Add option to disable pprof and writable configdir

cmd/dsiem/main.go

@@ -11,7 +11,6 @@ import (
 	"time"
 
 	log "github.com/defenxor/dsiem/internal/pkg/shared/logger"
-	"github.com/defenxor/dsiem/internal/pkg/shared/pprof"
 
 	"github.com/defenxor/dsiem/internal/pkg/dsiem/alarm"
 	"github.com/defenxor/dsiem/internal/pkg/dsiem/asset"
@@ -53,7 +52,8 @@ func init() {
 	serverCmd.Flags().IntP("minEPS", "i", 100, "Min. events/second rate allowed when throttling incoming events")
 	serverCmd.Flags().IntP("holdDuration", "n", 10, "Duration in seconds before resetting overload condition state")
 	serverCmd.Flags().Bool("apm", false, "Enable elastic APM instrumentation")
-	serverCmd.Flags().String("pprof", "", "Generate performance profiling information for either cpu, mutex, memory, or block.")
+	serverCmd.Flags().Bool("writeableConfig", false, "Whether to allow configuration file update through HTTP")
+	serverCmd.Flags().Bool("pprof", false, "Enable go pprof on the web interface")
 	serverCmd.Flags().Bool("trace", false, "Generate 10 seconds trace file for debugging.")
 	serverCmd.Flags().StringP("mode", "m", "standalone", "Deployment mode, can be set to standalone, cluster-frontend, or cluster-backend")
 	serverCmd.Flags().IntP("cacheDuration", "c", 10, "Cache expiration time in minutes for intel and vuln query results")
@@ -90,6 +90,7 @@ func init() {
 	viper.BindPFlag("medRiskMin", serverCmd.Flags().Lookup("medRiskMin"))
 	viper.BindPFlag("medRiskMax", serverCmd.Flags().Lookup("medRiskMax"))
 	viper.BindPFlag("filePattern", validateCmd.Flags().Lookup("filePattern"))
+	viper.BindPFlag("writeableConfig", validateCmd.Flags().Lookup("writeableConfig"))
 }
 
 func initConfig() {
@@ -172,7 +173,7 @@ external message queue.`,
 		webDir := path.Join(d, "web", "dist")
 		addr := viper.GetString("address")
 		port := viper.GetInt("port")
-		pp := viper.GetString("pprof")
+		pprof := viper.GetBool("pprof")
 		mode := viper.GetString("mode")
 		msq := viper.GetString("msq")
 		node := viper.GetString("node")
@@ -183,6 +184,7 @@ external message queue.`,
 		holdDuration := viper.GetInt("holdDuration")
 		cacheDuration := viper.GetInt("cacheDuration")
 		esapm := viper.GetBool("apm")
+		writeableConfig := viper.GetBool("writeableConfig")
 
 		if err := checkMode(mode, msq, node, frontend); err != nil {
 			exit("Incorrect mode configuration", err)
@@ -192,13 +194,15 @@ external message queue.`,
 			exit("Incorrect EPS setting", errors.New("minEPS must be <= than maxEPS"))
 		}
 
+		/* disable this in favor of pprof web interfae
 		if pp != "" {
 			f, err := pprof.GetProfiler(pp)
 			if err != nil {
 				exit("Cannot start profiler", err)
 			}
 			defer f.Stop()
 		}
+		*/
 
 		if traceFlag {
 			fo, err := ioutil.TempFile(os.TempDir(), progName+"*.trace")
@@ -274,7 +278,7 @@ external message queue.`,
 		expcounter.Init(mode)
 
 		err = server.Start(
-			eventChan, bpChan, confDir, webDir,
+			eventChan, bpChan, confDir, webDir, writeableConfig, pprof,
 			mode, maxEPS, minEPS, msq, progName, node, addr, port)
 		if err != nil {
 			exit("Cannot start server", err)

internal/pkg/dsiem/server/server.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"runtime"
 	"strconv"
 	"sync"
 	"sync/atomic"
@@ -47,18 +48,19 @@ var rateCounter = rc.NewRateCounter(1 * time.Second)
 
 // Start starts the server
 func Start(ch chan<- event.NormalizedEvent, bpCh <-chan bool, confd string, webd string,
-	serverMode string, maxEPS int, minEPS int, msqCluster string,
-	msqPrefix string, nodeName string, addr string, port int) error {
+	writeableConfig bool, pprof bool, serverMode string, maxEPS int, minEPS int, msqCluster string,
+	msqPrefix string, nodeName string, addr string, port int) (err error) {
 
 	if a := net.ParseIP(addr); a == nil {
-		return errors.New(addr + " is not a valid IP address")
+		err = errors.New(addr + " is not a valid IP address")
+		return
 	}
 	if port < 1 || port > 65535 {
-		return errors.New("Invalid TCP port number")
+		err = errors.New("Invalid TCP port number")
+		return
 	}
 
 	mode = serverMode
-	// msq = msqCluster
 
 	if mode == "cluster-frontend" {
 		initMsgQueue(msqCluster, msqPrefix, nodeName)
@@ -80,10 +82,14 @@ func Start(ch chan<- event.NormalizedEvent, bpCh <-chan bool, confd string, webd
 	router.GET("/config/:filename", handleConfFileDownload)
 	router.GET("/config/", handleConfFileList)
 	router.GET("/debug/vars/", expVarHandler)
-	router.GET("/debug/pprof/:name", pprofHandler)
-	router.GET("/debug/pprof/", pprofHandler)
-	router.POST("/config/:filename", handleConfFileUpload)
-	router.DELETE("/config/:filename", handleConfFileDelete)
+	if pprof {
+		router.GET("/debug/pprof/:name", pprofHandler)
+		router.GET("/debug/pprof/", pprofHandler)
+	}
+	if writeableConfig {
+		router.POST("/config/:filename", handleConfFileUpload)
+		router.DELETE("/config/:filename", handleConfFileDelete)
+	}
 
 	if mode != "cluster-backend" {
 
@@ -92,10 +98,9 @@ func Start(ch chan<- event.NormalizedEvent, bpCh <-chan bool, confd string, webd
 		if maxEPS == 0 || minEPS == 0 {
 			router.POST("/events", handleEvents)
 		} else {
-			var err error
 			epsLimiter, err = limiter.New(maxEPS, minEPS)
 			if err != nil {
-				return err
+				return
 			}
 			router.POST("/events", rateLimit(epsLimiter.Limit(), 3*time.Second, handleEvents))
 		}
@@ -104,13 +109,16 @@ func Start(ch chan<- event.NormalizedEvent, bpCh <-chan bool, confd string, webd
 
 		overloadManager()
 	}
-	ln, err := reuseport.Listen("tcp4", addr+":"+p)
-	if err != nil {
-		return err
+	if runtime.GOOS == "windows" {
+		err = fasthttp.ListenAndServe(addr+":"+p, router.Handler)
+	} else {
+		ln, err := reuseport.Listen("tcp4", addr+":"+p)
+		if err != nil {
+			return err
+		}
+		err = fasthttp.Serve(ln, router.Handler)
 	}
-
-	err = fasthttp.Serve(ln, router.Handler)
-	return err
+	return
 }
 
 // CounterRate return the rate of EPS