Merge branch 'master' of baltig.sandia.gov:scot/SCOT

Author: toddbruner

.gitignore

@@ -23,3 +23,6 @@ scot-ui/build/static/js/
 scot-ui/build/
 .vscode/
 emailapi.cfg.pl
+local/
+**/*.log
+**/foo

README.md

@@ -33,6 +33,28 @@ IMPORTANT: Read [Issue #55](https://github.com/sandialabs/scot/issues/55) before
 Install It!
 -----------
 
+** RPM Based Installer (CENTOS 7) **
+
+* clone scot repo or download the files
+
+    * scot.perl.rpm.install.tar.gz
+    * scot.rpm.install.tar.gz
+
+* extract both files:
+
+    * tar xzvf scot*tar.gz
+
+* install scot perl first
+
+    * cd scot-perl-install
+    * ./install.sh
+    * follow instructions presented at end of install
+
+* install scot second
+
+    * cd scot-install
+    * ./install.sh
+
 **Docker Method**
 
 The suggested method for installation of SCOT is using docker. For a walkthrough of installing SCOT via docker, please read: https://github.com/sandialabs/scot/blob/scot-docker/docs/source/scotdocker.rst

bin/bulk_close_alertgroup.pl

@@ -0,0 +1,75 @@
+#!/usr/bin/env perl
+
+use lib '../lib';
+use lib '/opt/scot/lib';
+use Data::Dumper;
+use Scot::Env;
+use v5.16;
+
+my $env   = Scot::Env->new(config_file=>'/opt/scot/etc/scot.cfg.pl');
+my $mongo = $env->mongo;
+
+my $agcol   = $mongo->collection('Alertgroup');
+my $acol    = $mongo->collection('Alert');
+
+my $start   = $ARGV[0];
+my $end     = $ARGV[1];
+
+if ( !defined $start or !defined $end ) {
+    die "usage error: $0 start_id end_id";
+}
+
+if ( $start > $end ) {
+    my $tmp = $start;
+    $start  = $end;
+    $end    = $tmp;
+}
+
+my $agcursor    = $agcol->find({
+    '$and'  => [
+        { id => { '$gte' => $start + 0 } },
+        { id => { '$lte' => $end + 0 }},
+    ],
+});
+
+while ( my $ag = $agcursor->next ) {
+
+    my $agid    = $ag->id + 0;
+
+    print "Bulk closing Alertgroup $agid\n";
+
+    my $acursor = $acol->find({alertgroup => $agid});
+    my $count   = 0;
+    while (my $alert = $acursor->next) {
+
+        print "    closing alert ".$alert->id."\n";
+
+        $alert->update({
+            '$set'  => { status => 'closed' },
+        });
+        $count++;
+
+    }
+    print "    updating alertgroup stats\n";
+    $ag->update({
+        '$set'  => {
+            status => 'closed',
+            closed_count => $count,
+            open_count  => 0,
+            promoted_count  => 0,
+            updated => time(),
+        },
+    });
+
+    print "     sending mq message to browsers\n";
+    $env->mq->send("/topic/scot", {
+        action  => 'updated',
+        data    => {
+            who => 'scot-admin',
+            type => 'alertgroup',
+            id => $agid,
+        },
+    });
+    
+}
+

bin/bulk_load_ipaddrs.pl

@@ -0,0 +1,34 @@
+#!/usr/bin/env perl
+
+use lib '../lib';
+use lib '/opt/scot/lib';
+use Data::Dumper;
+use Scot::Env;
+use File::Slurp;
+
+my $env   = Scot::Env->new(config_file=>'/opt/scot/etc/scot.cfg.pl');
+my $mongo = $env->mongo;
+my $csvfile = "/tmp/bulk.csv";
+
+my @lines   = read_file($csvfile);
+
+foreach my $line (@lines) {
+
+    my @row = split(',',$line);
+
+    my $ipaddr  = $row[0];
+    my $subnet  = $row[1];
+    my $machine = $row[2];
+    my $make    = $row[3];
+    my $site    = $row[4];
+    my $area    = $row[5];
+    my $building = $row[6];
+    my $room    = $row[7];
+
+}
+
+
+
+
+
+

bin/email_processor.pl

@@ -0,0 +1,24 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use lib '../lib';
+
+use Scot::Env;
+use Scot::Email::Processor;
+
+my $config      = "/opt/scot/etc/email_processing.cfg.pl";
+my $env         = Scot::Env->new(config_file => $config);
+my $processor   = Scot::Email::Processor->new({env => $env});
+
+my $flag = $ARGV[0];
+
+unless ($flag) {
+    $processor->run();
+}
+
+if ( $flag eq "-d" ) {
+    $processor->dump_messages()
+}
+
+

bin/email_responder.pl

@@ -0,0 +1,37 @@
+#!/usr/bin/env perl
+
+# start a Scot::Email::Responder to watch a queue
+# first argument is the responder type. eg: 
+# to start Scot::Email::Responder::Dispatch the 
+# first arg is "dispatch"
+
+use strict;
+use warnings;
+use lib '../lib';
+use Scot::Env;
+use Module::Runtime qw(require_module);
+use Try::Tiny;
+
+my $config  = "/opt/scot/etc/email_processing.cfg.pl";
+my $env     = Scot::Env->new(config_file => $config);
+
+my $resptype = $ARGV[0];
+
+if ( ! defined $resptype ) {
+    $env->log->logdie("Failed to provide command line argument 0: Responder type");
+}
+
+my $class   = "Scot::Email::Responder::$resptype";
+
+try {
+    require_module($class);
+}
+catch {
+    $env->log->logdie("$_.  Failed to load Module $class! Ensure module name patched a responder in /opt/scot/lib/Scot/Email/Responder.");
+};
+
+my $queue = $env->responders->{$class}->{queue};
+
+
+my $responder = $class->new({env => $env, queue => $queue});
+$responder->run();

bin/flairer.pl renamed to bin/enricher.pl

@@ -6,31 +6,31 @@
 use lib '../../lib';
 use lib '../../Scot-Internal-Modules/lib';
 use lib '/opt/scot/lib';
-use v5.16;
-use Scot::App::Responder::Flair;
+use Scot::Enricher::Worker;
 use Data::Dumper;
+use utf8::all;
+use feature qw(say);
 
 my $config_file = $ENV{'scot_app_flair_config_file'} //
-                        '/opt/scot/etc/flair.cfg.pl';
+                        '/opt/scot/etc/enricher.cfg.pl';
 my $env = Scot::Env->new(
     config_file => $config_file,
 );
 
+die unless defined $env and ref($env) eq "Scot::Env";
+
 $SIG{__DIE__} = sub { our @reason = @_ };
 
 END {
     our @reason;
     if (@reason) {
-        say "Flairer died because: @reason";
-        $env->log->error("Flairer died because: ",{filter=>\&Dumper, value=>\@reason});
+        say "Enricher died because: @reason";
+        $env->log->error("Enricher died because: ",{filter=>\&Dumper, value=>\@reason});
     }
 }
 
+# say Dumper($env);
 
-
-
-my $loop    = Scot::App::Responder::Flair->new({ 
-    env => $env,
-});
+my $loop    = Scot::Enricher::Worker->new(env => $env);
 $loop->run();
 

bin/fix_last_id.pl

@@ -8,7 +8,7 @@
 
 my $mongo = $env->mongo;
 
-foreach my $colname (qw(appearance alertgroup alert checklist entity entry event guide history incident intel source tag user audit file link)) {
+foreach my $colname (qw(appearance remoteflair alertgroup alert checklist entity entry event guide history incident intel source tag user audit file link)) {
 
     print "Getting Max Id of $colname\n";
     my $collection  = $mongo->collection(ucfirst($colname));

bin/fix_splunk_buttons.pl

@@ -0,0 +1,50 @@
+#!/usr/bin/env perl
+
+use lib '../lib';
+use lib '../../Scot-Internal-Modules/lib';
+use Scot::Env;
+use Data::Dumper;
+
+use strict;
+use warnings;
+
+my $env = Scot::Env->new(config_file => '/opt/scot/etc/scot.cfg.pl');
+my $mongo   = $env->mongo;
+
+my $col = $mongo->collection('Entity');
+my $cursor = $col->find();
+$cursor->immortal(1);
+
+while (my $entity = $cursor->next) {
+    my $id      = $entity->id;
+    my $data    = $entity->data;
+    if ( defined $data->{splunk} ) {
+        if (defined $data->{splunkit}) {
+            printf "%10d SplunkIt present, deleting splunk button\n",$id;
+            delete $data->{splunk};
+            $entity->update({'$set' => { data => $data }});
+        }
+        else {
+            my $orig    = delete $data->{splunk};
+            my $title   = $orig->{data}->{title};
+            my $url     = $orig->{data}->{url};
+
+            (my $newtitle = $title) =~ s/Splunk/SplunkIt/g;
+            (my $newurl   = $url) =~ s/splunk/splunkit/g;
+
+            print "$id Changing Data => \n";
+            print "    $newtitle\n";
+            print "    $newurl\n";
+
+            $orig->{data} = {
+                title   => $newtitle,
+                url     => $newurl,
+            };
+
+            $data->{splunkit} = $orig;
+
+            $entity->update({'$set' => { data => $data }});
+        }
+    }
+}
+

bin/flair.pl

@@ -0,0 +1,35 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+use lib '../lib';
+use lib '../../lib';
+use lib '../../Scot-Internal-Modules/lib';
+use lib '/opt/scot/lib';
+# use Scot::Flair::Worker;
+use Scot::Flair::Worker;
+use Scot::Env;
+use Data::Dumper;
+use utf8::all;
+use Carp qw(cluck longmess shortmess);
+use feature qw(say);
+
+my $env     = Scot::Env->new(config_file => '/opt/scot/etc/flair.cfg.pl');
+my $log     = $env->log;
+
+die unless defined $env and ref($env) eq "Scot::Env";
+
+$SIG{__DIE__} = sub { our @reason =@_};
+
+END {
+    our @reason;
+    if (@reason) {
+        say "Flair Diead because: @reason";
+        $env->log->error("Flair died because: ", {filter => \&Dumper, value =>\@reason});
+    }
+}
+
+
+my $loop    = Scot::Flair::Worker->new(env => $env);
+$loop->run();
+