diff options
-rw-r--r-- | Makefile | 46 | ||||
-rw-r--r-- | config.mk | 10 | ||||
-rw-r--r-- | snort-controller.lua | 40 | ||||
-rw-r--r-- | snort-model.lua | 107 | ||||
-rw-r--r-- | snort-read-html.lsp | 46 | ||||
-rw-r--r-- | snort-view-html.lsp | 7 | ||||
-rw-r--r-- | snort.menu | 2 |
7 files changed, 258 insertions, 0 deletions
diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..07d4dfe --- /dev/null +++ b/Makefile @@ -0,0 +1,46 @@ +APP_NAME=snort +PACKAGE=acf-$(APP_NAME) +VERSION=1.0_alpha1 + +APP_DIST=snort-controller.lua\ + snort.menu\ + snort-model.lua\ + snort-read-html.lsp\ + snort-view-html.lsp + +EXTRA_DIST=README Makefile config.mk + +DISTFILES=$(APP_DIST) $(EXTRA_DIST) + +TAR=tar + +P=$(PACKAGE)-$(VERSION) +tarball=$(P).tar.bz2 +install_dir=$(DESTDIR)/$(appdir)/$(APP_NAME) + +all: +clean: + rm -rf $(tarball) $(P) + +dist: $(tarball) + +install: + mkdir -p "$(install_dir)" + cp -a $(APP_DIST) "$(install_dir)" + +$(tarball): $(DISTFILES) + rm -rf $(P) + mkdir -p $(P) + cp $(DISTFILES) $(P) + $(TAR) -jcf $@ $(P) + rm -rf $(P) + +# target that creates a tar package, unpacks is and install from package +dist-install: $(tarball) + $(TAR) -jxf $(tarball) + $(MAKE) -C $(P) install DESTDIR=$(DESTDIR) + rm -rf $(P) + +include config.mk + +.PHONY: all clean dist install dist-install diff --git a/config.mk b/config.mk new file mode 100644 index 0000000..45f4d21 --- /dev/null +++ b/config.mk @@ -0,0 +1,10 @@ +prefix=/usr +datadir=${prefix}/share +sysconfdir=${prefix}/etc +localstatedir=${prefix}/var +acfdir=${datadir}/acf +wwwdir=${acfdir}/www +cgibindir=${acfdir}/cgi-bin +appdir=${acfdir}/app +acflibdir=${acfdir}/lib +sessionsdir=${localstatedir}/lib/acf/sessions diff --git a/snort-controller.lua b/snort-controller.lua new file mode 100644 index 0000000..880b6d6 --- /dev/null +++ b/snort-controller.lua @@ -0,0 +1,40 @@ +module (..., package.seeall) +require("posix") +-- Cause an http redirect to our "read" action +-- We use the self.conf table because it already has prefix,controller,etc +-- The redir code is defined in the application error handler (acf-controller) +local list_redir = function (self) + self.conf.action = "read" + self.conf.type = "redir" + error (self.conf) +end + +mvc={} +mvc.on_load = function(self, parent) + if (self.worker[self.conf.action] == nil ) or ( self.conf.action == "init" ) then + self.worker[self.conf.action] = list_redir(self) + end +end + +-- Public methods + +read = function (self) + local srvcmdresult = nil + local srvcmd = self.clientdata.srvcmd +-- local srvcmd = "start" + if (srvcmd ~= nil) then + srvcmdresult = self.model:service_control(srvcmd) + if (srvcmd == "stop") or (srvcmd == "restart") then + posix.sleep(3) -- Wait for the process to start|stop + else + posix.sleep(1) -- Wait for the process to start|stop + end + end + local alerts,alertresult = self.model:read_alert() + return ({status = self.model:getstatus(), + srvcmdresult=srvcmdresult, + alerts=alerts, + alertresult=alertresult, + url = ENV["SCRIPT_NAME"] .. self.conf.prefix .. self.conf.controller} ) +end + diff --git a/snort-model.lua b/snort-model.lua new file mode 100644 index 0000000..f377a82 --- /dev/null +++ b/snort-model.lua @@ -0,0 +1,107 @@ +-- acf model for displaying logfiles recusivly +module (..., package.seeall) + +-- no initializer in model - use controller.init for that + +require("posix") +require("fs") + +local function get_version() + local cmd = "snort -V 2>&1 | grep Version | sed 's/.*ersion\ /snort-/'" + local cmd_output = io.popen( cmd ) + local cmd_output_result = cmd_output:read("*a") or "" + cmd_output:close() + return cmd_output_result +end + +local is_running = function( process ) + local statusreport = nil + local cmdoutput = {} + local cmd, error = io.popen("pidof " .. process ,r) + local cmdoutput = string.gsub(cmd:read("*a"), "%s", "") + cmd:close() + if (cmdoutput ~= "") then + statusreport = "Running" + else + statusreport = "Stopped" + end + return statusreport +end + +-- ################################################################################ +-- PUBLIC FUNCTIONS + +getstatus = function (self) + local status = {} + local version = get_version() + status.version = version + local isrunning = is_running("snort") + status.status = isrunning + return status +end + +service_control = function ( self, srvcmd ) + local srvcmd = string.lower(srvcmd) + local retval = "" + local line = "" + if (srvcmd == "start") or (srvcmd == "stop") or (srvcmd == "restart") then + local file = io.popen( "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin /etc/init.d/snort " .. srvcmd .. " 2>&1" ) + if file ~= nil then + line = file:read( "*l" ) + while line ~= nil do + retval = retval .. "\n" .. line + line = file:read( "*l" ) + end + file:close() + end + else + retval = "Unknown command!" + end + return retval +end + +read_alert = function () + local alertfile = "/var/log/snort/alert" + local alerts = "" + local fileresult = {} + local fileresultcnt = "" + local presentation = {} + local presentationtable = {} + local liboutput = fs.read_file_as_array(alertfile) + if (liboutput) then + for k,v in ipairs(liboutput) do + local generator,signature,revision = string.match(v, "^.*%[%*%*%]%s*%[(%d*):(%d*):(%d*).*") + if (generator) and (signature) and (revision) then + if not (fileresult[generator..":"..signature..":"..revision]) then + fileresult[generator..":"..signature..":"..revision]={} + end + table.insert (fileresult[generator..":"..signature..":"..revision], v) + local tablemax = table.maxn(fileresult[generator..":"..signature..":"..revision]) + fileresult[generator..":"..signature..":"..revision][tablemax]={} + fileresult[generator..":"..signature..":"..revision][tablemax]["classification"]=string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: unknown" + fileresult[generator..":"..signature..":"..revision][tablemax]["priority"]=string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: unknown" + fileresult[generator..":"..signature..":"..revision][tablemax]["count"]=tablemax + for i=0, 6 do + if liboutput[k+i] == "" then break end + if (liboutput[k+i-1]) then + if not (string.match(liboutput[k+i],"^%[Classification.*")) then + table.insert(fileresult[generator..":"..signature..":"..revision][tablemax],liboutput[k+i]) + end + end + end + end + end + for k,v in pairs(fileresult) do + table.insert(presentation,v) + end + for i = 1, table.maxn(presentation) do + local maxn = table.maxn(presentation[i]) + presentationtable[i] = presentation[i][maxn] + end + alerts = table.maxn(presentationtable) + else + alerts = "0" + end + return alerts,presentationtable +end + diff --git a/snort-read-html.lsp b/snort-read-html.lsp new file mode 100644 index 0000000..5b10a4f --- /dev/null +++ b/snort-read-html.lsp @@ -0,0 +1,46 @@ +<? local view = ... ?> +<html> +<body> +<h1>SYSTEM INFO</h1> +<dt>Program version</dt> +<dd><?= view.status.version ?></dd> +<dt>Process status</dt> +<dd><?= view.status.status ?></dd> +<dt>Daemon control</dt> +<dd><form action="" method="POST"> +<input type=submit name="srvcmd" value="start" class="submit"> +<input type=submit name="srvcmd" value="stop" class="submit"> +<input type=submit name="srvcmd" value="restart" class="submit"></form> +</dd> +<? if (view.srvcmdresult) then ?> +<dt>Previous action</dt> +<dd><pre><?= view.srvcmdresult ?></pre></dd> +<? end ?> + + +<h1>ALERT(S)</h1> +<dt>Status</dt> +<dd><?= view.alerts ?> alert(s)</dd> + +<? if (alerts ~= "0") then ?> +<? for i = 1, view.alerts do ?> + <h2><?= view.alertresult[i].priority ?></h2> + <h3><?= view.alertresult[i].classification ?></h3> + <P><B><?= view.alertresult[i][1] ?></B><BR> + <? for j = 2, 10 do ?> + <? if not (view.alertresult[i][j]) then break end ?> + <?= view.alertresult[i][j] ?><BR> + <? end ?> + <I>(This alarm is repeated <B><?= view.alertresult[i]["count"] ?></B> times)</I></P> +<? end ?> +<? end ?> + +<? +--[[ DEBUG INFORMATION +require("debugs") +io.write(debugs.variables(view)) +--]] +?> + +</body> +</html> diff --git a/snort-view-html.lsp b/snort-view-html.lsp new file mode 100644 index 0000000..f148b86 --- /dev/null +++ b/snort-view-html.lsp @@ -0,0 +1,7 @@ +<? local view = ... ?> +<html> +<body> +<h1>View file</h1> +<textarea name=""><? io.write(view.logfile.value) ?></textarea> +</body> +</html> diff --git a/snort.menu b/snort.menu new file mode 100644 index 0000000..9088172 --- /dev/null +++ b/snort.menu @@ -0,0 +1,2 @@ +#CAT GROUP/DESC TAB ACTION +Networking 80Snort Snort read |