diff --git a/CHANGELOG.md b/CHANGELOG.md index 35d1370c70..b6efaa84a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ Please refer to the [NEWS](NEWS.md) for a list of changes which have an affect o #### Outputs ### Documentation +- Updates to Contrib and Overview pages (PR#2672 by Sebastian Wagner). ### Packaging diff --git a/contrib/README.md b/contrib/README.md index 5281a9c532..9b5231ef24 100644 --- a/contrib/README.md +++ b/contrib/README.md @@ -1,5 +1,5 @@ @@ -8,9 +8,24 @@ SPDX-License-Identifier: AGPL-3.0-or-later This directory contains contributed scripts which are helpful for maintaining an IntelMQ instance. -* **cron-jobs**: cron job files for pulling in newer versions of supporting databases such as pyasn -* **logcheck**: logcheck ruleset to filter logs for error messages -* **config-backup**: simple Makefile for doing a `make backup` inside of `/opt/intelmq` in order to preserve the latest configurations -* **logrotate**: an example configuration for *logrotate* (`/etc/logrotate.d/` directory). +* **autostart**: Contains the start scripts and systemd units for the package `intelmq-autostart`. +* **bash-completion**: Bash completion scripts for the command line interfaces. Part of the package `intelmq`. * **check_mk**: Scripts for monitoring an IntelMQ instance with Check_MK. +* **config-backup**: simple Makefile for doing a `make backup` inside of `/opt/intelmq` in order to preserve the latest configurations +* **cron-jobs**: cron job files for pulling in newer versions of supporting databases such as pyasn * **development-tools**: Tools useful for development +* **elasticsearch**: Generate an ElasticSearch mapping +* **eventdb**: Some scripts related to the EventDB, see https://docs.intelmq.org/latest/admin/database/postgresql/#eventdb-utilities +* **example-extension-package**: An example bot extension package, see https://docs.intelmq.org/latest/dev/extensions-packages/ +* **feeds-config-generator**: Outdated tool to generate configuration snippets for feeds +* **logcheck**: logcheck ruleset to filter logs for error messages +* **logrotate**: an example configuration for *logrotate* (`/etc/logrotate.d/` directory). Part of the package `intelmq`. +* **malware_name_mapping**: Script to download the malware name mapping and convert it to IntelMQ syntax +* **systemd**: Scripts to generate systemd unit files +* **tmpfiles.d**: systemd `tmpfiles.d` configuration + +## Packages + +When you have IntelMQ installed via packages, these scripts are part of the package `intelmq-contrib`. + +The logcheck rules are directly installed to `/etc/logcheck/`, and the other files are in `/usr/share/intelmq/contrib/`. diff --git a/contrib/feeds-config-generator/README.md b/contrib/feeds-config-generator/README.md index 34d818dc8d..90da9599be 100644 --- a/contrib/feeds-config-generator/README.md +++ b/contrib/feeds-config-generator/README.md @@ -4,7 +4,10 @@ SPDX-FileCopyrightText: 2018 SYNchroACK SPDX-License-Identifier: AGPL-3.0-or-later --> -# Feeds Configuration Generator +# Feeds Configuration Generator (outdated) + +**Note: This tool is outdated is no longer useful and generates the configuration in the wrong format.** +https://github.com/certtools/intelmq/issues/2677 Quickly generate feeds configurations (runtime and pipeline configs). @@ -29,7 +32,9 @@ optional arguments: /tmp/pipeline.conf ``` + ### Generate a bot configuration + ``` ./intelmq_gen_feeds_conf --feeds-file=../../intelmq/etc/feeds.yaml ``` diff --git a/docs/dev/release.md b/docs/dev/release.md index fcd78590cf..c12148a670 100644 --- a/docs/dev/release.md +++ b/docs/dev/release.md @@ -23,7 +23,7 @@ different. These apply to all projects: -- CHANGELOG.MD and NEWS.MD: Update the latest header, fix the order, remove empty sections and (re)group the entries if necessary. +- `CHANGELOG.MD` and `NEWS.MD`: Update the latest header, fix the order, remove empty sections and (re)group the entries if necessary. - debian/changelog: Insert a new section for the new version with the tool `dch` or update the version of the existing last item if yet unreleased. Don't forget the revision after the version number! ### IntelMQ @@ -68,12 +68,7 @@ rm -r build/ python3 setup.py sdist bdist_wheel ``` -* Upload the files including signatures to PyPI with e.g. twine: `twine upload -u __token__ -p $APITOKEN dist/intelmq...` (or set the API Token in `.pypirc`). - - -## Documentation - -Since using mkdocs (see https://docs.intelmq.org) nothing needs to be done anymore. +* Upload the files including signatures to PyPI with e.g. twine: `twine upload dist/intelmq...` (set the API Token in `~/.pypirc`). ## Packages diff --git a/docs/overview.md b/docs/overview.md index a52467c948..601b4a12b3 100644 --- a/docs/overview.md +++ b/docs/overview.md @@ -47,15 +47,13 @@ A web-based interface to ingest CSV data into IntelMQ with on-line validation an This interface allows inserting "one-shot" data feeds into IntelMQ without the need to configure bots in IntelMQ. -Developed and maintained by [CERT.at](https://cert.at). - → [Repository: intelmq-webinput-csv](https://github.com/certat/intelmq-webinput-csv) ![IntelMQ Webinput CSV Preview page](https://raw.githubusercontent.com/certat/intelmq-webinput-csv/c20413a401c2077140dd17fb7651db1132fde648/docs/images/screenshot.png) ### IntelMQ Mailgen -A solution allowing an IntelMQ setup with a complex contact database, managed by a web interface and sending out aggregated email reports. In different words: To send grouped notifications to network owners using SMTP. +A solution allowing an IntelMQ setup with a sophisticated contact database, managed by a web interface and sending out aggregated email reports. In different words: To send grouped notifications to network owners using SMTP. Developed and maintained by [Intevation](https://intevation.de), initially funded by [BSI](https://bsi.bund.de/). @@ -65,13 +63,16 @@ It consists of the following three components, which can also be used on their o The certbund-contact consists of two IntelMQ expert bots, which fetch and process the information from the contact database, and scripts to import RIPE data into the contact database. Based on user-defined rules, the experts determine to which contact the event is to be sent to, and which e-mail template and attachment format to use. +The contact database handles contact information for Autonomous systems (AS), Network ranges (CIDR) and single IP addresses, and domains. +The component also includes scripts to import network information and contact data directly from RIPE. + → [Repository: intelmq-certbund-contact](https://github.com/Intevation/intelmq-certbund-contact) #### IntelMQ Fody Fody is a web based interface for Mailgen. It allows to read and edit contacts, query sent mails (tickets) and call up data from the PostgreSQL database. -It can also be used to just query the database without using Mailgen. +It can also be used to just query the IntelMQ Event database without using Mailgen. ![IntelMQ Fody Dashboard](https://raw.githubusercontent.com/Intevation/intelmq-fody/6e41b836d0a2c350a5f2c5c95a4b3be4d3f46027/docs/images/landing_page.png) @@ -82,8 +83,10 @@ intelmq-fody-backend](https://github.com/Intevation/intelmq-fody-backend) #### intelmq-mailgen -Sends emails with grouped event data to the contacts determined by the certbund-contact. Mails can be encrypted with -PGP. +Sends emails with grouped event data to the contacts determined by the certbund-contact +Mails can be encrypted with OpenPGP. + +Formatting scripts and templates define how the e-mails are created, their content and the included data. → [Repository: intelmq-mailgen](https://github.com/Intevation/intelmq-mailgen) @@ -98,21 +101,9 @@ If features organizational hierarchies, contact roles, self-administration and n → [Repository: tuency](https://gitlab.com/Intevation/tuency/tuency) -### "Constituency Portal" do-portal (deprecated) - -!!! warning - The *do-portal* is deprecated and succeeded by *tuency*. - -A contact portal with organizational hierarchies, role functionality and network objects based on RIPE, allows -self-administration by the contacts. Can be queried from IntelMQ and integrates the stats-portal. - -Originally developed by [CERT-EU](https://cert.europa.eu/), then adapted by [CERT.at](https://cert.at). - -→ [Repository: do-portal](https://github.com/certat/do-portal) - ### Stats Portal -A Grafana-based statistics portal for the `eventdb`{.interpreted-text role="doc"}. Can be integrated into do-portal. It uses aggregated data to serve statistical data quickly. +A Grafana-based statistics portal for the `eventdb`{.interpreted-text role="doc"}. It uses aggregated data to serve statistical data quickly. ![Stats Portal Architecture](https://raw.githubusercontent.com/certtools/stats-portal/38515266aabdf661a0b4becd8e921b03f32429fa/architecture-overview-stats-portal-screen.png) diff --git a/intelmq/bin/intelmqctl.py b/intelmq/bin/intelmqctl.py index 75cbafc720..3ebefad3be 100644 --- a/intelmq/bin/intelmqctl.py +++ b/intelmq/bin/intelmqctl.py @@ -206,6 +206,9 @@ def __init__(self, interactive: bool = False, returntype: ReturnType = ReturnTyp Get some debugging output on the settings and the environment (to be extended): intelmqctl debug --get-paths intelmqctl debug --get-environment-variables + +Looking for help from the community? +Find IntelMQ's support channels at https://docs.intelmq.org/latest/help/ ''' self._processmanagertype = getattr(self._parameters, 'process_manager', 'intelmq')