mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-11 12:25:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix #787 : load simulation config at startup (#793)

Browse source 
* fix #787 : load simulation config at startup
This commit is contained in:
he2ss 2021-05-17 11:54:28 +02:00 committed by GitHub
parent f881510f79
commit eb0bd70046
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 70 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/ci_functests-install.yml vendored
View file

@ -60,6 +60,10 @@ jobs:
run: | run: |
cd scripts/func_tests/ cd scripts/func_tests/
./tests_post-install_4cold-logs.sh ./tests_post-install_4cold-logs.sh
- name: "Test simulation"
run: |
cd scripts/func_tests/
./tests_post-install_5simulation.sh
- name: "Uninstall" - name: "Uninstall"
run: sudo ./wizard.sh --uninstall run: sudo ./wizard.sh --uninstall
- name: "Test post remove" - name: "Test post remove"

5
pkg/apiserver/apic.go
View file

@ -172,6 +172,11 @@ func (a *apic) Push() error {
if alert.ScenarioVersion == nil || *alert.ScenarioVersion == "" || *alert.ScenarioVersion == "?" { if alert.ScenarioVersion == nil || *alert.ScenarioVersion == "" || *alert.ScenarioVersion == "?" {
continue continue
} }
/*we also ignore alerts in simulated mode*/
if *alert.Simulated {
log.Debugf("simulation enabled for alert (id:%d), will not be sent to CAPI", alert.ID)
continue
}
signals = append(signals, AlertToSignal(alert)) signals = append(signals, AlertToSignal(alert))
} }
a.mu.Lock() a.mu.Lock()

3
pkg/csconfig/crowdsec_service.go
View file

@ -64,6 +64,9 @@ func (c *Config) LoadCrowdsec() error {
if c.Crowdsec.AcquisitionDirPath == "" && c.Crowdsec.AcquisitionFilePath == "" { if c.Crowdsec.AcquisitionDirPath == "" && c.Crowdsec.AcquisitionFilePath == "" {
return fmt.Errorf("no acquisition_path nor acquisition_dir") return fmt.Errorf("no acquisition_path nor acquisition_dir")
} }
if err := c.LoadSimulation(); err != nil {
return errors.Wrap(err, "load error (simulation)")
}
c.Crowdsec.ConfigDir = c.ConfigPaths.ConfigDir c.Crowdsec.ConfigDir = c.ConfigPaths.ConfigDir
c.Crowdsec.DataDir = c.ConfigPaths.DataDir c.Crowdsec.DataDir = c.ConfigPaths.DataDir

11
pkg/csconfig/crowdsec_service_test.go
View file

@ -10,6 +10,7 @@ import (
) )
func TestLoadCrowdsec(t *testing.T) { func TestLoadCrowdsec(t *testing.T) {
falseBoolPtr := false
acquisFullPath, err := filepath.Abs("./tests/acquis.yaml") acquisFullPath, err := filepath.Abs("./tests/acquis.yaml")
if err != nil { if err != nil {
t.Fatalf(err.Error()) t.Fatalf(err.Error())
@ -66,6 +67,7 @@ func TestLoadCrowdsec(t *testing.T) {
}, },
Crowdsec: &CrowdsecServiceCfg{ Crowdsec: &CrowdsecServiceCfg{
AcquisitionFilePath: "./tests/acquis.yaml", AcquisitionFilePath: "./tests/acquis.yaml",
SimulationFilePath: "./tests/simulation.yaml",
}, },
}, },
expectedResult: &CrowdsecServiceCfg{ expectedResult: &CrowdsecServiceCfg{
@ -79,6 +81,10 @@ func TestLoadCrowdsec(t *testing.T) {
ParserRoutinesCount: 1, ParserRoutinesCount: 1,
OutputRoutinesCount: 1, OutputRoutinesCount: 1,
AcquisitionFiles: []string{acquisFullPath}, AcquisitionFiles: []string{acquisFullPath},
SimulationFilePath: "./tests/simulation.yaml",
SimulationConfig: &SimulationConfig{
Simulation: &falseBoolPtr,
},
}, },
}, },
{ {
@ -97,6 +103,7 @@ func TestLoadCrowdsec(t *testing.T) {
Crowdsec: &CrowdsecServiceCfg{ Crowdsec: &CrowdsecServiceCfg{
AcquisitionFilePath: "./tests/acquis.yaml", AcquisitionFilePath: "./tests/acquis.yaml",
AcquisitionDirPath: "./tests/acquis/", AcquisitionDirPath: "./tests/acquis/",
SimulationFilePath: "./tests/simulation.yaml",
}, },
}, },
expectedResult: &CrowdsecServiceCfg{ expectedResult: &CrowdsecServiceCfg{
@ -110,6 +117,10 @@ func TestLoadCrowdsec(t *testing.T) {
ParserRoutinesCount: 1, ParserRoutinesCount: 1,
OutputRoutinesCount: 1, OutputRoutinesCount: 1,
AcquisitionFiles: []string{acquisFullPath, acquisInDirFullPath}, AcquisitionFiles: []string{acquisFullPath, acquisInDirFullPath},
SimulationFilePath: "./tests/simulation.yaml",
SimulationConfig: &SimulationConfig{
Simulation: &falseBoolPtr,
},
}, },
}, },
{ {

47
scripts/func_tests/tests_post-install_5simulation.sh Executable file
View file

@ -0,0 +1,47 @@
#! /usr/bin/env bash
# -*- coding: utf-8 -*-
source tests_base.sh
COLLECTION=crowdsecurity/sshd
SCENARIO=crowdsecurity/ssh-bf
# install sshd collection
${CSCLI} collections install $COLLECTION
${CSCLI} decisions delete --all
${SYSTEMCTL} reload crowdsec
# generate a fake bf log -> cold logs processing
rm -f ssh-bf.log
for i in `seq 1 10` ; do
echo `date '+%b %d %H:%M:%S '`'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.174 port 35424' >> ssh-bf.log
done;
${CROWDSEC} -file ./ssh-bf.log -type syslog -no-api
${CSCLI} decisions list -o=json | ${JQ} '. | length == 1' || fail "expected exactly one decision"
${CSCLI} decisions list -o=json | ${JQ} '.[].decisions[0].value == "1.1.1.174"' || fail "(exact) expected ban on 1.1.1.174"
${CSCLI} decisions list -o=json | ${JQ} '.[].decisions[0].simulated == false' || fail "(exact) expected simulated on false"
# enable simulation on specific scenario and try with same logs
${CSCLI} decisions delete --all
${CSCLI} simulation enable $SCENARIO
${CROWDSEC} -file ./ssh-bf.log -type syslog -no-api
${CSCLI} decisions list --no-simu -o=json | ${JQ} '. == null' || fail "expected no decision (listing only non-simulated decisions)"
# enable global simulation and try with same logs
${CSCLI} decisions delete --all
${CSCLI} simulation disable $SCENARIO
${CSCLI} simulation enable --global
${CROWDSEC} -file ./ssh-bf.log -type syslog -no-api
${CSCLI} decisions list --no-simu -o=json | ${JQ} '. == null' || fail "expected no decision (listing only non-simulated decisions)"