diff options
author | Daniil Baturin <daniil@vyos.io> | 2023-07-27 17:10:48 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-27 17:10:48 +0100 |
commit | b76f103317b5aa8abdee5c942509fc11f9e20ef3 (patch) | |
tree | ac2b268cc25c42f23f1bae2f91498787aa743b7a /src | |
parent | ef6cc1f32566e8524e71634c386c8044e5bcc673 (diff) | |
parent | bd4bb4f869d6df02bfda1ce5668b8cf15a95b4af (diff) | |
download | vyos-1x-b76f103317b5aa8abdee5c942509fc11f9e20ef3.tar.gz vyos-1x-b76f103317b5aa8abdee5c942509fc11f9e20ef3.zip |
Merge pull request #2105 from sever-sever/T5368
T5368: service ids ddos-protection add support sflow mode
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/service_ids_fastnetmon.py | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/conf_mode/service_ids_fastnetmon.py b/src/conf_mode/service_ids_fastnetmon.py index 2e678cf0b..f6b80552b 100755 --- a/src/conf_mode/service_ids_fastnetmon.py +++ b/src/conf_mode/service_ids_fastnetmon.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2022 VyOS maintainers and contributors +# Copyright (C) 2018-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -30,6 +30,7 @@ airbag.enable() config_file = r'/run/fastnetmon/fastnetmon.conf' networks_list = r'/run/fastnetmon/networks_list' excluded_networks_list = r'/run/fastnetmon/excluded_networks_list' +attack_dir = '/var/log/fastnetmon_attacks' def get_config(config=None): if config: @@ -55,8 +56,11 @@ def verify(fastnetmon): if 'mode' not in fastnetmon: raise ConfigError('Specify operating mode!') - if 'listen_interface' not in fastnetmon: - raise ConfigError('Specify interface(s) for traffic capture') + if fastnetmon.get('mode') == 'mirror' and 'listen_interface' not in fastnetmon: + raise ConfigError("Incorrect settings for 'mode mirror': must specify interface(s) for traffic mirroring") + + if fastnetmon.get('mode') == 'sflow' and 'listen_address' not in fastnetmon.get('sflow', {}): + raise ConfigError("Incorrect settings for 'mode sflow': must specify sFlow 'listen-address'") if 'alert_script' in fastnetmon: if os.path.isfile(fastnetmon['alert_script']): @@ -74,6 +78,10 @@ def generate(fastnetmon): return None + # Create dir for log attack details + if not os.path.exists(attack_dir): + os.mkdir(attack_dir) + render(config_file, 'ids/fastnetmon.j2', fastnetmon) render(networks_list, 'ids/fastnetmon_networks_list.j2', fastnetmon) render(excluded_networks_list, 'ids/fastnetmon_excluded_networks_list.j2', fastnetmon) |