Initial commit

.github/workflows/CI.yml

@@ -0,0 +1,60 @@
+# This file is part of OPC-UA Log Fetcher.
+#
+# Copyright (C) 2023 Airbus CyberSecurity SAS
+#
+# OPC-UA Log Fetcher is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option) any
+# later version.
+#
+# OPC-UA Log Fetcher is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# OPC-UA Log Fetcher. If not, see <https://www.gnu.org/licenses/>.
+
+name: CI
+
+on:
+  push:
+
+jobs:
+  docker_build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install poetry
+        run: pip install poetry
+      - name: Get version number
+        id: get-version
+        run: echo "version=$(poetry version -s)" >> $GITHUB_OUTPUT
+      - name: Build Wheel
+        run: poetry build -f wheel -o docker
+      - name: Build docker
+        uses: docker/build-push-action@v5
+        with:
+          context: docker
+          build-args: MODULE_VERSION=${{ steps.get-version.outputs.version }}
+          tags: opc-ua-log-fetcher:${{ steps.get-version.outputs.version }}
+          load: true
+      - name: Save results
+        run: docker save opc-ua-log-fetcher:${{ steps.get-version.outputs.version }} | gzip > opc-ua-log-fetcher-${{ steps.get-version.outputs.version }}.docker.tar.gz
+      - name: Prepare release
+        run: zip opc-ua-log-fetcher-${{ steps.get-version.outputs.version }}.docker.zip COPYING LICENSE opc-ua-log-fetcher-${{ steps.get-version.outputs.version }}.docker.tar.gz
+      - name: Save as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: opc-ua-log-fetcher
+          path: opc-ua-log-fetcher-${{ steps.get-version.outputs.version }}.docker.zip
+          if-no-files-found: error
+      - name: Release
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: softprops/action-gh-release@v1
+        with:
+          files: opc-ua-log-fetcher-${{ steps.get-version.outputs.version }}.docker.zip
+          fail_on_unmatched_files: true

.gitignore

@@ -0,0 +1,5 @@
+venv/
+.idea
+__pycache__/
+dist/
+.vscode/

CHANGELOG.md

@@ -0,0 +1,10 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is loosely based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.0](https://source.cs-clab.net/cyber4de/opc-ua-module/-/tags/1.0.0)
+## Features
+* Initial Release

LICENSE

@@ -0,0 +1,16 @@
+OPC-UA Log Fetcher
+
+Copyright (C) 2023 Airbus CyberSecurity SAS
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.

README.md

@@ -0,0 +1,105 @@
+# OPC-UA Log Fetcher
+
+## License
+
+OPC-UA Log Fetcher
+
+Copyright (C) 2023 Airbus CyberSecurity SAS
+
+This program is free software: you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free Software
+Foundation, either version 3 of the License, or (at your option) any later
+version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with
+this program.  If not, see <https://www.gnu.org/licenses/>.
+
+### Third-party software usage
+
+This program uses the following software to run:
+
+| Software | Version | Copyright | License |
+|-|-|-|-|
+| opcua-asyncio (asyncua) | ^1.0.0 | 2023 FreeOpcUa  | LGPL-3.0-or-later |
+| rfc5424-logging-handler | ^1.4.3 | 2017 Joris Beckers | BSD-3-Clause |
+
+
+## Command cheatsheet
+
+This project requires poetry (https://python-poetry.org/docs/#installing-with-the-official-installer).
+
+### Install dependencies
+```
+poetry install
+```
+
+### Set the VERSION number variable
+```
+VERSION=$(poetry version --short) && echo ${VERSION}
+```
+
+### Build
+
+Build the python package:
+```
+poetry build
+```
+The package will be in directory `dist`.
+Then build the docker:
+```
+docker build --file docker/Dockerfile --tag opc-ua-log-fetcher:${VERSION} .
+```
+
+#### Archive the docker image
+```
+docker save opc-ua-log-fetcher:${VERSION} | gzip > opc-ua-log-fetcher-${VERSION}.docker.tar.gz
+```
+
+To import the image:
+```
+docker load --input opc-ua-log-fetcher-${VERSION}.docker.tar.gz
+```
+
+### Execute
+First start your server.
+
+To execute the fetcher:
+```
+docker run --rm --network host --volume /dev/log:/dev/log opc-ua-log-fetcher:${VERSION}
+```
+
+To execute the script with poetry:
+```
+poetry run opc-ua-listen
+poetry run opc-ua-listen --help
+```
+
+#### Security
+
+1. no security at all
+   ```
+   poetry run opc-ua-listen
+   ```
+2. username authentication, no security
+   ```
+   poetry run opc-ua-listen --url opc.tcp://username@localhost:4840/freeopcua/server/
+   ```
+3. no authentication/security-policy SignAndEncrypt
+   ```
+   poetry run opc-ua-listen --private-key ./poc/certificates/peer-private-key-example-1.pem --certificate ./poc/certificates/peer-certificate-example-1.der --server-certificate ./poc/certificates/server-certificate-example.der
+   ```
+4. username authentication, certificates checks and encryption
+   ```
+   poetry run opc-ua-listen --url opc.tcp://username@localhost:4840/freeopcua/server/ --private-key ./poc/certificates/peer-private-key-example-1.pem --certificate ./poc/certificates/peer-certificate-example-1.der --server-certificate ./poc/certificates/server-certificate-example.der
+   ```
+
+### Publish a new version
+
+```
+git tag -s ${VERSION} -m "Release ${VERSION}"
+git push origin --tags
+```

docker/Dockerfile

@@ -0,0 +1,26 @@
+# This file is part of OPC-UA Log Fetcher.
+#
+# Copyright (C) 2023 Airbus CyberSecurity SAS
+#
+# OPC-UA Log Fetcher is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option) any
+# later version.
+#
+# OPC-UA Log Fetcher is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# OPC-UA Log Fetcher. If not, see <https://www.gnu.org/licenses/>.
+
+FROM python:3-alpine
+
+ARG MODULE_VERSION
+COPY opc_ua_module-${MODULE_VERSION}-py3-none-any.whl opc_ua_module-${MODULE_VERSION}-py3-none-any.whl
+RUN pip install opc_ua_module-${MODULE_VERSION}-py3-none-any.whl && rm opc_ua_module-${MODULE_VERSION}-py3-none-any.whl
+
+HEALTHCHECK CMD [ `netstat | grep ESTABLISHED | wc -l` -eq 2 ]
+
+ENTRYPOINT ["opc-ua-listen"]