Skip to content
Permalink
Browse files

multiple fixes

  • Loading branch information...
andrewkrug committed May 10, 2019
1 parent 8c69648 commit 6d05bc6650abed99afe57ea3a334d83f26e0d484
@@ -1,3 +1,4 @@
import os
from celery import Celery
from importlib import import_module
from lib.config import ALERTS, LOGGING, RABBITMQ
@@ -9,19 +10,27 @@
alerts_include.append(".".join((alert).split(".")[:-1]))
alerts_include = list(set(alerts_include))

BROKER_URL = "amqp://{0}:{1}@{2}:{3}//".format(
RABBITMQ["mquser"], RABBITMQ["mqpassword"], RABBITMQ["mqserver"], RABBITMQ["mqport"]
)
# XXX TBD this should get wrapped into an object that provides pyconfig
if os.getenv("OPTIONS_MQPROTOCOL", "amqp") == "sqs":
BROKER_URL = "sqs://@"
BROKER_TRANSPORT_OPTIONS = {'region': os.getenv('OPTIONS_ALERTSQSQUEUEURL').split('.')[1]}
CELERY_RESULT_BACKEND = None
CELERY_DEFAULT_QUEUE = os.getenv('OPTIONS_ALERTSQSQUEUEURL').split('/')[4]
else:
BROKER_URL = "amqp://{0}:{1}@{2}:{3}//".format(
RABBITMQ["mquser"], RABBITMQ["mqpassword"], RABBITMQ["mqserver"], RABBITMQ["mqport"]
)
CELERY_QUEUES = {
"celery-default": {"exchange": "celery-default", "binding_key": "celery-default"}
}
CELERY_DEFAULT_QUEUE = 'celery-default'

CELERY_DISABLE_RATE_LIMITS = True
CELERYD_CONCURRENCY = 1
CELERY_IGNORE_RESULT = True
CELERY_ACCEPT_CONTENT = ["json"]
CELERY_TASK_SERIALIZER = "json"
CELERY_DEFAULT_QUEUE = "celery-default"
CELERY_QUEUES = {
"celery-default": {"exchange": "celery-default", "binding_key": "celery-default"}
}

CELERY_DEFAULT_QUEUE = 'celery-default'
CELERYBEAT_SCHEDULE = {}

# Register frequency of the tasks in the scheduler
@@ -61,11 +70,11 @@
app.register_task(alert_class())
except ImportError as e:
print ("Error importing {}").format(alert_namespace)
print e
print(e)
pass
except Exception as e:
print ("Error addding alert")
print e
print(e)

if __name__ == "__main__":
app.start()
@@ -107,12 +107,22 @@ Resources:
Resource: !Ref MozDefSQSQueueArn
- Sid: AllowReadWriteFromAlertQueue
Effect: Allow
- sqs:GetQueueUrl
- sqs:ReceiveMessage
- sqs:DeleteMessage
- sqs:SendMessage
- sqs:SendMessageBatch
Resource: !Ref MozDefAlertSqsQueueArn
Action:
- "sqs:DeleteMessage"
- "sqs:GetQueueUrl"
- "sqs:ChangeMessageVisibility"
- "sqs:DeleteMessageBatch"
- "sqs:SendMessageBatch"
- "sqs:ReceiveMessage"
- "sqs:SendMessage"
- "sqs:GetQueueAttributes"
- "sqs:ChangeMessageVisibilityBatch"
Resource: !Ref MozDefAlertSqsQueueArn
- Sid: AllowListQueuesCelery
Effect: Allow
Action:
- "sqs:ListQueues"
Resource: "*"
MozDefIAMRole:
Type: AWS::IAM::Role
Properties:
@@ -203,7 +203,7 @@ Resources:
'unauth_ssh.AlertUnauthSSH': {'schedule': crontab(minute='*/1')},
'guard_duty_probe.AlertGuardDutyProbe': {'schedule': crontab(minute='*/1')},
'cloudtrail_logging_disabled.AlertCloudtrailLoggingDisabled': {'schedule': timedelta(minutes=1)},
'cloudtrail_deadman.AlertCloudtrailDeadman': {'schedule': timedelta(hours=1)}
'cloudtrail_deadman.AlertCloudtrailDeadman': {'schedule': timedelta(minutes=15)}
}
ALERT_PLUGINS = [
@@ -4,10 +4,10 @@ services:
nginx:
image: mozdef/mozdef_cognito_proxy:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
command: nginx
env_file:
- cloudy_mozdef.env
@@ -29,10 +29,10 @@ services:
mongodb:
image: mozdef/mozdef_mongodb:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
restart: always
@@ -44,10 +44,10 @@ services:
bootstrap:
image: mozdef/mozdef_bootstrap:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
command: bash -c 'python initial_setup.py http://elasticsearch:9200 cron/defaultMappingTemplate.json cron/mozdefStateDefaultMappingTemplate.json cron/backup.conf http://kibana:5601'
@@ -59,10 +59,10 @@ services:
base:
image: mozdef/mozdef_base:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
command: bash -c 'su - mozdef -c /opt/mozdef/envs/mozdef/cron/update_geolite_db.sh'
@@ -71,10 +71,10 @@ services:
alertactions:
image: mozdef/mozdef_alertactions:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
restart: always
@@ -88,10 +88,10 @@ services:
alerts:
image: mozdef/mozdef_alerts:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
- rabbitmq.env
@@ -107,10 +107,10 @@ services:
cron:
image: mozdef/mozdef_cron:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
restart: always
@@ -126,10 +126,10 @@ services:
loginput:
image: mozdef/mozdef_loginput:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
restart: always
@@ -144,10 +144,10 @@ services:
meteor:
image: mozdef/mozdef_meteor:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
restart: always
@@ -163,10 +163,10 @@ services:
rest:
image: mozdef/mozdef_rest:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
restart: always
@@ -180,10 +180,10 @@ services:
syslog:
image: mozdef/mozdef_syslog:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
restart: always
@@ -198,10 +198,10 @@ services:
rabbitmq:
image: mozdef/mozdef_rabbitmq:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- rabbitmq.env
restart: always
@@ -216,10 +216,10 @@ services:
mq_eventtask:
image: mozdef/mozdef_mq_worker:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
restart: always
@@ -237,10 +237,10 @@ services:
mq_cloudtrail:
image: mozdef/mozdef_mq_worker:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
- cloudy_mozdef_mq_cloudtrail.env
@@ -259,10 +259,10 @@ services:
mq_sqs:
image: mozdef/mozdef_mq_worker:latest
logging:
driver: "json-file"
options:
max-file: 5
max-size: 10m
driver: "json-file"
options:
max-file: "5"
max-size: "10m"
env_file:
- cloudy_mozdef.env
- cloudy_mozdef_mq_sns_sqs.env
@@ -13,6 +13,9 @@ RUN \
libstdc++ \
libffi-devel \
zlib-devel \
libcurl-devel \
openssl \
openssl-devel \
git \
make && \
useradd -ms /bin/bash -d /opt/mozdef -m mozdef && \
@@ -27,6 +30,9 @@ RUN \
mkdir /opt/mozdef/envs/mozdef && \
mkdir /opt/mozdef/envs/mozdef/cron

# Force pycurl to understand we prefer openssl backend
ENV PYCURL_SSL_LIBRARY=openssl

# Create python virtual environment and install dependencies
COPY requirements.txt /opt/mozdef/envs/mozdef/requirements.txt

@@ -6,6 +6,7 @@ boto3==1.7.67
botocore==1.10.67
bottle==0.12.4
celery==4.1.0
celery[sqs]==4.1.0
cffi==1.9.1
configlib==2.0.3
configparser==3.5.0b2
@@ -40,6 +41,7 @@ packaging==16.8
pyasn1==0.1.9
pyasn1-modules==0.0.5
pyOpenSSL==18.0.0
pycurl==7.43.0.2
pycparser==2.17
pymongo==3.6.1
pynsive==0.2.6

0 comments on commit 6d05bc6

Please sign in to comment.
You can’t perform that action at this time.