Develop snort IDS and content inspect service

- Initial commit to show potential structure of a sample service - This wil be part of a larger sample application currently dubbed Service Delivery Controller - Docker container needs to be built and employs open-source Linux packages - Service is deployable in Istio service mesh using provided yaml - Control snort daemon and add custom rules with GRPC messaging - Process snort alerts actively and send to redis and upstream service mesh components - Integrates a web server for better HTTP signature detection - Improved build script for CI with variables - Render k8s yaml snort manifest dynamically with command line options - Improve snort_client sample script for runtime modifications including passing args on CLI, error checking - Update nginx proxy interface - Added logging to snort server and alert process Change-Id: Ic56f9fcd9ed21f64b84b85ac8ee280d69af7b7c9 Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
author: Eddie Arrage <eddie.arrage@huawei.com> 2018-03-20 23:51:35 +0000
committer: Eddie Arrage <eddie.arrage@huawei.com> 2018-03-31 00:11:00 +0000
commit: 56f50acd66d6f041b0347babb131150db3ca2023 (patch)
tree: 4a631df908d55fa7cd2fbf59c5854d06d811bf64 /samples/services/snort_ids/docker/grpc/snort_client.py
parent: c43c773fc33167f46461b4fd1ae58e40d390d59e (diff)
1 files changed, 106 insertions, 0 deletions
diff --git a/samples/services/snort_ids/docker/grpc/snort_client.py b/samples/services/snort_ids/docker/grpc/snort_client.py
new file mode 100644
index 0000000..d59b4ee
--- /dev/null
+++ b/samples/services/snort_ids/docker/grpc/snort_client.py
@@ -0,0 +1,106 @@
+# Copyright (c) Authors of Clover
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+from __future__ import print_function
+from kubernetes import client, config
+
+import grpc
+import argparse
+
+import snort_pb2
+import snort_pb2_grpc
+
+
+def run(args, grpc_port='50052'):
+    # get pod ip for grpc
+    pod_ip = get_podip(args['service_name'])
+    if pod_ip == '':
+        return "Can not find service: {}".format(args['service_name'])
+    snort_grpc = pod_ip + ':' + grpc_port
+    # snort_grpc = 'localhost:50052'
+    channel = grpc.insecure_channel(snort_grpc)
+    stub = snort_pb2_grpc.ControllerStub(channel)
+
+    # execute command in service
+    if args['cmd'] == 'addtcp':
+        return add_tcprule(stub)
+    elif args['cmd'] == 'addicmp':
+        return add_icmprule(stub)
+    elif args['cmd'] == 'start':
+        return start_snort(stub)
+    elif args['cmd'] == 'stop':
+        return stop_snort(stub)
+    else:
+        return "Invalid command: {}".format(args['cmd'])
+
+
+def get_podip(pod_name):
+    ip = ''
+    if pod_name != '':
+        config.load_kube_config()
+        v1 = client.CoreV1Api()
+        ret = v1.list_pod_for_all_namespaces(watch=False)
+        for i in ret.items:
+            if i.metadata.name.lower().find(pod_name.lower()) != -1:
+                print("Pod IP: {}".format(i.status.pod_ip))
+                ip = i.status.pod_ip
+                return str(ip)
+    return str(ip)
+
+
+def add_tcprule(stub):
+    try:
+        response = stub.AddRules(snort_pb2.AddRule(
+             protocol='tcp', dest_port='any', dest_ip='$HOME_NET',
+             src_port='any', src_ip='any', msg='tcp test', sid='10000002',
+             rev='001'))
+        print(stop_snort(stub))
+        print(start_snort(stub))
+    except Exception as e:
+        return e
+    return response.message
+
+
+def add_icmprule(stub):
+    try:
+        response = stub.AddRules(snort_pb2.AddRule(
+            protocol='icmp', dest_port='any', dest_ip='$HOME_NET',
+            src_port='any', src_ip='any', msg='icmp test', sid='10000001',
+            rev='001'))
+        print(stop_snort(stub))
+        print(start_snort(stub))
+    except Exception as e:
+        return e
+    return response.message
+
+
+def start_snort(stub):
+    try:
+        response = stub.StartSnort(snort_pb2.ControlSnort(pid='0'))
+    except Exception as e:
+        return e
+    return response.message
+
+
+def stop_snort(stub):
+    try:
+        response = stub.StopSnort(snort_pb2.ControlSnort(pid='0'))
+    except Exception as e:
+        return e
+    return response.message
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+            '--service_name', required=True,
+            help='Snort service/pod name to reconfigure')
+    parser.add_argument(
+            '--cmd', required=True,
+            help='Command to execute in snort service')
+    args = parser.parse_args()
+    print(run(vars(args)))
author	Eddie Arrage <eddie.arrage@huawei.com>	2018-03-20 23:51:35 +0000
committer	Eddie Arrage <eddie.arrage@huawei.com>	2018-03-31 00:11:00 +0000
commit	56f50acd66d6f041b0347babb131150db3ca2023 (patch)
tree	4a631df908d55fa7cd2fbf59c5854d06d811bf64 /samples/services/snort_ids/docker/grpc/snort_client.py
parent	c43c773fc33167f46461b4fd1ae58e40d390d59e (diff)