def initConfig(): options.esservers = list(getConfig( 'esservers', 'http://localhost:9200', options.configfile).split(',') ) options.indices = list(getConfig( 'backup_indices', 'events,alerts,kibana-int', options.configfile).split(',') ) options.dobackup = list(getConfig( 'backup_dobackup', '1,1,1', options.configfile).split(',') ) options.rotation = list(getConfig( 'backup_rotation', 'daily,monthly,none', options.configfile).split(',') ) options.pruning = list(getConfig( 'backup_pruning', '20,0,0', options.configfile).split(',') )
def initConfig(): #change this to your default zone for when it's not specified options.defaultTimeZone=getConfig('defaulttimezone','US/Pacific',options.configfile) options.filemask=getConfig('filemask','*.log',options.configfile) options.cachelength=getConfig('cachelength',100,options.configfile) options.url=getConfig('url','http://localhost:9200',options.configfile) options.bindignore=getConfig('bindignore','',options.configfile) #space delimited list of words/usernames/items if found in BIND dn="something" to ignore
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # change this to your default zone for when it's not specified self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile) # options for your custom/internal ip blocking service # mozilla's is called banhammer # and uses an intermediary mysql DB # here we set credentials self.options.banhammerdbhost = getConfig( 'banhammerdbhost', 'localhost', self.configfile) self.options.banhammerdbuser = getConfig( 'banhammerdbuser', 'auser', self.configfile) self.options.banhammerdbpasswd = getConfig( 'banhammerdbpasswd', '', self.configfile) self.options.banhammerdbdb = getConfig( 'banhammerdbdb', 'banhammer', self.configfile)
def initConfig(): #change this to your default timezone options.defaulttimezone=getConfig('defaulttimezone','UTC',options.configfile) # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog port options.syslogport = getConfig('syslogport', 514, options.configfile) # mongo instance options.mongohost = getConfig('mongohost', 'localhost', options.configfile) options.mongoport = getConfig('mongoport', 3001, options.configfile) # CIDR whitelist as a comma separted list of 8.8.8.0/24 style masks options.ipwhitelist = list() for i in list(getConfig('ipwhitelist', '127.0.0.1/32', options.configfile).split(',')): options.ipwhitelist.append(netaddr.IPNetwork(i)) # Output File Name options.outputfile = getConfig('outputfile', 'ipblocklist.txt', options.configfile) # Category to choose options.category = getConfig('category', 'bruteforcer', options.configfile) # Max IPs to emit options.iplimit = getConfig('iplimit', 1000, options.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog port options.syslogport = getConfig('syslogport', 514, options.configfile) # msg queue servers to check in on (list of servernames) # message queue server(s) hostname options.mqservers = list(getConfig('mqservers', 'localhost', options.configfile).split(',')) options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) # port of the rabbitmq json management interface options.mqapiport = getConfig('mqapiport', 15672, options.configfile) # elastic search server settings options.esservers = list(getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) # configure the index to save events to options.index = getConfig('index', 'mozdefstate', options.configfile) # point to mapping json for the index default_mapping_location = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'mozdefStateDefaultMappingTemplate.json') options.default_mapping_file = getConfig('default_mapping_file', default_mapping_location, options.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig( 'output', 'stdout', options.configfile ) # syslog hostname options.sysloghostname = getConfig( 'sysloghostname', 'localhost', options.configfile ) options.syslogport = getConfig( 'syslogport', 514, options.configfile ) options.esservers = list(getConfig( 'esservers', 'http://localhost:9200', options.configfile).split(',') ) options.index_age = getConfig( 'index_age', 15, options.configfile )
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) options.syslogport = getConfig('syslogport', 514, options.configfile) options.db_download_location = getConfig('db_download_location', '', options.configfile) options.db_location = getConfig('db_location', '', options.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) options.syslogport = getConfig('syslogport', 514, options.configfile) options.required_fields = getConfig('required_fields', '', options.configfile).split(',') options.esservers = getConfig('esservers', '', options.configfile).split(',')
def initConfig(): options.esservers = list(getConfig( 'esservers', 'http://localhost:9200', options.configfile).split(',') ) # how many days of events to retain for daily rotations options.days = getConfig('days', 20, options.configfile) # how many months of events to retain for monthly rotations options.months = getConfig('months', 3, options.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog port options.syslogport = getConfig('syslogport', 514, options.configfile) # msg queue servers to check in on (list of servernames) # message queue server(s) hostname options.mqservers = list(getConfig('mqservers', 'localhost', options.configfile).split(',')) options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) # port of the rabbitmq json management interface options.mqapiport = getConfig('mqapiport', 15672, options.configfile) # change this to your default zone for when it's not specified options.defaulttimezone = getConfig('defaulttimezone', 'UTC', options.configfile) # elastic search server settings options.esservers = list(getConfig('esservers', 'http://localhost:9200', options.configfile).split(','))
def initConfig(): '''setup the default options and override with any in our .conf file''' # message queue server hostname options.mqalertserver = getConfig( 'mqalertserver', 'localhost', options.configfile) # queue exchange name options.alertExchange = getConfig( 'alertexchange', 'alerts', options.configfile) # queue name options.queueName = getConfig( 'alertqueuename', 'alertPlugins', options.configfile) # queue topic options.alerttopic = getConfig( 'alerttopic', 'mozdef.*', options.configfile) # how many messages to ask for at once options.prefetch = getConfig('prefetch', 50, options.configfile) options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) options.mqport = getConfig('mqport', 5672, options.configfile) # mqack=True sets persistant delivery, False sets transient delivery options.mqack = getConfig('mqack', True, options.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig( 'output', 'stdout', options.configfile ) # syslog hostname options.sysloghostname = getConfig( 'sysloghostname', 'localhost', options.configfile ) options.syslogport = getConfig( 'syslogport', 514, options.configfile ) options.esservers = list(getConfig( 'esservers', 'http://localhost:9200', options.configfile).split(',') ) options.indices = list(getConfig( 'backup_indices', 'events,alerts,kibana-int', options.configfile).split(',') ) options.dobackup = list(getConfig( 'backup_dobackup', '1,1,1', options.configfile).split(',') ) options.rotation = list(getConfig( 'backup_rotation', 'daily,monthly,none', options.configfile).split(',') ) options.pruning = list(getConfig( 'backup_pruning', '20,0,0', options.configfile).split(',') ) # aws credentials to use to send files to s3 options.aws_access_key_id = getConfig( 'aws_access_key_id', '', options.configfile ) options.aws_secret_access_key = getConfig( 'aws_secret_access_key', '', options.configfile )
def initConfig(): options.output=getConfig('output','stdout',options.configfile) #output our log to stdout or syslog options.sysloghostname=getConfig('sysloghostname','localhost',options.configfile) #syslog hostname options.syslogport=getConfig('syslogport',514,options.configfile) #syslog port options.defaultTimeZone=getConfig('defaulttimezone','US/Pacific',options.configfile) # Z = UTC, -07:00 = PDT options.mighost=getConfig('mighost','https://localhost',options.configfile) options.sslclientcert=getConfig('sslclientcert','mig.crt',options.configfile) options.sslclientkey=getConfig('sslclientkey','mig.key',options.configfile) options.sslcacert = getConfig('sslcacert', '', options.configfile) options.esservers=list(getConfig('esservers','http://localhost:9200',options.configfile).split(',')) options.lastrun=toUTC(getConfig('lastrun',toUTC(datetime.now()-timedelta(minutes=15)),options.configfile))
def initConfig(): # change this to your default zone for when it's not specified options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', options.configfile) # elastic search options. options.esservers = list(getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) # memory watermark, set to 90 (percent) by default options.jvmlimit = getConfig('jvmlimit', 90, options.configfile) # be conservative? if set only clears cache for the first index found with no searches and cached field data # if false, will continue to clear for any index not matching the date suffix. options.conservative = getConfig('conservative', True, options.configfile)
def __init__(self): ''' this plugin takes a source hostname of form host.private.site.mozilla.com extracts the site, adds it and compares the site to a list of known datacenters or offices and adds that metadata ''' self.registration = ['network', 'netflow'] self.priority = 5 config_location = os.path.join(os.path.dirname(os.path.abspath(__file__)), "mozilla_location.conf") self.dc_code_list = getConfig('dc_code_list', '', config_location).split(',') self.offices_code_list = getConfig('offices_code_list', '', config_location).split(',')
def initConfig(): # aws options options.accesskey = getConfig('accesskey', '', options.configfile) options.secretkey = getConfig('secretkey', '', options.configfile) options.region = getConfig('region', 'us-west-1', options.configfile) options.taskexchange = getConfig('taskexchange', 'nsmglobalssqslists', options.configfile).split(',') options.output = getConfig('output', 'stdout', options.configfile) # mozdef options options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) options.syslogport = getConfig('syslogport', 514, options.configfile) options.esservers = list(getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.index = getConfig('index', 'mozdefstate', options.configfile) options.account = getConfig('account', '', options.configfile)
def initConfig(): # elastic search servers options.esservers = list('{0}'.format(s) for s in getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) # memory watermark, set to 90 (percent) by default options.jvmlimit = getConfig('jvmlimit', 90, options.configfile) # be conservative? if set only clears cache for the first index found with no searches and cached field data # if false, will continue to clear for any index not matching the date suffix. options.conservative = getConfig('conservative', True, options.configfile) # check jvm memory first? or just clear cache options.checkjvmmemory = getConfig('checkjvmmemory', True, options.configfile)
def initConfig(): options.output=getConfig('output','stdout',options.configfile) #output our log to stdout or syslog options.sysloghostname=getConfig('sysloghostname','localhost',options.configfile) #syslog hostname options.syslogport=getConfig('syslogport',514,options.configfile) #syslog port options.defaultTimeZone=getConfig('defaulttimezone','US/Pacific',options.configfile) options.aws_access_key_id=getConfig('aws_access_key_id','',options.configfile) #aws credentials to use to connect to cloudtrail options.aws_secret_access_key=getConfig('aws_secret_access_key','',options.configfile) options.esservers=list(getConfig('esservers','http://localhost:9200',options.configfile).split(',')) options.lastrun=toUTC(getConfig('lastrun',toUTC(datetime.now()-timedelta(hours=1)),options.configfile)) options.purge=getConfig('purge',False,options.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) options.syslogport = getConfig('syslogport', 514, options.configfile) options.aws_access_key_id=getConfig('aws_access_key_id','',options.configfile) options.aws_secret_access_key=getConfig('aws_secret_access_key','',options.configfile) options.aws_bucket_name=getConfig('aws_bucket_name','',options.configfile) options.aws_document_key_name=getConfig('aws_document_key_name','',options.configfile) options.local_ip_list_path = getConfig('local_ip_list_path', '', options.configfile) options.ips_list_threshold = getConfig('ips_list_threshold', 20, options.configfile) options.manual_additions = getConfig('manual_additions', '', options.configfile).split(',')
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # change this to your default zone for when it's not specified self.options.serviceKey = getConfig('serviceKey', 'APIKEYHERE', self.configfile) self.options.keywords = getConfig('keywords', 'KEYWORDS', self.configfile) self.options.clienturl = getConfig('clienturl', 'CLIENTURL', self.configfile) try: self.options.docs = json.loads(getConfig('docs', {}, self.configfile)) except: self.options.docs = {}
def initConfig(): options.output=getConfig('output','stdout',options.configfile) #output our log to stdout or syslog options.sysloghostname=getConfig('sysloghostname','localhost',options.configfile) #syslog hostname options.syslogport=getConfig('syslogport',514,options.configfile) #syslog port options.defaultTimeZone=getConfig('defaulttimezone','US/Pacific',options.configfile) # Z = UTC, -07:00 = PDT options.mighost=getConfig('mighost','https://localhost',options.configfile) options.gpghome=getConfig('gpghome','/home/someuser/.gnupg',options.configfile) options.keyid=getConfig('keyid','E60892BB9BD89A69F759A1A0A3D652173B763E8F',options.configfile) options.esservers=list(getConfig('esservers','http://localhost:9200',options.configfile).split(',')) options.lastrun=toUTC(getConfig('lastrun',toUTC(datetime.now()-timedelta(minutes=15)),options.configfile))
def initConfig(): options.output = getConfig("output", "stdout", options.configfile) # output our log to stdout or syslog options.sysloghostname = getConfig("sysloghostname", "localhost", options.configfile) # syslog hostname options.syslogport = getConfig("syslogport", 514, options.configfile) # syslog port options.defaultTimeZone = getConfig("defaulttimezone", "US/Pacific", options.configfile) # default timezone options.apikey = getConfig("apikey", "", options.configfile) # okta api key to use options.oktadomain = getConfig( "oktadomain", "yourdomain.okta.com", options.configfile ) # okta domain: something.okta.com options.esservers = list(getConfig("esservers", "http://localhost:9200", options.configfile).split(",")) options.lastrun = toUTC(getConfig("lastrun", toUTC(datetime.now() - timedelta(hours=1)), options.configfile)) options.recordlimit = getConfig("recordlimit", 10000, options.configfile) # max number of records to request
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog port options.syslogport = getConfig('syslogport', 514, options.configfile) # change this to your default zone for when it's not specified options.defaulttimezone = getConfig('defaulttimezone', 'UTC', options.configfile) # elastic search server settings options.esservers = list(getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) # field to use as the aggegation point (category, _type, etc) options.aggregationfield = getConfig('aggregationfield', 'category', options.configfile) # default time period in minutes to look back in time for the aggregation options.aggregationminutes = getConfig('aggregationminutes', 15, options.configfile) # set the threshold per aggregation to alert # use this to customize the std deviation/mean at which an alert is # generated options.aggregations = list(getConfig('aggregations', '', options.configfile ).split(',')) options.aggregationthresholds = list(getConfig('aggregationthresholds', '', options.configfile ).split(',')) # default threshold to use if not specified in the list above options.defaultthreshold = getConfig('defaultthreshold', 90, options.configfile)
def initConfig(): options.url = getConfig('url', 'http://localhost:8080/events/', options.configfile) options.eventsglob = getConfig('eventsglob', './sampleevents/events*json', options.configfile) options.alertsglob = getConfig('alertsglob', './sampleevents/alert*json', options.configfile) options.attackersglob = getConfig('attackersglob', './sampleevents/attacker*json', options.configfile) # how many alerts to create options.alertscount = getConfig('alertscount', 2, options.configfile) # how many minutes to wait between creating ^ alerts options.alertsminutesinterval = getConfig('alertsminutesinterval', 5, options.configfile) options.lastalert = getConfig('lastalert', datetime.now() - timedelta(hours=1), options.configfile) # how many attackers to create options.attackerscount = getConfig('attackers', 1, options.configfile) # how many minutes to wait between creating ^ attackers options.attackersminutesinterval = getConfig('attackersminutesinterval', 5, options.configfile) options.lastattacker = getConfig('lastattacker', datetime.now() - timedelta(hours=1), options.configfile)
def initConfig(): options.esservers = list(getConfig( 'esservers', 'http://localhost:9200', options.configfile).split(',') ) options.templatenames = list(getConfig( 'templatenames', 'defaulttemplate', options.configfile).split(',') ) options.templatefiles = list(getConfig( 'templatefiles', '', options.configfile).split(',') )
def parse_config(self, config_filename, config_keys): myparser = OptionParser() self.config = None (self.config, args) = myparser.parse_args([]) for config_key in config_keys: temp_value = getConfig(config_key, "", config_filename) setattr(self.config, config_key, temp_value)
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # change this to your default zone for when it's not specified self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile) # threat exchange options self.options.appid = getConfig('appid', '', self.configfile) self.options.appsecret=getConfig('appsecret', '', self.configfile)
def initConfig(): #change this to your default zone for when it's not specified options.defaultTimeZone=getConfig('defaulttimezone','US/Pacific',options.configfile) options.mqserver=getConfig('mqserver','localhost',options.configfile) options.taskexchange=getConfig('taskexchange','eventtask',options.configfile) options.eventexchange=getConfig('eventexchange','events',options.configfile) options.esservers=list(getConfig('esservers','http://localhost:9200',options.configfile).split(',')) #how many messages to ask for at once. options.prefetch=getConfig('prefetch',50,options.configfile) options.mquser=getConfig('mquser','guest',options.configfile) options.mqpassword=getConfig('mqpassword','guest',options.configfile) options.mqport=getConfig('mqport',5672,options.configfile) #plugin options #secs to pass before checking for new/updated plugins options.plugincheckfrequency=getConfig('plugincheckfrequency',120,options.configfile)
def initConfig(): options.output=getConfig('output','stdout',options.configfile) # output our log to stdout or syslog options.sysloghostname=getConfig('sysloghostname','localhost',options.configfile) # syslog hostname options.syslogport=getConfig('syslogport',514,options.configfile) # syslog port options.apikey=getConfig('apikey','',options.configfile) # okta api key to use options.oktadomain = getConfig('oktadomain', 'yourdomain.okta.com', options.configfile) # okta domain: something.okta.com options.esservers=list(getConfig('esservers','http://localhost:9200',options.configfile).split(',')) options.state_file=getConfig('state_file','{0}.json'.format(sys.argv[0]),options.configfile) options.recordlimit = getConfig('recordlimit', 10000, options.configfile) # max number of records to request
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # change this to your default zone for when it's not specified self.options.serviceKey = getConfig('serviceKey', 'APIKEYHERE', self.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog port options.syslogport = getConfig('syslogport', 514, options.configfile) # elastic search server settings options.esservers = list(getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.mongohost = getConfig('mongohost', 'localhost', options.configfile) options.mongoport = getConfig('mongoport', 3001, options.configfile)
def initConfig(): #change this to your default zone for when it's not specified options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', options.configfile) options.esservers = list(getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.kibanaurl = getConfig('kibanaurl', 'http://localhost:9090', options.configfile) # options for your CIF service options.cifapikey = getConfig('cifapikey', '', options.configfile) options.cifhosturl = getConfig('cifhosturl', 'http://localhost/', options.configfile) # mongo connectivity options options.mongohost = getConfig('mongohost', 'localhost', options.configfile) options.mongoport = getConfig('mongoport', 3001, options.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog port options.syslogport = getConfig('syslogport', 514, options.configfile) # elastic search server settings options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) # field to use as the aggegation point (category, _type, etc) options.aggregationfield = getConfig('aggregationfield', 'category', options.configfile) # default time period in minutes to look back in time for the aggregation options.aggregationminutes = getConfig('aggregationminutes', 15, options.configfile) # configure the index to save events to options.index = getConfig('index', 'mozdefstate', options.configfile)
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options self.options.mongohost = getConfig( 'mongohost', 'localhost', self.configfile) self.options.mongoport = getConfig( 'mongoport', 3001, self.configfile) # FQDN whitelist as a comma separted list of example.com or foo.bar.com style names self.options.fqdn_whitelist_file = getConfig('fqdn_whitelist_file', '/dev/null', self.configfile) # optional statuspage.io integration self.options.statuspage_api_key = getConfig( 'statuspage_api_key', '', self.configfile) self.options.statuspage_page_id = getConfig( 'statuspage_page_id', '', self.configfile) self.options.statuspage_url = 'https://api.statuspage.io/v1/pages/{0}/incidents.json'.format( self.options.statuspage_page_id) self.options.statuspage_component_id = getConfig( 'statuspage_component_id', '', self.configfile) self.options.statuspage_sub_component_id = getConfig( 'statuspage_sub_component_id', '', self.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog port options.syslogport = getConfig('syslogport', 514, options.configfile) # elastic search server settings options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) # default time period in minutes to look back in time for the aggregation options.correlationminutes = getConfig('correlationminutes', 150, options.configfile) # default location of the OUI file from IEEE for resolving mac prefixes # Expects the OUI file from IEEE: # wget http://www.ieee.org/netstorage/standards/oui.txt options.ouifilename = getConfig('ouifilename', 'oui.txt', options.configfile)
def test_failing_syslog_var(self): from configlib import getConfig res = getConfig('syslogport', 514, self.config_path) assert res == 514
def logg(msg): config = getConfig() if config["decorate"]: msg = decorate(msg) print("RODO LOGGER | " + msg) return msg
def initConfig(): #change this to your default zone for when it's not specified options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', options.configfile) options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.kibanaurl = getConfig('kibanaurl', 'http://localhost:9090', options.configfile) # options for your custom/internal ip blocking service # mozilla's is called banhammer # and uses an intermediary mysql DB # here we set credentials options.enableBlockIP = getConfig('enableBlockIP', False, options.configfile) options.banhammerdbhost = getConfig('banhammerdbhost', 'localhost', options.configfile) options.banhammerdbuser = getConfig('banhammerdbuser', 'auser', options.configfile) options.banhammerdbpasswd = getConfig('banhammerdbpasswd', '', options.configfile) options.banhammerdbdb = getConfig('banhammerdbdb', 'banhammer', options.configfile) # options for your CIF service options.cifapikey = getConfig('cifapikey', '', options.configfile) options.cifhosturl = getConfig('cifhosturl', 'http://localhost/', options.configfile) # mongo connectivity options options.mongohost = getConfig('mongohost', 'localhost', options.configfile) options.mongoport = getConfig('mongoport', 3001, options.configfile) # check any service you'd like at startup rather than waiting # for a client request. checkBlockIPService()
def initConfig(): # capture the hostname options.mozdefhostname = getConfig('mozdefhostname', socket.gethostname(), options.configfile) # elastic search options. set esbulksize to a non-zero value to enable bulk posting, set timeout to post no matter how many events after X seconds. options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.esbulksize = getConfig('esbulksize', 0, options.configfile) options.esbulktimeout = getConfig('esbulktimeout', 30, options.configfile) # set to sqs for Amazon options.mqprotocol = getConfig('mqprotocol', 'sqs', options.configfile) # rabbit message queue options options.taskexchange = getConfig('taskexchange', 'eventtask', options.configfile) # rabbit: how many messages to ask for at once from the message queue options.prefetch = getConfig('prefetch', 10, options.configfile) # aws options options.accesskey = getConfig('accesskey', '', options.configfile) options.secretkey = getConfig('secretkey', '', options.configfile) options.region = getConfig('region', '', options.configfile) # How long to sleep between polling options.sleep_time = getConfig('sleep_time', 0.1, options.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) options.syslogport = getConfig('syslogport', 514, options.configfile) options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.indices = list( getConfig('backup_indices', 'events,alerts,.kibana', options.configfile).split(',')) options.dobackup = list( getConfig('backup_dobackup', '1,1,1', options.configfile).split(',')) options.rotation = list( getConfig('backup_rotation', 'daily,monthly,none', options.configfile).split(',')) options.pruning = list( getConfig('backup_pruning', '20,0,0', options.configfile).split(',')) options.weekly_rotation_indices = list( getConfig('weekly_rotation_indices', 'events', options.configfile).split(',')) default_mapping_location = os.path.join( os.path.dirname(os.path.abspath(__file__)), 'defaultMappingTemplate.json') options.default_mapping_file = getConfig('default_mapping_file', default_mapping_location, options.configfile) options.refresh_interval = getConfig('refresh_interval', '1s', options.configfile) options.number_of_shards = getConfig('number_of_shards', '1', options.configfile) options.number_of_replicas = getConfig('number_of_replicas', '1', options.configfile) options.slowlog_threshold_query_warn = getConfig( 'slowlog_threshold_query_warn', '5s', options.configfile) options.slowlog_threshold_fetch_warn = getConfig( 'slowlog_threshold_fetch_warn', '5s', options.configfile) options.mapping_total_fields_limit = getConfig( 'mapping_total_fields_limit', '1000', options.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog port options.syslogport = getConfig('syslogport', 514, options.configfile) # mongo instance options.mongohost = getConfig('mongohost', 'localhost', options.configfile) options.mongoport = getConfig('mongoport', 3001, options.configfile) # FQDN whitelist as a \n separted file of example.com or foo.bar.com style names options.fqdn_whitelist_file = getConfig('fqdn_whitelist_file', '/dev/null', options.configfile) options.fqdnwhitelist = parse_fqdn_whitelist(options.fqdn_whitelist_file) # Output File Name options.outputfile = getConfig('outputfile', 'fqdnblocklist.txt', options.configfile) # Days after expiration that we purge an fqdnblocklist entry (from the ui, they don't end up in the export after expiring) options.expireage = getConfig('expireage', 1, options.configfile) # Max FQDNs to emit options.fqdnlimit = getConfig('fqdnlimit', 1000, options.configfile) # AWS creds options.aws_access_key_id = getConfig( 'aws_access_key_id', '', options.configfile ) # aws credentials to use to connect to mozilla_infosec_blocklist options.aws_secret_access_key = getConfig('aws_secret_access_key', '', options.configfile) options.aws_bucket_name = getConfig('aws_bucket_name', '', options.configfile) options.aws_document_key_name = getConfig('aws_document_key_name', '', options.configfile)
def initConfig(): # capture the hostname options.mozdefhostname = getConfig('mozdefhostname', socket.gethostname(), options.configfile) # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) options.syslogport = getConfig('syslogport', 514, options.configfile) # elastic search options. set esbulksize to a non-zero value to enable bulk posting, set timeout to post no matter how many events after X seconds. options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.esbulksize = getConfig('esbulksize', 0, options.configfile) options.esbulktimeout = getConfig('esbulktimeout', 30, options.configfile) # set to sqs for Amazon options.mqprotocol = getConfig('mqprotocol', 'sqs', options.configfile) # rabbit message queue options options.mqserver = getConfig('mqserver', 'localhost', options.configfile) options.taskexchange = getConfig('taskexchange', 'eventtask', options.configfile) options.eventexchange = getConfig('eventexchange', 'events', options.configfile) # rabbit: how many messages to ask for at once from the message queue options.prefetch = getConfig('prefetch', 10, options.configfile) # rabbit: user creds options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) # rabbit: port/vhost options.mqport = getConfig('mqport', 5672, options.configfile) options.mqvhost = getConfig('mqvhost', '/', options.configfile) # aws options options.accesskey = getConfig('accesskey', '', options.configfile) options.secretkey = getConfig('secretkey', '', options.configfile) options.region = getConfig('region', '', options.configfile) # This is the full ARN that the s3 bucket lives under options.cloudtrail_arn = getConfig('cloudtrail_arn', 'cloudtrail_arn', options.configfile)
all_indices = [] total_num_tries = 15 for attempt in range(total_num_tries): try: all_indices = client.get_indices() except ConnectionError: print 'Unable to connect to Elasticsearch...retrying' sleep(5) else: break else: print 'Cannot connect to Elasticsearch after ' + str( total_num_tries) + ' tries, exiting script.' exit(1) refresh_interval = getConfig('refresh_interval', '1s', args.backup_conf_file) number_of_shards = getConfig('number_of_shards', '1', args.backup_conf_file) number_of_replicas = getConfig('number_of_replicas', '1', args.backup_conf_file) slowlog_threshold_query_warn = getConfig('slowlog_threshold_query_warn', '5s', args.backup_conf_file) slowlog_threshold_fetch_warn = getConfig('slowlog_threshold_fetch_warn', '5s', args.backup_conf_file) mapping_total_fields_limit = getConfig('mapping_total_fields_limit', '1000', args.backup_conf_file) index_settings['settings'] = { "index": { "refresh_interval": refresh_interval, "number_of_shards": number_of_shards, "number_of_replicas": number_of_replicas,
def initConfig(): # capture the hostname options.mozdefhostname = getConfig('mozdefhostname', socket.gethostname(), options.configfile) # elastic search options. set esbulksize to a non-zero value to enable bulk posting, set timeout to post no matter how many events after X seconds. options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.esbulksize = getConfig('esbulksize', 0, options.configfile) options.esbulktimeout = getConfig('esbulktimeout', 30, options.configfile) # message queue options options.mqserver = getConfig('mqserver', 'localhost', options.configfile) options.taskexchange = getConfig('taskexchange', 'eventtask', options.configfile) options.eventexchange = getConfig('eventexchange', 'events', options.configfile) # how many messages to ask for at once from the message queue options.prefetch = getConfig('prefetch', 50, options.configfile) options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) options.mqport = getConfig('mqport', 5672, options.configfile) options.mqvhost = getConfig('mqvhost', '/', options.configfile) # set to either amqp or amqps for ssl options.mqprotocol = getConfig('mqprotocol', 'amqp', options.configfile) # run with message acking? # also toggles transient/persistant delivery (messages in memory only or stored on disk) # ack=True sets persistant delivery, False sets transient delivery options.mqack = getConfig('mqack', True, options.configfile) # plugin options # secs to pass before checking for new/updated plugins # seems to cause memory leaks.. # regular updates are disabled for now, # though we set the frequency anyway. options.plugincheckfrequency = getConfig('plugincheckfrequency', 120, options.configfile)
def initConfig(): # initialize config options # sets defaults or overrides from config file. # irc options options.host = getConfig('host', 'irc.somewhere.com', options.configfile) options.nick = getConfig('nick', 'mozdefnick', options.configfile) options.port = getConfig('port', 6697, options.configfile) options.username = getConfig('username', 'username', options.configfile) options.realname = getConfig('realname', 'realname', options.configfile) options.password = getConfig('password', '', options.configfile) options.join = getConfig('join', '#mzdf', options.configfile) options.alertircchannel = getConfig('alertircchannel', '', options.configfile) options.channelkeys = json.loads( getConfig('channelkeys', '{"#somechannel": "somekey"}', options.configfile)) # message queue options # server hostname options.mqalertserver = getConfig('mqalertserver', 'localhost', options.configfile) # queue exchange name options.alertExchange = getConfig('alertexchange', 'alerts', options.configfile) # queue name options.queueName = getConfig('alertqueuename', 'alertBot', options.configfile) # queue topic options.alerttopic = getConfig('alerttopic', 'mozdef.*', options.configfile) # how many messages to ask for at once options.prefetch = getConfig('prefetch', 50, options.configfile) options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) options.mqport = getConfig('mqport', 5672, options.configfile) # mqack=True sets persistant delivery, False sets transient delivery options.mqack = getConfig('mqack', True, options.configfile) if options.alertircchannel == '': options.alertircchannel = options.join.split(",")[0]
def initConfig(): # capture the hostname options.mozdefhostname = getConfig('mozdefhostname', socket.gethostname(), options.configfile) # elastic search options. set esbulksize to a non-zero value to enable bulk posting, set timeout to post no matter how many events after X seconds. options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.esbulksize = getConfig('esbulksize', 0, options.configfile) options.esbulktimeout = getConfig('esbulktimeout', 30, options.configfile) # set to sqs for Amazon options.mqprotocol = getConfig('mqprotocol', 'sqs', options.configfile) # rabbit message queue options options.taskexchange = getConfig('taskexchange', 'eventtask', options.configfile) # rabbit: how many messages to ask for at once from the message queue options.prefetch = getConfig('prefetch', 10, options.configfile) # aws options options.accesskey = getConfig('accesskey', '', options.configfile) options.secretkey = getConfig('secretkey', '', options.configfile) options.region = getConfig('region', 'us-west-1', options.configfile) # plugin options # secs to pass before checking for new/updated plugins # seems to cause memory leaks.. # regular updates are disabled for now, # though we set the frequency anyway. options.plugincheckfrequency = getConfig('plugincheckfrequency', 120, options.configfile)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog port options.syslogport = getConfig('syslogport', 514, options.configfile) # mongo instance options.mongohost = getConfig('mongohost', 'localhost', options.configfile) options.mongoport = getConfig('mongoport', 3001, options.configfile) # CIDR whitelist as a line separted list of 8.8.8.0/24 style masks options.network_list_file = getConfig('network_whitelist_file', '', options.configfile) options.ipwhitelist = parse_network_whitelist(options.network_list_file) # Output File Name options.outputfile = getConfig('outputfile', 'ipblocklist.txt', options.configfile) # Category to choose options.category = getConfig('category', 'bruteforcer', options.configfile) # Max days to look back for attackers options.attackerage = getConfig('attackerage', 90, options.configfile) # Days after expiration that we purge an ipblocklist entry (from the ui, they don't end up in the export after expiring) options.expireage = getConfig('expireage', 1, options.configfile) # Max IPs to emit options.iplimit = getConfig('iplimit', 1000, options.configfile) # AWS creds options.aws_access_key_id = getConfig( 'aws_access_key_id', '', options.configfile ) # aws credentials to use to connect to mozilla_infosec_blocklist options.aws_secret_access_key = getConfig('aws_secret_access_key', '', options.configfile) options.aws_bucket_name = getConfig('aws_bucket_name', '', options.configfile) options.aws_document_key_name = getConfig('aws_document_key_name', '', options.configfile)
def test_current_behavior(self): from configlib import getConfig res = getConfig('mongohost', 'defaultvalue', self.config_path) assert res == 'mongodb'
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) options.syslogport = getConfig('syslogport', 514, options.configfile) options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.indices = list( getConfig('backup_indices', 'events,alerts,.kibana', options.configfile).split(',')) options.dobackup = list( getConfig('backup_dobackup', '1,1,1', options.configfile).split(',')) options.rotation = list( getConfig('backup_rotation', 'daily,monthly,none', options.configfile).split(',')) options.pruning = list( getConfig('backup_pruning', '20,0,0', options.configfile).split(',')) # aws credentials to use to send files to s3 options.aws_access_key_id = getConfig('aws_access_key_id', '', options.configfile) options.aws_secret_access_key = getConfig('aws_secret_access_key', '', options.configfile) options.aws_region = getConfig('aws_region', 'us-west-1', options.configfile)
def initConfig(): #change this to your default timezone options.defaulttimezone=getConfig('defaulttimezone','UTC',options.configfile) # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) # syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog port options.syslogport = getConfig('syslogport', 514, options.configfile) # elastic search server settings options.esservers = list(getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.mongohost = getConfig('mongohost', 'localhost', options.configfile) options.mongoport = getConfig('mongoport', 3001, options.configfile) # should we automatically categorize # new attackers based on their alerts? options.autocategorize = getConfig('autocategorize', False, options.configfile) # get the mapping of alert category to attacker category # supply as a list of dicts: # [{"bruteforce":"bruteforcer"},{"alertcategory":"attackercategory"}] options.categorymapping = json.loads(getConfig('categorymapping', "[]", options.configfile)) # should we broadcast new attackers # to a message queue? options.broadcastattackers = getConfig('broadcastattackers', False, options.configfile) # message queue options options.mqserver = getConfig('mqserver', 'localhost', options.configfile) options.alertexchange = getConfig('alertexchange', 'alerts', options.configfile) options.routingkey = getConfig('routingkey', 'mozdef.alert', options.configfile) options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) options.mqport = getConfig('mqport', 5672, options.configfile) options.mqvhost = getConfig('mqvhost', '/', options.configfile) # set to either amqp or amqps for ssl options.mqprotocol = getConfig('mqprotocol', 'amqp', options.configfile)
def _discover_task_exchange(self): """Use configuration information to understand the message queue protocol. return: amqp, sqs """ return getConfig("mqprotocol", "amqp", None)
def initConfig(): # capture the hostname options.mozdefhostname = getConfig('mozdefhostname', socket.gethostname(), options.configfile) # elastic search options. set esbulksize to a non-zero value to enable bulk posting, set timeout to post no matter how many events after X seconds. options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.esbulksize = getConfig('esbulksize', 0, options.configfile) options.esbulktimeout = getConfig('esbulktimeout', 30, options.configfile) # set to sqs for Amazon options.mqprotocol = getConfig('mqprotocol', 'sqs', options.configfile) # rabbit message queue options options.mqserver = getConfig('mqserver', 'localhost', options.configfile) options.taskexchange = getConfig('taskexchange', 'eventtask', options.configfile) # rabbit: how many messages to ask for at once from the message queue options.prefetch = getConfig('prefetch', 10, options.configfile) # rabbit: user creds options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) # rabbit: port/vhost options.mqport = getConfig('mqport', 5672, options.configfile) options.mqvhost = getConfig('mqvhost', '/', options.configfile) # rabbit: run with message acking? # also toggles transient/persistant delivery (messages in memory only or stored on disk) # ack=True sets persistant delivery, False sets transient delivery options.mqack = getConfig('mqack', True, options.configfile) # aws options options.accesskey = getConfig('accesskey', '', options.configfile) options.secretkey = getConfig('secretkey', '', options.configfile) options.region = getConfig('region', '', options.configfile) # How long to sleep between polling options.sleep_time = getConfig('sleep_time', 0.1, options.configfile)
def initConfig(): # initialize config options # sets defaults or overrides from config file. # irc options options.host = getConfig('host', 'irc.somewhere.com', options.configfile) options.nick = getConfig('nick', 'mozdefnick', options.configfile) options.port = getConfig('port', 6697, options.configfile) options.username = getConfig('username', 'username', options.configfile) options.realname = getConfig('realname', 'realname', options.configfile) options.password = getConfig('password', '', options.configfile) # Our config parser removes '#' # so we gotta re-add them options.join = getConfig('join', '#mzdf', options.configfile) channels = [] for channel in options.join.split(','): if not channel.startswith('#'): channel = '#{0}'.format(channel) channels.append(channel) options.join = ','.join(channels) options.alertircchannel = getConfig( 'alertircchannel', '', options.configfile) options.channelkeys = json.loads(getConfig( 'channelkeys', '{"#somechannel": "somekey"}', options.configfile)) # Our config parser stomps out the '#' so we gotta readd channelkeys = {} for key, value in options.channelkeys.items(): if not key.startswith('#'): key = '#{0}'.format(key) channelkeys[key] = value options.channelkeys = channelkeys # message queue options # server hostname options.mqalertserver = getConfig( 'mqalertserver', 'localhost', options.configfile) # queue exchange name options.alertExchange = getConfig( 'alertexchange', 'alerts', options.configfile) # queue name options.queueName = getConfig( 'alertqueuename', 'alertBot', options.configfile) # queue topic options.alerttopic = getConfig( 'alerttopic', 'mozdef.*', options.configfile) # how many messages to ask for at once options.prefetch = getConfig('prefetch', 50, options.configfile) options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) options.mqport = getConfig('mqport', 5672, options.configfile) # mqack=True sets persistant delivery, False sets transient delivery options.mqack = getConfig('mqack', True, options.configfile) if options.alertircchannel == '': options.alertircchannel = options.join.split(",")[0]
def initConfig(): '''setup the default options and override with any in our .conf file''' # message queue server hostname to listen to for events options.mqeventserver = getConfig('mqeventserver', 'localhost', options.configfile) # message queue server hostname to send alerts to (in case it's different) options.mqalertserver = getConfig('mqalertserver', 'localhost', options.configfile) # event queue topic options.eventqueue = getConfig('eventqueue', 'mozdef.event', options.configfile) # event queue exchange name options.eventexchange = getConfig('eventexchange', 'events', options.configfile) # alert queue topic options.alertqueue = getConfig('alertqueue', 'mozdef.alert', options.configfile) # alert queue exchange name options.alertexchange = getConfig('alertexchange', 'alerts', options.configfile) # how many messages to ask for at once options.prefetch = getConfig('prefetch', 50, options.configfile) options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) options.mqport = getConfig('mqport', 5672, options.configfile) # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) # syslog hostname options.syslogport = getConfig('syslogport', 514, options.configfile) # syslog port # do we remove any date string from the 'summary' field (removes syslog # timestamps) options.removemessagedate = getConfig('removemessagedate', True, options.configfile) options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) # load any alert regexes from the config file # expecting one line, tab delimited json: # regexes={"type":"LDAP Group Update","expression":"ou=groups","severity":"INFO"} {"type":"LDAP Delete","expression":"delete","severity":"INFO"} # adding a tag attribute will limit expression matching to items with that tag # regexes={"type":"LDAP Group Update","expression":"ou=groups","severity":"INFO","tag":"ldap"} regexes = getConfig('regexes', '', options.configfile) options.regexlist = [] if len(regexes) > 0: for r in regexes.split('\t'): options.regexlist.append(json.loads(r))
def initConfig(): # initialize config options # sets defaults or overrides from config file. options.host = getConfig('host', 'irc.somewhere.com', options.configfile) options.nick = getConfig('nick', 'mozdefnick', options.configfile) options.port = getConfig('port', 6697, options.configfile) options.username = getConfig('username', 'username', options.configfile) options.realname = getConfig('realname', 'realname', options.configfile) options.password = getConfig('password', '', options.configfile) options.join = getConfig('join', '#mzdf', options.configfile) options.mqserver = getConfig('mqserver', 'localhost', options.configfile) options.alertqueue = getConfig('alertqueue', 'mozdef.alert', options.configfile) options.alertexchange = getConfig('alertexchange', 'alerts', options.configfile) options.alertircchannel = getConfig('alertircchannel', '', options.configfile) options.channelkeys = json.loads( getConfig('channelkeys', '{"#somechannel": "somekey"}', options.configfile)) if options.alertircchannel == '': options.alertircchannel = options.join
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) options.syslogport = getConfig('syslogport', 514, options.configfile) options.logfile = getConfig('logfile', 'auditd.mozdef.fifo', options.configfile) # change this to your default zone for when it's not specified options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', options.configfile) # mq server/exchange options. # mqservers can be a comma delimited list of server,server2,server3 etc to load balance the posts. options.mqservers = getConfig('mqservers', 'localhost', options.configfile) options.taskexchange = getConfig('taskexchange', 'eventtask', options.configfile) options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) options.mqport = getConfig('mqport', 5672, options.configfile) # how much to read in a chunk from the fifo options.fiforeadsize = getConfig('fiforeadsize', 2048, options.configfile)
def initConfig(): #capture the hostname options.mozdefhostname = getConfig('mozdefhostname', socket.gethostname(), options.configfile) # elastic search options. set esbulksize to a non-zero value to enable bulk posting, set timeout to post no matter how many events after X seconds. options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.esbulksize = getConfig('esbulksize', 0, options.configfile) options.esbulktimeout = getConfig('esbulktimeout', 30, options.configfile) # papertrail configuration options.ptapikey = getConfig('papertrailapikey', 'none', options.configfile) options.ptquery = getConfig('papertrailquery', '', options.configfile) options.ptinterval = getConfig('papertrailinterval', 60, options.configfile) options.ptbackoff = getConfig('papertrailbackoff', 300, options.configfile) options.ptacctname = getConfig('papertrailaccount', 'unset', options.configfile) options.ptquerymax = getConfig('papertrailmaxevents', 2000, options.configfile) # plugin options # secs to pass before checking for new/updated plugins # seems to cause memory leaks.. # regular updates are disabled for now, # though we set the frequency anyway. options.plugincheckfrequency = getConfig('plugincheckfrequency', 120, options.configfile)
def test_list_returns_as_string(self): from configlib import getConfig res = getConfig('foo', 'zab,za', self.config_path) print(res) assert res == 'foo,bar' assert isinstance(res, str)
def initConfig(): # output our log to stdout or syslog options.output = getConfig('output', 'stdout', options.configfile) options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) options.syslogport = getConfig('syslogport', 514, options.configfile) # elastic search options. set esbulksize to a non-zero value to enable bulk posting, set timeout to post no matter how many events after X seconds. options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.esbulksize = getConfig('esbulksize', 0, options.configfile) options.esbulktimeout = getConfig('esbulktimeout', 30, options.configfile) # set to sqs for Amazon options.mqprotocol = getConfig('mqprotocol', 'sqs', options.configfile) # rabbit message queue options options.mqserver = getConfig('mqserver', 'localhost', options.configfile) options.taskexchange = getConfig('taskexchange', 'eventtask', options.configfile) options.eventexchange = getConfig('eventexchange', 'events', options.configfile) # rabbit: how many messages to ask for at once from the message queue options.prefetch = getConfig('prefetch', 10, options.configfile) # rabbit: user creds options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) # rabbit: port/vhost options.mqport = getConfig('mqport', 5672, options.configfile) options.mqvhost = getConfig('mqvhost', '/', options.configfile) # rabbit: run with message acking? # also toggles transient/persistant delivery (messages in memory only or stored on disk) # ack=True sets persistant delivery, False sets transient delivery options.mqack = getConfig('mqack', True, options.configfile) # aws options options.accesskey = getConfig('accesskey', '', options.configfile) options.secretkey = getConfig('secretkey', '', options.configfile) options.region = getConfig('region', 'us-west-1', options.configfile) # plugin options # secs to pass before checking for new/updated plugins # seems to cause memory leaks.. # regular updates are disabled for now, # though we set the frequency anyway. options.plugincheckfrequency = getConfig('plugincheckfrequency', 120, options.configfile) # This is the full ARN that the s3 bucket lives under options.cloudtrail_arn = getConfig('cloudtrail_arn', 'cloudtrail_arn', options.configfile)
def initConfig(): options.slack_token = getConfig('slack_token', '<CHANGE ME>', options.configfile) options.name = getConfig('name', 'mozdef', options.configfile) options.channels = getConfig('channels', 'general', options.configfile).split(',') options.alert_channel = getConfig('alert_channel', 'siem', options.configfile) # queue exchange name options.alertExchange = getConfig( 'alertexchange', 'alerts', options.configfile) # queue name options.queueName = getConfig( 'alertqueuename', 'alertBot', options.configfile) # queue topic options.alerttopic = getConfig( 'alerttopic', 'mozdef.*', options.configfile) # how many messages to ask for at once options.prefetch = getConfig('prefetch', 50, options.configfile) options.mqalertserver = getConfig('mqalertserver', 'localhost', options.configfile) options.mquser = getConfig('mquser', 'guest', options.configfile) options.mqpassword = getConfig('mqpassword', 'guest', options.configfile) options.mqport = getConfig('mqport', 5672, options.configfile) # mqack=True sets persistant delivery, False sets transient delivery options.mqack = getConfig('mqack', True, options.configfile)