archive
/
PurpleDome
mirror of https://github.com/avast/PurpleDome
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
develop
polishing2
presentation_gpn_2022
more_unit_tests
extending_page
main
caldera_4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e7a3c3596f'
${ noResults }
PurpleDome/tests/plugins/sensor/missing_collect/sensor_missing_collect.py

82 lines
2.7 KiB
Python
Raw Blame History

#!/usr/bin/env python3
# A plugin to experiment with Linux logstash filebeat sensors
from plugins.base.sensor import SensorPlugin
import os
from jinja2 import Environment, FileSystemLoader, select_autoescape
class SensorMissingCollectPlugin(SensorPlugin):
# Boilerplate
name = "missing_collect"
description = "Linux filebeat plugin"
required_files = ["filebeat.conf",
"filebeat.yml",
]
def __init__(self):
super().__init__()
self.plugin_path = __file__
self.debugit = False
def process_templates(self):
""" process jinja2 templates of the config files and insert own config """
env = Environment(
loader=FileSystemLoader(self.get_plugin_path(), encoding='utf-8', followlinks=False),
autoescape=select_autoescape()
)
template = env.get_template("filebeat_template.conf")
dest = os.path.join(self.get_plugin_path(), "filebeat.conf")
with open(dest, "wt") as fh:
res = template.render({"playground": self.get_playground()})
fh.write(res)
def prime(self):
""" Hard-core install. Requires a reboot """
pg = self.get_playground()
self.vprint("Installing Linux filebeat sensor", 3)
self.run_cmd("sudo wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -")
self.run_cmd('sudo echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list')
self.run_cmd("sudo apt update")
self.run_cmd("sudo apt -y install default-jre")
self.run_cmd("sudo apt -y install logstash")
self.run_cmd("sudo apt -y install filebeat")
# Copy config
self.run_cmd(f"sudo cp {pg}/filebeat.yml /etc/filebeat/filebeat.yml")
self.run_cmd(f"sudo cp {pg}/filebeat.conf /etc/logstash/conf.d")
# Cleanup
self.run_cmd(f"rm {pg}/filebeat.json")
self.run_cmd(f"touch {pg}/filebeat.json")
self.run_cmd(f"chmod o+w {pg}/filebeat.json")
return False
def install(self):
""" Installs the filebeat sensor """
return
def start(self):
self.run_cmd("sudo filebeat modules enable system,iptables")
self.run_cmd("sudo filebeat setup --pipelines --modules iptables,system,")
self.run_cmd("sudo systemctl enable filebeat")
self.run_cmd("sudo systemctl start filebeat")
self.run_cmd("sudo systemctl enable logstash.service")
self.run_cmd("sudo systemctl start logstash.service")
return None
def stop(self):
""" Stop the sensor """
return
Reference in New Issue View Git Blame Copy Permalink