-
Notifications
You must be signed in to change notification settings - Fork 0
/
service.go
159 lines (135 loc) · 4 KB
/
service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
package blacklist
import (
"fmt"
"io"
"net/http"
"os"
ritaBL "github.com/activecm/rita-bl"
ritaBLdb "github.com/activecm/rita-bl/database"
"github.com/activecm/rita-bl/list"
"github.com/activecm/rita-bl/sources/lists"
"github.com/activecm/rita/config"
"github.com/activecm/rita/resources"
log "github.com/sirupsen/logrus"
)
// type Service interface {
// BuildBlacklistedCollections(res *resources.Resources)
// }
// func NewService() *Service {
// return &Service{}
// }
//BuildBlacklistedCollections builds the blacklist master reference collection
//and checks the uconn documents against that collection
func BuildBlacklistedCollections(res *resources.Resources) {
// build the blacklist reference collection from provided blacklist sources
// this will be the master list ips and hostnames will be checked against
buildBlacklistReferenceCollection(res)
// // build src ip collection
// buildBlacklistedIPs(res, true)
// //build dst ip collection
// buildBlacklistedIPs(res, false)
// //build hostnames collection
// buildBlacklistedHostnames(res)
}
func buildBlacklistReferenceCollection(res *resources.Resources) {
/***************** create new blacklist collection *********************/
var err error
var blDatabase ritaBLdb.Handle
// set current dataset name
currentDB := res.DB.GetSelectedDB()
// User option set in yaml file, if enabled
// RITA will verify the MongoDB certificate's hostname and validity
// otherwise run a normal request to create a database
if res.Config.S.MongoDB.TLS.Enabled {
blDatabase, err = ritaBLdb.NewSecureMongoDB(
res.Config.S.MongoDB.ConnectionString,
res.Config.R.MongoDB.AuthMechanismParsed,
res.Config.S.Blacklisted.BlacklistDatabase,
res.Config.R.MongoDB.TLS.TLSConfig,
)
} else {
blDatabase, err = ritaBLdb.NewMongoDB(
res.Config.S.MongoDB.ConnectionString,
res.Config.R.MongoDB.AuthMechanismParsed,
res.Config.S.Blacklisted.BlacklistDatabase,
)
}
if err != nil {
res.Log.Error(err)
fmt.Println("\t[!] Could not connect to blacklist database")
return
}
// Creates new rita bl blacklist structure
ritaBL := ritaBL.NewBlacklist(
blDatabase,
func(err error) { //error handler
res.Log.WithFields(log.Fields{
"db": currentDB,
}).Error(err)
},
)
//send blacklist source lists
ritaBL.SetLists(getSourceLists(res.Config)...)
//update the lists
ritaBL.Update()
return
}
//getSourceLists gathers the blacklists to check against
func getSourceLists(conf *config.Config) []list.List {
//build up the lists
var blacklists []list.List
//use prebuilt lists
if conf.S.Blacklisted.UseIPms {
blacklists = append(blacklists, lists.NewMyIPmsList())
}
if conf.S.Blacklisted.UseDNSBH {
blacklists = append(blacklists, lists.NewDNSBHList())
}
if conf.S.Blacklisted.UseMDL {
blacklists = append(blacklists, lists.NewMdlList())
}
//use custom lists
ipLists := buildCustomBlacklists(
list.BlacklistedIPType,
conf.S.Blacklisted.IPBlacklists,
)
hostLists := buildCustomBlacklists(
list.BlacklistedHostnameType,
conf.S.Blacklisted.HostnameBlacklists,
)
blacklists = append(blacklists, ipLists...)
blacklists = append(blacklists, hostLists...)
return blacklists
}
//buildCustomBlacklists gathers a custom blacklist from a url or file path
func buildCustomBlacklists(entryType list.BlacklistedEntryType, paths []string) []list.List {
var blacklists []list.List
for _, path := range paths {
newList := lists.NewLineSeperatedList(
entryType,
path,
86400, // default cache time of 1 day
tryOpenFileThenURL(path),
)
blacklists = append(blacklists, newList)
}
return blacklists
}
//provide a closure over path to read the file into a line separated blacklist
func tryOpenFileThenURL(path string) func() (io.ReadCloser, error) {
return func() (io.ReadCloser, error) {
_, err := os.Stat(path)
if err == nil {
file, err2 := os.Open(path)
if err2 != nil {
return nil, err2
}
return file, nil
}
resp, err := http.Get(path)
if err != nil {
return nil, err
}
return resp.Body, nil
}
}