зеркало из https://github.com/mozilla/MozDef.git
resolving conflicts.
This commit is contained in:
Phrozyn
Коммит
6081bee46b
|
|
@ -11,3 +11,4 @@ cron/ipblocklist.txt
|
|||
alerts/generic_alerts
|
||||
/.project
|
||||
/data
|
||||
.vscode
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
[uwsgi]
|
||||
chdir = /opt/mozdef/envs/mozdef/alerts/
|
||||
uid = mozdef
|
||||
mule = alertWorker.py
|
||||
pyargv = -c /opt/mozdef/envs/mozdef/alerts/alertWorker.conf
|
||||
log-syslog = alertplugins-worker
|
||||
log-drain = generated 0 bytes
|
||||
socket = /opt/mozdef/envs/mozdef/alerts/alertPlugins.socket
|
||||
virtualenv = /opt/mozdef/envs/mozdef/
|
||||
master-fifo = /opt/mozdef/envs/mozdef/alerts/alertPlugins.fifo
|
||||
procname-master = [m]
|
||||
procname-prefix = [alertPlugins]
|
||||
never-swap
|
||||
pidfile= /var/run/mozdef-alerts/alertPlugins.pid
|
||||
vacuum = true
|
||||
enable-threads
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
[uwsgi]
|
||||
chdir = /opt/mozdef/envs/mozdef/alerts/
|
||||
uid = mozdef
|
||||
mule = alert_worker.py
|
||||
pyargv = -c /opt/mozdef/envs/mozdef/alerts/alert_worker.conf
|
||||
log-syslog = alertplugins-worker
|
||||
log-drain = generated 0 bytes
|
||||
socket = /opt/mozdef/envs/mozdef/alerts/alert_plugins.socket
|
||||
virtualenv = /opt/mozdef/envs/mozdef/
|
||||
master-fifo = /opt/mozdef/envs/mozdef/alerts/alert_plugins.fifo
|
||||
procname-master = [m]
|
||||
procname-prefix = [alertplugins]
|
||||
never-swap
|
||||
pidfile= /var/run/mozdef-alerts/alert_plugins.pid
|
||||
vacuum = true
|
||||
enable-threads
|
||||
|
|
@ -15,7 +15,7 @@ from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
|||
|
||||
class AlertBugzillaPBruteforce(AlertTask):
|
||||
def main(self):
|
||||
self.parse_config('bugzillaauthbruteforce.conf', ['url'])
|
||||
self.parse_config('bugzilla_auth_bruteforce.conf', ['url'])
|
||||
search_query = SearchQuery(minutes=15)
|
||||
|
||||
search_query.add_must([
|
||||
|
|
@ -15,7 +15,7 @@ from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
|||
|
||||
class AlertHTTPBruteforce(AlertTask):
|
||||
def main(self):
|
||||
self.parse_config('httpauthbruteforce.conf', ['url'])
|
||||
self.parse_config('http_auth_bruteforce.conf', ['url'])
|
||||
search_query = SearchQuery(minutes=15)
|
||||
|
||||
search_query.add_must([
|
||||
|
|
@ -15,7 +15,7 @@ from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
|||
|
||||
class AlertHTTPErrors(AlertTask):
|
||||
def main(self):
|
||||
self.parse_config('httperrors.conf', ['url'])
|
||||
self.parse_config('http_errors.conf', ['url'])
|
||||
|
||||
search_query = SearchQuery(minutes=15)
|
||||
|
||||
|
|
@ -15,7 +15,7 @@ from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch
|
|||
|
||||
class AlertSSHManyConns(AlertTask):
|
||||
def main(self):
|
||||
self.parse_config('sshbruteforce_bro.conf', ['url'])
|
||||
self.parse_config('ssh_bruteforce_bro.conf', ['url'])
|
||||
|
||||
search_query = SearchQuery(minutes=15)
|
||||
|
||||
|
|
@ -2,7 +2,7 @@ if $programname == 'mozdefbot-worker' then /var/log/mozdef/mozdefbot.log
|
|||
if $programname == 'loginput-worker' then /var/log/mozdef/loginput.log
|
||||
if $programname == 'infosecsqs-worker' then /var/log/mozdef/infosecsqs.log
|
||||
if $programname == 'restapi-worker' then /var/log/mozdef/restapi.log
|
||||
if $programname == 'syslog-worker' then /var/log/mozdef/syslog.log
|
||||
if $programname == 'eventtask-worker' then /var/log/mozdef/eventtask.log
|
||||
if $programname == 'nubis-worker' then /var/log/mozdef/nubis.log
|
||||
if $programname == 'bro-worker' then /var/log/mozdef/bro.log
|
||||
if $programname == 'migsqs-worker' then /var/log/mozdef/migsqs.log
|
||||
|
|
|
|||
|
|
@ -395,7 +395,7 @@ Manual Installation
|
|||
|
||||
*Use sudo whereever required*
|
||||
|
||||
**(Currently only for apt-based systems)**
|
||||
**(Currently only for apt-based systems using Docker)**
|
||||
|
||||
|
||||
1. Cloning repository ::
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
# kombu's support for SQS is buggy
|
||||
# so this version uses boto
|
||||
# to read an SQS queue and put events into elastic search
|
||||
# in the same manner as esworker.py
|
||||
# in the same manner as esworker_eventtask.py
|
||||
|
||||
|
||||
import json
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
[uwsgi]
|
||||
chdir = /opt/mozdef/envs/mozdef/mq/
|
||||
uid = mozdef
|
||||
mule = esworker_eventtask.py
|
||||
mule = esworker_eventtask.py
|
||||
mule = esworker_eventtask.py
|
||||
mule = esworker_eventtask.py
|
||||
mule = esworker_eventtask.py
|
||||
mule = esworker_eventtask.py
|
||||
mule = esworker_eventtask.py
|
||||
mule = esworker_eventtask.py
|
||||
mule = esworker_eventtask.py
|
||||
mule = esworker_eventtask.py
|
||||
pyargv = -c /opt/mozdef/envs/mozdef/mq/esworker_eventtask.conf
|
||||
log-syslog = eventtask-worker
|
||||
log-drain = generated 0 bytes
|
||||
socket = /opt/mozdef/envs/mozdef/mq/eventtask.socket
|
||||
virtualenv = /opt/mozdef/envs/mozdef/
|
||||
procname-master = [m]
|
||||
procname-prefix = [eventtask]
|
||||
master-fifo = /opt/mozdef/envs/mozdef/mq/eventtask.fifo
|
||||
never-swap
|
||||
pidfile = /var/run/mozdefeventtask/eventtask.pid
|
||||
vacuum = true
|
||||
enable-threads
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
[uwsgi]
|
||||
chdir = /opt/mozdef/envs/mozdef/mq/
|
||||
uid = mozdef
|
||||
mule = esworker.py
|
||||
mule = esworker.py
|
||||
mule = esworker.py
|
||||
mule = esworker.py
|
||||
mule = esworker.py
|
||||
mule = esworker.py
|
||||
mule = esworker.py
|
||||
mule = esworker.py
|
||||
mule = esworker.py
|
||||
mule = esworker.py
|
||||
pyargv = -c /opt/mozdef/envs/mozdef/mq/esworker.conf
|
||||
log-syslog = syslog-worker
|
||||
log-drain = generated 0 bytes
|
||||
socket = /opt/mozdef/envs/mozdef/mq/mqwSyslog.socket
|
||||
virtualenv = /opt/mozdef/envs/mozdef/
|
||||
procname-master = [m]
|
||||
procname-prefix = [mqwSyslog]
|
||||
master-fifo = /opt/mozdef/envs/mozdef/mq/mqwSyslog.fifo
|
||||
never-swap
|
||||
pidfile = /var/run/mozdefmqwSyslog/mqwSyslog.pid
|
||||
vacuum = true
|
||||
enable-threads
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
[Unit]
|
||||
Description=uWSGI mozdef Alert Plugins
|
||||
Description=uWSGI MozDef Alert Plugins Service
|
||||
After=rabbitmq-server.service
|
||||
|
||||
[Service]
|
||||
|
|
@ -9,7 +9,7 @@ ExecStartPre=-/usr/bin/mkdir -p /var/run/mozdef-alerts
|
|||
ExecStartPre=/usr/bin/chown -R mozdef:mozdef /var/run/mozdef-alerts
|
||||
User=mozdef
|
||||
Group=mozdef
|
||||
ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/alerts; source /opt/mozdef/envs/mozdef/bin/activate; uwsgi --ini alertPlugins.ini'
|
||||
ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/alerts; source /opt/mozdef/envs/mozdef/bin/activate; uwsgi --ini alert_plugins.ini'
|
||||
Restart=always
|
||||
KillSignal=SIGQUIT
|
||||
Type=notify
|
||||
|
|
@ -18,4 +18,4 @@ NotifyAccess=all
|
|||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=alertPlugins
|
||||
Alias=alertplugins
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
[Unit]
|
||||
Description=uWSGI mozdef Alert Service
|
||||
Description=uWSGI MozDef Alert Service
|
||||
After=rabbitmq-server.service
|
||||
|
||||
[Service]
|
||||
|
|
@ -10,7 +10,7 @@ ExecStartPre=/usr/bin/chown -R mozdef:mozdef /var/run/mozdef-alerts
|
|||
PIDFile=/var/run/mozdef-alerts/supervisord.pid
|
||||
User=mozdef
|
||||
Group=mozdef
|
||||
ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/alerts; source /opt/mozdef/envs/mozdef/bin/activate; /opt/mozdef/envs/mozdef/bin/supervisord -c /opt/mozdef/envs/mozdef/alerts/supervisord.alerts.ini'
|
||||
ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/alerts; source /opt/mozdef/envs/mozdef/bin/activate; /opt/mozdef/envs/mozdef/bin/supervisord -c /opt/mozdef/envs/mozdef/alerts/supervisord_alerts.ini'
|
||||
Restart=always
|
||||
KillSignal=SIGQUIT
|
||||
Type=forking
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
[Unit]
|
||||
Description=uWSGI mozdef bot
|
||||
Description=uWSGI MozDef Bot Service
|
||||
After=rabbitmq-server.service
|
||||
|
||||
[Service]
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
[Unit]
|
||||
Description=uWSGI mozdefloginput
|
||||
Description=uWSGI MozDef Log Input Service
|
||||
After=rabbitmq-server.service
|
||||
|
||||
[Service]
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
[Unit]
|
||||
Description=uWSGI mozdef mqwSyslog
|
||||
After=rabbitmq-server.service
|
||||
|
||||
[Service]
|
||||
# Requires systemd version 211 or newer
|
||||
PermissionsStartOnly=true
|
||||
ExecStartPre=-/usr/bin/mkdir -p /var/run/mozdefmqwSyslog
|
||||
ExecStartPre=/usr/bin/chown -R mozdef:mozdef /var/run/mozdefmqwSyslog
|
||||
User=mozdef
|
||||
Group=mozdef
|
||||
ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/mq; source /opt/mozdef/envs/mozdef/bin/activate; uwsgi --ini mqwSyslog.ini'
|
||||
Restart=always
|
||||
KillSignal=SIGQUIT
|
||||
Type=notify
|
||||
StandardError=syslog
|
||||
NotifyAccess=all
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=mqwsyslog
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
[Unit]
|
||||
Description=uWSGI eventtask mworker
|
||||
After=rabbitmq-server.service
|
||||
|
||||
[Service]
|
||||
# Requires systemd version 211 or newer
|
||||
PermissionsStartOnly=true
|
||||
ExecStartPre=-/usr/bin/mkdir -p /var/run/mozdef_mq_worker_pids
|
||||
ExecStartPre=/usr/bin/chown -R mozdef:mozdef /var/run/mozdef_mq_worker_pids
|
||||
User=mozdef
|
||||
Group=mozdef
|
||||
ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/mq/; source /opt/mozdef/envs/mozdef/bin/activate; uwsgi --ini eventtask.ini'
|
||||
Restart=always
|
||||
KillSignal=SIGQUIT
|
||||
Type=notify
|
||||
StandardError=syslog
|
||||
NotifyAccess=all
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=eventtask
|
||||
Загрузка…
Ссылка в новой задаче