add: [sshd] periodic background MISP routine
Jean-Louis Huynen
parent
a158868857
commit
2f919671fc
|
|
@ -40,9 +40,10 @@ type GrokedSSHD struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type MISP_auth_failure_sshd_username struct {
|
type MISP_auth_failure_sshd_username struct {
|
||||||
mtype string `json:"type"`
|
Name string `json:"name"`
|
||||||
username string `json:"username"`
|
Mtype string `json:"type"`
|
||||||
total string `json:"total"`
|
Username string `json:"username"`
|
||||||
|
Total string `json:"total"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Flush recomputes statistics and recompile HTML output
|
// Flush recomputes statistics and recompile HTML output
|
||||||
|
|
@ -534,30 +535,48 @@ func csvStats(s *SSHDCompiler, v string) error {
|
||||||
|
|
||||||
func (s *SSHDCompiler) MISPexport() error {
|
func (s *SSHDCompiler) MISPexport() error {
|
||||||
|
|
||||||
today := time.Now()
|
//today := time.Now()
|
||||||
dstr := fmt.Sprintf("%v%v%v", today.Year(), fmt.Sprintf("%02d", int(today.Month())), fmt.Sprintf("%02d", int(today.Day())))
|
//dstr := fmt.Sprintf("%v%v%v", today.Year(), fmt.Sprintf("%02d", int(today.Month())), fmt.Sprintf("%02d", int(today.Day())))
|
||||||
|
|
||||||
|
dstr := "20200504"
|
||||||
|
|
||||||
r0 := *s.r0
|
r0 := *s.r0
|
||||||
r1 := *s.r1
|
r1 := *s.r1
|
||||||
zrank, err := redis.Strings(r0.Do("ZRANGEBYSCORE", fmt.Sprintf("%q:statsusername", dstr), "-inf", "+inf", "WITHSCORES"))
|
|
||||||
|
// reading from database 1
|
||||||
|
if _, err := r0.Do("SELECT", 1); err != nil {
|
||||||
|
s.teardown(err)
|
||||||
|
}
|
||||||
|
// writing to database 3
|
||||||
|
if _, err := r1.Do("SELECT", 3); err != nil {
|
||||||
|
s.teardown(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
zrank, err := redis.Strings(r0.Do("ZRANGEBYSCORE", fmt.Sprintf("%v:statsusername", dstr), "-inf", "+inf", "WITHSCORES"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
mispobject := new(MISP_auth_failure_sshd_username)
|
mispobject := new(MISP_auth_failure_sshd_username)
|
||||||
mispobject.mtype = "sshd"
|
mispobject.Name = "authentication-failure-report"
|
||||||
|
mispobject.Mtype = "sshd"
|
||||||
|
|
||||||
for k, v := range zrank {
|
for k, v := range zrank {
|
||||||
// pair: keys
|
// pair: keys
|
||||||
if (k % 2) == 0 {
|
if (k % 2) == 0 {
|
||||||
mispobject.username = v
|
mispobject.Username = v
|
||||||
// even: values
|
// even: values
|
||||||
} else {
|
} else {
|
||||||
mispobject.total = v
|
mispobject.Total = v
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
b, err := json.Marshal(mispobject)
|
b, err := json.Marshal(mispobject)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if string(b) != "{}" {
|
||||||
r1.Do("LPUSH", "authf_object", b)
|
r1.Do("LPUSH", "authf_object", b)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
13
main.go
13
main.go
|
|
@ -222,11 +222,22 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// we add pulling routines to a waitgroup,
|
// we add pulling routines to a waitgroup,
|
||||||
// they can immediately die when exiting.
|
// we wait for completion on exit
|
||||||
pullgr.Add(1)
|
pullgr.Add(1)
|
||||||
go v.Pull(pullreturn)
|
go v.Pull(pullreturn)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Launching MISP export routines
|
||||||
|
// they can immediately die when exiting.
|
||||||
|
for _, v := range torun {
|
||||||
|
go func() {
|
||||||
|
ticker := time.NewTicker(20 * time.Second)
|
||||||
|
for _ = range ticker.C {
|
||||||
|
v.MISPexport()
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
}
|
||||||
|
|
||||||
pullgr.Wait()
|
pullgr.Wait()
|
||||||
log.Println("Exit")
|
log.Println("Exit")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue