From 8abb6c0a74730c3dd675148e9eacbd458f0addcb Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 1 May 2022 19:49:39 +0200 Subject: ids: T4353: fix Jinja2 linting errors --- data/templates/ids/fastnetmon.j2 | 56 ++++++++++++++++++++++++ data/templates/ids/fastnetmon.tmpl | 56 ------------------------ data/templates/ids/fastnetmon_networks_list.j2 | 7 +++ data/templates/ids/fastnetmon_networks_list.tmpl | 7 --- src/conf_mode/service_ids_fastnetmon.py | 4 +- 5 files changed, 65 insertions(+), 65 deletions(-) create mode 100644 data/templates/ids/fastnetmon.j2 delete mode 100644 data/templates/ids/fastnetmon.tmpl create mode 100644 data/templates/ids/fastnetmon_networks_list.j2 delete mode 100644 data/templates/ids/fastnetmon_networks_list.tmpl diff --git a/data/templates/ids/fastnetmon.j2 b/data/templates/ids/fastnetmon.j2 new file mode 100644 index 000000000..c482002fa --- /dev/null +++ b/data/templates/ids/fastnetmon.j2 @@ -0,0 +1,56 @@ +# enable this option if you want to send logs to local syslog facility +logging:local_syslog_logging = on + +# list of all your networks in CIDR format +networks_list_path = /etc/networks_list + +# list networks in CIDR format which will be not monitored for attacks +white_list_path = /etc/networks_whitelist + +# Enable/Disable any actions in case of attack +enable_ban = on + +## How many packets will be collected from attack traffic +ban_details_records_count = 500 + +## How long (in seconds) we should keep an IP in blocked state +## If you set 0 here it completely disables unban capability +ban_time = 1900 + +# Check if the attack is still active, before triggering an unban callback with this option +# If the attack is still active, check each run of the unban watchdog +unban_only_if_attack_finished = on + +# enable per subnet speed meters +# For each subnet, list track speed in bps and pps for both directions +enable_subnet_counters = off + +{% if mode.mirror is vyos_defined %} +mirror_afpacket = on +{% endif %} + +process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off' }} +process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }} + +{% if threshold is vyos_defined %} +{% for thr, thr_value in threshold.items() %} +{% if thr is vyos_defined('fps') %} +ban_for_flows = on +threshold_flows = {{ thr_value }} +{% elif thr is vyos_defined('mbps') %} +ban_for_bandwidth = on +threshold_mbps = {{ thr_value }} +{% elif thr is vyos_defined('pps') %} +ban_for_pps = on +threshold_pps = {{ thr_value }} +{% endif %} +{% endfor %} +{% endif %} + +{% if listen_interface is vyos_defined %} +interfaces = {{ listen_interface | join(',') }} +{% endif %} + +{% if alert_script is vyos_defined %} +notify_script_path = {{ alert_script }} +{% endif %} diff --git a/data/templates/ids/fastnetmon.tmpl b/data/templates/ids/fastnetmon.tmpl deleted file mode 100644 index b6bef9a68..000000000 --- a/data/templates/ids/fastnetmon.tmpl +++ /dev/null @@ -1,56 +0,0 @@ -# enable this option if you want to send logs to local syslog facility -logging:local_syslog_logging = on - -# list of all your networks in CIDR format -networks_list_path = /etc/networks_list - -# list networks in CIDR format which will be not monitored for attacks -white_list_path = /etc/networks_whitelist - -# Enable/Disable any actions in case of attack -enable_ban = on - -## How many packets will be collected from attack traffic -ban_details_records_count = 500 - -## How long (in seconds) we should keep an IP in blocked state -## If you set 0 here it completely disables unban capability -ban_time = 1900 - -# Check if the attack is still active, before triggering an unban callback with this option -# If the attack is still active, check each run of the unban watchdog -unban_only_if_attack_finished = on - -# enable per subnet speed meters -# For each subnet, list track speed in bps and pps for both directions -enable_subnet_counters = off - -{% if mode.mirror is vyos_defined %} -mirror_afpacket = on -{% endif %} - -process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off '}} -process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off '}} - -{% if threshold is vyos_defined %} -{% for thr, thr_value in threshold.items() %} -{% if thr is vyos_defined('fps') %} -ban_for_flows = on -threshold_flows = {{ thr_value }} -{% elif thr is vyos_defined('mbps') %} -ban_for_bandwidth = on -threshold_mbps = {{ thr_value }} -{% elif thr is vyos_defined('pps') %} -ban_for_pps = on -threshold_pps = {{ thr_value }} -{% endif %} -{% endfor %} -{% endif %} - -{% if listen_interface is vyos_defined %} -interfaces = {{ listen_interface | join(',') }} -{% endif %} - -{% if alert_script is vyos_defined %} -notify_script_path = {{ alert_script }} -{% endif %} diff --git a/data/templates/ids/fastnetmon_networks_list.j2 b/data/templates/ids/fastnetmon_networks_list.j2 new file mode 100644 index 000000000..1c81180be --- /dev/null +++ b/data/templates/ids/fastnetmon_networks_list.j2 @@ -0,0 +1,7 @@ +{% if network is vyos_defined(var_type=str) %} +{{ network }} +{% else %} +{% for net in network %} +{{ net }} +{% endfor %} +{% endif %} diff --git a/data/templates/ids/fastnetmon_networks_list.tmpl b/data/templates/ids/fastnetmon_networks_list.tmpl deleted file mode 100644 index ab9add22c..000000000 --- a/data/templates/ids/fastnetmon_networks_list.tmpl +++ /dev/null @@ -1,7 +0,0 @@ -{% if network is vyos_defined(var_type=str) %} -{{ network }} -{% else %} -{% for net in network %} -{{ net }} -{% endfor %} -{% endif %} diff --git a/src/conf_mode/service_ids_fastnetmon.py b/src/conf_mode/service_ids_fastnetmon.py index 67edeb630..ae7e582ec 100755 --- a/src/conf_mode/service_ids_fastnetmon.py +++ b/src/conf_mode/service_ids_fastnetmon.py @@ -67,8 +67,8 @@ def generate(fastnetmon): return - render(config_file, 'ids/fastnetmon.tmpl', fastnetmon) - render(networks_list, 'ids/fastnetmon_networks_list.tmpl', fastnetmon) + render(config_file, 'ids/fastnetmon.j2', fastnetmon) + render(networks_list, 'ids/fastnetmon_networks_list.j2', fastnetmon) return None -- cgit v1.2.3