update some fixed bugs

Qianlitp · Nov 13, 2019 · eba5e20 · eba5e20
1 parent 15ce690
commit eba5e20
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 
 English Document | [中文文档](./README_zh-cn.md)
 
-After Collecting event logs and kerberos traffic on all domain controls, WatchAD can detect a variety of known or unknown threats through features matching, Kerberos protocol analysis, historical behaviors, sensitive operations, honeypot accounts and so on.The WatchAD rules cover the many common AD attacks.
+After Collecting event logs and kerberos traffic on all domain controllers, WatchAD can detect a variety of known or unknown threats through features matching, Kerberos protocol analysis, historical behaviors, sensitive operations, honeypot accounts and so on.The WatchAD rules cover the many common AD attacks.
 
 The WatchAD has been running well on the Qihoo 360 intranet for more than six months and has found several threat activities.
 
@@ -46,6 +46,7 @@ If you don't need some module，You can **delete** the module's `.py` file direc
 
 ## // TODO
 
+- English code comment
 - Compatible with ElasticSearch 6.X
 - Reduce false positives
 - **Kerberoasting**: the detection based on event log was replaced by kerberos traffic analysis. We are considering add it back.

diff --git a/README_zh-cn.md b/README_zh-cn.md
@@ -39,7 +39,6 @@ WatchAD支持开发自定义的检测模块，详情请参考我们的[教程](h
 
 ## // TODO
 
-- English Document
 - English code comment
 - ElasticSearch兼容6.X
 - 各个检测模块的误报持续优化

diff --git a/WatchAD.py b/WatchAD.py
@@ -74,14 +74,19 @@ def start():
 def stop():
     logger.info("Stopping the WatchAD detect engine ...")
 
-    rsp = subprocess.call("supervisorctl -c {root_dir}/supervisor.conf shutdown".format(root_dir=project_dir),
-                          shell=True,
-                          env={"WATCHAD_ENGINE_DIR": project_dir, "WATCHAD_ENGINE_NUM": "5"})
-
-    if rsp == 0:
-        logger.info("Stopped!")
+    stop_rsp = subprocess.call("supervisorctl -c {root_dir}/supervisor.conf stop all".format(root_dir=project_dir),
+                               shell=True, env={"WATCHAD_ENGINE_DIR": project_dir, "WATCHAD_ENGINE_NUM": "5"})
+    if stop_rsp == 0:
+        logger.info("Stopped detection processes.")
     else:
         logger.error("Stop failed.")
+    shutdown_rsp = subprocess.call("supervisorctl -c {root_dir}/supervisor.conf shutdown".format(root_dir=project_dir),
+                                   shell=True, env={"WATCHAD_ENGINE_DIR": project_dir, "WATCHAD_ENGINE_NUM": "5"})
+
+    if shutdown_rsp == 0:
+        logger.info("Shutdown WatchAD.")
+    else:
+        logger.error("Shutdown WatchAD failed.")
 
 
 def restart():
@@ -104,19 +109,20 @@ def usage():
 
 def parse_option():
     parser = optparse.OptionParser(usage=usage())
-    parser.add_option("--install", action="store_true", dest="install", help="执行WatchAD初始化安装，在次之前请确保已完成环境安装和配置。")
-    parser.add_option("-d", "--domain", action="store", dest="domain", help="A FQDN domain name of detection.")
+    parser.add_option("--install", action="store_true", dest="install", help="Initial install WatchAD.")
+    parser.add_option("-d", "--domain", action="store", dest="domain", help="A FQDN domain name. e.g: corp.360.cn")
     parser.add_option("-s", "--ldap-server", action="store", dest="server",
                       help="Server address for LDAP search. e.g: dc01.corp.com")
     parser.add_option("-u", "--domain-user", action="store", dest="username",
                       help="Username for LDAP search. e.g: CORP\\peter")
     parser.add_option("-p", "--domain-passwd", action="store", dest="password",
                       help="Password for LDAP search.")
-    parser.add_option("--check", action="store_true", dest="check", help="检查各个数据库连接状态、消息队列状态")
-    parser.add_option("--start", action="store_true", dest="start", help="启动检测引擎")
-    parser.add_option("--restart", action="store_true", dest="restart", help="重新加载动态配置信息、重启检测引擎")
-    parser.add_option("--stop", action="store_true", dest="stop", help="停止引擎 （删除现有消息队列，防止数据量过大造成积压）")
-    parser.add_option("--status", action="store_true", dest="status", help="查看当前引擎状态")
+    parser.add_option("--check", action="store_true", dest="check", help="check environment status")
+    parser.add_option("--start", action="store_true", dest="start", help="start WatchAD detection engine")
+    parser.add_option("--restart", action="store_true", dest="restart", help="restart WatchAD detection engine")
+    parser.add_option("--stop", action="store_true", dest="stop",
+                      help="stop WatchAD detection engine and shutdown supervisor")
+    parser.add_option("--status", action="store_true", dest="status", help="show processes status using supervisor")
     return parser
 
 

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -34,6 +34,7 @@ services:
       ES_JAVA_OPTS: "-Xms512m -Xmx512m"
       thread_pool.bulk.size: 9
       thread_pool.bulk.queue_size: 1000
+      xpack.security.enabled: "false"
     ulimits:
       memlock:
         soft: -1

diff --git a/settings/database_config.py b/settings/database_config.py
@@ -60,7 +60,6 @@ class RedisConfig(object):
 
 
 # rabbit mq
-# TODO 开源时修改所有配置
 class MqConfig(object):
     """
         消息队列配置