random936/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added blackbox and moved suricata config to separate file

Browse Source
This commit is contained in:
Random936 2025-02-07 21:52:05 -08:00
parent 602b0783f9
commit ecd9492881
3 changed files with 277 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
config/assets/blackbox.yml Normal file
View File

@ -0,0 +1,14 @@
modules:
icmp:
prober: icmp
http_2xx:
prober: http
http:
preferred_ip_protocol: ip4
http_2xx_tls_no_verify:
prober: http
http:
tls_config:
insecure_skip_verify: true

109
config/assets/suricata.yaml Normal file
View File

@ -0,0 +1,109 @@
%YAML 1.1
---
vars:
address-groups:
HOME_NET: "[192.168.100.0/24]"
EXTERNAL_NET: "!$HOME_NET"
HTTP_SERVERS: "$HOME_NET"
SMTP_SERVERS: "$HOME_NET"
SQL_SERVERS: "$HOME_NET"
DNS_SERVERS: "$HOME_NET"
TELNET_SERVERS: "$HOME_NET"
AIM_SERVERS: "$EXTERNAL_NET"
DC_SERVERS: "$HOME_NET"
DNP3_SERVER: "$HOME_NET"
DNP3_CLIENT: "$HOME_NET"
MODBUS_CLIENT: "$HOME_NET"
MODBUS_SERVER: "$HOME_NET"
ENIP_CLIENT: "$HOME_NET"
ENIP_SERVER: "$HOME_NET"
port-groups:
HTTP_PORTS: "80"
SHELLCODE_PORTS: "!80"
ORACLE_PORTS: 1521
SSH_PORTS: 22
DNP3_PORTS: 20000
MODBUS_PORTS: 502
FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]"
FTP_PORTS: 21
GENEVE_PORTS: 6081
VXLAN_PORTS: 4789
TEREDO_PORTS: 3544
SIP_PORTS: "[5060, 5061]"
default-log-dir: /home/logging/logs
classification-file: /etc/suricata/classification.config
reference-config-file: /etc/suricata/reference.config
default-rule-path: /etc/suricata/rules
rule-files:
- suricata.rules
stats:
enabled: yes
af-packet:
- interface: enp6s18
use-mmap: yes
tpacket-v3: yes
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
outputs:
- fast:
enabled: yes
filename: fast.log
append: yes
- eve-log:
enabled: yes
filetype: regular
filename: eve.json
types:
- alert:
tagged-packets: yes
- http:
extended: yes
- http2
- dns:
enabled: yes
- tls:
extended: yes
- flow
- mqtt
- ssh
- dhcp:
enabled: yes
- arp:
enabled: yes
- ldap
- quic
- sip
- rfb
- snmp
- bittorrent-dht
- krb5
- dcerpc
- ike
- tftp
- smb
- nfs
- rdp
- ftp
- websocket
- smtp
- pcap-log:
enabled: yes
filename: log.pcap
limit: 1gb
max-files: 20
- stats:
enabled: yes
filename: stats.log
append: yes
totals: yes
threads: no

281
config/logging.nix
View File

@ -6,7 +6,7 @@
(import ./networking.nix { (import ./networking.nix {
hostname = "r330-logging"; hostname = "r330-logging";
ip_address = "192.168.100.41"; ip_address = "192.168.100.41";
open_ports = [ 3000 9001 ]; open_ports = [ 3000 9001 9003 ];
inherit lib; inherit lib;
}) })
]; ];
@ -26,23 +26,163 @@
}; };
}; };
services.prometheus.exporters.blackbox = {
enable = true;
port = 9003;
configFile = assets/blackbox.yml;
};
services.prometheus = { services.prometheus = {
enable = true; enable = true;
port = 9001; port = 9001;
globalConfig.scrape_interval = "10s"; globalConfig.scrape_interval = "10s";
scrapeConfigs = [ scrapeConfigs = let
node_port = toString config.services.prometheus.exporters.node.port;
blackbox_relabel = [
{
source_labels = [ "__address__" ];
target_label = "__param_target";
}
{
target_label = "__address__";
replacement = "127.0.0.1:9003";
}
];
in [
{ {
job_name = "r330-logging"; job_name = "node";
static_configs = [{ static_configs = [
targets = let {
node_port = toString config.services.prometheus.exporters.node.port; targets = [ "127.0.0.1:${node_port}" ];
in [ labels.instance = "r330-logging";
"127.0.0.1:${node_port}" }
"192.168.100.40:${node_port}" {
"192.168.100.42:${node_port}" targets = [ "192.168.100.40:${node_port}" ];
"192.168.100.45:${node_port}" labels.instance = "r330-media";
]; }
}]; {
targets = [ "192.168.100.42:${node_port}" ];
labels.instance = "sampledb-dev";
}
{
targets = [ "192.168.100.45:${node_port}" ];
labels.instance = "mindforge";
}
{
targets = [ "192.168.100.1:9100" ];
labels.instance = "GL-MT6000";
}
];
}
{
job_name = "blackbox_icmp";
metrics_path = "/probe";
params = { module = ["icmp"]; };
static_configs = [
{
targets = [ "127.0.0.1" ];
labels.instance = "r330-media";
}
{
targets = [ "192.168.100.1" ];
labels.instance = "GL-MT6000";
}
{
targets = [ "192.168.100.11" ];
labels.instance = "r330-idrac";
}
{
targets = [ "192.168.100.12" ];
labels.instance = "r730xd-idrac";
}
{
targets = [ "192.168.100.20" ];
labels.instance = "ideapad";
}
{
targets = [ "192.168.100.21" ];
labels.instance = "r330-proxmox";
}
{
targets = [ "192.168.100.22" ];
labels.instance = "r730xd-proxmox";
}
{
targets = [ "192.168.100.40" ];
labels.instance = "r330-media";
}
{
targets = [ "192.168.100.42" ];
labels.instance = "sampledb-dev";
}
{
targets = [ "192.168.100.42" ];
labels.instance = "sampledb-dev";
}
{
targets = [ "192.168.100.45" ];
labels.instance = "mindforge";
}
{
targets = [ "1.1.1.1" ];
labels.instance = "Cloudflare";
}
{
targets = [ "8.8.8.8" ];
labels.instance = "Google";
}
];
relabel_configs = blackbox_relabel;
}
{
job_name = "blackbox_http_2xx";
metrics_path = "/probe";
params = { module = ["http_2xx"]; };
static_configs = [
{
targets = [ "http://192.168.100.40:6011" ];
labels.instance = "Qbittorrent";
}
{
targets = [ "http://192.168.100.40:7878" ];
labels.instance = "Radarr";
}
{
targets = [ "http://192.168.100.40:8989" ];
labels.instance = "Sonarr";
}
{
targets = [ "http://192.168.100.40:9696" ];
labels.instance = "Prowlarr";
}
{
targets = [ "https://randomctf.com" ];
labels.instance = "RandomCTF.com";
}
{
targets = [ "https://git.randomctf.com" ];
labels.instance = "Gitea";
}
{
targets = [ "https://nextcloud.randomctf.com" ];
labels.instance = "Nextcloud";
}
];
relabel_configs = blackbox_relabel;
}
{
job_name = "blackbox_http_2xx_no_verify";
metrics_path = "/probe";
params = { module = ["http_2xx_tls_no_verify"]; };
static_configs = [
{
targets = [ "https://192.168.100.40:5006" ];
labels.instance = "Actual";
}
];
relabel_configs = blackbox_relabel;
} }
]; ];
}; };
@ -60,120 +200,7 @@
}; };
}; };
environment.etc."suricata.yaml".source = pkgs.writeTextFile { environment.etc."suricata.yaml".source = ./assets/suricata.yaml;
name = "suricata.yaml";
text = ''
%YAML 1.1
---
vars:
address-groups:
HOME_NET: "[192.168.100.0/24]"
EXTERNAL_NET: "!$HOME_NET"
HTTP_SERVERS: "$HOME_NET"
SMTP_SERVERS: "$HOME_NET"
SQL_SERVERS: "$HOME_NET"
DNS_SERVERS: "$HOME_NET"
TELNET_SERVERS: "$HOME_NET"
AIM_SERVERS: "$EXTERNAL_NET"
DC_SERVERS: "$HOME_NET"
DNP3_SERVER: "$HOME_NET"
DNP3_CLIENT: "$HOME_NET"
MODBUS_CLIENT: "$HOME_NET"
MODBUS_SERVER: "$HOME_NET"
ENIP_CLIENT: "$HOME_NET"
ENIP_SERVER: "$HOME_NET"
port-groups:
HTTP_PORTS: "80"
SHELLCODE_PORTS: "!80"
ORACLE_PORTS: 1521
SSH_PORTS: 22
DNP3_PORTS: 20000
MODBUS_PORTS: 502
FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]"
FTP_PORTS: 21
GENEVE_PORTS: 6081
VXLAN_PORTS: 4789
TEREDO_PORTS: 3544
SIP_PORTS: "[5060, 5061]"
default-log-dir: /home/logging/logs
classification-file: /etc/suricata/classification.config
reference-config-file: /etc/suricata/reference.config
default-rule-path: /etc/suricata/rules
rule-files:
- suricata.rules
stats:
enabled: yes
af-packet:
- interface: enp6s18
use-mmap: yes
tpacket-v3: yes
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
outputs:
- fast:
enabled: yes
filename: fast.log
append: yes
- eve-log:
enabled: yes
filetype: regular
filename: eve.json
types:
- alert:
tagged-packets: yes
- http:
extended: yes
- http2
- dns:
enabled: yes
- tls:
extended: yes
- flow
- mqtt
- ssh
- dhcp:
enabled: yes
- arp:
enabled: yes
- ldap
- quic
- sip
- rfb
- snmp
- bittorrent-dht
- krb5
- dcerpc
- ike
- tftp
- smb
- nfs
- rdp
- ftp
- websocket
- smtp
- pcap-log:
enabled: yes
filename: log.pcap
limit: 1gb
max-files: 20
- stats:
enabled: yes
filename: stats.log
append: yes
totals: yes
threads: no
'';
};
environment.etc."suricata/classification.config".text = '' environment.etc."suricata/classification.config".text = ''
''; '';