Skip to content

Commit b9cf596

Browse files
AHarmlessPyroAHarmlessPyro
authored
Remove port from gcp cli metlo url, add suricata rules from init script (#91)
1 parent 2949b7a commit b9cf596

File tree

2 files changed

+15
-11
lines changed

2 files changed

+15
-11
lines changed

cli/package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,15 +21,15 @@
2121
"@types/node": "^18.7.16",
2222
"@types/uuid": "^8.3.4",
2323
"prettier": "^2.7.1",
24-
"typescript": "^4.7.4"
24+
"typescript": "^4.7.4",
25+
"@types/chalk": "^2.2.0",
26+
"@types/valid-url": "^1.0.3"
2527
},
2628
"dependencies": {
2729
"@aws-sdk/client-ec2": "^3.198.0",
2830
"@aws-sdk/client-sts": "^3.198.0",
2931
"@google-cloud/compute": "^3.5.1",
3032
"@metlo/testing": "^0.0.3",
31-
"@types/chalk": "^2.2.0",
32-
"@types/valid-url": "^1.0.3",
3333
"async-retry": "^1.3.3",
3434
"axios": "^0.27.2",
3535
"chalk": "^4.1.2",

cli/src/gcp/setup.ts

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
import AsyncRetry from "async-retry"
2-
import { promisify } from "util"
3-
import { exec } from "child_process"
4-
import { v4 as uuidv4, validate } from "uuid"
2+
import { v4 as uuidv4 } from "uuid"
53
import fs from "fs"
64
import { prompt } from "enquirer"
75
import { GCP_REGIONS_SUPPORTED, wait_for_global_operation, wait_for_regional_operation, wait_for_zonal_operation } from "./gcpUtils"
@@ -267,6 +265,7 @@ const create_mig = async (
267265
network_url: string,
268266
destination_subnetwork_url: string,
269267
source_image: string,
268+
source_ip: string,
270269
id: string,
271270
) => {
272271

@@ -276,6 +275,7 @@ const create_mig = async (
276275
type: "autocomplete",
277276
name: "_machineType",
278277
message: "Mirror Instance Type",
278+
initial: types.sort().findIndex((v) => v.name.includes("e2-standard")) || 0,
279279
choices: types.map((v) => ({
280280
name: v.name
281281
}))
@@ -327,10 +327,14 @@ const create_mig = async (
327327
subnet: destination_subnetwork_url,
328328
imageTemplateName: imageTemplateName,
329329
startupScript: `#!/bin/bash
330-
echo "METLO_ADDR=${machineInfoResp['_url']}:8081" >> /opt/metlo/credentials
330+
echo "METLO_ADDR=${machineInfoResp['_url']}" >> /opt/metlo/credentials
331331
echo "METLO_KEY=${machineInfoResp['_apiKey']}" >> /opt/metlo/credentials
332+
echo "alert http ${source_ip} any -> any any (msg:\\"TEST\\"; flow:established,to_client; http.response_body; pcre:/./; sid:1; rev:1; threshold: type limit, track by_rule, seconds 1, count 30;)" >> /opt/metlo/local.rules
333+
sudo mv /opt/metlo/local.rules /var/lib/suricata/rules/local.rules
332334
sudo systemctl enable metlo-ingestor.service
333-
sudo systemctl start metlo-ingestor.service`
335+
sudo systemctl start metlo-ingestor.service
336+
sudo systemctl enable suricata.service
337+
sudo systemctl start suricata.service`
334338
})
335339
let img_resp = await wait_for_global_operation(
336340
image_resp[0].latestResponse.name,
@@ -486,7 +490,7 @@ const packetMirroring = async (
486490

487491
}
488492

489-
const imageURL = "https://www.googleapis.com/compute/v1/projects/metlo-security/global/images/metlo-ingestor-v1"
493+
const imageURL = "https://www.googleapis.com/compute/v1/projects/metlo-security/global/images/metlo-ingestor-v2"
490494

491495
export const gcpTrafficMirrorSetup = async () => {
492496
const id = uuidv4()
@@ -513,7 +517,7 @@ export const gcpTrafficMirrorSetup = async () => {
513517
data["firewallRuleUrl"] = firewallRuleUrl
514518
const { routerURL } = await createCloudRouter(conn, networkUrl, destinationSubnetworkUrl, id)
515519
data["routerURL"] = routerURL
516-
const { imageTemplateUrl, instanceGroupName, instanceUrl } = await create_mig(conn, networkUrl, destinationSubnetworkUrl, imageURL, id)
520+
const { imageTemplateUrl, instanceGroupName, instanceUrl } = await create_mig(conn, networkUrl, destinationSubnetworkUrl, imageURL, sourcePrivateIP, id)
517521
data['mageTemplateUrl'] = imageTemplateUrl
518522
data['instanceGroupName'] = instanceGroupName
519523
data['instanceUrl'] = instanceUrl
@@ -526,7 +530,7 @@ export const gcpTrafficMirrorSetup = async () => {
526530
const { forwardingRuleUrl } = await createLoadBalancer(conn, networkUrl, destinationSubnetworkUrl, backendServiceUrl, id)
527531
data['forwardingRuleUrl'] = forwardingRuleUrl
528532
const { packetMirrorUrl } = await packetMirroring(conn, networkUrl, forwardingRuleUrl, sourceInstanceURL, sourceTag, sourceType, id)
529-
data["packetMirrorUrl"] = packetMirrorUrl
533+
data["packetMirrorUrl"] = packetMirrorUrl
530534
} catch (e) {
531535
spinner.fail()
532536
console.log(e)

0 commit comments

Comments
 (0)