diff --git a/CMakeLists.txt b/CMakeLists.txt index 6a002f4..1dd377b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -7,7 +7,8 @@ cmake_minimum_required(VERSION 2.8) project(hakabana NONE NONE) -install(DIRECTORY rule DESTINATION share/haka/hakabana) +install(FILES config.lua DESTINATION share/haka/hakabana) +install(DIRECTORY module/ DESTINATION share/haka/modules/misc/hakabana) install(DIRECTORY dashboard DESTINATION share/haka/hakabana) configure_file(haka.conf.in ${CMAKE_CURRENT_BINARY_DIR}/haka.conf) diff --git a/README.md b/README.md index 66a654d..d8fc588 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ network: * ... * connections information * http details (host, user-agent, uri...) +* dns queries Install ------- @@ -22,7 +23,7 @@ Install First you need to install hakabana (which depends on haka) on your computer. You also need an elasticsearch server. By default, it is supposed to be available locally (at 127.0.0.1:9200) but this can be changed by editing the file -`/share/haka/hakabana/rule/config.lua`. +`/share/haka/hakabana/config.lua`. On the Kibana page, you need to import the predefined dashboard that is available at `/share/haka/hakabana/dashboard/Hakabana.json`. This dashboard @@ -33,8 +34,8 @@ Going furhter ------------- You are encouraged to check the Haka configuration located in -`/share/haka/hakabana/rule/`. It is easily editable if you want to -add extra information. Check Haka full documentation to get details about this +`/share/haka/modules/misc/hakabana`. It is easily editable if you want to +report extra information. Check Haka full documentation to get details about this configuration file. License diff --git a/rule/rule.lua b/config.lua similarity index 70% rename from rule/rule.lua rename to config.lua index 34789bf..493527c 100644 --- a/rule/rule.lua +++ b/config.lua @@ -2,9 +2,7 @@ -- License, v. 2.0. If a copy of the MPL was not distributed with this -- file, You can obtain one at http://mozilla.org/MPL/2.0/. -require('config') -require('common') +require('misc/hakabana').initialize{ + elasticsearch = 'http://127.0.0.1:9200' +} -require('packet') -require('http') -require('flow') diff --git a/haka.conf.in b/haka.conf.in index 29cdd92..3651f07 100644 --- a/haka.conf.in +++ b/haka.conf.in @@ -1,6 +1,6 @@ [general] # Select the haka configuration file to use. -configuration = "@CMAKE_INSTALL_PREFIX@/share/haka/hakabana/rule/rule.lua" +configuration = "@CMAKE_INSTALL_PREFIX@/share/haka/hakabana/config.lua" [packet] module = "packet/pcap" diff --git a/rule/flow.lua b/module/flow.lua similarity index 100% rename from rule/flow.lua rename to module/flow.lua diff --git a/rule/http.lua b/module/http.lua similarity index 100% rename from rule/http.lua rename to module/http.lua diff --git a/module/init.lua b/module/init.lua new file mode 100644 index 0000000..b60bf98 --- /dev/null +++ b/module/init.lua @@ -0,0 +1,40 @@ +-- This Source Code Form is subject to the terms of the Mozilla Public +-- License, v. 2.0. If a copy of the MPL was not distributed with this +-- file, You can obtain one at http://mozilla.org/MPL/2.0/. + +local module = {} + +function module.initialize(config) + local elasticsearch_host = config['elasticsearch'] + if elasticsearch_host then + local elastricsearch = require('misc/elasticsearch') + + hakabana = elastricsearch.connector(elasticsearch_host) + hakabana:newindex("hakabana", { + mappings = { + http = { + properties = { + ['user agent'] = { + type = 'string', + index = 'not_analyzed' + }, + ['host'] = { + type = 'string', + index = 'not_analyzed' + } + } + } + }, + }) + + geoip = require('misc/geoip') + + require('/misc/hakabana/packet') + require('/misc/hakabana/flow') + require('/misc/hakabana/http') + else + error("missing elastic search config") + end +end + +return module diff --git a/rule/packet.lua b/module/packet.lua similarity index 100% rename from rule/packet.lua rename to module/packet.lua diff --git a/rule/common.lua b/rule/common.lua deleted file mode 100644 index c039573..0000000 --- a/rule/common.lua +++ /dev/null @@ -1,26 +0,0 @@ --- This Source Code Form is subject to the terms of the Mozilla Public --- License, v. 2.0. If a copy of the MPL was not distributed with this --- file, You can obtain one at http://mozilla.org/MPL/2.0/. - -local elastricsearch = require('misc/elasticsearch') - -hakabana = elastricsearch.connector(elasticsearch_host) - -hakabana:newindex("hakabana", { - mappings = { - http = { - properties = { - ['user agent'] = { - type = 'string', - index = 'not_analyzed' - }, - ['host'] = { - type = 'string', - index = 'not_analyzed' - } - } - } - }, -}) - -geoip = require('misc/geoip') diff --git a/rule/config.lua b/rule/config.lua deleted file mode 100644 index 24366ef..0000000 --- a/rule/config.lua +++ /dev/null @@ -1 +0,0 @@ -elasticsearch_host = 'http://127.0.0.1:9200'