summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMika Havela <mika.havela@gmail.com>2007-12-21 18:42:14 +0000
committerMika Havela <mika.havela@gmail.com>2007-12-21 18:42:14 +0000
commitb9bbde3d9013b7ed4d73421bfffb79f4d963e528 (patch)
tree6cb2a540307bb330174ff7fe9a83703e20040206
downloadacf-snort-b9bbde3d9013b7ed4d73421bfffb79f4d963e528.tar.bz2
acf-snort-b9bbde3d9013b7ed4d73421bfffb79f4d963e528.tar.xz
Added snort package to view snort-alarms and start/stop the daemonv1.0_alpha1
git-svn-id: svn://svn.alpinelinux.org/acf/snort/trunk@445 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r--Makefile46
-rw-r--r--config.mk10
-rw-r--r--snort-controller.lua40
-rw-r--r--snort-model.lua107
-rw-r--r--snort-read-html.lsp46
-rw-r--r--snort-view-html.lsp7
-rw-r--r--snort.menu2
7 files changed, 258 insertions, 0 deletions
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..07d4dfe
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,46 @@
+APP_NAME=snort
+PACKAGE=acf-$(APP_NAME)
+VERSION=1.0_alpha1
+
+APP_DIST=snort-controller.lua\
+ snort.menu\
+ snort-model.lua\
+ snort-read-html.lsp\
+ snort-view-html.lsp
+
+EXTRA_DIST=README Makefile config.mk
+
+DISTFILES=$(APP_DIST) $(EXTRA_DIST)
+
+TAR=tar
+
+P=$(PACKAGE)-$(VERSION)
+tarball=$(P).tar.bz2
+install_dir=$(DESTDIR)/$(appdir)/$(APP_NAME)
+
+all:
+clean:
+ rm -rf $(tarball) $(P)
+
+dist: $(tarball)
+
+install:
+ mkdir -p "$(install_dir)"
+ cp -a $(APP_DIST) "$(install_dir)"
+
+$(tarball): $(DISTFILES)
+ rm -rf $(P)
+ mkdir -p $(P)
+ cp $(DISTFILES) $(P)
+ $(TAR) -jcf $@ $(P)
+ rm -rf $(P)
+
+# target that creates a tar package, unpacks is and install from package
+dist-install: $(tarball)
+ $(TAR) -jxf $(tarball)
+ $(MAKE) -C $(P) install DESTDIR=$(DESTDIR)
+ rm -rf $(P)
+
+include config.mk
+
+.PHONY: all clean dist install dist-install
diff --git a/config.mk b/config.mk
new file mode 100644
index 0000000..45f4d21
--- /dev/null
+++ b/config.mk
@@ -0,0 +1,10 @@
+prefix=/usr
+datadir=${prefix}/share
+sysconfdir=${prefix}/etc
+localstatedir=${prefix}/var
+acfdir=${datadir}/acf
+wwwdir=${acfdir}/www
+cgibindir=${acfdir}/cgi-bin
+appdir=${acfdir}/app
+acflibdir=${acfdir}/lib
+sessionsdir=${localstatedir}/lib/acf/sessions
diff --git a/snort-controller.lua b/snort-controller.lua
new file mode 100644
index 0000000..880b6d6
--- /dev/null
+++ b/snort-controller.lua
@@ -0,0 +1,40 @@
+module (..., package.seeall)
+require("posix")
+-- Cause an http redirect to our "read" action
+-- We use the self.conf table because it already has prefix,controller,etc
+-- The redir code is defined in the application error handler (acf-controller)
+local list_redir = function (self)
+ self.conf.action = "read"
+ self.conf.type = "redir"
+ error (self.conf)
+end
+
+mvc={}
+mvc.on_load = function(self, parent)
+ if (self.worker[self.conf.action] == nil ) or ( self.conf.action == "init" ) then
+ self.worker[self.conf.action] = list_redir(self)
+ end
+end
+
+-- Public methods
+
+read = function (self)
+ local srvcmdresult = nil
+ local srvcmd = self.clientdata.srvcmd
+-- local srvcmd = "start"
+ if (srvcmd ~= nil) then
+ srvcmdresult = self.model:service_control(srvcmd)
+ if (srvcmd == "stop") or (srvcmd == "restart") then
+ posix.sleep(3) -- Wait for the process to start|stop
+ else
+ posix.sleep(1) -- Wait for the process to start|stop
+ end
+ end
+ local alerts,alertresult = self.model:read_alert()
+ return ({status = self.model:getstatus(),
+ srvcmdresult=srvcmdresult,
+ alerts=alerts,
+ alertresult=alertresult,
+ url = ENV["SCRIPT_NAME"] .. self.conf.prefix .. self.conf.controller} )
+end
+
diff --git a/snort-model.lua b/snort-model.lua
new file mode 100644
index 0000000..f377a82
--- /dev/null
+++ b/snort-model.lua
@@ -0,0 +1,107 @@
+-- acf model for displaying logfiles recusivly
+module (..., package.seeall)
+
+-- no initializer in model - use controller.init for that
+
+require("posix")
+require("fs")
+
+local function get_version()
+ local cmd = "snort -V 2>&1 | grep Version | sed 's/.*ersion\ /snort-/'"
+ local cmd_output = io.popen( cmd )
+ local cmd_output_result = cmd_output:read("*a") or ""
+ cmd_output:close()
+ return cmd_output_result
+end
+
+local is_running = function( process )
+ local statusreport = nil
+ local cmdoutput = {}
+ local cmd, error = io.popen("pidof " .. process ,r)
+ local cmdoutput = string.gsub(cmd:read("*a"), "%s", "")
+ cmd:close()
+ if (cmdoutput ~= "") then
+ statusreport = "Running"
+ else
+ statusreport = "Stopped"
+ end
+ return statusreport
+end
+
+-- ################################################################################
+-- PUBLIC FUNCTIONS
+
+getstatus = function (self)
+ local status = {}
+ local version = get_version()
+ status.version = version
+ local isrunning = is_running("snort")
+ status.status = isrunning
+ return status
+end
+
+service_control = function ( self, srvcmd )
+ local srvcmd = string.lower(srvcmd)
+ local retval = ""
+ local line = ""
+ if (srvcmd == "start") or (srvcmd == "stop") or (srvcmd == "restart") then
+ local file = io.popen( "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin /etc/init.d/snort " .. srvcmd .. " 2>&1" )
+ if file ~= nil then
+ line = file:read( "*l" )
+ while line ~= nil do
+ retval = retval .. "\n" .. line
+ line = file:read( "*l" )
+ end
+ file:close()
+ end
+ else
+ retval = "Unknown command!"
+ end
+ return retval
+end
+
+read_alert = function ()
+ local alertfile = "/var/log/snort/alert"
+ local alerts = ""
+ local fileresult = {}
+ local fileresultcnt = ""
+ local presentation = {}
+ local presentationtable = {}
+ local liboutput = fs.read_file_as_array(alertfile)
+ if (liboutput) then
+ for k,v in ipairs(liboutput) do
+ local generator,signature,revision = string.match(v, "^.*%[%*%*%]%s*%[(%d*):(%d*):(%d*).*")
+ if (generator) and (signature) and (revision) then
+ if not (fileresult[generator..":"..signature..":"..revision]) then
+ fileresult[generator..":"..signature..":"..revision]={}
+ end
+ table.insert (fileresult[generator..":"..signature..":"..revision], v)
+ local tablemax = table.maxn(fileresult[generator..":"..signature..":"..revision])
+ fileresult[generator..":"..signature..":"..revision][tablemax]={}
+ fileresult[generator..":"..signature..":"..revision][tablemax]["classification"]=string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: unknown"
+ fileresult[generator..":"..signature..":"..revision][tablemax]["priority"]=string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: unknown"
+ fileresult[generator..":"..signature..":"..revision][tablemax]["count"]=tablemax
+ for i=0, 6 do
+ if liboutput[k+i] == "" then break end
+ if (liboutput[k+i-1]) then
+ if not (string.match(liboutput[k+i],"^%[Classification.*")) then
+ table.insert(fileresult[generator..":"..signature..":"..revision][tablemax],liboutput[k+i])
+ end
+ end
+ end
+ end
+ end
+ for k,v in pairs(fileresult) do
+ table.insert(presentation,v)
+ end
+ for i = 1, table.maxn(presentation) do
+ local maxn = table.maxn(presentation[i])
+ presentationtable[i] = presentation[i][maxn]
+ end
+ alerts = table.maxn(presentationtable)
+ else
+ alerts = "0"
+ end
+ return alerts,presentationtable
+end
+
diff --git a/snort-read-html.lsp b/snort-read-html.lsp
new file mode 100644
index 0000000..5b10a4f
--- /dev/null
+++ b/snort-read-html.lsp
@@ -0,0 +1,46 @@
+<? local view = ... ?>
+<html>
+<body>
+<h1>SYSTEM INFO</h1>
+<dt>Program version</dt>
+<dd><?= view.status.version ?></dd>
+<dt>Process status</dt>
+<dd><?= view.status.status ?></dd>
+<dt>Daemon control</dt>
+<dd><form action="" method="POST">
+<input type=submit name="srvcmd" value="start" class="submit">
+<input type=submit name="srvcmd" value="stop" class="submit">
+<input type=submit name="srvcmd" value="restart" class="submit"></form>
+</dd>
+<? if (view.srvcmdresult) then ?>
+<dt>Previous action</dt>
+<dd><pre><?= view.srvcmdresult ?></pre></dd>
+<? end ?>
+
+
+<h1>ALERT(S)</h1>
+<dt>Status</dt>
+<dd><?= view.alerts ?> alert(s)</dd>
+
+<? if (alerts ~= "0") then ?>
+<? for i = 1, view.alerts do ?>
+ <h2><?= view.alertresult[i].priority ?></h2>
+ <h3><?= view.alertresult[i].classification ?></h3>
+ <P><B><?= view.alertresult[i][1] ?></B><BR>
+ <? for j = 2, 10 do ?>
+ <? if not (view.alertresult[i][j]) then break end ?>
+ <?= view.alertresult[i][j] ?><BR>
+ <? end ?>
+ <I>(This alarm is repeated <B><?= view.alertresult[i]["count"] ?></B> times)</I></P>
+<? end ?>
+<? end ?>
+
+<?
+--[[ DEBUG INFORMATION
+require("debugs")
+io.write(debugs.variables(view))
+--]]
+?>
+
+</body>
+</html>
diff --git a/snort-view-html.lsp b/snort-view-html.lsp
new file mode 100644
index 0000000..f148b86
--- /dev/null
+++ b/snort-view-html.lsp
@@ -0,0 +1,7 @@
+<? local view = ... ?>
+<html>
+<body>
+<h1>View file</h1>
+<textarea name=""><? io.write(view.logfile.value) ?></textarea>
+</body>
+</html>
diff --git a/snort.menu b/snort.menu
new file mode 100644
index 0000000..9088172
--- /dev/null
+++ b/snort.menu
@@ -0,0 +1,2 @@
+#CAT GROUP/DESC TAB ACTION
+Networking 80Snort Snort read