code_public/ja4sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
43 Commits 1 Branch 0 Tags
f80b7a1fa7030c5fda1da38a770bb294729ca9b6
Commit Graph

11 Commits

Author SHA1 Message Date
Jacquin Antoine
1bf0f46ce5 chore: remove unused files and code
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Delete obsolete RPM maintainer scripts (postinst, prerm, postrm)
  Scripts are now embedded in ja4sentinel.spec
- Delete unused RPM test script (test-rpm.sh)
  Referenced non-existent el7 builds, not integrated in CI
- Remove unused constants and functions from api/types.go:
  - DefaultInterface, DefaultPort, DefaultBPFFilter
  - DefaultFlowTimeout, DefaultPacketBuffer
  - LogLevelDebug, LogLevelInfo, LogLevelWarn, LogLevelError
  - DefaultConfig() function
- Update Makefile with RPM_DIR variable for consistency

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-03-01 00:26:48 +01:00
Jacquin Antoine
9172928f0f Add --no-cache to all docker build commands
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-28 23:09:58 +01:00
Jacquin Antoine
f76bc04879 chore: suppression support CentOS 7 (el7)
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- CentOS 7 n'est plus supporté (EOL en juin 2024)
- Minimum requis : Rocky Linux 8 / AlmaLinux 8 / RHEL 8
- Nettoyage des fichiers RPM el7
- Mise à jour de la documentation

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-28 21:19:09 +01:00
Jacquin Antoine
0be3ea9220 refactor: packaging RPM uniquement avec builder Rocky Linux 9
Some checks failed
Build RPM Package / Build RPM Packages (CentOS 7, Rocky 8/9/10) (push) Has been cancelled
Details 
- Suppression complète du support DEB (Debian/Ubuntu)
- Builder Rocky Linux 9 pour compatibilité binaire maximale
- Compilation dynamique avec libpcap comme dépendance runtime
- Activation du dépôt CRB pour libpcap-devel
- RPM générés pour el7, el8, el9, el10
- Mise à jour documentation et workflows GitHub Actions

Fix: erreur 'libpcap.so.0.8: cannot open shared object file' sur Rocky Linux 9

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-28 18:15:46 +01:00
Jacquin Antoine
86649b1630 feat: generate RPM packages for CentOS 7, Rocky Linux 8/9/10
Some checks failed
Build RPM Package / Build RPM Package (Rocky Linux) (push) Has been cancelled
Details
Build DEB Package / Build DEB Package (Debian/Ubuntu) (push) Has been cancelled
Details 
- Update Dockerfile.package to build RPMs for multiple distributions
  using a unified fpm-based approach
- Add RPM maintainer scripts (postinst, prerm, postrm) for proper
  installation and service management
- Update ja4sentinel.spec for CentOS 7+ compatibility
- Add packaging/systemd/config.yml as default configuration
- Update test-rpm.sh to test installation on all 4 target distributions
- Fix CentOS 7 repository configuration (EOL - vault.centos.org)

Generated RPMs:
- el7: CentOS 7 (libpcap >= 1.4.0)
- el8: Rocky Linux 8 (libpcap >= 1.9.0)
- el9: Rocky Linux 9 (libpcap >= 1.9.0)
- el10: AlmaLinux 10 / Rocky Linux 10 (libpcap >= 1.9.0)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-28 17:02:58 +01:00
Jacquin Antoine
f8dc2d4d82 Unify packaging: use Docker + fpm for DEB and RPM builds 
- Add Dockerfile.package with multi-stage build (builder, package-builder, output)
- Update Makefile to use new Dockerfile.package for package-deb and package-rpm targets
- Replace dpkg-deb and rpmbuild with fpm for consistent packaging
- Both DEB and RPM packages now built from single Dockerfile

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-27 15:31:55 +01:00
Jacquin Antoine
9280cb545c feat: version 1.0.0 avec corrections critiques et nommage de packages 
Ajout du point d'entrée principal :
- cmd/ja4sentinel/main.go : pipeline complet avec gestion des signaux
- Intégration des modules (capture, tlsparse, fingerprint, output)
- Shutdown propre avec context.Context

Corrections du parsing TLS :
- Flow key unidirectionnel (client → serveur uniquement)
- Timeout de flux configurable via FlowTimeoutSec
- Structure ConnectionFlow simplifiée

Améliorations de l'API :
- Champs TCPMSS et TCPWScale en pointeurs (omitempty correct)
- NewLogRecord mis à jour pour les champs optionnels

Mise à jour de l'architecture :
- architecture.yml : documentation des champs optionnels
- Règles de flux unidirectionnel documentées

Système de packages :
- Version par défaut : 1.0.0
- Nommage cohérent : ja4sentinel_1.0.0_amd64.deb
- Scripts build-deb.sh et build-rpm.sh simplifiés
- Extraction correcte des checksums

Tests :
- TestFlowKey mis à jour pour le format unidirectionnel
- Tous les tests passent (go test ./...)
- go vet clean

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-26 23:24:42 +01:00
Jacquin Antoine
410467f099 feat: ajouter pipeline CI complet (tests, build, packages)
Some checks failed
Build DEB Package / Build DEB Package (Debian/Ubuntu) (push) Has been cancelled
Details
Build RPM Package / Build RPM Package (Rocky Linux) (push) Has been cancelled
Details 
- Ajout des cibles make ci, ci-test, ci-build, ci-package, ci-package-test
- Correction des chemins de sortie des packages (build/deb, build/rpm)
- Build RPM sur Rocky Linux 9 pour dépendances correctes (libpcap.so.1)
- Fix tests RPM (command -v au lieu de which, fallback libpcap)
- Tous les tests passent (11/11 DEB, 11/11 RPM)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-25 22:43:53 +01:00
Jacquin Antoine
c62101a08e fix: Support Debian Bookworm et Ubuntu pour le package .deb 
Cible: Debian Bookworm (12) et Ubuntu 22.04+

Changes:
- packaging/Dockerfile.deb: Build via Docker avec Go 1.24
- packaging/build-deb.sh: Ajout paramètre distribution (debian/ubuntu)
- packaging/test/Dockerfile.deb: Test sur Debian Bookworm
- packaging/test/test-*.sh: Tests spécifiques Debian/Ubuntu
- .github/workflows/build-deb.yml:
  * Nom du job: 'Build DEB Package (Debian/Ubuntu)'
  * TARGET_DIST: debian:bookworm
  * Build simplifié via Docker
- Makefile: package-deb utilise Docker (cohérent avec RPM)

Compatibilité:
- Debian 11 (Bullseye)
- Debian 12 (Bookworm)
- Ubuntu 20.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 24.04 LTS

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-25 21:25:45 +01:00
Jacquin Antoine
61bf05454e feat: CI/CD pour packages .deb et .rpm + tests d'installation 
Nouveaux workflows GitHub Actions:
- .github/workflows/build-deb.yml : Build et release DEB sur Ubuntu
- .github/workflows/build-rpm.yml : Build et release RPM sur Fedora
- Déclenchement sur tags v*, push main/master, workflow_dispatch
- Upload des artifacts et création automatique de release

Système de build de packages:
- packaging/build-deb.sh : Script de build .deb avec sanitization version
- packaging/build-rpm.sh : Script de build .rpm (via Docker)
- packaging/Dockerfile.deb : Container Ubuntu 22.04 pour build DEB
- packaging/Dockerfile.rpm : Container Go 1.24 + rpm pour build RPM

Fichiers de configuration systemd:
- packaging/systemd/ja4sentinel.service : Unit avec security hardening
  * NoNewPrivileges, ProtectSystem, ProtectHome
  * CAP_NET_RAW, CAP_NET_ADMIN pour packet capture
- packaging/systemd/config.yml : Configuration par défaut

Scripts mainteneur DEB:
- packaging/deb/postinst : Création user/group, dirs, config
- packaging/deb/prerm : Stop service avant upgrade/remove
- packaging/deb/postrm : Cleanup complet en purge

Spec file RPM:
- packaging/rpm/ja4sentinel.spec : Spec complet avec dependencies
  * Requires: systemd, libpcap
  * %pre/%post/%preun/%postun scripts

Tests d'installation dans containers:
- packaging/test/test-deb.sh : Build + test Docker Ubuntu
- packaging/test/test-rpm.sh : Build + test Docker Fedora
- packaging/test/test-install-deb.sh : 11 tests automatisés
- packaging/test/test-install-rpm.sh : 11 tests automatisés
- Dockerfile.deb/rpm : Containers de test dédiés

Makefile:
- package-deb : Build .deb
- package-rpm : Build .rpm via Docker (no-cache)
- package : Build les deux
- test-package-deb : Build + test installation DEB
- test-package-rpm : Build + test installation RPM
- test-package : Test les deux packages

Tests:
-  DEB: 11/11 tests passés (binaire, config, service, user, dirs)
-  RPM: Build réussi (3.3 MB)
- Version sanitization pour git tags (ex: efd4481-dirty → 0.0.0+efd4481-dirty)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-25 21:05:23 +01:00
Jacquin Antoine
efd4481729 feat: implémentation complète du pipeline JA4 + Docker + tests 
Nouveaux modules:
- cmd/ja4sentinel/main.go : point d'entrée avec pipeline capture→parse→fingerprint→output
- internal/config/loader.go : chargement YAML + env (JA4SENTINEL_*) + validation
- internal/tlsparse/parser.go : extraction ClientHello avec suivi d'état de flux (NEW/WAIT_CLIENT_HELLO/JA4_DONE)
- internal/fingerprint/engine.go : génération JA4/JA3 via psanford/tlsfingerprint
- internal/output/writers.go : StdoutWriter, FileWriter, UnixSocketWriter, MultiWriter

Infrastructure:
- Dockerfile (multi-stage), Dockerfile.dev, Dockerfile.test-server
- Makefile (build, test, lint, docker-build-*)
- docker-compose.test.yml pour tests d'intégration
- README.md (276 lignes) avec architecture, config, exemples

API (api/types.go):
- Ajout Close() aux interfaces Capture et Parser
- Ajout FlowTimeoutSec dans Config (défaut: 30s, env: JA4SENTINEL_FLOW_TIMEOUT)
- ServiceLog: +Timestamp, +TraceID, +ConnID
- LogRecord: champs flatten (ip_meta_*, tcp_meta_*, ja4*)
- Helper NewLogRecord() pour conversion TLSClientHello+Fingerprints→LogRecord

Architecture (architecture.yml):
- Documentation module logging + interfaces LoggerFactory/Logger
- Section service.systemd complète (unit, security, capabilities)
- Section logging.strategy (JSON lines, champs, règles)
- api.Config: +FlowTimeoutSec documenté

Fixes/cleanup:
- Suppression internal/api/types.go (consolidé dans api/types.go)
- Correction imports logging (ja4sentinel/api)
- .dockerignore / .gitignore
- config.yml.example

Tests:
- Tous les modules ont leurs tests (*_test.go)
- Tests unitaires : capture, config, fingerprint, output, tlsparse
- Tests d'intégration via docker-compose.test.yml

Build:
- Binaires dans dist/ (make build → dist/ja4sentinel)
- Docker runtime avec COPY --from=builder /app/dist/

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
 2026-02-25 20:02:52 +01:00