Listen for events and forward to external security scanning services.
Go to file
OpenDev Sysadmins 291c633d3b OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:51:11 +00:00
fixtures Initial import of osel code 2018-03-24 15:30:57 +00:00
qualys test user 2018-05-31 20:54:54 +00:00
releasenotes/notes Initial import of osel code 2018-03-24 15:30:57 +00:00
tools Initial import of osel code 2018-03-24 15:30:57 +00:00
.gitignore Initial import of osel code 2018-03-24 15:30:57 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:51:11 +00:00
amqp.go Initial import of osel code 2018-03-24 15:30:57 +00:00
bindep.txt Initial import of osel code 2018-03-24 15:30:57 +00:00
events_json_fixtures_test.go adjustment of the story 2018-05-31 17:09:21 +00:00
events_test.go Initial import of osel code 2018-03-24 15:30:57 +00:00
events.go Initial import of osel code 2018-03-24 15:30:57 +00:00
go.mod Initial import of osel code 2018-03-24 15:30:57 +00:00
main.go Initial import of osel code 2018-03-24 15:30:57 +00:00
Makefile adjustment of the story 2018-05-31 17:09:21 +00:00
openstack_mock_test.go Initial import of osel code 2018-03-24 15:30:57 +00:00
openstack.go Initial import of osel code 2018-03-24 15:30:57 +00:00
processing_test.go Initial import of osel code 2018-03-24 15:30:57 +00:00
processing.go Initial import of osel code 2018-03-24 15:30:57 +00:00
qualys_mock_test.go Initial import of osel code 2018-03-24 15:30:57 +00:00
qualys.go Initial import of osel code 2018-03-24 15:30:57 +00:00
README.md Initial import of osel code 2018-03-24 15:30:57 +00:00
security_group_events.go Initial import of osel code 2018-03-24 15:30:57 +00:00
STORY.md adjustment of the story 2018-05-31 17:09:21 +00:00
structs.go Initial import of osel code 2018-03-24 15:30:57 +00:00
syslog_mock_test.go Initial import of osel code 2018-03-24 15:30:57 +00:00
syslog.go Initial import of osel code 2018-03-24 15:30:57 +00:00
viper_test.go Initial import of osel code 2018-03-24 15:30:57 +00:00
viper.go Initial import of osel code 2018-03-24 15:30:57 +00:00

OpenStack Event Listener

What does this do?

The OpenStack Event Listener connects to the OpenStack message bus (RabbitMQ) and listens for certain kinds of events. When it detects those events, it will gather additional data and forward the information to external systems for processing. It integrates with syslog and the Qualys API.

The initial use case that inspired this project was to detect when security group changes occurred and to trigger an external port scan of the affected IP addresses so that we could ensure that the change did not create a new vulnerability by opening something up to the Internet.

For more background information on this project, see the story of osel.

Current State

Code maturity is considered experimental.

Installation

Use go get git.openstack.org/openstack/osel. Or alternatively, download or clone the repository.

The lib was developed and tested on go 1.10.

Configuration

Configuration resides in a YAML-format configuration file. Before running the os_event_listener process set the EL_CONFIG environment variable to the absolute path to that file.

This is an example of the configuration format:

debug: true
batch_interval: 2
rabbit_uri: "amqp://amqp_user:amqp_password@amqp_host:amqp_port//"
logfile: "/var/log/os_event_listener.log"
syslog_server: your.syslog.server.fqdn
syslog_port: "514"
syslog_protocol: "tcp"
retry_syslog: "false"
openstack:
  identity_endpoint: "https://keystone.url:5000/v2.0/"
  tenant_name: "tenant_to_authenticate_against"
  user: "username"
  password: "password"
  region: "region_name"
qualys:
  username: "qualys_username"
  password: "qualys_password"
  option: "Name Of The Qualys Scan Profile"
  proxy_url: "http://in.case.you.need.to.proxy.to.reach.qualys/"
  url: "https://qualysapi.qualys.com/api/2.0/fo/scan/"
  drop6: true

Testing

There is one type of test file. The *_test.go are standard golang unit test files. The examples can be run as integration tests.

License

Apache v2.

Contributing

The code repository utilizes the OpenStack CI infrastructure. Please use the recommended workflow. If you are not a member yet, please consider joining as an OpenStack contributor. If you have questions or comments, you can email the maintainer(s).

Coding Style

The source code is automatically formatted to follow go fmt.

OpenStack Environment