Skip to content

Commit

Permalink
create + enable threat feeds before pushing blocklists
Browse files Browse the repository at this point in the history
  • Loading branch information
@cooperlarson
cooperlarson committed Sep 2, 2024
1 parent 85d1b1d commit 8f7eaac
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 41 deletions.
3 changes: 3 additions & 0 deletions include/forti_hole.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,14 @@ class FortiHole {

void merge();
void build_threat_feed_info();
void create_threat_feeds();
void enable_filters_and_policies();
void update_threat_feeds();
void create_file(const std::string& filename, const std::vector<std::string>& lines) const;
void remove_extra_files(unsigned int security_level, unsigned int file_index);

std::string get_file_name(unsigned int security_level, unsigned int file_index);

static void remove_all_custom_threat_feeds();

public:
Expand Down
93 changes: 52 additions & 41 deletions src/forti_hole.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,21 +17,24 @@ void FortiHole::operator()() {
if (!std::filesystem::exists(config.output_dir)) std::filesystem::create_directories(config.output_dir);
if (config.remove_all_threat_feeds_on_run) remove_all_custom_threat_feeds();

std::cout << "Consolidating data...\n" << std::endl;
std::cout << "Consolidating data..." << std::endl;
merge();

std::cout << "Gathering threat feed statistics...\n" << std::endl;
std::cout << "Gathering threat feed information..." << std::endl;
build_threat_feed_info();

std::cout << "Constructing files and updating threat feeds...\n" << std::endl;
update_threat_feeds();
std::cout << "Creating threat feed containers..." << std::endl;
create_threat_feeds();

std::cout << "\nActivating threat-feeds in dns-filters & updating firewall policies...\n" << std::endl;
std::cout << "Updating firewall policies..." << std::endl;
enable_filters_and_policies();

std::cout << "Constructing files and pushing threat feeds...\n" << std::endl;
update_threat_feeds();

auto end = std::chrono::high_resolution_clock::now();
auto duration = std::chrono::duration_cast<std::chrono::seconds>(end - start);
std::cout << "forti-hole finished successfully in " << duration.count() << 's' << std::endl;
std::cout << "\nforti-hole finished successfully in " << duration.count() << 's' << std::endl;
}

void FortiHole::merge() {
Expand All @@ -53,45 +56,15 @@ void FortiHole::build_threat_feed_info() {
}
}

void FortiHole::update_threat_feeds() {
auto category = config.categories.base;
for (const auto& [security_level, _] : lists_by_security_level) {
void FortiHole::create_threat_feeds() {
for (unsigned int security_level = 0; security_level < info_by_security_level.size(); security_level++) {
auto info = info_by_security_level[security_level];

std::cout << "Security Level " << security_level
<< ": { "
<< "Files: " << info.file_count
<< ", LPF: " << info.lines_per_file
<< " }" << std::endl;

auto iter = lists_by_security_level[security_level].begin();
for (size_t i = 0; i < info.file_count; ++i) {
auto filename = get_file_name(security_level, i + 1);

std::vector<std::string> to_upload;
to_upload.reserve(info.lines_per_file + info.extra);

size_t count = info.lines_per_file + (i < info.extra ? 1 : 0);
for (size_t j = 0; j < count; ++j) {
to_upload.push_back(*iter);
++iter;
}

std::cout << "\nBuilt file: " << filename << " with " << to_upload.size() << " lines." << std::endl;

if (config.write_files_to_disk) create_file(filename, to_upload);

auto category = info.category_base;
for (unsigned int file_index = 0; file_index < info.file_count; ++file_index) {
auto filename = get_file_name(security_level, file_index + 1);
if (!ThreatFeed::contains(filename)) ThreatFeed::add(filename, category);
ThreatFeed::update_feed({{filename, to_upload}});
std::cout << "Successfully uploaded to FortiGate: " << filename << std::endl;

// give the FortiGate a chance to process the new data,
// prevents network interruptions from buffer overflow
std::this_thread::sleep_for(std::chrono::seconds(1));
++category;
}

remove_extra_files(security_level, info.file_count + 1);
}
}

Expand Down Expand Up @@ -129,6 +102,44 @@ void FortiHole::enable_filters_and_policies() {
}
}

void FortiHole::update_threat_feeds() {
for (const auto& [security_level, _] : lists_by_security_level) {
auto info = info_by_security_level[security_level];

std::cout << "Security Level " << security_level
<< ": { "
<< "Files: " << info.file_count
<< ", LPF: " << info.lines_per_file
<< " }" << std::endl;

auto iter = lists_by_security_level[security_level].begin();
for (size_t i = 0; i < info.file_count; ++i) {
auto filename = get_file_name(security_level, i + 1);

std::vector<std::string> to_upload;
to_upload.reserve(info.lines_per_file + info.extra);

size_t count = info.lines_per_file + (i < info.extra ? 1 : 0);
for (size_t j = 0; j < count; ++j) {
to_upload.push_back(*iter);
++iter;
}

std::cout << "\nBuilt file: " << filename << " with " << to_upload.size() << " lines." << std::endl;

if (config.write_files_to_disk) create_file(filename, to_upload);
ThreatFeed::update_feed({{filename, to_upload}});
std::cout << "Successfully uploaded to FortiGate: " << filename << std::endl;

// give the FortiGate a chance to process the new data,
// prevents network interruptions from buffer overflow
std::this_thread::sleep_for(std::chrono::seconds(1));
}

remove_extra_files(security_level, info.file_count + 1);
}
}

void FortiHole::create_file(const std::string& filename, const std::vector<std::string>& lines) const {
std::string filename_w_extension = std::filesystem::current_path().string() + '/' + config.output_dir
+ '/' + filename + ".txt";
Expand Down

0 comments on commit 8f7eaac

Please sign in to comment.