feat: full working metrics ready
This commit is contained in:
d3m0k1d
@@ -6,6 +6,7 @@ import (
|
||||
"strconv"
|
||||
|
||||
"github.com/d3m0k1d/BanForge/internal/logger"
|
||||
"github.com/d3m0k1d/BanForge/internal/metrics"
|
||||
)
|
||||
|
||||
type Firewalld struct {
|
||||
@@ -23,20 +24,24 @@ func (f *Firewalld) Ban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
metrics.IncBanAttempt("firewalld")
|
||||
// #nosec G204 - ip is validated
|
||||
cmd := exec.Command("firewall-cmd", "--zone=drop", "--add-source", ip, "--permanent")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
f.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("Add source " + ip + " " + string(output))
|
||||
output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput()
|
||||
if err != nil {
|
||||
f.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("Reload " + string(output))
|
||||
metrics.IncBan("firewalld")
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -45,20 +50,24 @@ func (f *Firewalld) Unban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
metrics.IncUnbanAttempt("firewalld")
|
||||
// #nosec G204 - ip is validated
|
||||
cmd := exec.Command("firewall-cmd", "--zone=drop", "--remove-source", ip, "--permanent")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
f.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("Remove source " + ip + " " + string(output))
|
||||
output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput()
|
||||
if err != nil {
|
||||
f.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("Reload " + string(output))
|
||||
metrics.IncUnban("firewalld")
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -70,6 +79,7 @@ func (f *Firewalld) PortOpen(port int, protocol string) error {
|
||||
return fmt.Errorf("invalid protocol")
|
||||
}
|
||||
s := strconv.Itoa(port)
|
||||
metrics.IncPortOperation("open", protocol)
|
||||
cmd := exec.Command(
|
||||
"firewall-cmd",
|
||||
"--zone=public",
|
||||
@@ -79,12 +89,14 @@ func (f *Firewalld) PortOpen(port int, protocol string) error {
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
f.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("Add port " + s + " " + string(output))
|
||||
output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput()
|
||||
if err != nil {
|
||||
f.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("Reload " + string(output))
|
||||
@@ -99,6 +111,7 @@ func (f *Firewalld) PortClose(port int, protocol string) error {
|
||||
return fmt.Errorf("invalid protocol")
|
||||
}
|
||||
s := strconv.Itoa(port)
|
||||
metrics.IncPortOperation("close", protocol)
|
||||
cmd := exec.Command(
|
||||
"firewall-cmd",
|
||||
"--zone=public",
|
||||
@@ -107,11 +120,13 @@ func (f *Firewalld) PortClose(port int, protocol string) error {
|
||||
)
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("Remove port " + s + " " + string(output))
|
||||
output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput()
|
||||
if err != nil {
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("Reload " + string(output))
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"strconv"
|
||||
|
||||
"github.com/d3m0k1d/BanForge/internal/logger"
|
||||
"github.com/d3m0k1d/BanForge/internal/metrics"
|
||||
)
|
||||
|
||||
type Iptables struct {
|
||||
@@ -24,6 +25,7 @@ func (f *Iptables) Ban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
metrics.IncBanAttempt("iptables")
|
||||
err = validateConfigPath(f.config)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -36,11 +38,13 @@ func (f *Iptables) Ban(ip string) error {
|
||||
"ip", ip,
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("IP banned",
|
||||
"ip", ip,
|
||||
"output", string(output))
|
||||
metrics.IncBan("iptables")
|
||||
|
||||
err = validateConfigPath(f.config)
|
||||
if err != nil {
|
||||
@@ -54,6 +58,7 @@ func (f *Iptables) Ban(ip string) error {
|
||||
"config_path", f.config,
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("config saved",
|
||||
@@ -67,6 +72,7 @@ func (f *Iptables) Unban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
metrics.IncUnbanAttempt("iptables")
|
||||
err = validateConfigPath(f.config)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -79,11 +85,13 @@ func (f *Iptables) Unban(ip string) error {
|
||||
"ip", ip,
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("IP unbanned",
|
||||
"ip", ip,
|
||||
"output", string(output))
|
||||
metrics.IncUnban("iptables")
|
||||
|
||||
err = validateConfigPath(f.config)
|
||||
if err != nil {
|
||||
@@ -97,6 +105,7 @@ func (f *Iptables) Unban(ip string) error {
|
||||
"config_path", f.config,
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("config saved",
|
||||
@@ -112,11 +121,13 @@ func (f *Iptables) PortOpen(port int, protocol string) error {
|
||||
return nil
|
||||
}
|
||||
s := strconv.Itoa(port)
|
||||
metrics.IncPortOperation("open", protocol)
|
||||
// #nosec G204 - managed by system adminstartor
|
||||
cmd := exec.Command("iptables", "-A", "INPUT", "-p", protocol, "--dport", s, "-j", "ACCEPT")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
f.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("Add port " + s + " " + string(output))
|
||||
@@ -128,6 +139,7 @@ func (f *Iptables) PortOpen(port int, protocol string) error {
|
||||
"config_path", f.config,
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
}
|
||||
@@ -141,11 +153,13 @@ func (f *Iptables) PortClose(port int, protocol string) error {
|
||||
return nil
|
||||
}
|
||||
s := strconv.Itoa(port)
|
||||
metrics.IncPortOperation("close", protocol)
|
||||
// #nosec G204 - managed by system adminstartor
|
||||
cmd := exec.Command("iptables", "-D", "INPUT", "-p", protocol, "--dport", s, "-j", "ACCEPT")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
f.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
f.logger.Info("Add port " + s + " " + string(output))
|
||||
@@ -157,6 +171,7 @@ func (f *Iptables) PortClose(port int, protocol string) error {
|
||||
"config_path", f.config,
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/d3m0k1d/BanForge/internal/logger"
|
||||
"github.com/d3m0k1d/BanForge/internal/metrics"
|
||||
)
|
||||
|
||||
type Nftables struct {
|
||||
@@ -26,6 +27,7 @@ func (n *Nftables) Ban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
metrics.IncBanAttempt("nftables")
|
||||
// #nosec G204 - ip is validated
|
||||
cmd := exec.Command("nft", "add", "rule", "inet", "banforge", "banned",
|
||||
"ip", "saddr", ip, "drop")
|
||||
@@ -35,16 +37,19 @@ func (n *Nftables) Ban(ip string) error {
|
||||
"ip", ip,
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
|
||||
n.logger.Info("IP banned", "ip", ip)
|
||||
metrics.IncBan("nftables")
|
||||
|
||||
err = saveNftablesConfig(n.config)
|
||||
if err != nil {
|
||||
n.logger.Error("failed to save config",
|
||||
"config_path", n.config,
|
||||
"error", err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -57,17 +62,20 @@ func (n *Nftables) Unban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
metrics.IncUnbanAttempt("nftables")
|
||||
|
||||
handle, err := n.findRuleHandle(ip)
|
||||
if err != nil {
|
||||
n.logger.Error("failed to find rule handle",
|
||||
"ip", ip,
|
||||
"error", err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
|
||||
if handle == "" {
|
||||
n.logger.Warn("no rule found for IP", "ip", ip)
|
||||
metrics.IncError()
|
||||
return fmt.Errorf("no rule found for IP %s", ip)
|
||||
}
|
||||
// #nosec G204 - handle is extracted from nftables output and validated
|
||||
@@ -80,16 +88,19 @@ func (n *Nftables) Unban(ip string) error {
|
||||
"handle", handle,
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
|
||||
n.logger.Info("IP unbanned", "ip", ip, "handle", handle)
|
||||
metrics.IncUnban("nftables")
|
||||
|
||||
err = saveNftablesConfig(n.config)
|
||||
if err != nil {
|
||||
n.logger.Error("failed to save config",
|
||||
"config_path", n.config,
|
||||
"error", err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -172,9 +183,11 @@ func (n *Nftables) PortOpen(port int, protocol string) error {
|
||||
if port >= 0 && port <= 65535 {
|
||||
if protocol != "tcp" && protocol != "udp" {
|
||||
n.logger.Error("invalid protocol")
|
||||
metrics.IncError()
|
||||
return fmt.Errorf("invalid protocol")
|
||||
}
|
||||
s := strconv.Itoa(port)
|
||||
metrics.IncPortOperation("open", protocol)
|
||||
// #nosec G204 - managed by system adminstartor
|
||||
cmd := exec.Command(
|
||||
"nft",
|
||||
@@ -191,6 +204,7 @@ func (n *Nftables) PortOpen(port int, protocol string) error {
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
n.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
n.logger.Info("Add port " + s + " " + string(output))
|
||||
@@ -199,6 +213,7 @@ func (n *Nftables) PortOpen(port int, protocol string) error {
|
||||
n.logger.Error("failed to save config",
|
||||
"config_path", n.config,
|
||||
"error", err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
}
|
||||
@@ -209,9 +224,11 @@ func (n *Nftables) PortClose(port int, protocol string) error {
|
||||
if port >= 0 && port <= 65535 {
|
||||
if protocol != "tcp" && protocol != "udp" {
|
||||
n.logger.Error("invalid protocol")
|
||||
metrics.IncError()
|
||||
return fmt.Errorf("invalid protocol")
|
||||
}
|
||||
s := strconv.Itoa(port)
|
||||
metrics.IncPortOperation("close", protocol)
|
||||
// #nosec G204 - managed by system adminstartor
|
||||
cmd := exec.Command(
|
||||
"nft",
|
||||
@@ -228,6 +245,7 @@ func (n *Nftables) PortClose(port int, protocol string) error {
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
n.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
n.logger.Info("Add port " + s + " " + string(output))
|
||||
@@ -236,6 +254,7 @@ func (n *Nftables) PortClose(port int, protocol string) error {
|
||||
n.logger.Error("failed to save config",
|
||||
"config_path", n.config,
|
||||
"error", err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"strconv"
|
||||
|
||||
"github.com/d3m0k1d/BanForge/internal/logger"
|
||||
"github.com/d3m0k1d/BanForge/internal/metrics"
|
||||
)
|
||||
|
||||
type Ufw struct {
|
||||
@@ -23,6 +24,7 @@ func (u *Ufw) Ban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
metrics.IncBanAttempt("ufw")
|
||||
// #nosec G204 - ip is validated
|
||||
cmd := exec.Command("ufw", "--force", "deny", "from", ip)
|
||||
output, err := cmd.CombinedOutput()
|
||||
@@ -31,10 +33,12 @@ func (u *Ufw) Ban(ip string) error {
|
||||
"ip", ip,
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
metrics.IncError()
|
||||
return fmt.Errorf("failed to ban IP %s: %w", ip, err)
|
||||
}
|
||||
|
||||
u.logger.Info("IP banned", "ip", ip, "output", string(output))
|
||||
metrics.IncBan("ufw")
|
||||
return nil
|
||||
}
|
||||
func (u *Ufw) Unban(ip string) error {
|
||||
@@ -42,6 +46,7 @@ func (u *Ufw) Unban(ip string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
metrics.IncUnbanAttempt("ufw")
|
||||
// #nosec G204 - ip is validated
|
||||
cmd := exec.Command("ufw", "--force", "delete", "deny", "from", ip)
|
||||
output, err := cmd.CombinedOutput()
|
||||
@@ -50,10 +55,12 @@ func (u *Ufw) Unban(ip string) error {
|
||||
"ip", ip,
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
metrics.IncError()
|
||||
return fmt.Errorf("failed to unban IP %s: %w", ip, err)
|
||||
}
|
||||
|
||||
u.logger.Info("IP unbanned", "ip", ip, "output", string(output))
|
||||
metrics.IncUnban("ufw")
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -61,14 +68,17 @@ func (u *Ufw) PortOpen(port int, protocol string) error {
|
||||
if port >= 0 && port <= 65535 {
|
||||
if protocol != "tcp" && protocol != "udp" {
|
||||
u.logger.Error("invalid protocol")
|
||||
metrics.IncError()
|
||||
return fmt.Errorf("invalid protocol")
|
||||
}
|
||||
s := strconv.Itoa(port)
|
||||
metrics.IncPortOperation("open", protocol)
|
||||
// #nosec G204 - managed by system adminstartor
|
||||
cmd := exec.Command("ufw", "allow", s+"/"+protocol)
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
u.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
u.logger.Info("Add port " + s + " " + string(output))
|
||||
@@ -80,14 +90,17 @@ func (u *Ufw) PortClose(port int, protocol string) error {
|
||||
if port >= 0 && port <= 65535 {
|
||||
if protocol != "tcp" && protocol != "udp" {
|
||||
u.logger.Error("invalid protocol")
|
||||
metrics.IncError()
|
||||
return nil
|
||||
}
|
||||
s := strconv.Itoa(port)
|
||||
metrics.IncPortOperation("close", protocol)
|
||||
// #nosec G204 - managed by system adminstartor
|
||||
cmd := exec.Command("ufw", "deny", s+"/"+protocol)
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
u.logger.Error(err.Error())
|
||||
metrics.IncError()
|
||||
return err
|
||||
}
|
||||
u.logger.Info("Add port " + s + " " + string(output))
|
||||
|
||||
Reference in New Issue
Block a user