Listen for events and forward to external security scanning services.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
OpenDev Sysadmins 291c633d3b OpenDev Migration Patch 1 month ago
fixtures Initial import of osel code 1 year ago
qualys test user 11 months ago
releasenotes/notes Initial import of osel code 1 year ago
tools Initial import of osel code 1 year ago
.gitignore Initial import of osel code 1 year ago
.gitreview OpenDev Migration Patch 1 month ago
Makefile adjustment of the story 11 months ago
README.md Initial import of osel code 1 year ago
STORY.md adjustment of the story 11 months ago
amqp.go Initial import of osel code 1 year ago
bindep.txt Initial import of osel code 1 year ago
events.go Initial import of osel code 1 year ago
events_json_fixtures_test.go adjustment of the story 11 months ago
events_test.go Initial import of osel code 1 year ago
go.mod Initial import of osel code 1 year ago
main.go Initial import of osel code 1 year ago
openstack.go Initial import of osel code 1 year ago
openstack_mock_test.go Initial import of osel code 1 year ago
processing.go Initial import of osel code 1 year ago
processing_test.go Initial import of osel code 1 year ago
qualys.go Initial import of osel code 1 year ago
qualys_mock_test.go Initial import of osel code 1 year ago
security_group_events.go Initial import of osel code 1 year ago
structs.go Initial import of osel code 1 year ago
syslog.go Initial import of osel code 1 year ago
syslog_mock_test.go Initial import of osel code 1 year ago
viper.go Initial import of osel code 1 year ago
viper_test.go Initial import of osel code 1 year ago

README.md

OpenStack Event Listener

What does this do?

The OpenStack Event Listener connects to the OpenStack message bus (RabbitMQ) and listens for certain kinds of events. When it detects those events, it will gather additional data and forward the information to external systems for processing. It integrates with syslog and the Qualys API.

The initial use case that inspired this project was to detect when security group changes occurred and to trigger an external port scan of the affected IP addresses so that we could ensure that the change did not create a new vulnerability by opening something up to the Internet.

For more background information on this project, see the story of osel.

Current State

Code maturity is considered experimental.

Installation

Use go get git.openstack.org/openstack/osel. Or alternatively, download or clone the repository.

The lib was developed and tested on go 1.10.

Configuration

Configuration resides in a YAML-format configuration file. Before running the os_event_listener process set the EL_CONFIG environment variable to the absolute path to that file.

This is an example of the configuration format:

debug: true
batch_interval: 2
rabbit_uri: "amqp://amqp_user:amqp_password@amqp_host:amqp_port//"
logfile: "/var/log/os_event_listener.log"
syslog_server: your.syslog.server.fqdn
syslog_port: "514"
syslog_protocol: "tcp"
retry_syslog: "false"
openstack:
  identity_endpoint: "https://keystone.url:5000/v2.0/"
  tenant_name: "tenant_to_authenticate_against"
  user: "username"
  password: "password"
  region: "region_name"
qualys:
  username: "qualys_username"
  password: "qualys_password"
  option: "Name Of The Qualys Scan Profile"
  proxy_url: "http://in.case.you.need.to.proxy.to.reach.qualys/"
  url: "https://qualysapi.qualys.com/api/2.0/fo/scan/"
  drop6: true

Testing

There is one type of test file. The *_test.go are standard golang unit test files. The examples can be run as integration tests.

License

Apache v2.

Contributing

The code repository utilizes the OpenStack CI infrastructure. Please use the recommended workflow. If you are not a member yet, please consider joining as an OpenStack contributor. If you have questions or comments, you can email the maintainer(s).

Coding Style

The source code is automatically formatted to follow go fmt.

OpenStack Environment