Skip to main content

Intelmq-API is a REST API to manage an intelmq, a solution for IT security teams for collecting and processing security feeds

Project description

Build Status

intelmq-api is a hug based API for the intelmq project.

Installing and running intelmq-api

intelmq-api requires at least Python 3.6.

Install intelmq-api using your preferred package installation mechanism (pip, apt, yum, dnf…).

  • pip install intelmq-api

  • apt install intelmq-api

  • yum install intelmq-api

  • zypper install intelmq-api

Depending on your setup you might have to install sudo to make it possible for the intelmq-api to run the intelmq command as the user-account usually used to run intelmq (which is also often called intelmq).

You can run intelmq-api directly using hug:

hug -m intelmq_api.serve

Or using uwsgi

uwsgi --http 0.0.0.0:8000 -w intelmq_api.serve --callable __hug_wsgi__

Or using gunicorn

gunicorn intelmq_api.serve:__hug_wsgi__

The intelmq-api provides the route /api for managing the intelmq installation. If it has access to an installation of the intelmq-manager files it serves them under the /management route.

Configuring intelmq-api

intelmq-api is configured using a configuration file in json format. The path to the configuration file is set using the environment variable INTELMQ_MANAGER_CONFIG. When running the API using hug, you can set the environment variable like this:

INTELMQ_MANAGER_CONFIG=intelmq-api-config.json hug -m intelmq_api.serve

A sample configuration file intelmq-api-config.json is part of the distribution, it is also listed here fore reference. In this configuration the setting session_store is disabled by prepending it with an underscore:

{
        "intelmq_ctl_cmd": ["intelmqctl"],
        "allowed_path": "/opt/intelmq/var/lib/bots/",
        "_session_store": "/tmp/intelmq-session.sqlite",
        "session_duration": 86400,
        "allow_origins": ["*"],
        "html_dir": "/usr/share/intelmq-manager/html/"
}

The following configuration options are available:

  • intelmq_ctl_cmd: Your intelmqctl command. If this is not set in a configuration file the default is used, which is ["sudo", "-u", "intelmq", "/usr/local/bin/intelmqctl"]

    The option “intelmq_ctl_cmd” is a list of strings so that we can avoid shell-injection vulnerabilities because no shell is involved when running the command. This means that if the command you want to use needs parameters, they have to be separate strings.

  • allowed_path: intelmq-api can grant read-only access to specific files- this setting defines the path those files can reside in

  • session_store: this is an optional path to a sqlite database, which is used for sesssion storage and authentication. If it is not set (which is the default), no authentication is used!

  • session_duration: the maximal duration of a session, its 86400 seconds by default

  • allow_origins: a list of origins the responses of the API can be shared with. Allows every origin by default.

  • html_dir: the path to the html files of the intelmq-manager. If this path exists it is served under the path /management

Adding a user

If you set theh session_store configuration setting you have to create a user to be able to access the API functionality. You can do this also using hug:

hug -m intelmq_api.serve -c add_user <username>

Usual problems

If the command is not configured correctly, you’ll see exceptions on startup like this:

intelmq_manager.runctl.IntelMQCtlError: <ERROR_MESSAGE>

This means the intelmqctl command could not be executed as a subprocess. The <ERROR_MESSAGE> should indicate why.

To save the positions of the bots in the configuration map, you need an existing writable manager/positions.conf file. If it’s missing, just create an empty one.

Type checking

Except for the parts that directly deal with hug, the code can be typechecked with mypy. To run the type checker, start with the module serve:

mypy intelmq_manager/serve.py

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

intelmq-api-2.3.0a3.tar.gz (13.7 kB view details)

Uploaded Source

Built Distribution

intelmq_api-2.3.0a3-py3-none-any.whl (15.2 kB view details)

Uploaded Python 3

File details

Details for the file intelmq-api-2.3.0a3.tar.gz.

File metadata

  • Download URL: intelmq-api-2.3.0a3.tar.gz
  • Upload date:
  • Size: 13.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.25.1 setuptools/44.1.1 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.8.6

File hashes

Hashes for intelmq-api-2.3.0a3.tar.gz
Algorithm Hash digest
SHA256 a09bacc083edab916de197ddd02e128a4775892feef7e5fbc41c8e31a56bedea
MD5 3d45d53e1cff126129c43cd20daf73b0
BLAKE2b-256 7e8ec5edb7fa69281ea8afbfa81140597a89d314359a217430a6d537f5d9d4d6

See more details on using hashes here.

File details

Details for the file intelmq_api-2.3.0a3-py3-none-any.whl.

File metadata

  • Download URL: intelmq_api-2.3.0a3-py3-none-any.whl
  • Upload date:
  • Size: 15.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.25.1 setuptools/44.1.1 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.8.6

File hashes

Hashes for intelmq_api-2.3.0a3-py3-none-any.whl
Algorithm Hash digest
SHA256 2f6a57476b1ff94df9e0e89c54b2e2fdfda6c7b209aa7f5eed6cea3827cdf8ac
MD5 b958c73232e0175eb67be45c767ce267
BLAKE2b-256 788d444a85d5cb09982cbab81e59b67ed73799d06264243a3113a9e17f35f353

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page