summaryrefslogtreecommitdiffstats
path: root/snort-model.lua
diff options
context:
space:
mode:
Diffstat (limited to 'snort-model.lua')
-rw-r--r--snort-model.lua188
1 files changed, 35 insertions, 153 deletions
diff --git a/snort-model.lua b/snort-model.lua
index 8ae99e5..40cca84 100644
--- a/snort-model.lua
+++ b/snort-model.lua
@@ -2,200 +2,82 @@
module (..., package.seeall)
-- Load libraries
+require("modelfunctions")
require("fs")
-require("posix")
-require("procps")
-require("daemoncontrol")
-require("format")
-require("processinfo")
-- Set variables
local packagename = "snort"
local processname = "snort"
local configfile = "/etc/snort/snort.conf"
+local alertfile = "/var/log/snort/alert"
-- ################################################################################
-- LOCAL FUNCTIONS
-local function process_status_text(procname)
- local t = procps.pidof(procname)
- if (t) and (#t > 0) then
- return "Enabled"
- else
- return "Disabled"
- end
-end
-
-- ################################################################################
-- PUBLIC FUNCTIONS
-function getstatus ()
- local status = {}
-
- local value, errtxt = processinfo.package_version(packagename)
- status.version = cfe({ name = "version",
- label="Program version",
- value=value,
- errtxt=errtxt,
- })
-
- status.status = cfe({ name="status",
- label="Program status",
- value=process_status_text(processname),
- })
-
- local autostart_sequense, autostart_errtxt = processinfo.process_botsequence(processname)
- status.autostart = cfe({ name="autostart",
- label="Autostart sequence",
- value=autostart_sequense,
- errtxt=autostart_errtxt,
- })
-
- return status
-end
-
-function getconfig()
- return {}
-end
-
-function get_filedetails(self,num)
- local path
- if (num == "2") then
- path = configfile2
- else
- path = configfile
- end
- local file = {}
- local filedetails = {}
- local config = {}
- local filenameerrtxt
- if (path) and (fs.is_file(path)) then
- filedetails = fs.stat(path)
- config = getconfig(path)
- else
- config = {}
- config.filename = {}
- config["filename"]["errtxt"]="Config file '".. path .. "' is missing!"
- end
-
- file["filename" .. (num or "")] = cfe({
- name="filename" .. (num or ""),
- label="File name",
- value=path,
- errtxt=filenameerrtxt
- })
- file["filesize" .. (num or "")] = cfe({
- name="filesize" .. (num or ""),
- label="File size",
- value=filedetails.size or 0,
- })
- file["mtime" .. (num or "")] = cfe({
- name="mtime" .. (num or ""),
- label="File date",
- value=filedetails.mtime or "---",
- })
- file["filecontent" .. (num or "")] = cfe({
- type="longtext",
- name="filecontent" .. (num or ""),
- label="File content",
- value=fs.read_file(path),
- })
-
- -- Sum all errors into one cfe
- local sumerrors = ""
- for k,v in pairs(config) do
- if (config[k]) and (config[k]["errtxt"]) and (config[k]["errtxt"] ~= "") then
- sumerrors = sumerrors .. config[k]["errtxt"] .. "\n"
- end
- end
- if (sumerrors ~= "") then
- file["sumerrors" .. (num or "")] = cfe ({
- name="sumerrors" .. (num or ""),
- label = "Configuration errors",
- errtxt = string.match(sumerrors, "(.-)\n$"),
- })
- end
-
- return file
+function getstatus()
+ return modelfunctions.getstatus(processname, packagename, "Snort Status")
end
--- action should be a CFE
-function startstop_service ( self, action )
- local cmd = action.value
- local cmdresult,cmdmessage,cmderror,cmdaction = daemoncontrol.daemoncontrol(processname, cmd)
- action.descr=cmdmessage
- action.errtxt=cmderror
- return cmdresult,action
+function startstop_service(action)
+ return modelfunctions.startstop_service(processname, action)
end
function read_alert()
- local alertfile = "/var/log/snort/alert"
- local alertcount = 0
local alertpriority = {}
- local alertprioritytmp = ""
- local priority = ""
- local classification = ""
- local currid = ""
- local prevrid = ""
- local count = {}
local liboutput = fs.read_file_as_array(alertfile)
if (liboutput) then
- for k,v in ipairs(liboutput) do
+ for i,line in ipairs(liboutput) do
--DEBUG
- --if (k == 1) then break end
- currid = string.match(v, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%].*")
+ --if (i == 1) then break end
+ local currid = string.match(line, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%]")
if (currid) then
- local priority = string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown"
- local classification = string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown"
+ local priority = string.match(liboutput[i+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown"
+ local classification = string.match(liboutput[i+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown"
if (alertpriority[priority] == nil) then
alertpriority[priority] = {}
end
if (alertpriority[priority][classification] == nil) then
alertpriority[priority][classification] = {}
end
- alertpriority[priority][classification][currid] = {}
- if (alertpriority[priority][classification][currid]["value"] == nil) then
- alertpriority[priority][classification][currid]["value"] = {}
- end
- if (alertpriority[priority][classification][currid]["url"] == nil) then
- alertpriority[priority][classification][currid]["url"] = {}
- end
- -- COUNTER
- if not (count[priority..classification..currid]) then
- count[priority..classification..currid] = 0
- end
- count[priority..classification..currid] = count[priority..classification..currid] + 1
- alertpriority[priority][classification][currid]["count"] = count[priority..classification..currid]
- for i=0, 10 do
- local rowvalue = liboutput[k+i]
- if (rowvalue == "") then
- break
- end
- if (rowvalue) and (string.match(rowvalue, "%[Xref.*") == nil) and (string.match(rowvalue, "%[Classification.*") == nil)then
- table.insert(alertpriority[priority][classification][currid]["value"],rowvalue)
- elseif (rowvalue) and (string.match(rowvalue, "%[Xref.*") ~= nil) then
- for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do
- table.insert(alertpriority[priority][classification][currid]["url"],v)
+ if (alertpriority[priority][classification][currid] == nil) then
+ alertpriority[priority][classification][currid] = { value={}, url={}, count=0 }
+
+ local rowvalue = line
+ local j = 0
+ while rowvalue and rowvalue ~= "" do
+ if string.match(rowvalue, "%[Xref.*") ~= nil then
+ for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do
+ table.insert(alertpriority[priority][classification][currid]["url"],v)
+ end
+ elseif string.match(rowvalue, "%[Classification.*") == nil then
+ table.insert(alertpriority[priority][classification][currid].value,rowvalue)
end
+ j=j+1
+ rowvalue = liboutput[i+j]
end
end
- alertcount = alertcount + 1
+ alertpriority[priority][classification][currid].count = alertpriority[priority][classification][currid].count + 1
end
end
end
--Start sorting priority-table
local sorted_table = {}
- for n in pairs(alertpriority) do
- table.insert(sorted_table, {name=n, value=alertpriority[n]})
+ for name,value in pairs(alertpriority) do
+ table.insert(sorted_table, {name=name, value=value})
end
table.sort(sorted_table, function(a,b) return (a.name < b.name) end)
- return alertcount,sorted_table
+ return cfe({ type="structure", value=sorted_table, label="Snort Alerts" })
end
-function update_filecontent (self, modifications)
- local path = configfile
- local file_result,err = fs.write_file(path, format.dostounix(modifications))
- return file_result
+function get_filedetails()
+ return modelfunctions.getfiledetails(configfile)
end
+function update_filedetails(filedetails)
+ filedetails.value.filename.value = configfile
+ return modelfunctions.setfiledetails(filedetails)
+end