resolving conflicts.

2017-09-19 11:08:58 -05:00 · 2017-09-19 11:08:58 -05:00 · 6081bee46b
--- a/.gitignore
+++ b/.gitignore
@ -11,3 +11,4 @@ cron/ipblocklist.txt
 alerts/generic_alerts
 /.project
 /data
+.vscode
--- a/alerts/alertPlugins.ini
+++ b/alerts/alertPlugins.ini
@ -1,16 +0,0 @@
-[uwsgi]
-chdir = /opt/mozdef/envs/mozdef/alerts/
-uid = mozdef
-mule = alertWorker.py
-pyargv = -c /opt/mozdef/envs/mozdef/alerts/alertWorker.conf
-log-syslog = alertplugins-worker
-log-drain = generated 0 bytes
-socket = /opt/mozdef/envs/mozdef/alerts/alertPlugins.socket
-virtualenv = /opt/mozdef/envs/mozdef/
-master-fifo = /opt/mozdef/envs/mozdef/alerts/alertPlugins.fifo
-procname-master = [m]
-procname-prefix = [alertPlugins]
-never-swap
-pidfile= /var/run/mozdef-alerts/alertPlugins.pid
-vacuum = true
-enable-threads
--- a/alerts/alert_plugins.ini
+++ b/alerts/alert_plugins.ini
@ -0,0 +1,16 @@
+[uwsgi]
+chdir = /opt/mozdef/envs/mozdef/alerts/
+uid = mozdef
+mule = alert_worker.py
+pyargv = -c /opt/mozdef/envs/mozdef/alerts/alert_worker.conf
+log-syslog = alertplugins-worker
+log-drain = generated 0 bytes
+socket = /opt/mozdef/envs/mozdef/alerts/alert_plugins.socket
+virtualenv = /opt/mozdef/envs/mozdef/
+master-fifo = /opt/mozdef/envs/mozdef/alerts/alert_plugins.fifo
+procname-master = [m]
+procname-prefix = [alertplugins]
+never-swap
+pidfile= /var/run/mozdef-alerts/alert_plugins.pid
+vacuum = true
+enable-threads
--- a/alerts/alert_worker.conf
+++ b/alerts/alert_worker.conf
--- a/alerts/alert_worker.py
+++ b/alerts/alert_worker.py
--- a/alerts/bugzilla_auth_bruteforce.conf
+++ b/alerts/bugzilla_auth_bruteforce.conf
--- a/alerts/bugzilla_auth_bruteforce.py
+++ b/alerts/bugzilla_auth_bruteforce.py
@ -15,7 +15,7 @@ from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch

 class AlertBugzillaPBruteforce(AlertTask):
    def main(self):
-        self.parse_config('bugzillaauthbruteforce.conf', ['url'])
+        self.parse_config('bugzilla_auth_bruteforce.conf', ['url'])
        search_query = SearchQuery(minutes=15)

        search_query.add_must([
--- a/alerts/http_auth_bruteforce.conf
+++ b/alerts/http_auth_bruteforce.conf
--- a/alerts/http_auth_bruteforce.py
+++ b/alerts/http_auth_bruteforce.py
@ -15,7 +15,7 @@ from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch

 class AlertHTTPBruteforce(AlertTask):
    def main(self):
-        self.parse_config('httpauthbruteforce.conf', ['url'])
+        self.parse_config('http_auth_bruteforce.conf', ['url'])
        search_query = SearchQuery(minutes=15)

        search_query.add_must([
--- a/alerts/http_errors.conf
+++ b/alerts/http_errors.conf
--- a/alerts/http_errors.py
+++ b/alerts/http_errors.py
@ -15,7 +15,7 @@ from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch

 class AlertHTTPErrors(AlertTask):
    def main(self):
-        self.parse_config('httperrors.conf', ['url'])
+        self.parse_config('http_errors.conf', ['url'])

        search_query = SearchQuery(minutes=15)

--- a/alerts/ssh_bruteforce_bro.conf
+++ b/alerts/ssh_bruteforce_bro.conf
--- a/alerts/ssh_bruteforce_bro.py
+++ b/alerts/ssh_bruteforce_bro.py
@ -15,7 +15,7 @@ from query_models import SearchQuery, TermMatch, ExistsMatch, PhraseMatch

 class AlertSSHManyConns(AlertTask):
    def main(self):
-        self.parse_config('sshbruteforce_bro.conf', ['url'])
+        self.parse_config('ssh_bruteforce_bro.conf', ['url'])

        search_query = SearchQuery(minutes=15)

--- a/alerts/supervisord_alerts.ini
+++ b/alerts/supervisord_alerts.ini
--- a/config/50-mozdef-filter.conf
+++ b/config/50-mozdef-filter.conf
@ -2,7 +2,7 @@ if $programname == 'mozdefbot-worker' then /var/log/mozdef/mozdefbot.log
 if $programname == 'loginput-worker' then /var/log/mozdef/loginput.log
 if $programname == 'infosecsqs-worker' then /var/log/mozdef/infosecsqs.log
 if $programname == 'restapi-worker' then /var/log/mozdef/restapi.log
-if $programname == 'syslog-worker' then /var/log/mozdef/syslog.log
+if $programname == 'eventtask-worker' then /var/log/mozdef/eventtask.log
 if $programname == 'nubis-worker' then /var/log/mozdef/nubis.log
 if $programname == 'bro-worker' then /var/log/mozdef/bro.log
 if $programname == 'migsqs-worker' then /var/log/mozdef/migsqs.log
--- a/docs/source/installation.rst
+++ b/docs/source/installation.rst
@ -395,7 +395,7 @@ Manual Installation

 *Use sudo whereever required*

-**(Currently only for apt-based systems)**
+**(Currently only for apt-based systems using Docker)**


 1. Cloning repository ::
--- a/mq/esworker_cloudtrail.conf
+++ b/mq/esworker_cloudtrail.conf
--- a/mq/esworker_cloudtrail.py
+++ b/mq/esworker_cloudtrail.py
--- a/mq/esworker_eventtask.conf
+++ b/mq/esworker_eventtask.conf
--- a/mq/esworker_eventtask.py
+++ b/mq/esworker_eventtask.py
--- a/mq/esworker_papertrail.conf
+++ b/mq/esworker_papertrail.conf
--- a/mq/esworker_papertrail.py
+++ b/mq/esworker_papertrail.py
--- a/mq/esworker_sqs.conf
+++ b/mq/esworker_sqs.conf
--- a/mq/esworker_sqs.py
+++ b/mq/esworker_sqs.py
@ -11,7 +11,7 @@
 # kombu's support for SQS is buggy
 # so this version uses boto
 # to read an SQS queue and put events into elastic search
-# in the same manner as esworker.py
+# in the same manner as esworker_eventtask.py


 import json
--- a/mq/eventtask.ini
+++ b/mq/eventtask.ini
@ -0,0 +1,25 @@
+[uwsgi]
+chdir = /opt/mozdef/envs/mozdef/mq/
+uid = mozdef
+mule = esworker_eventtask.py
+mule = esworker_eventtask.py
+mule = esworker_eventtask.py
+mule = esworker_eventtask.py
+mule = esworker_eventtask.py
+mule = esworker_eventtask.py
+mule = esworker_eventtask.py
+mule = esworker_eventtask.py
+mule = esworker_eventtask.py
+mule = esworker_eventtask.py
+pyargv = -c /opt/mozdef/envs/mozdef/mq/esworker_eventtask.conf
+log-syslog = eventtask-worker
+log-drain = generated 0 bytes
+socket = /opt/mozdef/envs/mozdef/mq/eventtask.socket
+virtualenv = /opt/mozdef/envs/mozdef/
+procname-master = [m]
+procname-prefix = [eventtask]
+master-fifo = /opt/mozdef/envs/mozdef/mq/eventtask.fifo
+never-swap
+pidfile = /var/run/mozdefeventtask/eventtask.pid
+vacuum = true
+enable-threads
--- a/mq/mqwSyslog.ini
+++ b/mq/mqwSyslog.ini
@ -1,25 +0,0 @@
-[uwsgi]
-chdir = /opt/mozdef/envs/mozdef/mq/
-uid = mozdef
-mule = esworker.py
-mule = esworker.py
-mule = esworker.py
-mule = esworker.py
-mule = esworker.py
-mule = esworker.py
-mule = esworker.py
-mule = esworker.py
-mule = esworker.py
-mule = esworker.py
-pyargv = -c /opt/mozdef/envs/mozdef/mq/esworker.conf
-log-syslog = syslog-worker
-log-drain = generated 0 bytes
-socket = /opt/mozdef/envs/mozdef/mq/mqwSyslog.socket
-virtualenv = /opt/mozdef/envs/mozdef/
-procname-master = [m]
-procname-prefix = [mqwSyslog]
-master-fifo = /opt/mozdef/envs/mozdef/mq/mqwSyslog.fifo
-never-swap
-pidfile = /var/run/mozdefmqwSyslog/mqwSyslog.pid
-vacuum = true
-enable-threads
--- a/systemdfiles/alert/mozdefalertplugins.service
+++ b/systemdfiles/alert/mozdefalertplugins.service
@ -1,5 +1,5 @@
 [Unit]
-Description=uWSGI mozdef Alert Plugins
+Description=uWSGI MozDef Alert Plugins Service
 After=rabbitmq-server.service

 [Service]
@ -9,7 +9,7 @@ ExecStartPre=-/usr/bin/mkdir -p /var/run/mozdef-alerts
 ExecStartPre=/usr/bin/chown -R mozdef:mozdef /var/run/mozdef-alerts
 User=mozdef
 Group=mozdef
-ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/alerts; source /opt/mozdef/envs/mozdef/bin/activate; uwsgi --ini alertPlugins.ini'
+ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/alerts; source /opt/mozdef/envs/mozdef/bin/activate; uwsgi --ini alert_plugins.ini'
 Restart=always
 KillSignal=SIGQUIT
 Type=notify
@ -18,4 +18,4 @@ NotifyAccess=all

 [Install]
 WantedBy=multi-user.target
-Alias=alertPlugins
+Alias=alertplugins
--- a/systemdfiles/alert/mozdefalerts.service
+++ b/systemdfiles/alert/mozdefalerts.service
@ -1,5 +1,5 @@
 [Unit]
-Description=uWSGI mozdef Alert Service
+Description=uWSGI MozDef Alert Service
 After=rabbitmq-server.service

 [Service]
@ -10,7 +10,7 @@ ExecStartPre=/usr/bin/chown -R mozdef:mozdef /var/run/mozdef-alerts
 PIDFile=/var/run/mozdef-alerts/supervisord.pid
 User=mozdef
 Group=mozdef
-ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/alerts; source /opt/mozdef/envs/mozdef/bin/activate; /opt/mozdef/envs/mozdef/bin/supervisord -c /opt/mozdef/envs/mozdef/alerts/supervisord.alerts.ini'
+ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/alerts; source /opt/mozdef/envs/mozdef/bin/activate; /opt/mozdef/envs/mozdef/bin/supervisord -c /opt/mozdef/envs/mozdef/alerts/supervisord_alerts.ini'
 Restart=always
 KillSignal=SIGQUIT
 Type=forking
--- a/systemdfiles/alert/mozdefbot.service
+++ b/systemdfiles/alert/mozdefbot.service
@ -1,5 +1,5 @@
 [Unit]
-Description=uWSGI mozdef bot
+Description=uWSGI MozDef Bot Service
 After=rabbitmq-server.service

 [Service]
--- a/systemdfiles/consumer/mozdefloginput.service
+++ b/systemdfiles/consumer/mozdefloginput.service
@ -1,5 +1,5 @@
 [Unit]
-Description=uWSGI mozdefloginput
+Description=uWSGI MozDef Log Input Service
 After=rabbitmq-server.service

 [Service]
--- a/systemdfiles/consumer/mozdefmqwsyslog.service
+++ b/systemdfiles/consumer/mozdefmqwsyslog.service
@ -1,21 +0,0 @@
-[Unit]
-Description=uWSGI mozdef mqwSyslog
-After=rabbitmq-server.service
-
-[Service]
-# Requires systemd version 211 or newer
-PermissionsStartOnly=true
-ExecStartPre=-/usr/bin/mkdir -p /var/run/mozdefmqwSyslog
-ExecStartPre=/usr/bin/chown -R mozdef:mozdef /var/run/mozdefmqwSyslog
-User=mozdef
-Group=mozdef
-ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/mq; source /opt/mozdef/envs/mozdef/bin/activate; uwsgi --ini mqwSyslog.ini'
-Restart=always
-KillSignal=SIGQUIT
-Type=notify
-StandardError=syslog
-NotifyAccess=all
-
-[Install]
-WantedBy=multi-user.target
-Alias=mqwsyslog
--- a/systemdfiles/consumer/mworker-eventtask.service
+++ b/systemdfiles/consumer/mworker-eventtask.service
@ -0,0 +1,21 @@
+[Unit]
+Description=uWSGI eventtask mworker
+After=rabbitmq-server.service
+
+[Service]
+# Requires systemd version 211 or newer
+PermissionsStartOnly=true
+ExecStartPre=-/usr/bin/mkdir -p /var/run/mozdef_mq_worker_pids
+ExecStartPre=/usr/bin/chown -R mozdef:mozdef /var/run/mozdef_mq_worker_pids
+User=mozdef
+Group=mozdef
+ExecStart=/bin/bash -c 'cd /opt/mozdef/envs/mozdef/mq/; source /opt/mozdef/envs/mozdef/bin/activate; uwsgi --ini eventtask.ini'
+Restart=always
+KillSignal=SIGQUIT
+Type=notify
+StandardError=syslog
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target
+Alias=eventtask