From a9aefdeb9a6ab7e088e09436989b397978783478 Mon Sep 17 00:00:00 2001
From: 4quarks <root@pdnssocdanny.cern.ch>
Date: Thu, 19 Sep 2024 15:16:25 +0200
Subject: [PATCH] Delete repeated files

---
 files/configuration/dnscollector/client.yml   | 46 ----------
 .../dnscollector/dnscollector.service         | 15 ----
 .../dnscollector/postrotate_query.sh          |  8 --
 files/configuration/dnscollector/server.yml   | 54 -----------
 .../pdnssoccli/notification_email.html        | 90 -------------------
 .../configuration/pdnssoccli/pdnssoccli.cron  | 11 ---
 files/configuration/pdnssoccli/pdnssoccli.yml | 44 ---------
 files/configuration/test_lab/named.conf       | 55 ------------
 8 files changed, 323 deletions(-)
 delete mode 100644 files/configuration/dnscollector/client.yml
 delete mode 100644 files/configuration/dnscollector/dnscollector.service
 delete mode 100755 files/configuration/dnscollector/postrotate_query.sh
 delete mode 100644 files/configuration/dnscollector/server.yml
 delete mode 100644 files/configuration/pdnssoccli/notification_email.html
 delete mode 100644 files/configuration/pdnssoccli/pdnssoccli.cron
 delete mode 100644 files/configuration/pdnssoccli/pdnssoccli.yml
 delete mode 100644 files/configuration/test_lab/named.conf

diff --git a/files/configuration/dnscollector/client.yml b/files/configuration/dnscollector/client.yml
deleted file mode 100644
index cb30c45..0000000
--- a/files/configuration/dnscollector/client.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-################################################
-# Collector configuration
-################################################
-global:
-  trace:
-    verbose: false
-  # Modify with your server ID provided by your destination pDNSSOC server
-  server-identity: "SERVER_ID"
-
-  text-format: "timestamp-rfc3339ns identity operation rcode queryip queryport family protocol length qname qtype latency"
-  # default text field delimiter
-  text-format-delimiter: " "
-  # default text field boundary
-  text-format-boundary: "\""
-
-multiplexer:
-  collectors:
-    - name: sniff
-      afpacket-sniffer:
-        device: eth0 # modify with the appropriate interface
-        port: 53 # modify with the appropriate port
-        chan-buffer-size: 65535
-      transforms:
-        filtering:
-          log-queries: false
-          log-replies: true
-
-  loggers:
-    - name: dnstap_pdnssoc
-      dnstapclient:
-        remote-address: pdnssoc_server_ip # Modify with the target pdnssoc destination
-        remote-port: pdnssoc_server_port # Modify accordingly i.e. 7001
-        connect-timeout: 5
-        retry-interval: 10
-        flush-interval: 10
-        tls-support: false
-        tls-insecure: false
-        server-id: "ID_PDNSSOC"
-        buffer-size: 100
-        chan-buffer-size: 65535
-
-  routes:
-    - from: [ sniff ] # enable if sniffing with AF_PACKET
-        # Enable if using dnstap
-        #- dnstap_socket
-      to: [ dnstap_pdnssoc ]
diff --git a/files/configuration/dnscollector/dnscollector.service b/files/configuration/dnscollector/dnscollector.service
deleted file mode 100644
index 4f775a0..0000000
--- a/files/configuration/dnscollector/dnscollector.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Go DNS Collector Service
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/go-dnscollector -config /etc/dnscollector/config.yml
-ExecReload=/bin/kill -SIGHUP $MAINPID
-KillMode=process
-Restart=on-failure
-User=dnscollector
-Group=dnscollector
-WorkingDirectory=/etc/dnscollector
-
-[Install]
-WantedBy=multi-user.target
diff --git a/files/configuration/dnscollector/postrotate_query.sh b/files/configuration/dnscollector/postrotate_query.sh
deleted file mode 100755
index 36421da..0000000
--- a/files/configuration/dnscollector/postrotate_query.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-BACKUP_FOLDER=/var/dnscollector/queries/$(date +%Y-%m-%d)
-mkdir -p $BACKUP_FOLDER
-
-FILE_NAME=$(basename $1 .log)
-
-jq -c '. | {timestamp: .dnstap."timestamp-rfc3339ns", query: .dns.qname, client: .network."query-ip", server: .network."response-ip", client_id: .dnstap.identity , answers: .dns."resource-records".an }' $1 > $BACKUP_FOLDER/$FILE_NAME.json && gzip -S .gz_minified $BACKUP_FOLDER/$FILE_NAME.json
\ No newline at end of file
diff --git a/files/configuration/dnscollector/server.yml b/files/configuration/dnscollector/server.yml
deleted file mode 100644
index fd4aabb..0000000
--- a/files/configuration/dnscollector/server.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-################################################
-# Collector configuration
-################################################
-global:
-  pid-file: "/var/dnscollector/collector.pid"
-  trace:
-    verbose: false
-  server-identity: "pDNSSOC_SERVER"
-  text-format: "timestamp-rfc3339ns qr identity operation rcode queryip queryport protocol qname qtype name"
-  # default text field delimiter
-  text-format-delimiter: " "
-  # default text field boundary
-  text-format-boundary: "\""
-
-
-pipelines:
- - name: dnstap
-   dnstap:
-    listen-ip: 0.0.0.0
-    listen-port: 7001
-    chan-buffer-size: 655350
-   transforms:
-     filtering:
-        log-queries: false
-        log-replies: true
-   routing-policy:
-        forward: [ filelogdomains, filelogips, fileall ]     
-
- - name: filelogdomains
-   logfile:
-    file-path: /var/dnscollector/matches/matches_domains.json
-    mode: json
-   transforms:
-     filtering:
-      keep-fqdn-file: '/var/dnscollector/misp_domains.txt'
-
- - name: filelogips
-   logfile:
-        file-path: /var/dnscollector/matches/matches_ips.json
-        mode: json
-   transforms:
-     filtering:
-      keep-rdata-file: '/var/dnscollector/misp_ips.txt'
-
- - name: fileall
-   logfile:
-        file-path: /var/dnscollector/queries/queries.json
-        mode: json
-        flush-interval: 1
-        # Tune the size and number of files used for retro searches here:
-        max-size: 200
-        max-files: 5
-        chan-buffer-size: 65535
-        postrotate-delete-success: true
diff --git a/files/configuration/pdnssoccli/notification_email.html b/files/configuration/pdnssoccli/notification_email.html
deleted file mode 100644
index 301846f..0000000
--- a/files/configuration/pdnssoccli/notification_email.html
+++ /dev/null
@@ -1,90 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-        <style>
-            body {
-                font-family: sans-serif;
-                font-size: 10pt;
-            }
-            h1 {
-                font-size: 16pt;
-            }
-            table th {
-                padding: 10px;
-                border-top: 1px solid #fafafa;
-                border-bottom: 1px solid #e0e0e0;
-                background: #ededed;
-                background: -webkit-gradient(linear, left top, left bottom, from(#ededed), to(#ebebeb));
-                background: -moz-linear-gradient(top, #ededed, #ebebeb);
-            }
-            table {
-                border-collapse: collapse;
-                border-spacing: 0;
-            }
-            table td,
-            table th {
-                border: 1px solid #ccc;
-            }
-            table td {
-                padding: 2px 5px;
-            }
-        </style>
-    </head>
-    <body>
-        {% for sensor, alert_data in alerts.items() %}
-        <h1>{{  sensor }}</h1>
-        <table>
-            <tbody>
-                <tr>
-                    <th>DNS client</th>
-                    <th>Query</th>
-                    <th>Answers</th>
-                    <th>First DNS query</th>
-                    <th>MISP IOC</th>
-                    <th>MISP Event</th>
-                    <th>Publication</th>
-                    <th>Organization</th>
-                    <th>Comment</th>
-                    <th>Tags</th>
-                </tr>
-
-                {% for client, client_data in alert_data.items()|sort(attribute='0') %}
-                {% for query, query_data in client_data.items()|sort(attribute='1.first_occurence') %}
-                <tr>
-                    <td rowspan="{{ (query_data['events'] | length ) + 1  }}" style="text-align: left;">{{ client }}</td>
-                    <td rowspan="{{ (query_data['events'] | length ) + 1  }}" style="text-align: left;">{{ query }}</td>
-
-                    <td rowspan="{{ (query_data['events'] | length ) + 1  }}" style="text-align: left;">
-                            {% for answer in query_data['answers'] %}
-                            {{ answer }}<br>
-                            {% endfor %}
-                    </td>
-                    <td rowspan="{{ (query_data['events'] | length ) + 1  }}" style="text-align: left;">{{ query_data['first_occurence'] }}</td>
-                    {% for event_uuid, event in query_data['events'].items()|sort(attribute='1.publication')|reverse %}
-                        <tr>
-                            <td style="text-align: left;">{{ event["ioc"] }}</td>
-                            <td style="text-align: left;"><a href="{{ event['event_url'] }}" target="_new">{{ event["info"] }}</a></td>
-                            <td style="text-align: left;">{{  event["publication"] }}</td>
-                            <td style="text-align: left;">{{  event["organization"] }}</td>
-                            <td style="text-align: left;">{{  event["comment"] }}</td>
-                            <td style="text-align: left;">
-                                {% for tag in event["tags"]%}
-                                    <span style="background: {{ tag["colour"] }};">
-                                        <b><span style="color: #fff; mix-blend-mode: difference; padding: 5px;">{{ tag["name"] }}</span></b><br>
-                                    </span>
-                                {% endfor %}
-                            </td>
-                        </tr>
-                    {% endfor %}
-                </tr>
-                <tr>
-                </tr>
-                {% endfor %}
-                {% endfor %}
-            </tbody>
-        </table>
-
-        {% endfor %}
-    </body>
-</html>
\ No newline at end of file
diff --git a/files/configuration/pdnssoccli/pdnssoccli.cron b/files/configuration/pdnssoccli/pdnssoccli.cron
deleted file mode 100644
index 83dcb3f..0000000
--- a/files/configuration/pdnssoccli/pdnssoccli.cron
+++ /dev/null
@@ -1,11 +0,0 @@
-LANG=nb_NO.UTF-8
-LC_ALL=nb_NO.UTF-8
-
-# Run fetch_iocs every 1 minute
-* * * * * root (pdnssoc-cli fetch-iocs && /bin/kill -SIGHUP $(cat /var/dnscollector/collector.pid)) >> /var/log/pdnssoc-cli-fetch-iocs.log 2>&1
-
-# Run correlation & alert every 1 minute
-* * * * * root pdnssoc-cli correlate  /var/dnscollector/matches >> /var/log/pdnssoc-cli-correlate.log 2>&1 &&  pdnssoc-cli alert /var/dnscollector/alerts/ >> /var/log/pdnssoc-cli-alert.log 2>&1
-
-# Retro-active searches every hour, if the system is not overloaded
-5 * * * * root ([ $(awk '{print $1}' /proc/loadavg) \< 0.5 ] && pdnssoc-cli  correlate --retro_disco_lookup /var/dnscollector/queries/) >> /var/log/pdnssoc-cli-retro.log  2>&1
diff --git a/files/configuration/pdnssoccli/pdnssoccli.yml b/files/configuration/pdnssoccli/pdnssoccli.yml
deleted file mode 100644
index cae4a17..0000000
--- a/files/configuration/pdnssoccli/pdnssoccli.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-logging_level: "INFO"
-#logging_level: "DEBUG"
-misp_servers:
-  - domain: "https://your.misp.server/"
-    api_key: "<API_key>j"
-    verify_ssl: true
-    debug: false 
-    # misp.search() arguments
-    args:
-      enforce_warninglist: True
-    periods:
-      generic:
-        delta:
-          days: 7
-      tags:
-      - names:
-          - "apt"
-          - "tlp:amber"
-        delta: 
-          days: 150 
-
-correlation:
-  input_dir: /var/dnscollector/queries # use this if no files are defined from commmand line
-  output_dir: /var/dnscollector/alerts
-  archive_dir: /var/dnscollector/archive # use this as input for looking back
-  alerts_database: /var/dnscollector/alerts_db.txt
-  alerts_database_max_size: 300 #This is how many alerts we keep in the buffer before re-notifying  
-  malicious_domains_file: /var/dnscollector/misp_domains.txt
-  malicious_ips_file: /var/dnscollector/misp_ips.txt
-
-alerting:
-  # method: slack or email
-  slack: 
-    slack_hook: "https://hooks.slack.com/services/your_hook"
-#  email:
-#    from: "security@your_org.net"
-#    subject: "[pDNSSOC] your_org DNS alert"
-#    summary_to: "me@your_org.net"
-#    server: "localhost"
-#   port: 25
-#    template: /etc/pdnssoccli/alert_email.html
-#    mappings:
-#      - client_id: client_1
-#        contact: client_1_sec_team@domain.tld
diff --git a/files/configuration/test_lab/named.conf b/files/configuration/test_lab/named.conf
deleted file mode 100644
index 6c679c4..0000000
--- a/files/configuration/test_lab/named.conf
+++ /dev/null
@@ -1,55 +0,0 @@
-options {
-    directory "/var/opt/isc/scls/isc-bind/named/data";
-    listen-on port 53 { any; };
-    listen-on-v6 { none; };
-    allow-query { any; };
-    recursion yes;
-    allow-recursion { any; };
-#   forwarders {
-#       IP_TO_FORWARDER; # i.e. 8.8.8.8
-#   };
-    dnssec-validation no;
-    dnstap { all; };
-    dnstap-output file "/var/log/named/dnstap.log" size unlimited;
-#   response-policy { zone "rpz.local"; };
-};
-
-#zone "rpz.local" {
-#    type master;
-#    file "/var/opt/isc/scls/isc-bind/named/data/db.rpz";
-#};
-
-logging {
-	channel update_debug {
-		file "/var/log/named/update_debug.log" versions 3 size 250k;
-		severity debug;
-		print-severity	yes;
-		print-time		yes;
-	};
-	channel security_info {
-		file "/var/log/named/security_info.log" versions 1 size 250k;
-		severity	info;
-		print-category	yes;
-		print-severity	yes;
-		print-time	yes;
-	};
-	channel bind_log {
-		file "/var/log/named/bind.log" versions 3 size 1m;
-		severity	info;
-		print-category	yes;
-		print-severity	yes;
-		print-time	yes;
-	};
-#	channel rpzlog {
-#		file "/var/log/named/rpz.log" versions unlimited size 1000m;
-#		print-time yes;
-#		print-category yes;
-#		print-severity yes;
-#		severity info;
-#	};
-	category default { bind_log; };
-	category update { update_debug; };
-	category update-security { update_debug; };
-	category security { security_info; };
-#       category rpz { rpzlog; };
-};