diff options
-rw-r--r-- | snort-controller.lua | 110 | ||||
-rw-r--r-- | snort-details-html.lsp | 37 | ||||
l---------[-rw-r--r--] | snort-expert-html.lsp | 58 | ||||
-rw-r--r-- | snort-model.lua | 188 | ||||
l--------- | snort-startstop-html.lsp | 1 | ||||
l---------[-rw-r--r--] | snort-status-html.lsp | 51 | ||||
-rw-r--r-- | snort.menu | 2 | ||||
-rw-r--r-- | snort.roles | 4 |
8 files changed, 88 insertions, 363 deletions
diff --git a/snort-controller.lua b/snort-controller.lua index 737f97c..513627a 100644 --- a/snort-controller.lua +++ b/snort-controller.lua @@ -1,119 +1,29 @@ module (..., package.seeall) -- Load libraries -require("posix") +require("controllerfunctions") -- ################################################################################ -- LOCAL FUNCTIONS -local function displaycmdmanagement(pidofstatus) - -- Add a management buttons - local management = {} - management.start = cfe({ name="cmdmanagement", - label="Program control-panel", - value="Start", - type="submit", - }) - management.stop = cfe({ name="cmdmanagement", - label="Program control-panel", - value="Stop", - type="submit", - }) - management.restart = cfe({ name="cmdmanagement", - label="Program control-panel", - value="Restart", - type="submit", - }) - -- next CFE can be used to present the result of the previous action - management.actionresult = cfe({ name="actionresult", - label="Previous action result", - }) - - -- Disable management buttons based on if the process is running or not - if (pidofstatus) then - management.start.disabled = "yes" - else - management.stop.disabled = "yes" - management.restart.disabled = "yes" - end - - return management -end - -- ################################################################################ -- PUBLIC FUNCTIONS default_action = "status" function status(self) - local srvcmdresult = nil - local srvcmd = self.clientdata.srvcmd - local status = self.model:getstatus(self) - - local alerts,alertresult = self.model:read_alert() - return ({ - status = status, - alerts=alerts, - alertresult=alertresult, - url = self.conf.script .. self.conf.prefix .. self.conf.controller} ) + return self.model.getstatus() end -function expert(self) - local cmd = self.clientdata.cmd - local url = self.conf.script .. self.conf.prefix .. self.conf.controller - - local modifications = self.clientdata.filecontent or "" - if ( self.clientdata.cmdsave ) then - modifications = self.model:update_filecontent(modifications) - end - - -- Start/Stop/Restart process - local cmdmanagement, actionresult - if ( self.clientdata.cmdmanagement) then - cmdmanagement = cfe({ - name="cmdmanagement", - label="Previous action result", - action=cfe({ - name="cmdmanagement", - value=string.lower(self.clientdata.cmdmanagement), -- This row contains start/stop/restart (one of these commands) - }), - }) - actionresult, cmdmanagement = self.model:startstop_service( cmdmanagement.action ) - end - - local status = self.model:getstatus(self) - local file = self.model:get_filedetails() - - -- Add buttons - file.cmdsave = cfe ({ - name="cmdsave", - label="Apply settings", - value="Apply", - type="submit", - }) - if (self.clientdata.cmdsave) then - file.cmdsave.descr="* Changes has been saved!" - end +function details(self) + return self.model.read_alert() +end - -- Management buttons (Hide/show buttons - local pidofstatus - if (string.lower(status.status.value) == "enabled" ) then pidofstatus = true end - management = displaycmdmanagement(pidofstatus) - if (actionresult) then - management.actionresult.descr=cmdmanagement.descr - management.actionresult.errtxt=cmdmanagement.errtxt - end - if (status) and (status.version) and (#status.version.value == 0) then - management.start.disabled = "yes" - management.stop.disabled = "yes" - management.restart.disabled = "yes" - end +function startstop(self) + return controllerfunctions.handle_startstop(self, self.model.startstop_service, self.model.getstatus, self.clientdata) +end - return ( { - management = management, - status = status, - file = file, - modifications = modifications, - url = url, } ) +function expert(self) + return controllerfunctions.handle_form(self, self.model.get_filedetails, self.model.update_filedetails, self.clientdata, "Save", "Edit Configuration", "Configuration Set") end diff --git a/snort-details-html.lsp b/snort-details-html.lsp new file mode 100644 index 0000000..b95298d --- /dev/null +++ b/snort-details-html.lsp @@ -0,0 +1,37 @@ +<% local data, viewlibrary = ... +require("viewfunctions") +%> +<% +--[[ DEBUG INFORMATION +io.write("<H1>DEBUGGING</H1><span style='color:red'><H2>DEBUG INFO: CFE</H2>") +io.write(html.cfe_unpack(form)) +io.write("</span>") +--]] +%> + +<% viewlibrary.dispatch_component("status") %> + +<H1><%= data.label %></H1> + +<% for i,priority in ipairs(data.value) do %> + <h2><%= priority.name %></h2> + <% for cls in pairs(priority.value) do %> + <h3><%= cls %></h3> + <% for id,alert in pairs(priority.value[cls]) do %> + <p><B><%= alert.value[1] %></B><BR> + <% for j=2, table.maxn(alert.value) do %> + <%= alert.value[j] %><BR> + <% end %> + <I>(This alarm is repeated <B><%= alert.count %></B> times)</I> + <% if (table.maxn(alert.url) ~= 0) then %> + ( URL's: + <% for k,url in ipairs(alert.url) do %> + <a href="<%= url %>" target="_new"><img src="/skins/static/tango/16x16/categories/applications-internet.png" alt="<%= url %>"></a> + <% end %> + ) + <% end %> + </p> + <% end %> + + <% end %> +<% end %> diff --git a/snort-expert-html.lsp b/snort-expert-html.lsp index f8bcb87..207f324 100644..120000 --- a/snort-expert-html.lsp +++ b/snort-expert-html.lsp @@ -1,57 +1 @@ -<% local form = ... -require("viewfunctions") -%> -<% ---[[ DEBUG INFORMATION -io.write("<H1>DEBUGGING</H1><span style='color:red'><H2>DEBUG INFO: CFE</H2>") -io.write(html.cfe_unpack(form)) -io.write("</span>") ---]] -%> - -<H1>SYSTEM INFO</H1> -<DL> -<% -local myform = form.status -local tags = { "status", "version", "autostart", } -displayinfo(myform,tags,"viewonly") -%> -</DL> - -<form name="myform" action="" method="POST"> -<h1>CONFIGURATION</h1> -<H2>Expert config</H2> -<h3>File details</h3> -<DL> -<% -local myform = form.file -local tags = { "filename", "filesize", "mtime", "sumerrors", } -displayinfo(myform,tags,"viewonly") -%> -</DL> - -<H3>FILE CONTENT</H3> -<% -local myform = form.file -io.write(html.form[myform.filecontent.type](myform.filecontent)) -%> - -<H2>SAVE AND APPLY ABOVE SETTINGS</H2> -<DL> -<% -local tags = { "cmdsave", } -displayinfo(myform,tags) -%> -</DL> - -<% --- Management buttons -local myform = form.management -local tags = { "start", "stop", "restart" } -if (myform) then - io.write("<H1>MANAGEMENT</H1>\n<DL>") - displaymanagement(myform,tags) - io.write("</DL>") -end -%> -</form> +../expert-html.lsp
\ No newline at end of file diff --git a/snort-model.lua b/snort-model.lua index 8ae99e5..40cca84 100644 --- a/snort-model.lua +++ b/snort-model.lua @@ -2,200 +2,82 @@ module (..., package.seeall) -- Load libraries +require("modelfunctions") require("fs") -require("posix") -require("procps") -require("daemoncontrol") -require("format") -require("processinfo") -- Set variables local packagename = "snort" local processname = "snort" local configfile = "/etc/snort/snort.conf" +local alertfile = "/var/log/snort/alert" -- ################################################################################ -- LOCAL FUNCTIONS -local function process_status_text(procname) - local t = procps.pidof(procname) - if (t) and (#t > 0) then - return "Enabled" - else - return "Disabled" - end -end - -- ################################################################################ -- PUBLIC FUNCTIONS -function getstatus () - local status = {} - - local value, errtxt = processinfo.package_version(packagename) - status.version = cfe({ name = "version", - label="Program version", - value=value, - errtxt=errtxt, - }) - - status.status = cfe({ name="status", - label="Program status", - value=process_status_text(processname), - }) - - local autostart_sequense, autostart_errtxt = processinfo.process_botsequence(processname) - status.autostart = cfe({ name="autostart", - label="Autostart sequence", - value=autostart_sequense, - errtxt=autostart_errtxt, - }) - - return status -end - -function getconfig() - return {} -end - -function get_filedetails(self,num) - local path - if (num == "2") then - path = configfile2 - else - path = configfile - end - local file = {} - local filedetails = {} - local config = {} - local filenameerrtxt - if (path) and (fs.is_file(path)) then - filedetails = fs.stat(path) - config = getconfig(path) - else - config = {} - config.filename = {} - config["filename"]["errtxt"]="Config file '".. path .. "' is missing!" - end - - file["filename" .. (num or "")] = cfe({ - name="filename" .. (num or ""), - label="File name", - value=path, - errtxt=filenameerrtxt - }) - file["filesize" .. (num or "")] = cfe({ - name="filesize" .. (num or ""), - label="File size", - value=filedetails.size or 0, - }) - file["mtime" .. (num or "")] = cfe({ - name="mtime" .. (num or ""), - label="File date", - value=filedetails.mtime or "---", - }) - file["filecontent" .. (num or "")] = cfe({ - type="longtext", - name="filecontent" .. (num or ""), - label="File content", - value=fs.read_file(path), - }) - - -- Sum all errors into one cfe - local sumerrors = "" - for k,v in pairs(config) do - if (config[k]) and (config[k]["errtxt"]) and (config[k]["errtxt"] ~= "") then - sumerrors = sumerrors .. config[k]["errtxt"] .. "\n" - end - end - if (sumerrors ~= "") then - file["sumerrors" .. (num or "")] = cfe ({ - name="sumerrors" .. (num or ""), - label = "Configuration errors", - errtxt = string.match(sumerrors, "(.-)\n$"), - }) - end - - return file +function getstatus() + return modelfunctions.getstatus(processname, packagename, "Snort Status") end --- action should be a CFE -function startstop_service ( self, action ) - local cmd = action.value - local cmdresult,cmdmessage,cmderror,cmdaction = daemoncontrol.daemoncontrol(processname, cmd) - action.descr=cmdmessage - action.errtxt=cmderror - return cmdresult,action +function startstop_service(action) + return modelfunctions.startstop_service(processname, action) end function read_alert() - local alertfile = "/var/log/snort/alert" - local alertcount = 0 local alertpriority = {} - local alertprioritytmp = "" - local priority = "" - local classification = "" - local currid = "" - local prevrid = "" - local count = {} local liboutput = fs.read_file_as_array(alertfile) if (liboutput) then - for k,v in ipairs(liboutput) do + for i,line in ipairs(liboutput) do --DEBUG - --if (k == 1) then break end - currid = string.match(v, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%].*") + --if (i == 1) then break end + local currid = string.match(line, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%]") if (currid) then - local priority = string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown" - local classification = string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown" + local priority = string.match(liboutput[i+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown" + local classification = string.match(liboutput[i+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown" if (alertpriority[priority] == nil) then alertpriority[priority] = {} end if (alertpriority[priority][classification] == nil) then alertpriority[priority][classification] = {} end - alertpriority[priority][classification][currid] = {} - if (alertpriority[priority][classification][currid]["value"] == nil) then - alertpriority[priority][classification][currid]["value"] = {} - end - if (alertpriority[priority][classification][currid]["url"] == nil) then - alertpriority[priority][classification][currid]["url"] = {} - end - -- COUNTER - if not (count[priority..classification..currid]) then - count[priority..classification..currid] = 0 - end - count[priority..classification..currid] = count[priority..classification..currid] + 1 - alertpriority[priority][classification][currid]["count"] = count[priority..classification..currid] - for i=0, 10 do - local rowvalue = liboutput[k+i] - if (rowvalue == "") then - break - end - if (rowvalue) and (string.match(rowvalue, "%[Xref.*") == nil) and (string.match(rowvalue, "%[Classification.*") == nil)then - table.insert(alertpriority[priority][classification][currid]["value"],rowvalue) - elseif (rowvalue) and (string.match(rowvalue, "%[Xref.*") ~= nil) then - for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do - table.insert(alertpriority[priority][classification][currid]["url"],v) + if (alertpriority[priority][classification][currid] == nil) then + alertpriority[priority][classification][currid] = { value={}, url={}, count=0 } + + local rowvalue = line + local j = 0 + while rowvalue and rowvalue ~= "" do + if string.match(rowvalue, "%[Xref.*") ~= nil then + for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do + table.insert(alertpriority[priority][classification][currid]["url"],v) + end + elseif string.match(rowvalue, "%[Classification.*") == nil then + table.insert(alertpriority[priority][classification][currid].value,rowvalue) end + j=j+1 + rowvalue = liboutput[i+j] end end - alertcount = alertcount + 1 + alertpriority[priority][classification][currid].count = alertpriority[priority][classification][currid].count + 1 end end end --Start sorting priority-table local sorted_table = {} - for n in pairs(alertpriority) do - table.insert(sorted_table, {name=n, value=alertpriority[n]}) + for name,value in pairs(alertpriority) do + table.insert(sorted_table, {name=name, value=value}) end table.sort(sorted_table, function(a,b) return (a.name < b.name) end) - return alertcount,sorted_table + return cfe({ type="structure", value=sorted_table, label="Snort Alerts" }) end -function update_filecontent (self, modifications) - local path = configfile - local file_result,err = fs.write_file(path, format.dostounix(modifications)) - return file_result +function get_filedetails() + return modelfunctions.getfiledetails(configfile) end +function update_filedetails(filedetails) + filedetails.value.filename.value = configfile + return modelfunctions.setfiledetails(filedetails) +end diff --git a/snort-startstop-html.lsp b/snort-startstop-html.lsp new file mode 120000 index 0000000..0ea2627 --- /dev/null +++ b/snort-startstop-html.lsp @@ -0,0 +1 @@ +../startstop-html.lsp
\ No newline at end of file diff --git a/snort-status-html.lsp b/snort-status-html.lsp index 5dafd62..b2f8480 100644..120000 --- a/snort-status-html.lsp +++ b/snort-status-html.lsp @@ -1,50 +1 @@ -<% local form = ... -require("viewfunctions") -%> -<% ---[[ DEBUG INFORMATION -io.write("<H1>DEBUGGING</H1><span style='color:red'><H2>DEBUG INFO: CFE</H2>") -io.write(html.cfe_unpack(form)) -io.write("</span>") ---]] -%> - -<H1>SYSTEM INFO</H1> -<DL> -<% -local myform = form.status -local tags = { "status", "version", "autostart", } -displayinfo(myform,tags,"viewonly") -%> -</DL> - -<H2>PROGRAM SPECIFIC OPTIONS/INFORMATION</H2> -<DL> -<dt>Counted alerts</dt> -<dd><%= form.alerts %> alert(s)</dd> -</DL> - -<h1>ALERT LIST</h1> - -<% for i=1, table.maxn(form.alertresult) do %> - <h2><%= form.alertresult[i]["name"] %></h2> - <% for j in pairs(form.alertresult[i]["value"]) do %> - <h3><%= j %></h3> - <% for k in pairs(form.alertresult[i]["value"][j]) do %> - <p><B><%= form.alertresult[i]["value"][j][k]["value"][1] %></B><BR> - <% for l=2, table.maxn(form.alertresult[i]["value"][j][k]["value"]) do %> - <%= form.alertresult[i]["value"][j][k]["value"][l] %><BR> - <% end %> - <I>(This alarm is repeated <B><%= form.alertresult[i]["value"][j][k]["count"] %></B> times)</I> - <% if (table.maxn(form.alertresult[i]["value"][j][k]["url"]) ~= 0) then %> - ( URL's: - <% for q=1, table.maxn(form.alertresult[i]["value"][j][k]["url"]) do %> - <a href="<%= form.alertresult[i]["value"][j][k]["url"][q] %>" target="_new"><img src="/static/tango/16x16/categories/applications-internet.png" alt="<%= form.alertresult[i]["value"][j][k]["url"][q] %>"></a> - <% end %> - ) - <% end %> - </p> - <% end %> - - <% end %> -<% end %> +../status-html.lsp
\ No newline at end of file @@ -1,3 +1,3 @@ #CAT GROUP/DESC TAB ACTION -Applications 80Snort Status status +Applications 80Snort Status details Applications 80Snort Expert expert diff --git a/snort.roles b/snort.roles index d489da5..ef54e55 100644 --- a/snort.roles +++ b/snort.roles @@ -1,2 +1,2 @@ -READ=snort:status -UPDATE=snort:expert +READ=snort:status,snort:details +UPDATE=snort:expert,snort:startstop |