Merge pull request #462 from Security-Onion-Solutions/2.4/cleanup

Moved defaults to constants

server/modules/elastalert/elastalert.go

@@ -41,6 +41,18 @@ import (
 
 var errModuleStopped = fmt.Errorf("elastalert module has stopped running")
 
+const (
+	DEFAULT_ALLOW_REGEX                              = ""
+	DEFAULT_DENY_REGEX                               = ""
+	DEFAULT_AUTO_UPDATE_ENABLED                      = false
+	DEFAULT_COMMUNITY_RULES_IMPORT_FREQUENCY_SECONDS = 86400
+	DEFAULT_SIGMA_PACKAGE_DOWNLOAD_TEMPLATE          = "https://github.com/SigmaHQ/sigma/releases/latest/download/sigma_%s.zip"
+	DEFAULT_ELASTALERT_RULES_FOLDER                  = "/opt/sensoroni/elastalert"
+	DEFAULT_RULES_FINGERPRINT_FILE                   = "/opt/sensoroni/fingerprints/sigma.fingerprint"
+	DEFAULT_REPOS_FOLDER                             = "/opt/sensoroni/sigma/repos"
+	DEFAULT_STATE_FILE_PATH                          = "/opt/sensoroni/fingerprints/elastalertengine.state"
+)
+
 var acceptedExtensions = map[string]bool{
 	".yml":  true,
 	".yaml": true,
@@ -109,17 +121,17 @@ func (e *ElastAlertEngine) Init(config module.ModuleConfig) (err error) {
 	e.thread = &sync.WaitGroup{}
 	e.interrupt = make(chan bool, 1)
 
-	e.communityRulesImportFrequencySeconds = module.GetIntDefault(config, "communityRulesImportFrequencySeconds", 86400)
-	e.sigmaPackageDownloadTemplate = module.GetStringDefault(config, "sigmaPackageDownloadTemplate", "https://github.com/SigmaHQ/sigma/releases/latest/download/sigma_%s.zip")
-	e.elastAlertRulesFolder = module.GetStringDefault(config, "elastAlertRulesFolder", "/opt/sensoroni/elastalert")
-	e.rulesFingerprintFile = module.GetStringDefault(config, "rulesFingerprintFile", "/opt/sensoroni/fingerprints/sigma.fingerprint")
-	e.autoUpdateEnabled = module.GetBoolDefault(config, "autoUpdateEnabled", false)
+	e.communityRulesImportFrequencySeconds = module.GetIntDefault(config, "communityRulesImportFrequencySeconds", DEFAULT_COMMUNITY_RULES_IMPORT_FREQUENCY_SECONDS)
+	e.sigmaPackageDownloadTemplate = module.GetStringDefault(config, "sigmaPackageDownloadTemplate", DEFAULT_SIGMA_PACKAGE_DOWNLOAD_TEMPLATE)
+	e.elastAlertRulesFolder = module.GetStringDefault(config, "elastAlertRulesFolder", DEFAULT_ELASTALERT_RULES_FOLDER)
+	e.rulesFingerprintFile = module.GetStringDefault(config, "rulesFingerprintFile", DEFAULT_RULES_FINGERPRINT_FILE)
+	e.autoUpdateEnabled = module.GetBoolDefault(config, "autoUpdateEnabled", DEFAULT_AUTO_UPDATE_ENABLED)
 	e.autoEnabledSigmaRules = module.GetStringArrayDefault(config, "autoEnabledSigmaRules", []string{"securityonion-resources+critical", "securityonion-resources+high"})
 
 	pkgs := module.GetStringArrayDefault(config, "sigmaRulePackages", []string{"core", "emerging_threats_addon"})
 	e.parseSigmaPackages(pkgs)
 
-	e.reposFolder = module.GetStringDefault(config, "reposFolder", "/opt/sensoroni/sigma/repos")
+	e.reposFolder = module.GetStringDefault(config, "reposFolder", DEFAULT_REPOS_FOLDER)
 	e.rulesRepos, err = model.GetReposDefault(config, "rulesRepos", []*model.RuleRepo{
 		{
 			Repo:    "https://github.com/Security-Onion-Solutions/securityonion-resources",
@@ -131,8 +143,8 @@ func (e *ElastAlertEngine) Init(config module.ModuleConfig) (err error) {
 		return fmt.Errorf("unable to parse ElastAlert's rulesRepos: %w", err)
 	}
 
-	allow := module.GetStringDefault(config, "allowRegex", "")
-	deny := module.GetStringDefault(config, "denyRegex", "")
+	allow := module.GetStringDefault(config, "allowRegex", DEFAULT_ALLOW_REGEX)
+	deny := module.GetStringDefault(config, "denyRegex", DEFAULT_DENY_REGEX)
 
 	if allow != "" {
 		var err error
@@ -150,7 +162,7 @@ func (e *ElastAlertEngine) Init(config module.ModuleConfig) (err error) {
 		}
 	}
 
-	e.stateFilePath = module.GetStringDefault(config, "stateFilePath", "/opt/sensoroni/fingerprints/elastalertengine.state")
+	e.stateFilePath = module.GetStringDefault(config, "stateFilePath", DEFAULT_STATE_FILE_PATH)
 
 	return nil
 }

server/modules/strelka/strelka.go

@@ -32,6 +32,19 @@ import (
 	"github.com/kennygrant/sanitize"
 )
 
+const (
+	DEFAULT_ALLOW_REGEX                              = ""
+	DEFAULT_DENY_REGEX                               = ""
+	DEFAULT_COMMUNITY_RULES_IMPORT_FREQUENCY_SECONDS = 86400
+	DEFAULT_YARA_RULES_FOLDER                        = "/opt/sensoroni/yara/rules"
+	DEFAULT_REPOS_FOLDER                             = "/opt/sensoroni/yara/repos"
+	DEFAULT_COMPILE_YARA_PYTHON_SCRIPT_PATH          = "/opt/so/conf/strelka/compile_yara.py"
+	DEFAULT_COMPILE_RULES                            = true
+	DEFAULT_AUTO_UPDATE_ENABLED                      = false
+	DEFAULT_STATE_FILE_PATH                          = "/opt/sensoroni/fingerprints/strelkaengine.state"
+	DEFAULT_AUTO_ENABLED_YARA_RULES                  = "securityonion-yara"
+)
+
 var errModuleStopped = fmt.Errorf("strelka module has stopped running")
 
 type IOManager interface {
@@ -90,13 +103,13 @@ func (e *StrelkaEngine) Init(config module.ModuleConfig) (err error) {
 	e.thread = &sync.WaitGroup{}
 	e.interrupt = make(chan bool, 1)
 
-	e.communityRulesImportFrequencySeconds = module.GetIntDefault(config, "communityRulesImportFrequencySeconds", 86400)
-	e.yaraRulesFolder = module.GetStringDefault(config, "yaraRulesFolder", "/opt/sensoroni/yara/rules")
-	e.reposFolder = module.GetStringDefault(config, "reposFolder", "/opt/sensoroni/yara/repos")
-	e.compileYaraPythonScriptPath = module.GetStringDefault(config, "compileYaraPythonScriptPath", "/opt/so/conf/strelka/compile_yara.py")
-	e.compileRules = module.GetBoolDefault(config, "compileRules", true)
-	e.autoUpdateEnabled = module.GetBoolDefault(config, "autoUpdateEnabled", false)
-	e.autoEnabledYaraRules = module.GetStringArrayDefault(config, "autoEnabledYaraRules", []string{"securityonion-yara"})
+	e.communityRulesImportFrequencySeconds = module.GetIntDefault(config, "communityRulesImportFrequencySeconds", DEFAULT_COMMUNITY_RULES_IMPORT_FREQUENCY_SECONDS)
+	e.yaraRulesFolder = module.GetStringDefault(config, "yaraRulesFolder", DEFAULT_YARA_RULES_FOLDER)
+	e.reposFolder = module.GetStringDefault(config, "reposFolder", DEFAULT_REPOS_FOLDER)
+	e.compileYaraPythonScriptPath = module.GetStringDefault(config, "compileYaraPythonScriptPath", DEFAULT_COMPILE_YARA_PYTHON_SCRIPT_PATH)
+	e.compileRules = module.GetBoolDefault(config, "compileRules", DEFAULT_COMPILE_RULES)
+	e.autoUpdateEnabled = module.GetBoolDefault(config, "autoUpdateEnabled", DEFAULT_AUTO_UPDATE_ENABLED)
+	e.autoEnabledYaraRules = module.GetStringArrayDefault(config, "autoEnabledYaraRules", []string{DEFAULT_AUTO_ENABLED_YARA_RULES})
 
 	e.rulesRepos, err = model.GetReposDefault(config, "rulesRepos", []*model.RuleRepo{
 		{
@@ -108,8 +121,8 @@ func (e *StrelkaEngine) Init(config module.ModuleConfig) (err error) {
 		return fmt.Errorf("unable to parse Strelka's rulesRepos: %w", err)
 	}
 
-	allow := module.GetStringDefault(config, "allowRegex", "")
-	deny := module.GetStringDefault(config, "denyRegex", "")
+	allow := module.GetStringDefault(config, "allowRegex", DEFAULT_ALLOW_REGEX)
+	deny := module.GetStringDefault(config, "denyRegex", DEFAULT_DENY_REGEX)
 
 	if allow != "" {
 		e.allowRegex, err = regexp.Compile(allow)
@@ -126,7 +139,7 @@ func (e *StrelkaEngine) Init(config module.ModuleConfig) (err error) {
 		}
 	}
 
-	e.stateFilePath = module.GetStringDefault(config, "stateFilePath", "/opt/sensoroni/fingerprints/strelkaengine.state")
+	e.stateFilePath = module.GetStringDefault(config, "stateFilePath", DEFAULT_STATE_FILE_PATH)
 
 	return nil
 }

server/modules/suricata/suricata.go

@@ -43,6 +43,15 @@ var licenseBySource = map[string]string{
 	"etpro":  model.LicenseCommercial,
 }
 
+const (
+	DEFAULT_COMMUNITY_RULES_FILE                  = "/nsm/rules/suricata/emerging-all.rules"
+	DEFAULT_RULES_FINGERPRINT_FILE                = "/opt/sensoroni/fingerprints/emerging-all.fingerprint"
+	DEFAULT_COMMUNITY_RULES_IMPORT_FREQUENCY_SECS = 86400
+	DEFAULT_STATE_FILE_PATH                       = "/opt/sensoroni/fingerprints/suricataengine.state"
+	DEFAULT_ALLOW_REGEX                           = ""
+	DEFAULT_DENY_REGEX                            = ""
+)
+
 type IOManager interface {
 	ReadFile(path string) ([]byte, error)
 	WriteFile(path string, contents []byte, perm fs.FileMode) error
@@ -80,12 +89,12 @@ func (e *SuricataEngine) Init(config module.ModuleConfig) (err error) {
 	e.thread = &sync.WaitGroup{}
 	e.interrupt = make(chan bool, 1)
 
-	e.communityRulesFile = module.GetStringDefault(config, "communityRulesFile", "/nsm/rules/suricata/emerging-all.rules")
-	e.rulesFingerprintFile = module.GetStringDefault(config, "rulesFingerprintFile", "/opt/sensoroni/fingerprints/emerging-all.fingerprint")
-	e.communityRulesImportFrequencySeconds = module.GetIntDefault(config, "communityRulesImportFrequencySeconds", 86400)
+	e.communityRulesFile = module.GetStringDefault(config, "communityRulesFile", DEFAULT_COMMUNITY_RULES_FILE)
+	e.rulesFingerprintFile = module.GetStringDefault(config, "rulesFingerprintFile", DEFAULT_RULES_FINGERPRINT_FILE)
+	e.communityRulesImportFrequencySeconds = module.GetIntDefault(config, "communityRulesImportFrequencySeconds", DEFAULT_COMMUNITY_RULES_IMPORT_FREQUENCY_SECS)
 
-	allow := module.GetStringDefault(config, "allowRegex", "")
-	deny := module.GetStringDefault(config, "denyRegex", "")
+	allow := module.GetStringDefault(config, "allowRegex", DEFAULT_ALLOW_REGEX)
+	deny := module.GetStringDefault(config, "denyRegex", DEFAULT_DENY_REGEX)
 
 	if allow != "" {
 		var err error
@@ -103,7 +112,7 @@ func (e *SuricataEngine) Init(config module.ModuleConfig) (err error) {
 		}
 	}
 
-	e.stateFilePath = module.GetStringDefault(config, "stateFilePath", "/opt/sensoroni/fingerprints/suricataengine.state")
+	e.stateFilePath = module.GetStringDefault(config, "stateFilePath", DEFAULT_STATE_FILE_PATH)
 
 	return nil
 }