From 8e0ce7b29791f8d3326f5fa61420d51e2ee5ea5f Mon Sep 17 00:00:00 2001 From: Shivam Sandbhor Date: Thu, 25 Aug 2022 09:38:35 +0530 Subject: [PATCH 1/5] Update deps + add feat to feed to binary via stdin --- config.go | 33 +++++++++++------- config/crowdsec-custom-bouncer.yaml | 7 ++++ custom.go | 40 +++++++++++++++++---- go.mod | 23 ++++++++---- go.sum | 54 ++++++++++++++++++++++------- main.go | 41 ++++++++++++++++++++-- 6 files changed, 157 insertions(+), 41 deletions(-) diff --git a/config.go b/config.go index 78aaf03..61fb236 100644 --- a/config.go +++ b/config.go @@ -14,18 +14,25 @@ import ( ) type bouncerConfig struct { - BinPath string `yaml:"bin_path"` // path to binary - PidDir string `yaml:"piddir"` - UpdateFrequency string `yaml:"update_frequency"` - Daemon bool `yaml:"daemonize"` - LogMode string `yaml:"log_mode"` - LogDir string `yaml:"log_dir"` - LogLevel log.Level `yaml:"log_level"` - CompressLogs *bool `yaml:"compress_logs,omitempty"` - LogMaxSize int `yaml:"log_max_size,omitempty"` - LogMaxFiles int `yaml:"log_max_files,omitempty"` - LogMaxAge int `yaml:"log_max_age,omitempty"` - CacheRetentionDuration time.Duration `yaml:"cache_retention_duration"` + BinPath string `yaml:"bin_path"` // path to binary + PidDir string `yaml:"piddir"` + UpdateFrequency string `yaml:"update_frequency"` + IncludeScenariosContaining []string `yaml:"include_scenarios_containing"` + ExcludeScenariosContaining []string `yaml:"exclude_scenarios_containing"` + OnlyIncludeDecisionsFrom []string `yaml:"only_include_decisions_from"` + Daemon bool `yaml:"daemonize"` + LogMode string `yaml:"log_mode"` + LogDir string `yaml:"log_dir"` + LogLevel log.Level `yaml:"log_level"` + LogMaxSize int `yaml:"log_max_size,omitempty"` + LogMaxFiles int `yaml:"log_max_files,omitempty"` + LogMaxAge int `yaml:"log_max_age,omitempty"` + CompressLogs *bool `yaml:"compress_logs,omitempty"` + APIUrl string `yaml:"api_url"` + APIKey string `yaml:"api_key"` + CacheRetentionDuration time.Duration `yaml:"cache_retention_duration"` + FeedViaStdin bool `yaml:"feed_via_stdin"` + TotalRetries int `yaml:"total_retries"` } func NewConfig(configPath string) (*bouncerConfig, error) { @@ -56,7 +63,7 @@ func NewConfig(configPath string) (*bouncerConfig, error) { } /*Configure logging*/ - if err = types.SetDefaultLoggerConfig(config.LogMode, config.LogDir, config.LogLevel, config.LogMaxSize, config.LogMaxFiles, config.LogMaxAge, config.CompressLogs, false); err != nil { + if err := types.SetDefaultLoggerConfig(config.LogMode, config.LogDir, config.LogLevel, config.LogMaxSize, config.LogMaxFiles, config.LogMaxAge, config.CompressLogs, false); err != nil { log.Fatal(err.Error()) } if config.LogMode == "file" { diff --git a/config/crowdsec-custom-bouncer.yaml b/config/crowdsec-custom-bouncer.yaml index a7e24ee..1136e5b 100644 --- a/config/crowdsec-custom-bouncer.yaml +++ b/config/crowdsec-custom-bouncer.yaml @@ -1,4 +1,7 @@ bin_path: ${BINARY_PATH} +include_scenarios_containing: [] # ignore IPs banned for triggering scenarios not containing either of provided word, eg ["ssh", "http"] +exclude_scenarios_containing: [] # ignore IPs banned for triggering scenarios containing either of provided word +only_include_decisions_from: [] piddir: /var/run/ update_frequency: 10s cache_retention_duration: 10s @@ -6,5 +9,9 @@ daemonize: true log_mode: file log_dir: /var/log/ log_level: info +log_compression: true +log_max_size: 100 +log_max_backups: 3 +log_max_age: 30 api_url: http://localhost:8080/ api_key: ${API_KEY} diff --git a/custom.go b/custom.go index a4d33e2..9e1983b 100644 --- a/custom.go +++ b/custom.go @@ -3,6 +3,7 @@ package main import ( "encoding/json" "fmt" + "io" "os/exec" "strconv" "time" @@ -17,15 +18,23 @@ type DecisionKey struct { Type string } +type DecisionWithAction struct { + models.Decision + Action string `json:"action,omitempty"` +} + type customBouncer struct { path string + binaryStdin io.Writer + feedViaStdin bool newDecisionValueSet map[DecisionKey]struct{} expiredDecisionValueSet map[DecisionKey]struct{} } -func newCustomBouncer(path string) (*customBouncer, error) { +func newCustomBouncer(cfg *bouncerConfig) (*customBouncer, error) { return &customBouncer{ - path: path, + path: cfg.BinPath, + feedViaStdin: cfg.FeedViaStdin, }, nil } @@ -53,10 +62,19 @@ func (c *customBouncer) Add(decision *models.Decision) error { return err } log.Debugf("custom [%s] : add ban on %s for %s sec (%s)", c.path, *decision.Value, strconv.Itoa(int(banDuration.Seconds())), *decision.Scenario) - str, err := serializeDecision(decision) + var str string + if c.feedViaStdin { + str, err = serializeDecision(decision, "add") + } else { + str, err = serializeDecision(decision, "") + } if err != nil { log.Warningf("serialize: %s", err) } + if c.feedViaStdin { + fmt.Fprintln(c.binaryStdin, str) + return nil + } cmd := exec.Command(c.path, "add", *decision.Value, strconv.Itoa(int(banDuration.Seconds())), *decision.Scenario, str) if out, err := cmd.CombinedOutput(); err != nil { log.Errorf("Error in 'add' command (%s): %v --> %s", cmd.String(), err, string(out)) @@ -73,7 +91,16 @@ func (c *customBouncer) Delete(decision *models.Decision) error { if err != nil { return err } - str, err := serializeDecision(decision) + var str string + if c.feedViaStdin { + str, err = serializeDecision(decision, "del") + } else { + str, err = serializeDecision(decision, "") + } + if c.feedViaStdin { + fmt.Fprintln(c.binaryStdin, str) + return nil + } if err != nil { log.Warningf("serialize: %s", err) } @@ -90,8 +117,9 @@ func (c *customBouncer) ShutDown() error { return nil } -func serializeDecision(decision *models.Decision) (string, error) { - serbyte, err := json.Marshal(decision) +func serializeDecision(decision *models.Decision, action string) (string, error) { + d := DecisionWithAction{Decision: *decision, Action: action} + serbyte, err := json.Marshal(d) if err != nil { return "", fmt.Errorf("serialize error : %s", err) } diff --git a/go.mod b/go.mod index b8d8bac..258a64a 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,11 @@ go 1.19 require ( github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf github.com/crowdsecurity/crowdsec v1.4.1 - github.com/crowdsecurity/go-cs-bouncer v0.0.0-20220808104920-19304be490bc + github.com/crowdsecurity/go-cs-bouncer v0.0.0-20220817075151-29237cbe9873 + github.com/go-openapi/swag v0.22.3 // indirect github.com/sirupsen/logrus v1.9.0 + golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c // indirect + golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24 // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 gopkg.in/yaml.v2 v2.4.0 @@ -15,25 +18,31 @@ require ( require ( github.com/antonmedv/expr v1.9.0 // indirect github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/crowdsecurity/grokky v0.1.0 // indirect github.com/go-openapi/analysis v0.21.4 // indirect - github.com/go-openapi/errors v0.20.2 // indirect + github.com/go-openapi/errors v0.20.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect - github.com/go-openapi/loads v0.21.1 // indirect - github.com/go-openapi/spec v0.20.6 // indirect + github.com/go-openapi/loads v0.21.2 // indirect + github.com/go-openapi/spec v0.20.7 // indirect github.com/go-openapi/strfmt v0.21.3 // indirect - github.com/go-openapi/swag v0.22.0 // indirect github.com/go-openapi/validate v0.22.0 // indirect + github.com/golang/protobuf v1.5.2 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_golang v1.13.0 // indirect + github.com/prometheus/client_model v0.2.0 // indirect + github.com/prometheus/common v0.37.0 // indirect + github.com/prometheus/procfs v0.8.0 // indirect go.mongodb.org/mongo-driver v1.10.1 // indirect - golang.org/x/net v0.0.0-20220805013720-a33c5aa5df48 // indirect - golang.org/x/sys v0.0.0-20220804214406-8e32c043e418 // indirect + google.golang.org/protobuf v1.28.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 8634492..728c7d0 100644 --- a/go.sum +++ b/go.sum @@ -158,6 +158,7 @@ github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiU github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= @@ -181,6 +182,7 @@ github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= @@ -338,8 +340,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/crowdsecurity/crowdsec v1.4.1 h1:GNmOO3Thh710hSYEW0H+7BJCkMsrpafnM6et4cezxAc= github.com/crowdsecurity/crowdsec v1.4.1/go.mod h1:du34G8w0vTwVucLoPoI5s1SiZoA7a8ZDAYlzV0ZInRM= -github.com/crowdsecurity/go-cs-bouncer v0.0.0-20220808104920-19304be490bc h1:bspaMkIroQ+PZzT1qe4PSu4MeQW+kwRK2eDvUroZO9s= -github.com/crowdsecurity/go-cs-bouncer v0.0.0-20220808104920-19304be490bc/go.mod h1:SpbFr+4rbQ+d9RAhOWlXkhpDTuSkzoBi+zGASW8+/Kw= +github.com/crowdsecurity/go-cs-bouncer v0.0.0-20220817075151-29237cbe9873 h1:Twjq/4Hn4mQWDGqi3bFaHKiE5FbfdcVrm9rSAMaU9m8= +github.com/crowdsecurity/go-cs-bouncer v0.0.0-20220817075151-29237cbe9873/go.mod h1:y+IwYjFtuOmAfh/zlJj1gplt5TDwrXFcu4Xw7bkIABk= github.com/crowdsecurity/grokky v0.0.0-20220120093523-d5b3478363fa/go.mod h1:fx5UYUYAFIrOUNAkFCUOM2wJcsp9EWSQE9R0/9kaFJg= github.com/crowdsecurity/grokky v0.1.0 h1:jLUzZd3vKxYrM4hQ8n5HWLfvs5ag4UP08eT9OTekI4U= github.com/crowdsecurity/grokky v0.1.0/go.mod h1:fx5UYUYAFIrOUNAkFCUOM2wJcsp9EWSQE9R0/9kaFJg= @@ -426,9 +428,11 @@ github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3I github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= @@ -457,8 +461,9 @@ github.com/go-openapi/errors v0.19.7/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpX github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.20.1/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.2 h1:dxy7PGTqEh94zj2E3h1cUmQQWiM1+aeCROfAr02EmK8= github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= +github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4= github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= @@ -485,8 +490,9 @@ github.com/go-openapi/loads v0.19.5/go.mod h1:dswLCAdonkRufe/gSUC3gN8nTSaB9uaS2e github.com/go-openapi/loads v0.19.6/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hsKvYBNEGVc= github.com/go-openapi/loads v0.19.7/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hsKvYBNEGVc= github.com/go-openapi/loads v0.20.0/go.mod h1:2LhKquiE513rN5xC6Aan6lYOSddlL8Mp20AW9kpviM4= -github.com/go-openapi/loads v0.21.1 h1:Wb3nVZpdEzDTcly8S4HMkey6fjARRzb7iEaySimlDW0= github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= +github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= +github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= @@ -503,8 +509,9 @@ github.com/go-openapi/spec v0.19.8/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHK github.com/go-openapi/spec v0.19.15/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU= github.com/go-openapi/spec v0.20.0/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU= github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= -github.com/go-openapi/spec v0.20.6 h1:ich1RQ3WDbfoeTqTAb+5EIxNmpKVJZWBNah9RAT0jIQ= github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/spec v0.20.7 h1:1Rlu/ZrOCCob0n+JKKJAWhNWMPW8bOZRg8FJaY+0SKI= +github.com/go-openapi/spec v0.20.7/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY= @@ -528,8 +535,9 @@ github.com/go-openapi/swag v0.19.12/go.mod h1:eFdyEBkTdoAf/9RXBvj4cr1nH7GD8Kzo5H github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.22.0 h1:1VXunYCNgapcSzFtcY+eBmrwESlYCnFJZahQRgTRoo8= -github.com/go-openapi/swag v0.22.0/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.1/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo= @@ -626,6 +634,7 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -644,8 +653,9 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= @@ -920,6 +930,7 @@ github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/mattn/go-sqlite3 v1.14.10/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= @@ -1069,11 +1080,15 @@ github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQ github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= +github.com/prometheus/client_golang v1.13.0 h1:b71QUfeo5M8gq2+evJdTPfZhYMAU0uKPkyPJ7TPsloU= +github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= @@ -1085,6 +1100,9 @@ github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8b github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= +github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= +github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= +github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -1097,6 +1115,8 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= +github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/prometheus/prom2json v1.3.0/go.mod h1:rMN7m0ApCowcoDlypBHlkNbp5eJQf/+1isKykIP5ZnM= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/r3labs/diff/v2 v2.14.1/go.mod h1:I8noH9Fc2fjSaMxqF3G2lhDdC0b+JXCfyx85tWFM9kc= @@ -1471,9 +1491,12 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220418201149-a630d4f3e7a2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220805013720-a33c5aa5df48 h1:N9Vc/rorQUDes6B9CNdIxAn5jODGj2wzfrei2x4wNj4= -golang.org/x/net v0.0.0-20220805013720-a33c5aa5df48/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20220812174116-3211cb980234/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c h1:JVAXQ10yGGVbSyoer5VILysz6YKjdNT2bsvlayjqhes= +golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1491,6 +1514,7 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1503,6 +1527,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1630,12 +1655,15 @@ golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220513210249-45d2b4557a2a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220804214406-8e32c043e418 h1:9vYwv7OjYaky/tlAeD7C4oC9EsPTlaFl1H2jS++V+ME= -golang.org/x/sys v0.0.0-20220804214406-8e32c043e418/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24 h1:TyKJRhyo17yWxOMCTHKWrc5rddHORMlnZ/j57umaUd8= +golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1904,6 +1932,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/main.go b/main.go index bcbc40e..e2f653a 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,7 @@ import ( "flag" "fmt" "os" + "os/exec" "os/signal" "syscall" "time" @@ -89,7 +90,7 @@ func main() { log.SetLevel(log.DebugLevel) } - custom, err := newCustomBouncer(config.BinPath) + custom, err := newCustomBouncer(config) if err != nil { log.Fatalf(err.Error()) } @@ -117,6 +118,41 @@ func main() { bouncer.Run() return fmt.Errorf("stream api init failed") }) + if config.FeedViaStdin { + t.Go( + func() error { + f := func() error { + c := exec.Command(config.BinPath) + s, err := c.StdinPipe() + if err != nil { + return err + } + custom.binaryStdin = s + if err := c.Start(); err != nil { + return err + } + + return c.Wait() + } + var err error + if config.TotalRetries == -1 { + for { + err := f() + log.Error(err) + } + } else { + for i := 0; i <= config.TotalRetries; i++ { + err = f() + } + } + log.Error("maximum retries exceeded for binary. Exiting") + t.Kill(err) + return err + + }, + ) + + } t.Go(func() error { log.Printf("Processing new and deleted decisions . . .") @@ -157,8 +193,7 @@ func main() { go HandleSignals(custom) } - err = t.Wait() - if err != nil { + if err := t.Wait(); err != nil { log.Errorf("process return with error: %s", err) } } From 63b9efcd705e589a6f14b8f4b2e8aa18fd4c6922 Mon Sep 17 00:00:00 2001 From: Shivam Sandbhor Date: Thu, 25 Aug 2022 09:51:28 +0530 Subject: [PATCH 2/5] Use go 1.19 and add prometheus server --- .github/workflows/build-binary-package.yml | 4 +- .github/workflows/go.yml | 5 --- config.go | 45 +++++++++++++--------- config/crowdsec-custom-bouncer.yaml | 5 +++ go.mod | 2 +- go.sum | 1 + main.go | 17 ++++++++ 7 files changed, 52 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build-binary-package.yml b/.github/workflows/build-binary-package.yml index 150c1a7..fd230c5 100644 --- a/.github/workflows/build-binary-package.yml +++ b/.github/workflows/build-binary-package.yml @@ -10,10 +10,10 @@ jobs: name: Build and upload binary package runs-on: ubuntu-latest steps: - - name: Set up Go 1.13 + - name: Set up Go 1.19 uses: actions/setup-go@v1 with: - go-version: 1.13 + go-version: 1.19 id: go - name: Check out code into the Go module directory uses: actions/checkout@v2 diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 5fabfbe..3306b9c 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -23,8 +23,3 @@ jobs: run: make build - name: Test run: go test -v - - - - - diff --git a/config.go b/config.go index 61fb236..67cc839 100644 --- a/config.go +++ b/config.go @@ -13,26 +13,33 @@ import ( "gopkg.in/yaml.v2" ) +type PrometheusConfig struct { + Enabled bool `yaml:"enabled"` + ListenAddress string `yaml:"listen_addr"` + ListenPort string `yaml:"listen_port"` +} + type bouncerConfig struct { - BinPath string `yaml:"bin_path"` // path to binary - PidDir string `yaml:"piddir"` - UpdateFrequency string `yaml:"update_frequency"` - IncludeScenariosContaining []string `yaml:"include_scenarios_containing"` - ExcludeScenariosContaining []string `yaml:"exclude_scenarios_containing"` - OnlyIncludeDecisionsFrom []string `yaml:"only_include_decisions_from"` - Daemon bool `yaml:"daemonize"` - LogMode string `yaml:"log_mode"` - LogDir string `yaml:"log_dir"` - LogLevel log.Level `yaml:"log_level"` - LogMaxSize int `yaml:"log_max_size,omitempty"` - LogMaxFiles int `yaml:"log_max_files,omitempty"` - LogMaxAge int `yaml:"log_max_age,omitempty"` - CompressLogs *bool `yaml:"compress_logs,omitempty"` - APIUrl string `yaml:"api_url"` - APIKey string `yaml:"api_key"` - CacheRetentionDuration time.Duration `yaml:"cache_retention_duration"` - FeedViaStdin bool `yaml:"feed_via_stdin"` - TotalRetries int `yaml:"total_retries"` + BinPath string `yaml:"bin_path"` // path to binary + PidDir string `yaml:"piddir"` + UpdateFrequency string `yaml:"update_frequency"` + IncludeScenariosContaining []string `yaml:"include_scenarios_containing"` + ExcludeScenariosContaining []string `yaml:"exclude_scenarios_containing"` + OnlyIncludeDecisionsFrom []string `yaml:"only_include_decisions_from"` + Daemon bool `yaml:"daemonize"` + LogMode string `yaml:"log_mode"` + LogDir string `yaml:"log_dir"` + LogLevel log.Level `yaml:"log_level"` + LogMaxSize int `yaml:"log_max_size,omitempty"` + LogMaxFiles int `yaml:"log_max_files,omitempty"` + LogMaxAge int `yaml:"log_max_age,omitempty"` + CompressLogs *bool `yaml:"compress_logs,omitempty"` + APIUrl string `yaml:"api_url"` + APIKey string `yaml:"api_key"` + CacheRetentionDuration time.Duration `yaml:"cache_retention_duration"` + FeedViaStdin bool `yaml:"feed_via_stdin"` + TotalRetries int `yaml:"total_retries"` + PrometheusConfig PrometheusConfig `yaml:"prometheus"` } func NewConfig(configPath string) (*bouncerConfig, error) { diff --git a/config/crowdsec-custom-bouncer.yaml b/config/crowdsec-custom-bouncer.yaml index 1136e5b..187b0c4 100644 --- a/config/crowdsec-custom-bouncer.yaml +++ b/config/crowdsec-custom-bouncer.yaml @@ -15,3 +15,8 @@ log_max_backups: 3 log_max_age: 30 api_url: http://localhost:8080/ api_key: ${API_KEY} + +prometheus: + enabled: true + listen_addr: 127.0.0.1 + listen_port: 60602 \ No newline at end of file diff --git a/go.mod b/go.mod index 258a64a..abdf5b8 100644 --- a/go.mod +++ b/go.mod @@ -7,6 +7,7 @@ require ( github.com/crowdsecurity/crowdsec v1.4.1 github.com/crowdsecurity/go-cs-bouncer v0.0.0-20220817075151-29237cbe9873 github.com/go-openapi/swag v0.22.3 // indirect + github.com/prometheus/client_golang v1.13.0 github.com/sirupsen/logrus v1.9.0 golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c // indirect golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24 // indirect @@ -38,7 +39,6 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.13.0 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.37.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect diff --git a/go.sum b/go.sum index 728c7d0..b877c34 100644 --- a/go.sum +++ b/go.sum @@ -180,6 +180,7 @@ github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= diff --git a/main.go b/main.go index e2f653a..32db48b 100644 --- a/main.go +++ b/main.go @@ -3,6 +3,8 @@ package main import ( "flag" "fmt" + "net" + "net/http" "os" "os/exec" "os/signal" @@ -10,6 +12,8 @@ import ( "time" "github.com/coreos/go-systemd/daemon" + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promhttp" log "github.com/sirupsen/logrus" "github.com/sirupsen/logrus/hooks/writer" @@ -118,6 +122,19 @@ func main() { bouncer.Run() return fmt.Errorf("stream api init failed") }) + if config.PrometheusConfig.Enabled { + prometheus.MustRegister(csbouncer.TotalLAPICalls, csbouncer.TotalLAPIError) + go func() { + http.Handle("/metrics", promhttp.Handler()) + listenOn := net.JoinHostPort( + config.PrometheusConfig.ListenAddress, + config.PrometheusConfig.ListenPort, + ) + log.Infof("Serving metrics at %s", listenOn+"/metrics") + log.Error(http.ListenAndServe(listenOn, nil)) + }() + } + go bouncer.Run() if config.FeedViaStdin { t.Go( func() error { From fc5f5dc43951214b53eb2792505b78d3e013a6ab Mon Sep 17 00:00:00 2001 From: Shivam Sandbhor Date: Thu, 25 Aug 2022 10:25:14 +0530 Subject: [PATCH 3/5] Update default conf --- config/crowdsec-custom-bouncer.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/crowdsec-custom-bouncer.yaml b/config/crowdsec-custom-bouncer.yaml index 187b0c4..945029e 100644 --- a/config/crowdsec-custom-bouncer.yaml +++ b/config/crowdsec-custom-bouncer.yaml @@ -1,4 +1,6 @@ bin_path: ${BINARY_PATH} +feed_via_stdin: false # Invokes binary once and feeds incoming decisions to it's stdin. +total_retries: 0 # number of times to restart binary. relevant if feed_via_stdin=true . Set to -1 for infinite retries. include_scenarios_containing: [] # ignore IPs banned for triggering scenarios not containing either of provided word, eg ["ssh", "http"] exclude_scenarios_containing: [] # ignore IPs banned for triggering scenarios containing either of provided word only_include_decisions_from: [] From b1d24a6f6f78634e8ba8e3a2c656ca12d3613953 Mon Sep 17 00:00:00 2001 From: Sebastien Blot Date: Wed, 12 Oct 2022 21:55:34 +0200 Subject: [PATCH 4/5] be more verbose when the binary exists in stdin mode --- main.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index 32db48b..32237f6 100644 --- a/main.go +++ b/main.go @@ -155,11 +155,12 @@ func main() { if config.TotalRetries == -1 { for { err := f() - log.Error(err) + log.Errorf("Binary exited: %s", err) } } else { for i := 0; i <= config.TotalRetries; i++ { err = f() + log.Errorf("Binary exited (retry %d/%d): %s", i, config.TotalRetries, err) } } log.Error("maximum retries exceeded for binary. Exiting") From 99582c54960f677a68c89d478719eb19e7b49236 Mon Sep 17 00:00:00 2001 From: Sebastien Blot Date: Wed, 12 Oct 2022 23:49:36 +0200 Subject: [PATCH 5/5] properly exit if the binary exits --- main.go | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/main.go b/main.go index 32237f6..98103f0 100644 --- a/main.go +++ b/main.go @@ -1,6 +1,7 @@ package main import ( + "context" "flag" "fmt" "net" @@ -62,6 +63,7 @@ func HandleSignals(custom *customBouncer) { func main() { var err error + var promServer *http.Server configPath := flag.String("c", "", "path to crowdsec-custom-bouncer.yaml") verbose := flag.Bool("v", false, "set verbose mode") bouncerVersion := flag.Bool("version", false, "display version and exit") @@ -118,23 +120,27 @@ func main() { } cacheResetTicker := time.NewTicker(config.CacheRetentionDuration) - t.Go(func() error { - bouncer.Run() - return fmt.Errorf("stream api init failed") - }) + go bouncer.Run() if config.PrometheusConfig.Enabled { - prometheus.MustRegister(csbouncer.TotalLAPICalls, csbouncer.TotalLAPIError) - go func() { - http.Handle("/metrics", promhttp.Handler()) - listenOn := net.JoinHostPort( + listenOn := net.JoinHostPort( + config.PrometheusConfig.ListenAddress, + config.PrometheusConfig.ListenPort, + ) + muxer := http.NewServeMux() + promServer = &http.Server{ + Addr: net.JoinHostPort( config.PrometheusConfig.ListenAddress, config.PrometheusConfig.ListenPort, - ) + ), + Handler: muxer, + } + muxer.Handle("/metrics", promhttp.Handler()) + prometheus.MustRegister(csbouncer.TotalLAPICalls, csbouncer.TotalLAPIError) + go func() { log.Infof("Serving metrics at %s", listenOn+"/metrics") - log.Error(http.ListenAndServe(listenOn, nil)) + log.Error(promServer.ListenAndServe()) }() } - go bouncer.Run() if config.FeedViaStdin { t.Go( func() error { @@ -178,6 +184,10 @@ func main() { select { case <-t.Dying(): log.Infoln("terminating bouncer process") + if config.PrometheusConfig.Enabled { + log.Infoln("terminating prometheus server") + promServer.Shutdown(context.Background()) + } return nil case decisions := <-bouncer.Stream: log.Infof("deleting '%d' decisions", len(decisions.Deleted))