diff --git a/server/go.mod b/server/go.mod index 3061caf..14dedfd 100644 --- a/server/go.mod +++ b/server/go.mod @@ -2,17 +2,16 @@ module github.com/Vomitblood/cspj-application/server go 1.23.2 -require github.com/jackc/pgx/v5 v5.7.1 +require ( + github.com/fsnotify/fsnotify v1.8.0 + github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 + github.com/jackc/pgx/v5 v5.7.1 +) require ( - github.com/fsnotify/fsnotify v1.8.0 // indirect - github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect github.com/jackc/puddle/v2 v2.2.2 // indirect - github.com/tidwall/gjson v1.18.0 // indirect - github.com/tidwall/match v1.1.1 // indirect - github.com/tidwall/pretty v1.2.0 // indirect golang.org/x/crypto v0.32.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.29.0 // indirect diff --git a/server/go.sum b/server/go.sum index 248432a..9112d07 100644 --- a/server/go.sum +++ b/server/go.sum @@ -20,12 +20,6 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= -github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= -github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= -github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= -github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= diff --git a/server/internal/telegram/telegram.go b/server/internal/telegram/telegram.go index a1086b0..ac4f9a1 100644 --- a/server/internal/telegram/telegram.go +++ b/server/internal/telegram/telegram.go @@ -12,6 +12,7 @@ import ( ) const ( + // TODO: add config for user to specify log location modsecLogFile = "/home/vomitblood/build/cspj-application/docker/chungus/logs/host-fs-auditlog.log" telegramToken = "7215466800:AAGwjZnXEfbbjQiA0y7qtSzbSZNUWQJnyjo" telegramChatID = 622943829 @@ -40,7 +41,7 @@ func TelegramBotInit() { log.Fatal("Failed to send test message:", err) } - // Start watching the log file for changes + // start watching the log file for changes watchLogFile(bot) } @@ -51,13 +52,13 @@ func watchLogFile(bot *tg.BotAPI) { } defer watcher.Close() - // Add log file to watcher + // add log file to watcher err = watcher.Add(modsecLogFile) if err != nil { log.Fatal("Failed to watch log file:", err) } - log.Println("🔍 Monitoring log file for changes...") + log.Println("Monitoring log file for changes...") for { select { @@ -66,7 +67,7 @@ func watchLogFile(bot *tg.BotAPI) { return } if event.Op&fsnotify.Write == fsnotify.Write { - log.Println("📄 Log file updated, reading new entries...") + log.Println("Log file updated, reading new entries...") readNewLines(bot) } @@ -74,7 +75,7 @@ func watchLogFile(bot *tg.BotAPI) { if !ok { return } - log.Println("⚠️ Watcher error:", err) + log.Println("Watcher error:", err) } } } @@ -82,12 +83,12 @@ func watchLogFile(bot *tg.BotAPI) { func readNewLines(bot *tg.BotAPI) { file, err := os.Open(modsecLogFile) if err != nil { - log.Println("❌ Failed to reopen log file:", err) + log.Println("Failed to reopen log file:", err) return } defer file.Close() - // Move to the last read position + // move to the last read position file.Seek(lastReadPosition, os.SEEK_SET) scanner := bufio.NewScanner(file) @@ -95,23 +96,25 @@ func readNewLines(bot *tg.BotAPI) { line := scanner.Text() var logEntry LogEntry - // Try to parse JSON + // try to parse json if err := json.Unmarshal([]byte(line), &logEntry); err != nil { log.Println("⚠️ Failed to parse JSON:", err) - continue // Skip invalid JSON lines + // skip invalid json lines + // very crucial as modsecurity does not respect the json spec + continue } - // Send only the first message from messages[] + // send index 0 element will do if len(logEntry.AuditData.Messages) > 0 { sendTelegramAlert(bot, logEntry.AuditData.Messages[0]) } } - // Update last read position + // update last read position lastReadPosition, _ = file.Seek(0, os.SEEK_CUR) if err := scanner.Err(); err != nil { - log.Println("❌ Error reading log file:", err) + log.Println("Error reading log file:", err) } } @@ -119,6 +122,6 @@ func sendTelegramAlert(bot *tg.BotAPI, message string) { msg := tg.NewMessage(telegramChatID, fmt.Sprintf("🚨 *WEEWOO ALERT* 🚨\n%s", message)) _, err := bot.Send(msg) if err != nil { - log.Println("❌ Failed to send Telegram message:", err) + log.Println("Failed to send Telegram message:", err) } }