diff --git a/.gitignore b/.gitignore index 10a2ee1..cd78ecc 100644 --- a/.gitignore +++ b/.gitignore @@ -14,4 +14,5 @@ reaction*.export.json debian-packaging/* *.swp export-go-db/export-db -import-rust-db/target/ +import-rust-db/target +/target diff --git a/rust/Cargo.lock b/Cargo.lock similarity index 100% rename from rust/Cargo.lock rename to Cargo.lock diff --git a/rust/Cargo.toml b/Cargo.toml similarity index 100% rename from rust/Cargo.toml rename to Cargo.toml diff --git a/config/heavy-load.yml b/config/heavy-load.yml index 1c149c3..6af6dfa 100644 --- a/config/heavy-load.yml +++ b/config/heavy-load.yml @@ -1,72 +1,72 @@ --- +concurrency: 32 + patterns: num: - regex: '[0-9]+' + regex: '[0-9]{3}' ip: regex: '(?:(?:[0-9]{1,3}\.){3}[0-9]{1,3})|(?:[0-9a-fA-F:]{2,90})' ignore: - 1.0.0.1 -concurrency: 0 - streams: tailDown1: - cmd: [ 'sh', '-c', 'sleep 2; seq 100010 | while read i; do echo found $(($i % 100)); done' ] + cmd: [ 'sh', '-c', 'sleep 2; seq 10001 | while read i; do echo found $i; done' ] filters: - findIP: + find: regex: - - '^found $' - retry: 50 - retryperiod: 1m + - '^found ' + retry: 9 + retryperiod: 6m actions: damn: - cmd: [ 'sleep', '0.' ] + cmd: [ 'sleep', '0.0' ] undamn: - cmd: [ 'sleep', '0.' ] + cmd: [ 'sleep', '0.0' ] after: 1m onexit: false tailDown2: - cmd: [ 'sh', '-c', 'sleep 2; seq 100010 | while read i; do echo prout $(($i % 100)); done' ] + cmd: [ 'sh', '-c', 'sleep 2; seq 1000100 | while read i; do echo found $i; done' ] filters: - findIP: + find: regex: - - '^prout $' - retry: 50 - retryperiod: 1m + - '^found ' + retry: 480 + retryperiod: 6m actions: damn: - cmd: [ 'sleep', '0.' ] + cmd: [ 'sleep', '0.0' ] undamn: - cmd: [ 'sleep', '0.' ] + cmd: [ 'sleep', '0.0' ] after: 1m onexit: false tailDown3: - cmd: [ 'sh', '-c', 'sleep 2; seq 100010 | while read i; do echo nanana $(($i % 100)); done' ] + cmd: [ 'sh', '-c', 'sleep 2; seq 1000100 | while read i; do echo found $i; done' ] filters: - findIP: + find: regex: - - '^nanana $' - retry: 50 - retryperiod: 2m + - '^found ' + retry: 480 + retryperiod: 6m actions: damn: - cmd: [ 'sleep', '0.' ] + cmd: [ 'sleep', '0.0' ] undamn: - cmd: [ 'sleep', '0.' ] + cmd: [ 'sleep', '0.0' ] after: 1m onexit: false tailDown4: - cmd: [ 'sh', '-c', 'sleep 2; seq 100010 | while read i; do echo nanana $(($i % 100)); done' ] + cmd: [ 'sh', '-c', 'sleep 2; seq 1000100 | while read i; do echo found $i; done' ] filters: - findIP: + find: regex: - - '^nomatch $' - retry: 50 - retryperiod: 2m + - '^found ' + retry: 480 + retryperiod: 6m actions: damn: - cmd: [ 'sleep', '0.' ] + cmd: [ 'sleep', '0.0' ] undamn: - cmd: [ 'sleep', '0.' ] + cmd: [ 'sleep', '0.0' ] after: 1m onexit: false diff --git a/config/test.jsonnet b/config/test.jsonnet index 9210a80..6e99367 100644 --- a/config/test.jsonnet +++ b/config/test.jsonnet @@ -12,47 +12,31 @@ }, }, + start: [ + ['echo', 'coucou'], + ], + + stop: [ + ['echo', 'byebye'], + ], + streams: { - tailDown1: { - cmd: ['sh', '-c', "echo 1_abc 2_abc 3_abc abc_1 abc_2 abc_3 | tr ' ' '\n' | while read i; do sleep 1; echo found $i; done; sleep 30"], + s1: { + cmd: ['sh', '-c', "seq 20 | tr ' ' '\n' | while read i; do echo found $((i % 5)); sleep 1; done"], filters: { - findIP: { + f1: { regex: [ - '^found _$', - '^found _$', + '^found $', ], retry: 2, - retryperiod: '30s', + retryperiod: '60s', actions: { damn: { - cmd: ['echo', ''], + cmd: ['notify-send', 'first stream', 'ban '], }, undamn: { - cmd: ['echo', 'undamn', ''], - after: '28s', - onexit: true, - }, - }, - }, - }, - }, - tailDown2: { - cmd: ['sh', '-c', "echo 1_abc 2_abc 3_abc abc_1 abc_2 abc_3 | tr ' ' '\n' | while read i; do sleep 1; echo found $i; done; sleep 30"], - filters: { - findIP: { - regex: [ - '^found _$', - '^found _$', - ], - retry: 2, - retryperiod: '30s', - actions: { - damn: { - cmd: ['echo', ''], - }, - undamn: { - cmd: ['echo', 'undamn', ''], - after: '28s', + cmd: ['notify-send', 'first stream', 'unban '], + after: '3s', onexit: true, }, }, diff --git a/rust/.gitignore b/rust/.gitignore deleted file mode 100644 index 2f7896d..0000000 --- a/rust/.gitignore +++ /dev/null @@ -1 +0,0 @@ -target/ diff --git a/rust/datasize.jsonnet b/rust/datasize.jsonnet deleted file mode 100644 index 2c842df..0000000 --- a/rust/datasize.jsonnet +++ /dev/null @@ -1,30 +0,0 @@ -{ - patterns: { - num: { - regex: @'([0-9]+)', - }, - }, - streams: { - s1: { - cmd: ['seq', '-w', '499999'], - filters: { - f1: { - regex: [ - '^$', - ], - retry: 10, - retryperiod: '1m', - actions: { - a: { - cmd: ['true'], - }, - b: { - cmd: ['true'], - after: '1m', - }, - }, - }, - }, - }, - }, -} diff --git a/rust/example.json b/rust/example.json deleted file mode 100644 index 8591b6d..0000000 --- a/rust/example.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "concurrency": 0, - "patterns": { - "ip": { - "ignore": [ - "127.0.0.1", - "::1" - ], - "regex": "(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?:\\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}|(?:(?:[0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(?::[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(?::[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(?::[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(?::[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?:(?::[0-9a-fA-F]{1,4}){1,6})|:(?:(?::[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(?::0{1,4}){0,1}:){0,1}(?:(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])|(?:[0-9a-fA-F]{1,4}:){1,4}:(?:(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9]))" - } - }, - "start": [ - [ - "ip46tables", - "-w", - "-N", - "reaction" - ], - [ - "ip46tables", - "-w", - "-I", - "INPUT", - "-p", - "all", - "-j", - "reaction" - ], - [ - "ip46tables", - "-w", - "-I", - "FORWARD", - "-p", - "all", - "-j", - "reaction" - ] - ], - "stop": [ - [ - "ip46tables", - "-w", - "-D", - "INPUT", - "-p", - "all", - "-j", - "reaction" - ], - [ - "ip46tables", - "-w", - "-D", - "FORWARD", - "-p", - "all", - "-j", - "reaction" - ], - [ - "ip46tables", - "-w", - "-F", - "reaction" - ], - [ - "ip46tables", - "-w", - "-X", - "reaction" - ] - ], - "streams": { - "ssh": { - "cmd": [ - "journalctl", - "-n0", - "-fu", - "sshd.service" - ], - "filters": { - "failedlogin": { - "actions": { - "ban": { - "cmd": [ - "ip46tables", - "-w", - "-A", - "reaction", - "-s", - "", - "-j", - "DROP" - ] - }, - "unban": { - "after": "48h", - "cmd": [ - "ip46tables", - "-w", - "-D", - "reaction", - "-s", - "", - "-j", - "DROP" - ] - } - }, - "regex": [ - "authentication failure;.*rhost=", - "Failed password for .* from ", - "Connection (reset|closed) by (authenticating|invalid) user .* " - ], - "retry": 3, - "retryperiod": "6h" - } - } - } - } -} diff --git a/rust/heavy-load.yml b/rust/heavy-load.yml deleted file mode 100644 index 6af6dfa..0000000 --- a/rust/heavy-load.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -concurrency: 32 - -patterns: - num: - regex: '[0-9]{3}' - ip: - regex: '(?:(?:[0-9]{1,3}\.){3}[0-9]{1,3})|(?:[0-9a-fA-F:]{2,90})' - ignore: - - 1.0.0.1 - -streams: - tailDown1: - cmd: [ 'sh', '-c', 'sleep 2; seq 10001 | while read i; do echo found $i; done' ] - filters: - find: - regex: - - '^found ' - retry: 9 - retryperiod: 6m - actions: - damn: - cmd: [ 'sleep', '0.0' ] - undamn: - cmd: [ 'sleep', '0.0' ] - after: 1m - onexit: false - tailDown2: - cmd: [ 'sh', '-c', 'sleep 2; seq 1000100 | while read i; do echo found $i; done' ] - filters: - find: - regex: - - '^found ' - retry: 480 - retryperiod: 6m - actions: - damn: - cmd: [ 'sleep', '0.0' ] - undamn: - cmd: [ 'sleep', '0.0' ] - after: 1m - onexit: false - tailDown3: - cmd: [ 'sh', '-c', 'sleep 2; seq 1000100 | while read i; do echo found $i; done' ] - filters: - find: - regex: - - '^found ' - retry: 480 - retryperiod: 6m - actions: - damn: - cmd: [ 'sleep', '0.0' ] - undamn: - cmd: [ 'sleep', '0.0' ] - after: 1m - onexit: false - tailDown4: - cmd: [ 'sh', '-c', 'sleep 2; seq 1000100 | while read i; do echo found $i; done' ] - filters: - find: - regex: - - '^found ' - retry: 480 - retryperiod: 6m - actions: - damn: - cmd: [ 'sleep', '0.0' ] - undamn: - cmd: [ 'sleep', '0.0' ] - after: 1m - onexit: false diff --git a/rust/test.jsonnet b/rust/test.jsonnet deleted file mode 100644 index 6e99367..0000000 --- a/rust/test.jsonnet +++ /dev/null @@ -1,47 +0,0 @@ -{ - patterns: { - num: { - regex: '[0-9]+', - ignore: ['1'], - // ignoreregex: ['2.?'], - }, - letter: { - regex: '[a-z]+', - ignore: ['b'], - // ignoreregex: ['b.?'], - }, - }, - - start: [ - ['echo', 'coucou'], - ], - - stop: [ - ['echo', 'byebye'], - ], - - streams: { - s1: { - cmd: ['sh', '-c', "seq 20 | tr ' ' '\n' | while read i; do echo found $((i % 5)); sleep 1; done"], - filters: { - f1: { - regex: [ - '^found $', - ], - retry: 2, - retryperiod: '60s', - actions: { - damn: { - cmd: ['notify-send', 'first stream', 'ban '], - }, - undamn: { - cmd: ['notify-send', 'first stream', 'unban '], - after: '3s', - onexit: true, - }, - }, - }, - }, - }, - }, -} diff --git a/rust/src/client/mod.rs b/src/client/mod.rs similarity index 100% rename from rust/src/client/mod.rs rename to src/client/mod.rs diff --git a/rust/src/concepts/action.rs b/src/concepts/action.rs similarity index 100% rename from rust/src/concepts/action.rs rename to src/concepts/action.rs diff --git a/rust/src/concepts/config.rs b/src/concepts/config.rs similarity index 100% rename from rust/src/concepts/config.rs rename to src/concepts/config.rs diff --git a/rust/src/concepts/filter.rs b/src/concepts/filter.rs similarity index 100% rename from rust/src/concepts/filter.rs rename to src/concepts/filter.rs diff --git a/rust/src/concepts/messages.rs b/src/concepts/messages.rs similarity index 100% rename from rust/src/concepts/messages.rs rename to src/concepts/messages.rs diff --git a/rust/src/concepts/mod.rs b/src/concepts/mod.rs similarity index 100% rename from rust/src/concepts/mod.rs rename to src/concepts/mod.rs diff --git a/rust/src/concepts/pattern.rs b/src/concepts/pattern.rs similarity index 100% rename from rust/src/concepts/pattern.rs rename to src/concepts/pattern.rs diff --git a/rust/src/concepts/socket_messages.rs b/src/concepts/socket_messages.rs similarity index 100% rename from rust/src/concepts/socket_messages.rs rename to src/concepts/socket_messages.rs diff --git a/rust/src/concepts/stream.rs b/src/concepts/stream.rs similarity index 100% rename from rust/src/concepts/stream.rs rename to src/concepts/stream.rs diff --git a/rust/src/daemon/action.rs b/src/daemon/action.rs similarity index 100% rename from rust/src/daemon/action.rs rename to src/daemon/action.rs diff --git a/rust/src/daemon/database/lowlevel.rs b/src/daemon/database/lowlevel.rs similarity index 100% rename from rust/src/daemon/database/lowlevel.rs rename to src/daemon/database/lowlevel.rs diff --git a/rust/src/daemon/database/mod.rs b/src/daemon/database/mod.rs similarity index 100% rename from rust/src/daemon/database/mod.rs rename to src/daemon/database/mod.rs diff --git a/rust/src/daemon/database/tests.rs b/src/daemon/database/tests.rs similarity index 100% rename from rust/src/daemon/database/tests.rs rename to src/daemon/database/tests.rs diff --git a/rust/src/daemon/filter.rs b/src/daemon/filter.rs similarity index 100% rename from rust/src/daemon/filter.rs rename to src/daemon/filter.rs diff --git a/rust/src/daemon/mod.rs b/src/daemon/mod.rs similarity index 100% rename from rust/src/daemon/mod.rs rename to src/daemon/mod.rs diff --git a/rust/src/daemon/socket.rs b/src/daemon/socket.rs similarity index 100% rename from rust/src/daemon/socket.rs rename to src/daemon/socket.rs diff --git a/rust/src/daemon/stream.rs b/src/daemon/stream.rs similarity index 100% rename from rust/src/daemon/stream.rs rename to src/daemon/stream.rs diff --git a/rust/src/lib.rs b/src/lib.rs similarity index 100% rename from rust/src/lib.rs rename to src/lib.rs diff --git a/rust/src/main.rs b/src/main.rs similarity index 100% rename from rust/src/main.rs rename to src/main.rs diff --git a/rust/src/tests.rs b/src/tests.rs similarity index 100% rename from rust/src/tests.rs rename to src/tests.rs diff --git a/rust/src/utils/cli.rs b/src/utils/cli.rs similarity index 100% rename from rust/src/utils/cli.rs rename to src/utils/cli.rs diff --git a/rust/src/utils/mod.rs b/src/utils/mod.rs similarity index 100% rename from rust/src/utils/mod.rs rename to src/utils/mod.rs diff --git a/rust/src/utils/parse_duration.rs b/src/utils/parse_duration.rs similarity index 100% rename from rust/src/utils/parse_duration.rs rename to src/utils/parse_duration.rs diff --git a/rust/tests/simple.rs b/tests/simple.rs similarity index 100% rename from rust/tests/simple.rs rename to tests/simple.rs