-- acf model for displaying logfiles recusivly module (..., package.seeall) -- Load libraries require("fs") require("posix") require("procps") require("daemoncontrol") require("format") require("processinfo") -- Set variables local packagename = "snort" local processname = "snort" local configfile = "/etc/snort/snort.conf" -- ################################################################################ -- LOCAL FUNCTIONS local function process_status_text(procname) local t = procps.pidof(procname) if (t) and (#t > 0) then return "Enabled" else return "Disabled" end end -- ################################################################################ -- PUBLIC FUNCTIONS function getstatus () local status = {} local value, errtxt = processinfo.package_version(packagename) status.version = cfe({ name = "version", label="Program version", value=value, errtxt=errtxt, }) status.status = cfe({ name="status", label="Program status", value=process_status_text(processname), }) local autostart_sequense, autostart_errtxt = processinfo.process_botsequence(processname) status.autostart = cfe({ name="autostart", label="Autostart sequence", value=autostart_sequense, errtxt=autostart_errtxt, }) return status end function getconfig() return {} end function get_filedetails(self,num) local path if (num == "2") then path = configfile2 else path = configfile end local file = {} local filedetails = {} local config = {} local filenameerrtxt if (path) and (fs.is_file(path)) then filedetails = fs.stat(path) config = getconfig(path) else config = {} config.filename = {} config["filename"]["errtxt"]="Config file '".. path .. "' is missing!" end file["filename" .. (num or "")] = cfe({ name="filename" .. (num or ""), label="File name", value=path, errtxt=filenameerrtxt }) file["filesize" .. (num or "")] = cfe({ name="filesize" .. (num or ""), label="File size", value=filedetails.size or 0, }) file["mtime" .. (num or "")] = cfe({ name="mtime" .. (num or ""), label="File date", value=filedetails.mtime or "---", }) file["filecontent" .. (num or "")] = cfe({ type="longtext", name="filecontent" .. (num or ""), label="File content", value=fs.read_file(path), }) -- Sum all errors into one cfe local sumerrors = "" for k,v in pairs(config) do if (config[k]) and (config[k]["errtxt"]) and (config[k]["errtxt"] ~= "") then sumerrors = sumerrors .. config[k]["errtxt"] .. "\n" end end if (sumerrors ~= "") then file["sumerrors" .. (num or "")] = cfe ({ name="sumerrors" .. (num or ""), label = "Configuration errors", errtxt = string.match(sumerrors, "(.-)\n$"), }) end return file end -- action should be a CFE function startstop_service ( self, action ) local cmd = action.value local cmdresult,cmdmessage,cmderror,cmdaction = daemoncontrol.daemoncontrol(processname, cmd) action.descr=cmdmessage action.errtxt=cmderror return cmdresult,action end function read_alert() local alertfile = "/var/log/snort/alert" local alertcount = 0 local alertpriority = {} local alertprioritytmp = "" local priority = "" local classification = "" local currid = "" local prevrid = "" local count = {} local liboutput = fs.read_file_as_array(alertfile) if (liboutput) then for k,v in ipairs(liboutput) do --DEBUG --if (k == 1) then break end currid = string.match(v, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%].*") if (currid) then local priority = string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown" local classification = string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown" if (alertpriority[priority] == nil) then alertpriority[priority] = {} end if (alertpriority[priority][classification] == nil) then alertpriority[priority][classification] = {} end alertpriority[priority][classification][currid] = {} if (alertpriority[priority][classification][currid]["value"] == nil) then alertpriority[priority][classification][currid]["value"] = {} end if (alertpriority[priority][classification][currid]["url"] == nil) then alertpriority[priority][classification][currid]["url"] = {} end -- COUNTER if not (count[priority..classification..currid]) then count[priority..classification..currid] = 0 end count[priority..classification..currid] = count[priority..classification..currid] + 1 alertpriority[priority][classification][currid]["count"] = count[priority..classification..currid] for i=0, 10 do local rowvalue = liboutput[k+i] if (rowvalue == "") then break end if (rowvalue) and (string.match(rowvalue, "%[Xref.*") == nil) and (string.match(rowvalue, "%[Classification.*") == nil)then table.insert(alertpriority[priority][classification][currid]["value"],rowvalue) elseif (rowvalue) and (string.match(rowvalue, "%[Xref.*") ~= nil) then for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do table.insert(alertpriority[priority][classification][currid]["url"],v) end end end alertcount = alertcount + 1 end end end --Start sorting priority-table local sorted_table = {} for n in pairs(alertpriority) do table.insert(sorted_table, {name=n, value=alertpriority[n]}) end table.sort(sorted_table, function(a,b) return (a.name < b.name) end) return alertcount,sorted_table end function update_filecontent (self, modifications) local path = configfile local file_result,err = fs.write_file(path, format.dostounix(modifications)) return file_result end