Install Hakabana as a module

haka-security · Sep 24, 2014 · b3d0388 · b3d0388
1 parent ae6628a
commit b3d0388
Show file tree

Hide file tree

Showing 10 changed files with 50 additions and 37 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -7,7 +7,8 @@ cmake_minimum_required(VERSION 2.8)
 
 project(hakabana NONE NONE)
 
-install(DIRECTORY rule DESTINATION share/haka/hakabana)
+install(FILES config.lua DESTINATION share/haka/hakabana)
+install(DIRECTORY module/ DESTINATION share/haka/modules/misc/hakabana)
 install(DIRECTORY dashboard DESTINATION share/haka/hakabana)
 
 configure_file(haka.conf.in ${CMAKE_CURRENT_BINARY_DIR}/haka.conf)

diff --git a/README.md b/README.md
@@ -15,14 +15,15 @@ network:
   * ...
 * connections information
 * http details (host, user-agent, uri...)
+* dns queries
 
 Install
 -------
 
 First you need to install hakabana (which depends on haka) on your computer.
 You also need an elasticsearch server. By default, it is supposed to be available
 locally (at 127.0.0.1:9200) but this can be changed by editing the file
-`<install prefix>/share/haka/hakabana/rule/config.lua`.
+`<install prefix>/share/haka/hakabana/config.lua`.
 
 On the Kibana page, you need to import the predefined dashboard that is available
 at `<install prefix>/share/haka/hakabana/dashboard/Hakabana.json`. This dashboard
@@ -33,8 +34,8 @@ Going furhter
 -------------
 
 You are encouraged to check the Haka configuration located in
-`<install prefix>/share/haka/hakabana/rule/`. It is easily editable if you want to
-add extra information. Check Haka full documentation to get details about this
+`<install prefix>/share/haka/modules/misc/hakabana`. It is easily editable if you want to
+report extra information. Check Haka full documentation to get details about this
 configuration file.
 
 License

diff --git a/rule/rule.lua → config.lua b/rule/rule.lua → config.lua
@@ -2,9 +2,7 @@
 -- License, v. 2.0. If a copy of the MPL was not distributed with this
 -- file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-require('config')
-require('common')
+require('misc/hakabana').initialize{
+	elasticsearch = 'http://127.0.0.1:9200'
+}
 
-require('packet')
-require('http')
-require('flow')
diff --git a/haka.conf.in b/haka.conf.in
@@ -1,6 +1,6 @@
 [general]
 # Select the haka configuration file to use.
-configuration = "@CMAKE_INSTALL_PREFIX@/share/haka/hakabana/rule/rule.lua"
+configuration = "@CMAKE_INSTALL_PREFIX@/share/haka/hakabana/config.lua"
 
 [packet]
 module = "packet/pcap"

diff --git a/rule/flow.lua → module/flow.lua b/rule/flow.lua → module/flow.lua
diff --git a/rule/http.lua → module/http.lua b/rule/http.lua → module/http.lua
diff --git a/module/init.lua b/module/init.lua
@@ -0,0 +1,40 @@
+-- This Source Code Form is subject to the terms of the Mozilla Public
+-- License, v. 2.0. If a copy of the MPL was not distributed with this
+-- file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+local module = {}
+
+function module.initialize(config)
+	local elasticsearch_host = config['elasticsearch']
+	if elasticsearch_host then
+		local elastricsearch = require('misc/elasticsearch')
+
+		hakabana = elastricsearch.connector(elasticsearch_host)
+		hakabana:newindex("hakabana", {
+			mappings = {
+				http = {
+					properties = {
+						['user agent'] = {
+							type = 'string',
+							index = 'not_analyzed'
+						},
+						['host'] = {
+							type = 'string',
+							index = 'not_analyzed'
+						}
+					}
+				}
+			},
+		})
+
+		geoip = require('misc/geoip')
+
+		require('/misc/hakabana/packet')
+		require('/misc/hakabana/flow')
+		require('/misc/hakabana/http')
+	else
+		error("missing elastic search config")
+	end
+end
+
+return module
diff --git a/rule/packet.lua → module/packet.lua b/rule/packet.lua → module/packet.lua
diff --git a/rule/common.lua b/rule/common.lua
diff --git a/rule/config.lua b/rule/config.lua