fix: compatibility with splunk 8
This commit is contained in:
parent
b6238927b5
commit
0cc9e2fd64
|
@ -3,8 +3,9 @@ image: python:slim
|
|||
variables:
|
||||
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
|
||||
PACKAGE_VERSION: $CI_COMMIT_TAG
|
||||
ADDON_PACKAGE: "malware_filter-${PACKAGE_VERSION}.tar.gz"
|
||||
PACKAGE_REGISTRY_URL: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${PACKAGE_VERSION}"
|
||||
ADDON_PACKAGE: "malware_filter-${PACKAGE_VERSION}.tar.gz"
|
||||
ADDON_PACKAGE_LEGACY: "malware_filter-${PACKAGE_VERSION}-splunk8.tar.gz"
|
||||
|
||||
stages:
|
||||
- test
|
||||
|
@ -51,6 +52,9 @@ upload:
|
|||
curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file ${ADDON_PACKAGE} ${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}
|
||||
sha256sum "$ADDON_PACKAGE" > "${ADDON_PACKAGE}.sha256sum"
|
||||
curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file "${ADDON_PACKAGE}.sha256sum" "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}.sha256sum"
|
||||
curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file ${ADDON_PACKAGE_LEGACY} ${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE_LEGACY}
|
||||
sha256sum "$ADDON_PACKAGE_LEGACY" > "${ADDON_PACKAGE_LEGACY}.sha256sum"
|
||||
curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file "${ADDON_PACKAGE_LEGACY}.sha256sum" "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE_LEGACY}.sha256sum"
|
||||
|
||||
release_job:
|
||||
stage: release
|
||||
|
@ -68,3 +72,7 @@ release_job:
|
|||
url: "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}"
|
||||
- name: ${ADDON_PACKAGE}.sha256sum
|
||||
url: "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE}.sha256sum"
|
||||
- name: ${ADDON_PACKAGE_LEGACY}
|
||||
url: "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE_LEGACY}"
|
||||
- name: ${ADDON_PACKAGE_LEGACY}.sha256sum
|
||||
url: "${PACKAGE_REGISTRY_URL}/${ADDON_PACKAGE_LEGACY}.sha256sum"
|
||||
|
|
14
README.md
14
README.md
|
@ -15,7 +15,7 @@
|
|||
|
||||
Provide custom search commands to update [malware-filter](https://gitlab.com/malware-filter) lookups. Each command downloads from a source CSV and emit rows as events which can then be piped to a lookup file or used as a subsearch. Each command is exported globally and can be used in any app. This add-on currently does not have any UI.
|
||||
|
||||
Compatible with Splunk 9.x. Splunk 8.x requires [additional configuration](#splunk-8x) to avoid issue.
|
||||
Compatible with Splunk 9.x. For Splunk 8.x, install "\*-splunk8.tar.gz" instead.
|
||||
|
||||
## Installation
|
||||
|
||||
|
@ -150,18 +150,6 @@ Recommend to update the lookup file "opendbl_ip.csv" every 15 minutes (cron `*/1
|
|||
|
||||
Source: https://opendbl.net/
|
||||
|
||||
## Splunk 8.x
|
||||
|
||||
Splunk scheduler may not run scheduled searches (alert/report) without this workaround.
|
||||
|
||||
Add the following config to `$SPLUNK_HOME/etc/apps/malware_filter/local/commands.conf`.
|
||||
|
||||
```conf
|
||||
[default]
|
||||
chunked = false
|
||||
generating = true
|
||||
```
|
||||
|
||||
## Disable individual commands
|
||||
|
||||
Settings -> All configurations -> filter by "malware_filter" app
|
||||
|
|
24
build.py
24
build.py
|
@ -40,8 +40,7 @@ def version():
|
|||
)
|
||||
app_conf = ConfigParser()
|
||||
app_conf.read(app_conf_path)
|
||||
launcher = app_conf["launcher"] if "launcher" in app_conf.sections() else {}
|
||||
return launcher.get("version", "")
|
||||
return app_conf["launcher"]["version"]
|
||||
|
||||
|
||||
def exclusion(tarinfo):
|
||||
|
@ -86,3 +85,24 @@ pkg_file = f"malware_filter-{version()}.tar.gz"
|
|||
print(f"Creating {pkg_file}...")
|
||||
with tarfile.open(pkg_file, "w:gz") as tar:
|
||||
tar.add(".", filter=exclusion)
|
||||
|
||||
# Splunk 8 workaround
|
||||
# Splunk scheduler may not run scheduled searches (alert/report) without this workaround
|
||||
commands_conf_path = path.join(
|
||||
"default",
|
||||
"commands.conf",
|
||||
)
|
||||
commands_conf = ConfigParser()
|
||||
commands_conf.read(commands_conf_path)
|
||||
commands_conf["default"]["chunked"] = "false"
|
||||
with open(commands_conf_path, "w") as f:
|
||||
commands_conf.write(f)
|
||||
|
||||
pkg_file_8 = f"malware_filter-{version()}-splunk8.tar.gz"
|
||||
print(f"Creating {pkg_file_8}...")
|
||||
with tarfile.open(pkg_file_8, "w:gz") as tar:
|
||||
tar.add(".", filter=exclusion)
|
||||
|
||||
commands_conf["default"]["chunked"] = "true"
|
||||
with open(commands_conf_path, "w") as f:
|
||||
commands_conf.write(f)
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
#
|
||||
# Custom search command
|
||||
#
|
||||
[default]
|
||||
chunked = true
|
||||
python.version = python3
|
||||
generating = true
|
||||
|
||||
[geturlhausfilter]
|
||||
filename = geturlhausfilter.py
|
||||
|
|
Loading…
Reference in New Issue