Feb 15th 2023 update

2025-10-05 22:09:20 +03:00 · 2023-02-15 19:09:38 +00:00
parent f7934cd09d
commit 6a9b33ff93
159 changed files with 16474 additions and 2096 deletions
--- a/core/logging/cef_stream.cc
+++ b/core/logging/cef_stream.cc
@@ -11,6 +11,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

+#include <arpa/inet.h>
+
 #include "logging_comp.h"
 #include "log_streams.h"

@@ -19,11 +21,16 @@ using namespace cereal;

 USE_DEBUG_FLAG(D_REPORT);

-CefStream::CefStream(const string &_ip_address, int _port)
+static string lookup_cmd = "nslookup ";
+static string line_selection_cmd = "| grep Address | sed -n 2p";
+static string parsing_cmd = "| cut -f2 -d' ' | tr -d '\n'";
+
+CefStream::CefStream(const string &_address, int _port, I_Socket::SocketType _protocol)
        :
    i_socket(Singleton::Consume<I_Socket>::by<LoggingComp>()),
-    ip_address(_ip_address),
-    port(_port)
+    address(_address),
+    port(_port),
+    protocol(_protocol)
 {
    connect();
    if (!socket.ok()) {
@@ -65,17 +72,57 @@ CefStream::sendLog(const Report &log)
 void
 CefStream::connect()
 {
-    auto cef_ip_address = getProfileAgentSettingWithDefault<string>(ip_address, "agent.config.log.cefServer.IP");
+    auto cef_address = getProfileAgentSettingWithDefault<string>(address, "agent.config.log.cefServer.IP");
    auto cef_port = getProfileAgentSettingWithDefault<uint>(port, "agent.config.log.cefServer.port");

-    if (cef_ip_address.empty()) {
-        dbgWarning(D_REPORT) << "Cannot connect to CEF server, IP is not configured.";
+    if (cef_address.empty()) {
+        dbgWarning(D_REPORT) << "Cannot connect to CEF server, IP/Domain is not configured.";
        return;
    }
+
+    struct in_addr addr;
+    if (inet_pton(AF_INET, cef_address.data(), &addr) != 1) {
+        I_ShellCmd *shell_cmd = Singleton::Consume<I_ShellCmd>::by<LoggingComp>();
+        string host_cmd = lookup_cmd + cef_address + line_selection_cmd + parsing_cmd;
+        Maybe<string> res = shell_cmd->getExecOutput(host_cmd, 500);
+        if (!res.ok()) {
+            dbgWarning(D_REPORT)
+                << "Failed to execute domain lookup command. "
+                << "CEF Domain: "
+                << cef_address
+                << "Error: "
+                << res.getErr();
+            return;
+        }
+
+        if (res.unpack().empty()) {
+            dbgWarning(D_REPORT)
+                << "Got en empty ip address from lookup command. "
+                << "CEF Domain: "
+                << cef_address
+                << "Got bad ip address: "
+                << res.unpack();
+            return;
+        }
+
+        dbgDebug(D_REPORT) << "CEF Domain lookup result: " << res.unpack();
+        if (inet_pton(AF_INET, res.unpack().data(), &addr) != 1) {
+            dbgWarning(D_REPORT)
+                << "Got a faulty ip address from lookup command. "
+                << "CEF Domain: "
+                << cef_address
+                << "Got bad ip address: "
+                << res.unpack();
+            return;
+        }
+        
+        cef_address = res.unpack();
+    }
+
    socket = i_socket->genSocket(
-        I_Socket::SocketType::UDP,
+        protocol,
        false,
        false,
-        cef_ip_address + ":" + to_string(cef_port)
+        cef_address + ":" + to_string(cef_port)
    );
 }