#!/usr/bin/env python3 # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Configuration objects for Blocky/4 import asfpy.sqlite import elasticsearch import plugins.db_create import plugins.lists DEFAULT_EXPIRE = 86400 * 30 * 4 # Default expiry of auto-bans = 4 months DEFAULT_INDEX_PATTERN = "loggy-%Y-%m-%d" DEFAULT_HOST_BLOCK = "*" # Default hostname to block on. * means all hosts # These IP blocks should always be allowed and never blocked, or else... DEFAULT_ALLOW_LIST = [ "127.0.0.1/16", "10.0.0.1/16", "::1/128", ] class BlockyConfiguration: def __init__(self, yml): self.database_filepath = yml.get("database", "blocky.sqlite") self.sqlite = asfpy.sqlite.DB(self.database_filepath) self.default_expire_seconds = yml.get("default_expire", DEFAULT_EXPIRE) self.index_pattern = yml.get("index_pattern", DEFAULT_INDEX_PATTERN) self.elasticsearch_url = yml.get("elasticsearch_url") self.elasticsearch = elasticsearch.AsyncElasticsearch(hosts=[self.elasticsearch_url]) self.http_ip = yml.get("bind_ip", "127.0.0.1") self.http_port = int(yml.get("bind_port", 8080)) self.client_iptables = {} # Uploaded iptables from blocky clients. Only kept in memory. self.pubsub_host = yml.get('pubsub_host') self.pubsub_user = yml.get('pubsub_user') self.pubsub_password = yml.get('pubsub_password') # Create table if not there yet new_db = False if not self.sqlite.table_exists("rules"): print(f"Database file {self.database_filepath} is empty, initializing tables") self.sqlite.run(plugins.db_create.CREATE_DB_RULES) self.sqlite.run(plugins.db_create.CREATE_DB_LISTS) self.sqlite.run(plugins.db_create.CREATE_DB_AUDIT) print(f"Database file {self.database_filepath} has been successfully initialized") new_db = True # Init and fetch existing blocks and allows self.block_list = plugins.lists.List(self, "block") self.allow_list = plugins.lists.List(self, "allow") # Seed new DB with default allows if needed if new_db: for entry in DEFAULT_ALLOW_LIST: self.allow_list.add( ip=entry, timestamp=0, expires=-1, reason="Default allowed ranges (local network)", host="*", ) async def test_es(self): i = await self.elasticsearch.info() es_major = int(i["version"]["number"].split(".")[0]) assert es_major >= 7, "Blocky/4 requires ElasticSearch 7.x or higher"