forked from falcosecurity/falcosidekick
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
198 lines (184 loc) · 7.69 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
package main
import (
"log"
"os"
"path"
"path/filepath"
"regexp"
"strings"
"text/template"
"github.com/falcosecurity/falcosidekick/types"
"github.com/spf13/viper"
kingpin "gopkg.in/alecthomas/kingpin.v2"
)
func getConfig() *types.Configuration {
c := &types.Configuration{
Customfields: make(map[string]string),
Webhook: types.WebhookOutputConfig{CustomHeaders: make(map[string]string)},
}
configFile := kingpin.Flag("config-file", "config file").Short('c').ExistingFile()
kingpin.Parse()
v := viper.New()
v.SetDefault("ListenPort", 2801)
v.SetDefault("Debug", false)
v.SetDefault("CheckCert", true)
v.SetDefault("Slack.WebhookURL", "")
v.SetDefault("Slack.Footer", "https://github.com/falcosecurity/falcosidekick")
v.SetDefault("Slack.Username", "Falcosidekick")
v.SetDefault("Slack.Icon", "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png")
v.SetDefault("Slack.OutputFormat", "all")
v.SetDefault("Slack.MessageFormat", "")
v.SetDefault("Slack.MinimumPriority", "")
v.SetDefault("Rocketchat.WebhookURL", "")
v.SetDefault("Rocketchat.Footer", "https://github.com/falcosecurity/falcosidekick")
v.SetDefault("Rocketchat.Username", "Falcosidekick")
v.SetDefault("Rocketchat.Icon", "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png")
v.SetDefault("Rocketchat.OutputFormat", "all")
v.SetDefault("Rocketchat.MessageFormat", "")
v.SetDefault("Rocketchat.MinimumPriority", "")
v.SetDefault("Mattermost.WebhookURL", "")
v.SetDefault("Mattermost.Footer", "https://github.com/falcosecurity/falcosidekick")
v.SetDefault("Mattermost.Username", "Falcosidekick")
v.SetDefault("Mattermost.Icon", "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png")
v.SetDefault("Mattermost.OutputFormat", "all")
v.SetDefault("Mattermost.MessageFormat", "")
v.SetDefault("Mattermost.MinimumPriority", "")
v.SetDefault("Teams.WebhookURL", "")
v.SetDefault("Teams.ActivityImage", "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png")
v.SetDefault("Teams.OutputFormat", "all")
v.SetDefault("Teams.MinimumPriority", "")
v.SetDefault("Datadog.APIKey", "")
v.SetDefault("Datadog.Host", "https://api.datadoghq.com")
v.SetDefault("Datadog.MinimumPriority", "")
v.SetDefault("Discord.WebhookURL", "")
v.SetDefault("Discord.MinimumPriority", "")
v.SetDefault("Discord.Icon", "https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png")
v.SetDefault("Alertmanager.HostPort", "")
v.SetDefault("Alertmanager.MinimumPriority", "")
v.SetDefault("Elasticsearch.HostPort", "")
v.SetDefault("Elasticsearch.Index", "falco")
v.SetDefault("Elasticsearch.Type", "event")
v.SetDefault("Elasticsearch.MinimumPriority", "")
v.SetDefault("Elasticsearch.Suffix", "daily")
v.SetDefault("Influxdb.HostPort", "")
v.SetDefault("Influxdb.Database", "falco")
v.SetDefault("Influxdb.User", "")
v.SetDefault("Influxdb.Password", "")
v.SetDefault("Influxdb.MinimumPriority", "")
v.SetDefault("Loki.HostPort", "")
v.SetDefault("Loki.MinimumPriority", "")
v.SetDefault("AWS.AccessKeyID", "")
v.SetDefault("AWS.SecretAccessKey", "")
v.SetDefault("AWS.Region", "")
v.SetDefault("AWS.Lambda.FunctionName", "")
v.SetDefault("AWS.Lambda.InvocationType", "RequestResponse")
v.SetDefault("AWS.Lambda.Logtype", "Tail")
v.SetDefault("AWS.Lambda.MinimumPriority", "")
v.SetDefault("AWS.SQS.URL", "")
v.SetDefault("AWS.SQS.MinimumPriority", "")
v.SetDefault("AWS.SNS.TopicArn", "")
v.SetDefault("AWS.SNS.MinimumPriority", "")
v.SetDefault("AWS.SNS.RawJSON", false)
v.SetDefault("SMTP.HostPort", "")
v.SetDefault("SMTP.User", "")
v.SetDefault("SMTP.Password", "")
v.SetDefault("SMTP.From", "")
v.SetDefault("SMTP.To", "")
v.SetDefault("SMTP.OutputFormat", "html")
v.SetDefault("SMTP.MinimumPriority", "")
v.SetDefault("Opsgenie.Region", "us")
v.SetDefault("Opsgenie.APIKey", "")
v.SetDefault("Opsgenie.MinimumPriority", "")
v.SetDefault("Statsd.Forwarder", "")
v.SetDefault("Statsd.Namespace", "falcosidekick.")
v.SetDefault("Dogstatsd.Forwarder", "")
v.SetDefault("Dogstatsd.Namespace", "falcosidekick.")
v.SetDefault("Dogstatsd.Tags", []string{})
v.SetDefault("Customfields", map[string]string{})
v.SetDefault("Webhook.Address", "")
v.SetDefault("Webhook.MinimumPriority", "")
v.SetDefault("Azure.eventHub.Namespace", "")
v.SetDefault("Azure.eventHub.Name", "")
v.SetDefault("Azure.eventHub.MinimumPriority", "")
v.SetDefault("GCP.Credentials", "")
v.SetDefault("GCP.PubSub.ProjectID", "")
v.SetDefault("GCP.PubSub.Topic", "")
v.SetDefault("GCP.PubSub.MinimumPriority", "")
v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
v.AutomaticEnv()
if *configFile != "" {
d, f := path.Split(*configFile)
if d == "" {
d = "."
}
v.SetConfigName(f[0 : len(f)-len(filepath.Ext(f))])
v.AddConfigPath(d)
err := v.ReadInConfig()
if err != nil {
log.Printf("[ERROR] : Error when reading config file : %v\n", err)
}
}
v.GetStringMapString("customfields")
v.GetStringMapString("Webhook.CustomHeaders")
v.Unmarshal(c)
if value, present := os.LookupEnv("CUSTOMFIELDS"); present {
customfields := strings.Split(value, ",")
for _, label := range customfields {
tagkeys := strings.Split(label, ":")
if len(tagkeys) == 2 {
c.Customfields[tagkeys[0]] = tagkeys[1]
}
}
}
if value, present := os.LookupEnv("WEBHOOK_CUSTOMHEADERS"); present {
customfields := strings.Split(value, ",")
for _, label := range customfields {
tagkeys := strings.Split(label, ":")
if len(tagkeys) == 2 {
c.Webhook.CustomHeaders[tagkeys[0]] = tagkeys[1]
}
}
}
if c.ListenPort == 0 || c.ListenPort > 65536 {
log.Fatalf("[ERROR] : Bad port number\n")
}
c.Slack.MinimumPriority = checkPriority(c.Slack.MinimumPriority)
c.Rocketchat.MinimumPriority = checkPriority(c.Rocketchat.MinimumPriority)
c.Mattermost.MinimumPriority = checkPriority(c.Mattermost.MinimumPriority)
c.Teams.MinimumPriority = checkPriority(c.Teams.MinimumPriority)
c.Datadog.MinimumPriority = checkPriority(c.Datadog.MinimumPriority)
c.Alertmanager.MinimumPriority = checkPriority(c.Alertmanager.MinimumPriority)
c.Elasticsearch.MinimumPriority = checkPriority(c.Elasticsearch.MinimumPriority)
c.Influxdb.MinimumPriority = checkPriority(c.Influxdb.MinimumPriority)
c.Loki.MinimumPriority = checkPriority(c.Loki.MinimumPriority)
c.Nats.MinimumPriority = checkPriority(c.Nats.MinimumPriority)
c.AWS.Lambda.MinimumPriority = checkPriority(c.AWS.Lambda.MinimumPriority)
c.AWS.SQS.MinimumPriority = checkPriority(c.AWS.SQS.MinimumPriority)
c.AWS.SNS.MinimumPriority = checkPriority(c.AWS.SNS.MinimumPriority)
c.Opsgenie.MinimumPriority = checkPriority(c.Opsgenie.MinimumPriority)
c.Webhook.MinimumPriority = checkPriority(c.Webhook.MinimumPriority)
c.Azure.EventHub.MinimumPriority = checkPriority(c.Azure.EventHub.MinimumPriority)
c.GCP.PubSub.MinimumPriority = checkPriority(c.GCP.PubSub.MinimumPriority)
c.Slack.MessageFormatTemplate = getMessageFormatTemplate("Slack", c.Slack.MessageFormat)
c.Rocketchat.MessageFormatTemplate = getMessageFormatTemplate("Rocketchat", c.Rocketchat.MessageFormat)
c.Mattermost.MessageFormatTemplate = getMessageFormatTemplate("Mattermost", c.Mattermost.MessageFormat)
return c
}
func checkPriority(prio string) string {
match, _ := regexp.MatchString("(?i)(emergency|alert|critical|error|warning|notice|informational|debug)", prio)
if match {
return prio
}
return ""
}
func getMessageFormatTemplate(output, temp string) *template.Template {
if temp != "" {
var err error
t, err := template.New(output).Parse(temp)
if err != nil {
log.Fatalf("[ERROR] : Error compiling %v message template : %v\n", output, err)
}
return t
}
return nil
}