AgentsGC   *AuthGCCfg `yaml:"agents_autodelete,omitempty"`

type Hub

type Hub struct {
	HubDir       string `yaml:"-"`
	ConfigDir    string `yaml:"-"`
	HubIndexFile string `yaml:"-"`
	DataDir      string `yaml:"-"`

cscli specific config, such as hub directory

type LocalApiClientCfg

type LocalApiClientCfg struct {
	CredentialsFilePath string             `yaml:"credentials_path,omitempty"` // credz will be edited by software, store in diff file
	Credentials         *ApiCredentialsCfg `yaml:"-"`
	InsecureSkipVerify  *bool              `yaml:"insecure_skip_verify"` // check if api certificate is bad or not

local api config (for crowdsec/cscli->lapi)

func (*LocalApiClientCfg) Load

func (l *LocalApiClientCfg) Load() error

type LocalApiServerCfg

type LocalApiServerCfg struct {
	Enable                        *bool               `yaml:"enable"`
	ListenURI                     string              `yaml:"listen_uri,omitempty"` //
	TLS                           *TLSCfg             `yaml:"tls"`
	DbConfig                      *DatabaseCfg        `yaml:"-"`
	LogDir                        string              `yaml:"-"`
	LogMedia                      string              `yaml:"-"`
	OnlineClient                  *OnlineApiClientCfg `yaml:"online_client"`
	ProfilesPath                  string              `yaml:"profiles_path,omitempty"`
	ConsoleConfigPath             string              `yaml:"console_path,omitempty"`
	ConsoleConfig                 *ConsoleConfig      `yaml:"-"`
	Profiles                      []*ProfileCfg       `yaml:"-"`
	LogLevel                      *log.Level          `yaml:"log_level"`
	UseForwardedForHeaders        bool                `yaml:"use_forwarded_for_headers,omitempty"`
	TrustedProxies                *[]string           `yaml:"trusted_proxies,omitempty"`
	CompressLogs                  *bool               `yaml:"-"`
	LogMaxSize                    int                 `yaml:"-"`
	LogMaxAge                     int                 `yaml:"-"`
	LogMaxFiles                   int                 `yaml:"-"`
	TrustedIPs                    []string            `yaml:"trusted_ips,omitempty"`
	PapiLogLevel                  *log.Level          `yaml:"papi_log_level"`
	DisableRemoteLapiRegistration bool                `yaml:"disable_remote_lapi_registration,omitempty"`
	CapiWhitelistsPath            string              `yaml:"capi_whitelists_path,omitempty"`
	CapiWhitelists                *CapiWhitelist      `yaml:"-"`

local api service configuration

func (*LocalApiServerCfg) DumpConsoleConfig

func (c *LocalApiServerCfg) DumpConsoleConfig() error

func (*LocalApiServerCfg) GetTrustedIPs

func (lapiCfg *LocalApiServerCfg) GetTrustedIPs() ([]net.IPNet, error)

func (*LocalApiServerCfg) LoadCapiWhitelists

func (s *LocalApiServerCfg) LoadCapiWhitelists() error

func (*LocalApiServerCfg) LoadConsoleConfig

func (c *LocalApiServerCfg) LoadConsoleConfig() error

func (*LocalApiServerCfg) LoadProfiles

func (c *LocalApiServerCfg) LoadProfiles() error

type OnlineApiClientCfg

type OnlineApiClientCfg struct {
	CredentialsFilePath string             `yaml:"credentials_path,omitempty"` // credz will be edited by software, store in diff file
	Credentials         *ApiCredentialsCfg `yaml:"-"`

global api config (for lapi->oapi)

func (*OnlineApiClientCfg) Load

func (o *OnlineApiClientCfg) Load() error

type PluginCfg

type PluginCfg struct {
	User  string
	Group string

type ProfileCfg

type ProfileCfg struct {
	Name          string            `yaml:"name,omitempty"`
	Debug         *bool             `yaml:"debug,omitempty"`
	Filters       []string          `yaml:"filters,omitempty"` //A list of OR'ed expressions. the models.Alert object
	Decisions     []models.Decision `yaml:"decisions,omitempty"`
	DurationExpr  string            `yaml:"duration_expr,omitempty"`
	OnSuccess     string            `yaml:"on_success,omitempty"` //continue or break
	OnFailure     string            `yaml:"on_failure,omitempty"` //continue or break
	OnError       string            `yaml:"on_error,omitempty"`   //continue, break, error, report, apply, ignore
	Notifications []string          `yaml:"notifications,omitempty"`

Profile structure(s) are used by the local API to "decide" what kind of decision should be applied when a scenario with an active remediation has been triggered

type PrometheusCfg

type PrometheusCfg struct {
	Enabled    bool   `yaml:"enabled"`
	Level      string `yaml:"level"` //aggregated|full
	ListenAddr string `yaml:"listen_addr"`
	ListenPort int    `yaml:"listen_port"`

type SimulationConfig

type SimulationConfig struct {
	Simulation *bool    `yaml:"simulation"`
	Exclusions []string `yaml:"exclusions,omitempty"`

func (*SimulationConfig) IsSimulated

func (s *SimulationConfig) IsSimulated(scenario string) bool

type TLSCfg

type TLSCfg struct {
	CertFilePath       string         `yaml:"cert_file"`
	KeyFilePath        string         `yaml:"key_file"`
	ClientVerification string         `yaml:"client_verification,omitempty"`
	ServerName         string         `yaml:"server_name"`
	CACertPath         string         `yaml:"ca_cert_path"`
	AllowedAgentsOU    []string       `yaml:"agents_allowed_ou"`
	AllowedBouncersOU  []string       `yaml:"bouncers_allowed_ou"`
	CRLPath            string         `yaml:"crl_path"`
	CacheExpiration    *time.Duration `yaml:"cache_expiration,omitempty"`

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL