diff options
Diffstat (limited to 'snort-model.lua')
-rw-r--r-- | snort-model.lua | 188 |
1 files changed, 35 insertions, 153 deletions
diff --git a/snort-model.lua b/snort-model.lua index 8ae99e5..40cca84 100644 --- a/snort-model.lua +++ b/snort-model.lua @@ -2,200 +2,82 @@ module (..., package.seeall) -- Load libraries +require("modelfunctions") require("fs") -require("posix") -require("procps") -require("daemoncontrol") -require("format") -require("processinfo") -- Set variables local packagename = "snort" local processname = "snort" local configfile = "/etc/snort/snort.conf" +local alertfile = "/var/log/snort/alert" -- ################################################################################ -- LOCAL FUNCTIONS -local function process_status_text(procname) - local t = procps.pidof(procname) - if (t) and (#t > 0) then - return "Enabled" - else - return "Disabled" - end -end - -- ################################################################################ -- PUBLIC FUNCTIONS -function getstatus () - local status = {} - - local value, errtxt = processinfo.package_version(packagename) - status.version = cfe({ name = "version", - label="Program version", - value=value, - errtxt=errtxt, - }) - - status.status = cfe({ name="status", - label="Program status", - value=process_status_text(processname), - }) - - local autostart_sequense, autostart_errtxt = processinfo.process_botsequence(processname) - status.autostart = cfe({ name="autostart", - label="Autostart sequence", - value=autostart_sequense, - errtxt=autostart_errtxt, - }) - - return status -end - -function getconfig() - return {} -end - -function get_filedetails(self,num) - local path - if (num == "2") then - path = configfile2 - else - path = configfile - end - local file = {} - local filedetails = {} - local config = {} - local filenameerrtxt - if (path) and (fs.is_file(path)) then - filedetails = fs.stat(path) - config = getconfig(path) - else - config = {} - config.filename = {} - config["filename"]["errtxt"]="Config file '".. path .. "' is missing!" - end - - file["filename" .. (num or "")] = cfe({ - name="filename" .. (num or ""), - label="File name", - value=path, - errtxt=filenameerrtxt - }) - file["filesize" .. (num or "")] = cfe({ - name="filesize" .. (num or ""), - label="File size", - value=filedetails.size or 0, - }) - file["mtime" .. (num or "")] = cfe({ - name="mtime" .. (num or ""), - label="File date", - value=filedetails.mtime or "---", - }) - file["filecontent" .. (num or "")] = cfe({ - type="longtext", - name="filecontent" .. (num or ""), - label="File content", - value=fs.read_file(path), - }) - - -- Sum all errors into one cfe - local sumerrors = "" - for k,v in pairs(config) do - if (config[k]) and (config[k]["errtxt"]) and (config[k]["errtxt"] ~= "") then - sumerrors = sumerrors .. config[k]["errtxt"] .. "\n" - end - end - if (sumerrors ~= "") then - file["sumerrors" .. (num or "")] = cfe ({ - name="sumerrors" .. (num or ""), - label = "Configuration errors", - errtxt = string.match(sumerrors, "(.-)\n$"), - }) - end - - return file +function getstatus() + return modelfunctions.getstatus(processname, packagename, "Snort Status") end --- action should be a CFE -function startstop_service ( self, action ) - local cmd = action.value - local cmdresult,cmdmessage,cmderror,cmdaction = daemoncontrol.daemoncontrol(processname, cmd) - action.descr=cmdmessage - action.errtxt=cmderror - return cmdresult,action +function startstop_service(action) + return modelfunctions.startstop_service(processname, action) end function read_alert() - local alertfile = "/var/log/snort/alert" - local alertcount = 0 local alertpriority = {} - local alertprioritytmp = "" - local priority = "" - local classification = "" - local currid = "" - local prevrid = "" - local count = {} local liboutput = fs.read_file_as_array(alertfile) if (liboutput) then - for k,v in ipairs(liboutput) do + for i,line in ipairs(liboutput) do --DEBUG - --if (k == 1) then break end - currid = string.match(v, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%].*") + --if (i == 1) then break end + local currid = string.match(line, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%]") if (currid) then - local priority = string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown" - local classification = string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown" + local priority = string.match(liboutput[i+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown" + local classification = string.match(liboutput[i+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown" if (alertpriority[priority] == nil) then alertpriority[priority] = {} end if (alertpriority[priority][classification] == nil) then alertpriority[priority][classification] = {} end - alertpriority[priority][classification][currid] = {} - if (alertpriority[priority][classification][currid]["value"] == nil) then - alertpriority[priority][classification][currid]["value"] = {} - end - if (alertpriority[priority][classification][currid]["url"] == nil) then - alertpriority[priority][classification][currid]["url"] = {} - end - -- COUNTER - if not (count[priority..classification..currid]) then - count[priority..classification..currid] = 0 - end - count[priority..classification..currid] = count[priority..classification..currid] + 1 - alertpriority[priority][classification][currid]["count"] = count[priority..classification..currid] - for i=0, 10 do - local rowvalue = liboutput[k+i] - if (rowvalue == "") then - break - end - if (rowvalue) and (string.match(rowvalue, "%[Xref.*") == nil) and (string.match(rowvalue, "%[Classification.*") == nil)then - table.insert(alertpriority[priority][classification][currid]["value"],rowvalue) - elseif (rowvalue) and (string.match(rowvalue, "%[Xref.*") ~= nil) then - for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do - table.insert(alertpriority[priority][classification][currid]["url"],v) + if (alertpriority[priority][classification][currid] == nil) then + alertpriority[priority][classification][currid] = { value={}, url={}, count=0 } + + local rowvalue = line + local j = 0 + while rowvalue and rowvalue ~= "" do + if string.match(rowvalue, "%[Xref.*") ~= nil then + for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do + table.insert(alertpriority[priority][classification][currid]["url"],v) + end + elseif string.match(rowvalue, "%[Classification.*") == nil then + table.insert(alertpriority[priority][classification][currid].value,rowvalue) end + j=j+1 + rowvalue = liboutput[i+j] end end - alertcount = alertcount + 1 + alertpriority[priority][classification][currid].count = alertpriority[priority][classification][currid].count + 1 end end end --Start sorting priority-table local sorted_table = {} - for n in pairs(alertpriority) do - table.insert(sorted_table, {name=n, value=alertpriority[n]}) + for name,value in pairs(alertpriority) do + table.insert(sorted_table, {name=name, value=value}) end table.sort(sorted_table, function(a,b) return (a.name < b.name) end) - return alertcount,sorted_table + return cfe({ type="structure", value=sorted_table, label="Snort Alerts" }) end -function update_filecontent (self, modifications) - local path = configfile - local file_result,err = fs.write_file(path, format.dostounix(modifications)) - return file_result +function get_filedetails() + return modelfunctions.getfiledetails(configfile) end +function update_filedetails(filedetails) + filedetails.value.filename.value = configfile + return modelfunctions.setfiledetails(filedetails) +end |