summaryrefslogtreecommitdiffstats
path: root/snort-model.lua
blob: 02c5a1e9ecfe4215431086132e143242f590ed04 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
-- acf model for displaying logfiles recusivly 
module (..., package.seeall)

-- no initializer in model - use controller.init for that

require("fs")
require("posix")
require("procps")
require("daemoncontrol")
require("format")

local processname = "snort"

local configfile = "/etc/snort/snort.conf"

-- ################################################################################
-- LOCAL FUNCTIONS

local function get_version()
	local cmd = "snort -V 2>&1 | grep Version | sed 's/.*ersion\ /snort-/'"
	local cmd_output = io.popen( cmd )
	local cmd_output_result = cmd_output:read("*a") or ""
	cmd_output:close()
	return cmd_output_result
end

-- ################################################################################
-- PUBLIC FUNCTIONS

function getstatus ()
	local status = {}
	status["version"] = string.match(get_version(), "^(%S*)" )
	status["enabled"] = procps.pidof("snort")
	return status
end

function get_filedetails()
	local filedetails = {}
	local path = configfile
	filedetails.details = fs.stat(path)
	filedetails.content = fs.read_file(path)
	return filedetails
end

function startstop_service ( self, state )
	local cmdresult,cmdmessage,cmderror,cmdaction = daemoncontrol.daemoncontrol(processname, state)
	return cmdmessage
end

function read_alert()
	local alertfile = "/var/log/snort/alert"
	local alertcount = 0
	local alertpriority = {}
	local alertprioritytmp = ""
	local priority = ""
	local classification = ""
	local currid = ""
	local prevrid = ""
	local count = {}
	local liboutput = fs.read_file_as_array(alertfile)
	if (liboutput) then
		for k,v in ipairs(liboutput) do
			--DEBUG
			--if (k == 1) then break end
			currid = string.match(v, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%].*")
			if (currid) then
				local priority = string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown"
				local classification = string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown"
				if (alertpriority[priority] == nil) then
					alertpriority[priority] = {}
				end
				if (alertpriority[priority][classification] == nil) then
					alertpriority[priority][classification] = {}
				end
				alertpriority[priority][classification][currid] = {}
				if (alertpriority[priority][classification][currid]["value"] == nil) then
					alertpriority[priority][classification][currid]["value"] = {}
				end
				if (alertpriority[priority][classification][currid]["url"] == nil) then
					alertpriority[priority][classification][currid]["url"] = {}
				end
				-- COUNTER
				if not (count[priority..classification..currid]) then
					count[priority..classification..currid] = 0
				end
				count[priority..classification..currid] = count[priority..classification..currid] + 1
				alertpriority[priority][classification][currid]["count"] = count[priority..classification..currid]
				for i=0, 10 do
					local rowvalue = liboutput[k+i]
					if (rowvalue == "") then
						break 
					end
					if (rowvalue) and (string.match(rowvalue, "%[Xref.*") == nil) and (string.match(rowvalue, "%[Classification.*") == nil)then
						table.insert(alertpriority[priority][classification][currid]["value"],rowvalue)
					elseif (rowvalue) and (string.match(rowvalue, "%[Xref.*") ~= nil) then
						for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do
							table.insert(alertpriority[priority][classification][currid]["url"],v)
						end
					end
				end
				alertcount = alertcount + 1
			end
		end
	end
	--Start sorting priority-table
	local sorted_table = {}
	for n in pairs(alertpriority) do 
		table.insert(sorted_table, {name=n, value=alertpriority[n]})
	end
	table.sort(sorted_table, function(a,b) return (a.name < b.name) end)

	return alertcount,sorted_table
end

function update_filecontent (self, modifications)
	local path = configfile
	local file_result,err = fs.write_file(path, format.dostounix(modifications))
	return file_result
end