diff options
author | Eddie Arrage <eddie.arrage@huawei.com> | 2018-03-20 23:51:35 +0000 |
---|---|---|
committer | Eddie Arrage <eddie.arrage@huawei.com> | 2018-03-31 00:11:00 +0000 |
commit | 56f50acd66d6f041b0347babb131150db3ca2023 (patch) | |
tree | 4a631df908d55fa7cd2fbf59c5854d06d811bf64 /samples/services/snort_ids/docker/grpc/snort_client.py | |
parent | c43c773fc33167f46461b4fd1ae58e40d390d59e (diff) |
Develop snort IDS and content inspect service
- Initial commit to show potential structure of a sample service
- This wil be part of a larger sample application currently dubbed
Service Delivery Controller
- Docker container needs to be built and employs open-source Linux packages
- Service is deployable in Istio service mesh using provided yaml
- Control snort daemon and add custom rules with GRPC messaging
- Process snort alerts actively and send to redis and upstream service
mesh components
- Integrates a web server for better HTTP signature detection
- Improved build script for CI with variables
- Render k8s yaml snort manifest dynamically with command
line options
- Improve snort_client sample script for runtime modifications
including passing args on CLI, error checking
- Update nginx proxy interface
- Added logging to snort server and alert process
Change-Id: Ic56f9fcd9ed21f64b84b85ac8ee280d69af7b7c9
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Diffstat (limited to 'samples/services/snort_ids/docker/grpc/snort_client.py')
-rw-r--r-- | samples/services/snort_ids/docker/grpc/snort_client.py | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/samples/services/snort_ids/docker/grpc/snort_client.py b/samples/services/snort_ids/docker/grpc/snort_client.py new file mode 100644 index 0000000..d59b4ee --- /dev/null +++ b/samples/services/snort_ids/docker/grpc/snort_client.py @@ -0,0 +1,106 @@ +# Copyright (c) Authors of Clover +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 + +from __future__ import print_function +from kubernetes import client, config + +import grpc +import argparse + +import snort_pb2 +import snort_pb2_grpc + + +def run(args, grpc_port='50052'): + # get pod ip for grpc + pod_ip = get_podip(args['service_name']) + if pod_ip == '': + return "Can not find service: {}".format(args['service_name']) + snort_grpc = pod_ip + ':' + grpc_port + # snort_grpc = 'localhost:50052' + channel = grpc.insecure_channel(snort_grpc) + stub = snort_pb2_grpc.ControllerStub(channel) + + # execute command in service + if args['cmd'] == 'addtcp': + return add_tcprule(stub) + elif args['cmd'] == 'addicmp': + return add_icmprule(stub) + elif args['cmd'] == 'start': + return start_snort(stub) + elif args['cmd'] == 'stop': + return stop_snort(stub) + else: + return "Invalid command: {}".format(args['cmd']) + + +def get_podip(pod_name): + ip = '' + if pod_name != '': + config.load_kube_config() + v1 = client.CoreV1Api() + ret = v1.list_pod_for_all_namespaces(watch=False) + for i in ret.items: + if i.metadata.name.lower().find(pod_name.lower()) != -1: + print("Pod IP: {}".format(i.status.pod_ip)) + ip = i.status.pod_ip + return str(ip) + return str(ip) + + +def add_tcprule(stub): + try: + response = stub.AddRules(snort_pb2.AddRule( + protocol='tcp', dest_port='any', dest_ip='$HOME_NET', + src_port='any', src_ip='any', msg='tcp test', sid='10000002', + rev='001')) + print(stop_snort(stub)) + print(start_snort(stub)) + except Exception as e: + return e + return response.message + + +def add_icmprule(stub): + try: + response = stub.AddRules(snort_pb2.AddRule( + protocol='icmp', dest_port='any', dest_ip='$HOME_NET', + src_port='any', src_ip='any', msg='icmp test', sid='10000001', + rev='001')) + print(stop_snort(stub)) + print(start_snort(stub)) + except Exception as e: + return e + return response.message + + +def start_snort(stub): + try: + response = stub.StartSnort(snort_pb2.ControlSnort(pid='0')) + except Exception as e: + return e + return response.message + + +def stop_snort(stub): + try: + response = stub.StopSnort(snort_pb2.ControlSnort(pid='0')) + except Exception as e: + return e + return response.message + + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + parser.add_argument( + '--service_name', required=True, + help='Snort service/pod name to reconfigure') + parser.add_argument( + '--cmd', required=True, + help='Command to execute in snort service') + args = parser.parse_args() + print(run(vars(args))) |