Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security engine] Add expr helper to detect if IP is a local interface address #3302

Open
LaurenceJJones opened this issue Oct 28, 2024 · 2 comments
Open

[security engine] Add expr helper to detect if IP is a local interface address #3302

LaurenceJJones opened this issue Oct 28, 2024 · 2 comments
Labels
needs/kind needs/triage

Comments

@LaurenceJJones
Copy link
Contributor

This is following a user managing to ban their own WAN interface and I thought we could maybe have a discussion if this could be useful to have a helper or something 🤷🏻

So when you rent a VPS you get directly assigned a WAN IP which is viewable from ip addr for example.

Within golang you can use the net package to list all interfaces and gather details around those said interfaces.

package main

import (
	"fmt"
	"log"
	"net"
)

func main() {
	ifaces, err := net.Interfaces()
	if err != nil {
		log.Fatal(err)
	}
	fmt.Println("Interfaces:")
	for _, i := range ifaces {
		fmt.Printf("Name: %s\n", i.Name)
		fmt.Printf("Index: %d\n", i.Index)
		fmt.Printf("MTU: %d\n", i.MTU)
		fmt.Printf("HardwareAddr: %s\n", i.HardwareAddr)
		fmt.Printf("Flags: %s\n", i.Flags)
		fmt.Printf("MulticastAddrs: %s\n", i.MulticastAddrs)
		fmt.Println("Addrs:")
		addrs, err := i.Addrs()
		if err != nil {
			log.Fatal(err)
		}
		for _, addr := range addrs {
			switch v := addr.(type) {
			case *net.IPAddr:
				fmt.Printf("%v : %s (%s)\n", i.Name, v, v.IP.DefaultMask())

			case *net.IPNet:
				fmt.Printf("%v : %s [%v/%v]\n", i.Name, v, v.IP, v.Mask)
			}
		}
	}
}

The short code example above just showcases what information we can derive from said interfaces.

Now it could be interesting to have a helper for example that could be used:

IsLocalInterface("eth0", evt.Meta.source_ip)

This is not the best as for any user that has a dedicated IP address you would expect them to whitelist it by default, but most do not and could be a life saver when you dont want to accidentally ban yourself.

It just an idea not to be taken so seriously 😅
@github-actions GitHub Actions
Copy link

@LaurenceJJones: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@github-actions GitHub Actions
Copy link

@LaurenceJJones: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

  • /kind feature
  • /kind enhancement
  • /kind refactoring
  • /kind bug
  • /kind packaging
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs/kind needs/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@LaurenceJJones