Initial prototype release

Features of the initial prototype release: - Highly configurable (with more configuration choices to be exposed in the future) - Supports configuration settings from multiple sources - command-line flags - environment variables - configuration file - reasonable default settings - Ignore individual usernames (i.e., prevent disabling listed accounts) - Ignore individual IP Addresses (i.e., prevent disabling associated account) - User configurable logging settings - levels, format and output - Microsoft Teams notifications - generated for multiple events - alert received - disabled user - ignored user - ignored IP Address - error occurred - configurable retries - configurable notifications delay in order to respect remote API limits - Logging - Payload receipt from monitoring system - Action taken due to payload - username ignored - due to username inclusion in ignore file for usernames - due to IP Address inclusion in ignore file for IP Addresses - username disabled - contrib files/content provided to allow for spinning up a demo environment in order to provide a hands-on sense of what this project can do - fail2ban - postfix - docker - Maildev container - brick - rsyslog - systemd - sample JSON payloads for use with curl or other http/API clients - demo environment doc - slides from group presentation/demo Worth noting: - Go modules (vs classic GOPATH setup) - GitHub Actions Workflows which apply linting and build checks - Makefile for general use cases (including local linting) - Note: See README first if building on Windows refs: - GH-26 - GH-21 - GH-16 - GH-15 - GH-13 - GH-12 - GH-11 - GH-7 - GH-6 - GH-4 - GH-1
atc0005 · May 23, 2020 · f102d0e · f102d0e
1 parent ef71e50
commit f102d0e
Show file tree

Hide file tree

Showing 478 changed files with 233,925 additions and 2 deletions.
diff --git a/.github/workflows/lint-and-build-code.yml b/.github/workflows/lint-and-build-code.yml
@@ -0,0 +1,98 @@
+# Copyright 2020 Adam Chalkley
+#
+# https://github.com/atc0005/brick
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Validate Codebase
+
+# Run builds for Pull Requests (new, updated)
+# `synchronized` seems to equate to pushing new commits to a linked branch
+# (whether force-pushed or not)
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  lint_and_build_code:
+    name: Lint and Build codebase
+    runs-on: ${{ matrix.os }}
+    # Default: 360 minutes
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        # Supported versions of Go
+        go-version: [1.13.x, 1.14.x]
+
+        # Supported LTS and latest version of Ubuntu Linux
+        #os: [ubuntu-16.04, ubuntu-18.04, ubuntu-latest]
+
+        # This should be good enough until we learn otherwise
+        os: [ubuntu-latest]
+
+    steps:
+      - name: Set up Go
+        # https://github.com/actions/setup-go
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      # This could prove useful if we need to troubleshoot odd results and
+      # tie them back to a specific version of Go
+      - name: Print go version
+        run: |
+          go version
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v1
+
+      # NOTE: Disabled in favor of top-level `vendor` folder
+      #
+      # - name: Get dependencies
+      #   run: |
+      #     go get -v -t -d ./...
+
+      # Force tests to run early as it isn't worth doing much else if the
+      # tests fail to run properly.
+      # Note: The `vendor` top-level folder appears to be skipped by default.
+      - name: Run all tests
+        run: go test -mod=vendor -v ./...
+
+      - name: Install Go linting tools
+        run: |
+          # add executables installed with go get to PATH
+          # TODO: this will hopefully be fixed by
+          # https://github.com/actions/setup-go/issues/14
+          export PATH=${PATH}:$(go env GOPATH)/bin
+          make lintinstall
+
+      - name: Install Ubuntu packages
+        if: contains(matrix.os, 'ubuntu')
+        run: sudo apt update && sudo apt install -y --no-install-recommends make gcc
+
+      - name: Run Go linting tools using project Makefile
+        run: |
+          # add executables installed with go get to PATH
+          # TODO: this will hopefully be fixed by
+          # https://github.com/actions/setup-go/issues/14
+          export PATH=${PATH}:$(go env GOPATH)/bin
+          make linting
+
+      - name: Build with (mostly) default options
+        # Note: We use the `-mod=vendor` flag to explicitly request that our
+        # top-level vendor folder be used instead of fetching remote packages
+        run: go build -v -mod=vendor ./cmd/brick
+
+      - name: Build using project Makefile
+        run: make all
diff --git a/.github/workflows/lint-docs.yml b/.github/workflows/lint-docs.yml
@@ -0,0 +1,56 @@
+# Copyright 2020 Adam Chalkley
+#
+# https://github.com/atc0005/brick
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Validate Docs
+
+# Run Workflow for Pull Requests (new, updated)
+# `synchronized` seems to equate to pushing new commits to a linked branch
+# (whether force-pushed or not)
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  lint_markdown:
+    name: Lint Markdown files
+    runs-on: "ubuntu-latest"
+    # Default: 360 minutes
+    timeout-minutes: 10
+
+    steps:
+      - name: Setup Node
+        # https://github.com/actions/setup-node
+        uses: actions/setup-node@v1
+        with:
+          node-version: "10.x"
+
+      - name: Install Markdown linting tools
+        run: |
+          npm install markdownlint --save-dev
+          npm install -g markdownlint-cli
+
+      - name: Check out code
+        uses: actions/checkout@v1
+
+      - name: Run Markdown linting tools
+        # The `.markdownlint.yml` file specifies config settings for this
+        # linter, including which linting rules to ignore.
+        #
+        # Note: Explicitly ignoring top-level vendor folder; we do not want
+        # potential linting issues in bundled documentation to fail linting CI
+        # runs for *our* documentation
+        run: |
+          markdownlint '**/*.md' --ignore node_modules --ignore vendor
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,36 @@
+#  Copyright 2020 Adam Chalkley
+#
+#  https://github.com/atc0005/brick
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+# Windows binaries
+*.exe
+
+# Linux binaries
+/brick
+
+# Local Visual Studio Code editor settings (e.g., ignored words for Spelling extension)
+/.vscode
+
+# Generated binaries, checksums
+/release_assets
+
+# Local test files, notes and other information not intended to be stored
+# in this repo.
+/scratch
+
+# Help prevent inclusion of user-customized or "local" copy of config file;
+# this config file can contain sensitive information (e.g.,unauthenticated
+# Teams Webhook URL)
+/config.toml
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,33 @@
+# Copyright 2020 Adam Chalkley
+#
+# https://github.com/atc0005/brick
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+linters:
+  enable:
+    - dogsled
+    - goimports
+    - gosec
+    - stylecheck
+    - goconst
+    - depguard
+    - prealloc
+    - misspell
+    - maligned
+    - dupl
+    - unconvert
+    - gofmt
+    - golint
+    - gocritic
+    - scopelint
diff --git a/.markdownlint.yml b/.markdownlint.yml
@@ -0,0 +1,31 @@
+# Copyright 2020 Adam Chalkley
+#
+# https://github.com/atc0005/brick
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# https://github.com/igorshubovych/markdownlint-cli#configuration
+# https://github.com/DavidAnson/markdownlint#optionsconfig
+
+# Setting the special default rule to true or false includes/excludes all
+# rules by default.
+"default": true
+
+# We know that line lengths will be long in the main README file, so don't
+# report those cases.
+"MD013": false
+
+# Don't complain if sub-heading names are duplicated since this is a common
+# practice in CHANGELOG.md (e.g., "Fixed").
+"MD024":
+  "siblings_only": true
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,99 @@
+# Changelog
+
+## Overview
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a
+Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to
+[Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+Please [open an issue](https://github.com/atc0005/brick/issues) for any
+deviations that you spot; I'm still learning!.
+
+## Types of changes
+
+The following types of changes will be recorded in this file:
+
+- `Added` for new features.
+- `Changed` for changes in existing functionality.
+- `Deprecated` for soon-to-be removed features.
+- `Removed` for now removed features.
+- `Fixed` for any bug fixes.
+- `Security` in case of vulnerabilities.
+
+## [Unreleased]
+
+- placeholder
+
+## [v0.1.0] - 2020-05-24
+
+### Added
+
+Features of the initial prototype release:
+
+- Highly configurable (with more configuration choices to be exposed in the
+  future)
+
+- Supports configuration settings from multiple sources
+  - command-line flags
+  - environment variables
+  - configuration file
+  - reasonable default settings
+
+- Ignore individual usernames (i.e., prevent disabling listed accounts)
+- Ignore individual IP Addresses (i.e., prevent disabling associated account)
+
+- User configurable logging settings
+  - levels, format and output (see [configuration settings
+    doc](docs/configure.md))
+
+- Microsoft Teams notifications
+  - generated for multiple events
+    - alert received
+    - disabled user
+    - ignored user
+    - ignored IP Address
+    - error occurred
+  - configurable retries
+  - configurable notifications delay in order to respect remote API limits
+
+- Logging
+  - Payload receipt from monitoring system
+  - Action taken due to payload
+    - username ignored
+      - due to username inclusion in ignore file for usernames
+      - due to IP Address inclusion in ignore file for IP Addresses
+    - username disabled
+
+- `contrib` files/content provided to allow for spinning up a demo environment
+  in order to provide a hands-on sense of what this project can do
+  - `fail2ban`
+  - `postfix`
+  - `docker`
+    - `Maildev` container
+  - `brick`
+  - `rsyslog`
+  - `systemd`
+  - sample JSON payloads for use with `curl` or other http/API clients
+  - [demo environment](docs/demo.md) doc
+  - slides from group presentation/demo
+
+Worth noting:
+
+- Go modules (vs classic `GOPATH` setup)
+- GitHub Actions Workflows which apply linting and build checks
+- Makefile for general use cases (including local linting)
+  - Note: See [README](README.md) first if building on Windows
+
+### Missing
+
+Known issues:
+
+- Email notifications are not currently supported (see GH-3)
+- Payloads are accepted from any IP Address (GH-18)
+  - the expectation is that host-level firewall rules will be used to protect
+    against this until a feature can be added to filter access
+
+[Unreleased]: https://github.com/atc0005/brick/compare/v0.1.0...HEAD
+[v0.1.0]: https://github.com/atc0005/brick/releases/tag/v0.1.0