20ebe7240e
Nouvelles vues de détection (sql/views.sql) : - Identification hosts par IP/JA4 (view_host_identification, view_host_ja4_anomalies) - Détection brute force POST et query params variables - Header fingerprinting (ordre, headers modernes manquants, Sec-CH-UA) - ALPN mismatch detection (h2 déclaré mais HTTP/1.1 parlé) - Rate limiting & burst detection (50 req/min, 20 req/10s) - Path enumeration/scanning (paths sensibles) - Payload attacks (SQLi, XSS, path traversal) - JA4 botnet detection (même fingerprint sur 20+ IPs) - Correlation quality (orphan ratio >80%) ClickHouse (sql/init.sql) : - Compression ZSTD(3) sur champs texte (path, query, headers, ja3/ja4) - TTL automatique : 1 jour (raw) + 7 jours (http_logs) - Paramètre ttl_only_drop_parts = 1 Shutdown simplifié (internal/app/orchestrator.go) : - Suppression ShutdownTimeout et logique de flush/attente - Stop() = cancel() + Close() uniquement - systemd TimeoutStopSec gère l'arrêt forcé si besoin File output toggle (internal/config/*.go) : - Ajout champ Enabled dans FileOutputConfig - Le sink fichier n'est créé que si enabled && path != '' - Tests : TestValidate_FileOutputDisabled, TestLoadConfig_FileOutputDisabled RPM packaging (packaging/rpm/logcorrelator.spec) : - Changelog 1.1.18 → 1.1.22 - Suppression logcorrelator-tmpfiles.conf (redondant RuntimeDirectory=) Nettoyage : - idees.txt → idees/ (dossier) - Suppression 91.224.92.185.txt (logs exemple) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
149 lines
4.9 KiB
Makefile
149 lines
4.9 KiB
Makefile
.PHONY: build build-docker test test-docker lint clean help docker-build-dev docker-build-runtime package package-rpm
|
|
|
|
# Docker parameters
|
|
DOCKER=docker
|
|
# Use buildx for better cache management and parallel builds
|
|
DOCKER_BUILD=$(DOCKER) build
|
|
DOCKER_BUILDX=$(DOCKER) buildx
|
|
DOCKER_RUN=$(DOCKER) run
|
|
|
|
# Image names
|
|
DEV_IMAGE=logcorrelator-dev:latest
|
|
RUNTIME_IMAGE=logcorrelator:latest
|
|
PACKAGER_IMAGE=logcorrelator-packager:latest
|
|
PACKAGER_IMAGE_EL8=logcorrelator-packager-el8:latest
|
|
PACKAGER_IMAGE_EL9=logcorrelator-packager-el9:latest
|
|
PACKAGER_IMAGE_EL10=logcorrelator-packager-el10:latest
|
|
|
|
# Binary name
|
|
BINARY_NAME=logcorrelator
|
|
DIST_DIR=dist
|
|
|
|
# Package version
|
|
PKG_VERSION ?= 1.1.22
|
|
|
|
# Enable BuildKit for better performance
|
|
export DOCKER_BUILDKIT=1
|
|
|
|
## build: Build the logcorrelator binary locally
|
|
build:
|
|
mkdir -p $(DIST_DIR)
|
|
go build -ldflags="-w -s" -o $(DIST_DIR)/$(BINARY_NAME) ./cmd/$(BINARY_NAME)
|
|
|
|
## docker-build-dev: Build the development Docker image (with tests and coverage)
|
|
docker-build-dev:
|
|
$(DOCKER_BUILD) --target builder -t $(DEV_IMAGE) -f Dockerfile .
|
|
|
|
## docker-build-dev-no-test: Build the development Docker image WITHOUT tests (faster)
|
|
docker-build-dev-no-test:
|
|
$(DOCKER_BUILD) --target builder --no-cache --build-arg SKIP_TESTS=true -t $(DEV_IMAGE) -f Dockerfile .
|
|
|
|
## docker-build-runtime: Build the runtime Docker image (fast, no tests)
|
|
docker-build-runtime:
|
|
$(DOCKER_BUILD) --target runtime -t $(RUNTIME_IMAGE) -f Dockerfile .
|
|
|
|
## test: Run unit tests locally
|
|
test:
|
|
go test -race -coverprofile=coverage.out ./...
|
|
|
|
## test-docker: Run unit tests inside Docker container
|
|
test-docker: docker-build-dev
|
|
@echo "Tests already run in builder stage"
|
|
|
|
## lint: Run linters
|
|
lint:
|
|
go vet ./...
|
|
gofmt -l .
|
|
|
|
## fmt: Format all Go files
|
|
fmt:
|
|
gofmt -w .
|
|
|
|
## package: Build RPM packages for all target distributions
|
|
package: package-rpm
|
|
|
|
## package-rpm: Build RPM packages for Rocky Linux 8/9, AlmaLinux 10 (requires Docker)
|
|
## Uses buildx for parallel builds (el8, el9, el10 built simultaneously)
|
|
package-rpm:
|
|
mkdir -p $(DIST_DIR)/rpm/el8 $(DIST_DIR)/rpm/el9 $(DIST_DIR)/rpm/el10
|
|
@echo "Starting parallel RPM builds for el8, el9, el10..."
|
|
# Build all three distributions in parallel using buildx
|
|
$(DOCKER_BUILDX) build --target output -t $(PACKAGER_IMAGE) \
|
|
--build-arg VERSION=$(PKG_VERSION) \
|
|
-f Dockerfile.package . \
|
|
--load
|
|
@echo "Extracting RPM packages from Docker image..."
|
|
$(DOCKER_RUN) --rm -v $(PWD)/$(DIST_DIR)/rpm:/output/rpm $(PACKAGER_IMAGE) sh -c \
|
|
"cp -r /packages/rpm/el8 /output/rpm/ && \
|
|
cp -r /packages/rpm/el9 /output/rpm/ && \
|
|
cp -r /packages/rpm/el10 /output/rpm/"
|
|
@echo "RPM packages created:"
|
|
@echo " Enterprise Linux 8 (el8):"
|
|
ls -la $(DIST_DIR)/rpm/el8/ 2>/dev/null || echo " (no packages)"
|
|
@echo " Enterprise Linux 9 (el9):"
|
|
ls -la $(DIST_DIR)/rpm/el9/ 2>/dev/null || echo " (no packages)"
|
|
@echo " Enterprise Linux 10 (el10):"
|
|
ls -la $(DIST_DIR)/rpm/el10/ 2>/dev/null || echo " (no packages)"
|
|
|
|
## package-rpm-sequential: Build RPM packages sequentially (fallback if parallel fails)
|
|
package-rpm-sequential:
|
|
mkdir -p $(DIST_DIR)/rpm/el8 $(DIST_DIR)/rpm/el9 $(DIST_DIR)/rpm/el10
|
|
@echo "Building RPM for el8..."
|
|
$(DOCKER_BUILD) --target rpm-el8-builder -t $(PACKAGER_IMAGE_EL8) \
|
|
--build-arg VERSION=$(PKG_VERSION) \
|
|
-f Dockerfile.package .
|
|
@echo "Building RPM for el9..."
|
|
$(DOCKER_BUILD) --target rpm-el9-builder -t $(PACKAGER_IMAGE_EL9) \
|
|
--build-arg VERSION=$(PKG_VERSION) \
|
|
-f Dockerfile.package .
|
|
@echo "Building RPM for el10..."
|
|
$(DOCKER_BUILD) --target rpm-el10-builder -t $(PACKAGER_IMAGE_EL10) \
|
|
--build-arg VERSION=$(PKG_VERSION) \
|
|
-f Dockerfile.package .
|
|
@echo "Extracting RPM packages..."
|
|
$(DOCKER_RUN) --rm -v $(PWD)/$(DIST_DIR)/rpm:/output/rpm \
|
|
-v $(PACKAGER_IMAGE_EL8):/el8:ro \
|
|
-v $(PACKAGER_IMAGE_EL9):/el9:ro \
|
|
-v $(PACKAGER_IMAGE_EL10):/el10:ro \
|
|
alpine:latest sh -c \
|
|
"cp -r /el8/packages/rpm/el8 /output/rpm/ && \
|
|
cp -r /el9/packages/rpm/el9 /output/rpm/ && \
|
|
cp -r /el10/packages/rpm/el10 /output/rpm/"
|
|
|
|
## test-package-rpm: Test RPM package installation in Docker
|
|
test-package-rpm: package-rpm
|
|
./packaging/test/test-rpm.sh
|
|
|
|
## test-package: Test RPM package installation
|
|
test-package: test-package-rpm
|
|
|
|
## ci: Full CI pipeline (tests, build, packages, package tests)
|
|
ci: ci-test ci-build ci-package ci-package-test
|
|
|
|
## ci-test: Run all tests for CI
|
|
ci-test: test lint
|
|
|
|
## ci-build: Build for CI (production binary)
|
|
ci-build: build
|
|
|
|
## ci-package: Build all packages for CI
|
|
ci-package: package
|
|
|
|
## ci-package-test: Test all packages for CI
|
|
ci-package-test: test-package
|
|
|
|
## clean: Clean build artifacts and Docker images
|
|
clean:
|
|
rm -rf $(DIST_DIR)/
|
|
rm -f coverage.out
|
|
$(DOCKER) rmi $(DEV_IMAGE) 2>/dev/null || true
|
|
$(DOCKER) rmi $(RUNTIME_IMAGE) 2>/dev/null || true
|
|
$(DOCKER) rmi $(PACKAGER_IMAGE) 2>/dev/null || true
|
|
|
|
## help: Show this help message
|
|
help:
|
|
@echo "Usage: make [target]"
|
|
@echo ""
|
|
@echo "Targets:"
|
|
@sed -n 's/^##//p' $(MAKEFILE_LIST) | column -t -s ':' | sed -e 's/^/ /'
|