Compare commits
3 Commits
v0.5.1
...
3acd0b899c
| Author | SHA1 | Date | |
|---|---|---|---|
|
3acd0b899c | ||
|
|
3ac1250bfc | ||
|
|
7bba444522 |
@@ -60,6 +60,11 @@ var DaemonCmd = &cobra.Command{
|
|||||||
log.Error("Failed to load config", "error", err)
|
log.Error("Failed to load config", "error", err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
_, err = config.LoadMetricsConfig()
|
||||||
|
if err != nil {
|
||||||
|
log.Error("Failed to load metrics config", "error", err)
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
var b blocker.BlockerEngine
|
var b blocker.BlockerEngine
|
||||||
fw := cfg.Firewall.Name
|
fw := cfg.Firewall.Name
|
||||||
b = blocker.GetBlocker(fw, cfg.Firewall.Config)
|
b = blocker.GetBlocker(fw, cfg.Firewall.Config)
|
||||||
|
|||||||
@@ -9,12 +9,13 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
name string
|
name string
|
||||||
service string
|
service string
|
||||||
path string
|
path string
|
||||||
status string
|
status string
|
||||||
method string
|
method string
|
||||||
ttl string
|
ttl string
|
||||||
|
max_retry int
|
||||||
)
|
)
|
||||||
|
|
||||||
var RuleCmd = &cobra.Command{
|
var RuleCmd = &cobra.Command{
|
||||||
@@ -41,7 +42,7 @@ var AddCmd = &cobra.Command{
|
|||||||
if ttl == "" {
|
if ttl == "" {
|
||||||
ttl = "1y"
|
ttl = "1y"
|
||||||
}
|
}
|
||||||
err := config.NewRule(name, service, path, status, method, ttl)
|
err := config.NewRule(name, service, path, status, method, ttl, max_retry)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
@@ -82,4 +83,5 @@ func RuleRegister() {
|
|||||||
AddCmd.Flags().StringVarP(&status, "status", "c", "", "status code")
|
AddCmd.Flags().StringVarP(&status, "status", "c", "", "status code")
|
||||||
AddCmd.Flags().StringVarP(&method, "method", "m", "", "method")
|
AddCmd.Flags().StringVarP(&method, "method", "m", "", "method")
|
||||||
AddCmd.Flags().StringVarP(&ttl, "ttl", "t", "", "ban time")
|
AddCmd.Flags().StringVarP(&ttl, "ttl", "t", "", "ban time")
|
||||||
|
AddCmd.Flags().IntVarP(&max_retry, "max_retry", "r", 0, "max retry")
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ import (
|
|||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
)
|
)
|
||||||
|
|
||||||
var version = "0.5.0"
|
var version = "0.5.2"
|
||||||
|
|
||||||
var VersionCmd = &cobra.Command{
|
var VersionCmd = &cobra.Command{
|
||||||
Use: "version",
|
Use: "version",
|
||||||
|
|||||||
@@ -79,5 +79,6 @@ These command help you to create and manage detection rules in CLI interface.
|
|||||||
| -m -method | - |
|
| -m -method | - |
|
||||||
| -c -status | - |
|
| -c -status | - |
|
||||||
| -t -ttl | -(if not used default ban 1 year) |
|
| -t -ttl | -(if not used default ban 1 year) |
|
||||||
|
| -r -max_retry | - |
|
||||||
|
|
||||||
You must specify at least 1 of the optional flags to create a rule.
|
You must specify at least 1 of the optional flags to create a rule.
|
||||||
|
|||||||
@@ -47,4 +47,5 @@ Example:
|
|||||||
**Description**
|
**Description**
|
||||||
The [[rule]] section require name and one of the following parameters: service, path, status, method. To add a rule, create a [[rule]] block and specify the parameters.
|
The [[rule]] section require name and one of the following parameters: service, path, status, method. To add a rule, create a [[rule]] block and specify the parameters.
|
||||||
ban_time require in format "1m", "1h", "1d", "1M", "1y".
|
ban_time require in format "1m", "1h", "1d", "1M", "1y".
|
||||||
If you want to ban all requests to PHP files (e.g., path = "*.php") or requests to the admin panel (e.g., path = "/admin/*")
|
If you want to ban all requests to PHP files (e.g., path = "*.php") or requests to the admin panel (e.g., path = "/admin/*").
|
||||||
|
If max_retry = 0 ban on first request.
|
||||||
|
|||||||
@@ -10,8 +10,25 @@ import (
|
|||||||
|
|
||||||
"github.com/BurntSushi/toml"
|
"github.com/BurntSushi/toml"
|
||||||
"github.com/d3m0k1d/BanForge/internal/logger"
|
"github.com/d3m0k1d/BanForge/internal/logger"
|
||||||
|
"github.com/d3m0k1d/BanForge/internal/metrics"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func LoadMetricsConfig() (*Metrics, error) {
|
||||||
|
cfg := &Metrics{}
|
||||||
|
_, err := toml.DecodeFile("/etc/banforge/config.toml", cfg)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to decode config: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if cfg.Enabled && cfg.Port > 0 && cfg.Port < 65535 {
|
||||||
|
go metrics.StartMetricsServer(cfg.Port)
|
||||||
|
} else if cfg.Enabled {
|
||||||
|
fmt.Println("Metrics enabled but port invalid, not starting server")
|
||||||
|
}
|
||||||
|
|
||||||
|
return cfg, nil
|
||||||
|
}
|
||||||
|
|
||||||
func LoadRuleConfig() ([]Rule, error) {
|
func LoadRuleConfig() ([]Rule, error) {
|
||||||
log := logger.New(false)
|
log := logger.New(false)
|
||||||
var cfg Rules
|
var cfg Rules
|
||||||
@@ -33,6 +50,7 @@ func NewRule(
|
|||||||
Status string,
|
Status string,
|
||||||
Method string,
|
Method string,
|
||||||
ttl string,
|
ttl string,
|
||||||
|
max_retry int,
|
||||||
) error {
|
) error {
|
||||||
r, err := LoadRuleConfig()
|
r, err := LoadRuleConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -51,6 +69,7 @@ func NewRule(
|
|||||||
Status: Status,
|
Status: Status,
|
||||||
Method: Method,
|
Method: Method,
|
||||||
BanTime: ttl,
|
BanTime: ttl,
|
||||||
|
MaxRetry: max_retry,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
file, err := os.Create("/etc/banforge/rules.toml")
|
file, err := os.Create("/etc/banforge/rules.toml")
|
||||||
|
|||||||
@@ -8,6 +8,10 @@ const Base_config = `
|
|||||||
name = ""
|
name = ""
|
||||||
config = "/etc/nftables.conf"
|
config = "/etc/nftables.conf"
|
||||||
|
|
||||||
|
[metrics]
|
||||||
|
enabled = false
|
||||||
|
port = 2122
|
||||||
|
|
||||||
[[service]]
|
[[service]]
|
||||||
name = "nginx"
|
name = "nginx"
|
||||||
logging = "file"
|
logging = "file"
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ type Service struct {
|
|||||||
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
Firewall Firewall `toml:"firewall"`
|
Firewall Firewall `toml:"firewall"`
|
||||||
|
Metrics Metrics `toml:"metrics"`
|
||||||
Service []Service `toml:"service"`
|
Service []Service `toml:"service"`
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -31,3 +32,8 @@ type Rule struct {
|
|||||||
MaxRetry int `toml:"max_retry"`
|
MaxRetry int `toml:"max_retry"`
|
||||||
BanTime string `toml:"ban_time"`
|
BanTime string `toml:"ban_time"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type Metrics struct {
|
||||||
|
Enabled bool `toml:"enabled"`
|
||||||
|
Port int `toml:"port"`
|
||||||
|
}
|
||||||
|
|||||||
78
internal/metrics/metrics.go
Normal file
78
internal/metrics/metrics.go
Normal file
@@ -0,0 +1,78 @@
|
|||||||
|
package metrics
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
"sync"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
metricsMu sync.RWMutex
|
||||||
|
metrics = make(map[string]int64)
|
||||||
|
)
|
||||||
|
|
||||||
|
func IncBan(service string) {
|
||||||
|
metricsMu.Lock()
|
||||||
|
metrics["ban_count"]++
|
||||||
|
metrics[service+"_bans"]++
|
||||||
|
metricsMu.Unlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
func IncUnban(service string) {
|
||||||
|
metricsMu.Lock()
|
||||||
|
metrics["unban_count"]++
|
||||||
|
metrics[service+"_unbans"]++
|
||||||
|
metricsMu.Unlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
func IncRuleMatched(rule_name string) {
|
||||||
|
metricsMu.Lock()
|
||||||
|
metrics[rule_name+"_rule_matched"]++
|
||||||
|
metricsMu.Unlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
func IncLogParsed() {
|
||||||
|
metricsMu.Lock()
|
||||||
|
metrics["log_parsed"]++
|
||||||
|
metricsMu.Unlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
func MetricsHandler() http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
metricsMu.RLock()
|
||||||
|
snapshot := make(map[string]int64, len(metrics))
|
||||||
|
for k, v := range metrics {
|
||||||
|
snapshot[k] = v
|
||||||
|
}
|
||||||
|
metricsMu.RUnlock()
|
||||||
|
|
||||||
|
w.Header().Set("Content-Type", "text/plain; version=0.0.4")
|
||||||
|
|
||||||
|
for name, value := range snapshot {
|
||||||
|
metricName := name + "_total"
|
||||||
|
_, _ = fmt.Fprintf(w, "# TYPE %s counter\n", metricName)
|
||||||
|
_, _ = fmt.Fprintf(w, "%s %d\n", metricName, value)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func StartMetricsServer(port int) {
|
||||||
|
mux := http.NewServeMux()
|
||||||
|
mux.Handle("/metrics", MetricsHandler())
|
||||||
|
|
||||||
|
server := &http.Server{
|
||||||
|
Addr: fmt.Sprintf(":%d", port),
|
||||||
|
Handler: mux,
|
||||||
|
ReadTimeout: 5 * time.Second,
|
||||||
|
WriteTimeout: 10 * time.Second,
|
||||||
|
IdleTimeout: 15 * time.Second,
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Printf("Starting metrics server on %s", server.Addr)
|
||||||
|
if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
|
||||||
|
log.Printf("Metrics server error: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@@ -53,6 +53,9 @@ func NewRequestsRd() (*RequestReader, error) {
|
|||||||
|
|
||||||
func (r *RequestReader) IsMaxRetryExceeded(ip string, maxRetry int) (bool, error) {
|
func (r *RequestReader) IsMaxRetryExceeded(ip string, maxRetry int) (bool, error) {
|
||||||
var count int
|
var count int
|
||||||
|
if maxRetry == 0 {
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
err := r.db.QueryRow("SELECT COUNT(*) FROM requests WHERE ip = ?", ip).Scan(&count)
|
err := r.db.QueryRow("SELECT COUNT(*) FROM requests WHERE ip = ?", ip).Scan(&count)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
r.logger.Error("error query count: " + err.Error())
|
r.logger.Error("error query count: " + err.Error())
|
||||||
|
|||||||
Reference in New Issue
Block a user