rename to logwarden.

Mike Vanbuskirk · Mike Vanbuskirk · commit defbd24f6ebf · 2023-06-09T17:45:04.000-04:00
- expose port 8080 on the container
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -1,7 +1,7 @@
 builds:
-  - binary: gcp-auditor
+  - binary: logwarden
     ldflags:
-      - -X 'github.com/trufflesecurity/gcp-auditor/pkg/version.BuildVersion={{ .Version }}'
+      - -X 'github.com/trufflesecurity/logwarden/pkg/version.BuildVersion={{ .Version }}'
     env: [CGO_ENABLED=0]
     goos:
     - linux
diff --git a/Dockerfile b/Dockerfile
@@ -4,5 +4,6 @@ RUN apk add --no-cache git ca-certificates \
     && rm -rf /var/cache/apk/* && \
     update-ca-certificates
 WORKDIR /usr/bin/
-COPY gcp-auditor .
-ENTRYPOINT ["/usr/bin/gcp-auditor"]
+COPY logwarden .
+EXPOSE 8080
+ENTRYPOINT ["/usr/bin/logwarden"]
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 .PHONY: run fmt
 
 run:
-	go run . --project truffle-audit --subscription gcp-auditor-test
+	go run . --project truffle-audit --subscription logwarden-test
 
 fmt:
 	opa fmt policy/*/*.rego -w
diff --git a/README.md b/README.md
@@ -1,16 +1,16 @@
-# gcp-auditor
+# logwarden
 
 Process all of your GCP audit logs against OPA Rego policies and alert for violations in real-time.
 
 Some amount of policy coverage for MITRE ATT&CK Tactics are included.
 
-![Slack alerts created by gcp-auditor](resources/slack_alerts.png)
+![Slack alerts created by logwarden](resources/slack_alerts.png)
 
 ## Usage
 
 ```bash
-$ gcp-auditor --help
-usage: gcp-auditor --project=PROJECT --subscription=SUBSCRIPTION [<flags>]
+$ logwarden --help
+usage: logwarden --project=PROJECT --subscription=SUBSCRIPTION [<flags>]
 
 GCP Auditor is a tool to audit GCP logs against a set of rego policies.
 
@@ -19,7 +19,7 @@ Flags:
   --policies="policy"          Path to policies folder.
   --project=PROJECT            GCP Project ID.
   --subscription=SUBSCRIPTION  Pub/Sub subscription to audit.
-  --secret-name="gcp-auditor"  GCP Secret name to use for GCP Auditor.
+  --secret-name="logwarden"  GCP Secret name to use for GCP Auditor.
   --json                       Output results as JSON.
   --slack-webhook              Enable Slack webhook.
   --webhook                    Enable JSON HTTP POST webhook output.
@@ -35,8 +35,8 @@ WEBHOOK_URL=https://your.server/post
 
 ## Installation
 
-GCP-Auditor requires your audit logs to be published to GCP pub/sub via a logging sink.
-We've provided terraform code to deploy GCP-Auditor via Cloud Run, create organization logging sink, a pub/sub topic+subscription, and configure IAM for them to work together.
+Logwarden requires your audit logs to be published to GCP pub/sub via a logging sink.
+We've provided terraform code to deploy Logwarden via Cloud Run, create organization logging sink, a pub/sub topic+subscription, and configure IAM for them to work together.
 
 ### Terraform (TODO)
 
diff --git a/go.mod b/go.mod
@@ -1,4 +1,4 @@
-module github.com/trufflesecurity/gcp-auditor
+module github.com/trufflesecurity/logwarden
 
 go 1.19
 
diff --git a/internal/engine/engine.go b/internal/engine/engine.go
@@ -12,8 +12,8 @@ import (
 	"cloud.google.com/go/pubsub"
 	"github.com/open-policy-agent/opa/ast"
 	"github.com/open-policy-agent/opa/rego"
-	"github.com/trufflesecurity/gcp-auditor/internal/outputs"
-	"github.com/trufflesecurity/gcp-auditor/internal/result"
+	"github.com/trufflesecurity/logwarden/internal/outputs"
+	"github.com/trufflesecurity/logwarden/internal/result"
 )
 
 func New(ctx context.Context, policyPath string, outputs []outputs.Output) (*engine, error) {
diff --git a/internal/outputs/human/human.go b/internal/outputs/human/human.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 
 	"github.com/fatih/color"
-	"github.com/trufflesecurity/gcp-auditor/internal/result"
+	"github.com/trufflesecurity/logwarden/internal/result"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
 )
diff --git a/internal/outputs/json/json.go b/internal/outputs/json/json.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/trufflesecurity/gcp-auditor/internal/result"
+	"github.com/trufflesecurity/logwarden/internal/result"
 )
 
 type JSON struct {
diff --git a/internal/outputs/output.go b/internal/outputs/output.go
@@ -3,7 +3,7 @@ package outputs
 import (
 	"context"
 
-	"github.com/trufflesecurity/gcp-auditor/internal/result"
+	"github.com/trufflesecurity/logwarden/internal/result"
 )
 
 type Output interface {
diff --git a/internal/outputs/slack/slack.go b/internal/outputs/slack/slack.go
@@ -7,7 +7,7 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/trufflesecurity/gcp-auditor/internal/result"
+	"github.com/trufflesecurity/logwarden/internal/result"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
 )
diff --git a/internal/outputs/webhook/webhook.go b/internal/outputs/webhook/webhook.go
@@ -7,7 +7,7 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/trufflesecurity/gcp-auditor/internal/result"
+	"github.com/trufflesecurity/logwarden/internal/result"
 )
 
 type Webhook struct {
diff --git a/main.go b/main.go
@@ -5,24 +5,24 @@ import (
 	"log"
 	"os"
 
-	"github.com/trufflesecurity/gcp-auditor/internal/engine"
-	"github.com/trufflesecurity/gcp-auditor/internal/outputs"
-	"github.com/trufflesecurity/gcp-auditor/internal/outputs/human"
-	"github.com/trufflesecurity/gcp-auditor/internal/outputs/json"
-	"github.com/trufflesecurity/gcp-auditor/internal/outputs/slack"
-	"github.com/trufflesecurity/gcp-auditor/internal/outputs/webhook"
+	"github.com/trufflesecurity/logwarden/internal/engine"
+	"github.com/trufflesecurity/logwarden/internal/outputs"
+	"github.com/trufflesecurity/logwarden/internal/outputs/human"
+	"github.com/trufflesecurity/logwarden/internal/outputs/json"
+	"github.com/trufflesecurity/logwarden/internal/outputs/slack"
+	"github.com/trufflesecurity/logwarden/internal/outputs/webhook"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"gopkg.in/alecthomas/kingpin.v2"
 )
 
 var (
-	app = kingpin.New("gcp-auditor", "GCP Auditor is a tool to audit GCP logs against a set of rego policies.")
+	app = kingpin.New("logwarden", "Logwarden is a tool to audit GCP logs against a set of rego policies.")
 
 	// required
 	policies     = app.Flag("policies", "Path to policies folder.").Default("policy").String()
 	project      = app.Flag("project", "GCP Project ID.").Required().String()
 	subscription = app.Flag("subscription", "Pub/Sub subscription to audit.").Required().String()
-	secretName   = app.Flag("secret-name", "GCP Secret name to use for GCP Auditor.").Default("gcp-auditor").String()
+	secretName   = app.Flag("secret-name", "GCP Secret name to use for GCP Auditor.").Default("logwarden").String()
 
 	// options
 	jsonOut = app.Flag("json", "Output results as JSON.").Bool()

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-module github.com/trufflesecurity/gcp-auditor`
	`1`	`+module github.com/trufflesecurity/logwarden`
`2`	`2`
`3`	`3`	`go 1.19`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ import (`
`5`	`5`	`"fmt"`
`6`	`6`
`7`	`7`	`"github.com/fatih/color"`
`8`		`- "github.com/trufflesecurity/gcp-auditor/internal/result"`
	`8`	`+ "github.com/trufflesecurity/logwarden/internal/result"`
`9`	`9`	`"golang.org/x/text/cases"`
`10`	`10`	`"golang.org/x/text/language"`
`11`	`11`	`)`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ import (`
`6`	`6`	`"fmt"`
`7`	`7`	`"log"`
`8`	`8`
`9`		`- "github.com/trufflesecurity/gcp-auditor/internal/result"`
	`9`	`+ "github.com/trufflesecurity/logwarden/internal/result"`
`10`	`10`	`)`
`11`	`11`
`12`	`12`	`type JSON struct {`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ package outputs`
`3`	`3`	`import (`
`4`	`4`	`"context"`
`5`	`5`
`6`		`- "github.com/trufflesecurity/gcp-auditor/internal/result"`
	`6`	`+ "github.com/trufflesecurity/logwarden/internal/result"`
`7`	`7`	`)`
`8`	`8`
`9`	`9`	`type Output interface {`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ import (`
`7`	`7`	`"fmt"`
`8`	`8`	`"net/http"`
`9`	`9`
`10`		`- "github.com/trufflesecurity/gcp-auditor/internal/result"`
	`10`	`+ "github.com/trufflesecurity/logwarden/internal/result"`
`11`	`11`	`"golang.org/x/text/cases"`
`12`	`12`	`"golang.org/x/text/language"`
`13`	`13`	`)`