/
main.go
118 lines (102 loc) · 3.54 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package main
import (
"context"
"fmt"
"github.com/ca-risken/aws/pkg/message"
"github.com/ca-risken/common/pkg/profiler"
mimosasqs "github.com/ca-risken/common/pkg/sqs"
"github.com/ca-risken/common/pkg/tracer"
"github.com/gassara-kys/envconfig"
)
const (
nameSpace = "aws"
serviceName = "portscan"
settingURL = "https://docs.security-hub.jp/aws/overview_datasource/"
)
func getFullServiceName() string {
return fmt.Sprintf("%s.%s", nameSpace, serviceName)
}
type AppConfig struct {
EnvName string `default:"local" split_words:"true"`
ProfileExporter string `split_words:"true" default:"nop"`
ProfileTypes []string `split_words:"true"`
TraceDebug bool `split_words:"true" default:"false"`
// sqs
Debug string `default:"false"`
AWSRegion string `envconfig:"aws_region" default:"ap-northeast-1"`
SQSEndpoint string `envconfig:"sqs_endpoint" default:"http://queue.middleware.svc.cluster.local:9324"`
PortscanQueueName string `split_words:"true" default:"aws-portscan"`
PortscanQueueURL string `split_words:"true" default:"http://queue.middleware.svc.cluster.local:9324/queue/aws-portscan"`
MaxNumberOfMessage int64 `split_words:"true" default:"5"`
WaitTimeSecond int64 `split_words:"true" default:"20"`
// grpc
CoreSvcAddr string `required:"true" split_words:"true" default:"core.core.svc.cluster.local:8080"`
AWSSvcAddr string `required:"true" split_words:"true" default:"aws.aws.svc.cluster.local:9001"`
// portsan
ScanExcludePortNumber int `split_words:"true" default:"1000"`
ScanConcurrency int64 `split_words:"true" default:"5"`
}
func main() {
var conf AppConfig
err := envconfig.Process("", &conf)
if err != nil {
appLogger.Fatal(err.Error())
}
pTypes, err := profiler.ConvertProfileTypeFrom(conf.ProfileTypes)
if err != nil {
appLogger.Fatal(err.Error())
}
pExporter, err := profiler.ConvertExporterTypeFrom(conf.ProfileExporter)
if err != nil {
appLogger.Fatal(err.Error())
}
pc := profiler.Config{
ServiceName: getFullServiceName(),
EnvName: conf.EnvName,
ProfileTypes: pTypes,
ExporterType: pExporter,
}
err = pc.Start()
if err != nil {
appLogger.Fatal(err.Error())
}
defer pc.Stop()
tc := &tracer.Config{
ServiceName: getFullServiceName(),
Environment: conf.EnvName,
Debug: conf.TraceDebug,
}
tracer.Start(tc)
defer tracer.Stop()
sqsConf := &sqsConfig{
Debug: conf.Debug,
AWSRegion: conf.AWSRegion,
SQSEndpoint: conf.SQSEndpoint,
PortscanQueueName: conf.PortscanQueueName,
PortscanQueueURL: conf.PortscanQueueURL,
MaxNumberOfMessage: conf.MaxNumberOfMessage,
WaitTimeSecond: conf.WaitTimeSecond,
ScanConcurrency: conf.ScanConcurrency,
}
consumer := newSQSConsumer(sqsConf)
handler := &sqsHandler{
awsRegion: conf.AWSRegion,
scanExcludePortNumber: conf.ScanExcludePortNumber,
}
handler.findingClient = newFindingClient(conf.CoreSvcAddr)
handler.alertClient = newAlertClient(conf.CoreSvcAddr)
handler.awsClient = newAWSClient(conf.AWSSvcAddr)
handler.scanConcurrency = conf.ScanConcurrency
f, err := mimosasqs.NewFinalizer(message.PortscanDataSource, settingURL, conf.CoreSvcAddr, nil)
if err != nil {
appLogger.Fatalf("Failed to create Finalizer, err=%+v", err)
}
appLogger.Info("Start the portscan SQS consumer server...")
ctx := context.Background()
consumer.Start(ctx,
mimosasqs.InitializeHandler(
mimosasqs.RetryableErrorHandler(
mimosasqs.StatusLoggingHandler(appLogger,
mimosasqs.TracingHandler(getFullServiceName(),
f.FinalizeHandler(handler))))))
}