diff options
author | Mika Havela <mika.havela@gmail.com> | 2007-12-21 18:42:14 +0000 |
---|---|---|
committer | Mika Havela <mika.havela@gmail.com> | 2007-12-21 18:42:14 +0000 |
commit | b9bbde3d9013b7ed4d73421bfffb79f4d963e528 (patch) | |
tree | 6cb2a540307bb330174ff7fe9a83703e20040206 /snort-model.lua | |
download | acf-snort-b9bbde3d9013b7ed4d73421bfffb79f4d963e528.tar.bz2 acf-snort-b9bbde3d9013b7ed4d73421bfffb79f4d963e528.tar.xz |
Added snort package to view snort-alarms and start/stop the daemonv1.0_alpha1
git-svn-id: svn://svn.alpinelinux.org/acf/snort/trunk@445 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'snort-model.lua')
-rw-r--r-- | snort-model.lua | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/snort-model.lua b/snort-model.lua new file mode 100644 index 0000000..f377a82 --- /dev/null +++ b/snort-model.lua @@ -0,0 +1,107 @@ +-- acf model for displaying logfiles recusivly +module (..., package.seeall) + +-- no initializer in model - use controller.init for that + +require("posix") +require("fs") + +local function get_version() + local cmd = "snort -V 2>&1 | grep Version | sed 's/.*ersion\ /snort-/'" + local cmd_output = io.popen( cmd ) + local cmd_output_result = cmd_output:read("*a") or "" + cmd_output:close() + return cmd_output_result +end + +local is_running = function( process ) + local statusreport = nil + local cmdoutput = {} + local cmd, error = io.popen("pidof " .. process ,r) + local cmdoutput = string.gsub(cmd:read("*a"), "%s", "") + cmd:close() + if (cmdoutput ~= "") then + statusreport = "Running" + else + statusreport = "Stopped" + end + return statusreport +end + +-- ################################################################################ +-- PUBLIC FUNCTIONS + +getstatus = function (self) + local status = {} + local version = get_version() + status.version = version + local isrunning = is_running("snort") + status.status = isrunning + return status +end + +service_control = function ( self, srvcmd ) + local srvcmd = string.lower(srvcmd) + local retval = "" + local line = "" + if (srvcmd == "start") or (srvcmd == "stop") or (srvcmd == "restart") then + local file = io.popen( "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin /etc/init.d/snort " .. srvcmd .. " 2>&1" ) + if file ~= nil then + line = file:read( "*l" ) + while line ~= nil do + retval = retval .. "\n" .. line + line = file:read( "*l" ) + end + file:close() + end + else + retval = "Unknown command!" + end + return retval +end + +read_alert = function () + local alertfile = "/var/log/snort/alert" + local alerts = "" + local fileresult = {} + local fileresultcnt = "" + local presentation = {} + local presentationtable = {} + local liboutput = fs.read_file_as_array(alertfile) + if (liboutput) then + for k,v in ipairs(liboutput) do + local generator,signature,revision = string.match(v, "^.*%[%*%*%]%s*%[(%d*):(%d*):(%d*).*") + if (generator) and (signature) and (revision) then + if not (fileresult[generator..":"..signature..":"..revision]) then + fileresult[generator..":"..signature..":"..revision]={} + end + table.insert (fileresult[generator..":"..signature..":"..revision], v) + local tablemax = table.maxn(fileresult[generator..":"..signature..":"..revision]) + fileresult[generator..":"..signature..":"..revision][tablemax]={} + fileresult[generator..":"..signature..":"..revision][tablemax]["classification"]=string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: unknown" + fileresult[generator..":"..signature..":"..revision][tablemax]["priority"]=string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: unknown" + fileresult[generator..":"..signature..":"..revision][tablemax]["count"]=tablemax + for i=0, 6 do + if liboutput[k+i] == "" then break end + if (liboutput[k+i-1]) then + if not (string.match(liboutput[k+i],"^%[Classification.*")) then + table.insert(fileresult[generator..":"..signature..":"..revision][tablemax],liboutput[k+i]) + end + end + end + end + end + for k,v in pairs(fileresult) do + table.insert(presentation,v) + end + for i = 1, table.maxn(presentation) do + local maxn = table.maxn(presentation[i]) + presentationtable[i] = presentation[i][maxn] + end + alerts = table.maxn(presentationtable) + else + alerts = "0" + end + return alerts,presentationtable +end + |