Make webhook configurable

main.go

@@ -7,11 +7,13 @@ import (
 	"net"
 	"os"
 	"sflow-abuse/src"
+	"strings"
 	"syscall"
 	"time"
+
+	"github.com/go-ini/ini"
 )
 
-// Function to check if an IP address is within any of the specified subnets.
 func isIPInSubnets(ip string, subnets []string, ignored []string) bool {
 	addr := net.ParseIP(ip)
 	if addr == nil {
@@ -34,12 +36,36 @@ func isIPInSubnets(ip string, subnets []string, ignored []string) bool {
 }
 
 func main() {
-	// Define the path for the named pipe (FIFO).
-	pipePath := "/tmp/sflow-abuse"
+	cfg, err := ini.Load("config.ini")
+	if err != nil {
+		fmt.Printf("Failed to read configuration file: %v\n", err)
+		return
+	}
+
+	// Read the values from the sections
+	generalSection := cfg.Section("General")
+	pipePath := generalSection.Key("PipePath").String()
+
+	monitoringSection := cfg.Section("Monitoring")
+	monitoredPorts := monitoringSection.Key("MonitoredPorts").String()
+	// Split the comma-separated ports into a slice
+	monitoredPortSlice := strings.Split(monitoredPorts, ",")
+
+	thresholdsSection := cfg.Section("Thresholds")
+	timeThreshold, err := thresholdsSection.Key("TimeThreshold").Int()
+	if err != nil {
+		fmt.Printf("Invalid TimeThreshold: %v\n", err)
+		return
+	}
+	packetCountThreshold, err := thresholdsSection.Key("PacketCountThreshold").Int()
+	if err != nil {
+		fmt.Printf("Invalid PacketCountThreshold: %v\n", err)
+		return
+	}
 
 	// Create the named pipe (FIFO) if it doesn't exist.
 	if _, err := os.Stat(pipePath); os.IsNotExist(err) {
-		if err := syscall.Mkfifo(pipePath, 0666); err != nil {
+		if err := syscall.Mkfifo(pipePath, 0660); err != nil {
 			fmt.Printf("Error creating named pipe: %v\n", err)
 			return
 		}
@@ -77,11 +103,12 @@ func main() {
 
 	// Print the subnets that will be used for filtering.
 	fmt.Printf("Loaded %d subnets: %v\n", len(subnets), subnets)
+	fmt.Printf("Loaded %d monitored ports: %v\n", len(monitoredPortSlice), monitoredPortSlice)
 	fmt.Printf("Loaded %d ignored subnets: %v\n", len(ignored), ignored)
 
 	// Create an instance of EventCounter to track events.
-	eventCounter := src.NewEventCounter(10*time.Second, src.HandleAlert)
-	go eventCounter.StartMonitoring()
+	eventCounter := src.NewEventCounter(time.Duration(timeThreshold)*time.Second, src.HandleAlert)
+	go eventCounter.StartMonitoring(packetCountThreshold)
 
 	// Open the named pipe for reading.
 	pipeFile, err := os.OpenFile(pipePath, os.O_RDONLY, os.ModeNamedPipe)
@@ -111,12 +138,15 @@ func main() {
 		if len(row) >= 16 {
 			if net.ParseIP(row[9]) != nil {
 				sourceIP := row[9]
-				// Check if the source IP is within any of the specified subnets.
-				if isIPInSubnets(sourceIP, subnets, ignored) {
-					destinationPort := row[15]
+				destinationPort := row[15]
 
-					// Count the event for the source IP and port combination.
-					eventCounter.CountEvent(sourceIP, destinationPort)
+				// Check if the destination port is in the list of monitored ports.
+				if containsPort(monitoredPortSlice, destinationPort) {
+					// Check if the source IP is within any of the specified subnets.
+					if isIPInSubnets(sourceIP, subnets, ignored) {
+						// Count the event for the source IP and port combination.
+						eventCounter.CountEvent(sourceIP, destinationPort)
+					}
 				}
 			}
 		}
@@ -125,3 +155,12 @@ func main() {
 	// Stop the event monitoring when finished.
 	eventCounter.StopMonitoring()
 }
+
+func containsPort(ports []string, port string) bool {
+	for _, p := range ports {
+		if p == port {
+			return true
+		}
+	}
+	return false
+}