Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
96bcf076
Commit
96bcf076
authored
Jun 11, 2015
by
Ad Schellevis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
(ids) update search installed rules
parent
c8dcaaba
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
31 additions
and
12 deletions
+31
-12
getRuleJSON.py
src/opnsense/scripts/suricata/getRuleJSON.py
+3
-1
rulecache.py
src/opnsense/scripts/suricata/rulecache.py
+28
-11
No files found.
src/opnsense/scripts/suricata/getRuleJSON.py
View file @
96bcf076
...
@@ -46,7 +46,7 @@ if __name__ == '__main__':
...
@@ -46,7 +46,7 @@ if __name__ == '__main__':
rc
.
create
()
rc
.
create
()
# load parameters, ignore validation here the search method only processes valid input
# load parameters, ignore validation here the search method only processes valid input
parameters
=
{
'limit'
:
'0'
,
'offset'
:
'0'
,
'sort_by'
:
''
,
'filter'
:
''
,
'filter_fields'
:
''
}
parameters
=
{
'limit'
:
'0'
,
'offset'
:
'0'
,
'sort_by'
:
''
,
'filter'
:
''
}
cmd
=
None
cmd
=
None
for
arg
in
sys
.
argv
[
1
:]:
for
arg
in
sys
.
argv
[
1
:]:
if
cmd
is
None
:
if
cmd
is
None
:
...
@@ -60,3 +60,5 @@ if __name__ == '__main__':
...
@@ -60,3 +60,5 @@ if __name__ == '__main__':
result
=
rc
.
search
(
**
parameters
)
result
=
rc
.
search
(
**
parameters
)
result
[
'parameters'
]
=
parameters
result
[
'parameters'
]
=
parameters
print
(
json
.
dumps
(
result
))
print
(
json
.
dumps
(
result
))
src/opnsense/scripts/suricata/rulecache.py
View file @
96bcf076
...
@@ -33,6 +33,7 @@ import os
...
@@ -33,6 +33,7 @@ import os
import
os.path
import
os.path
import
glob
import
glob
import
sqlite3
import
sqlite3
import
shlex
class
RuleCache
(
object
):
class
RuleCache
(
object
):
"""
"""
...
@@ -42,6 +43,7 @@ class RuleCache(object):
...
@@ -42,6 +43,7 @@ class RuleCache(object):
self
.
rule_source_dir
=
'/usr/local/etc/suricata/rules/'
self
.
rule_source_dir
=
'/usr/local/etc/suricata/rules/'
self
.
cachefile
=
'
%
srules.sqlite'
%
self
.
rule_source_dir
self
.
cachefile
=
'
%
srules.sqlite'
%
self
.
rule_source_dir
self
.
_rule_fields
=
[
'sid'
,
'msg'
,
'classtype'
,
'rev'
,
'gid'
,
'source'
,
'enabled'
]
self
.
_rule_fields
=
[
'sid'
,
'msg'
,
'classtype'
,
'rev'
,
'gid'
,
'source'
,
'enabled'
]
self
.
_rule_defaults
=
{
'classtype'
:
'##none##'
}
def
listLocal
(
self
):
def
listLocal
(
self
):
all_rule_files
=
[]
all_rule_files
=
[]
...
@@ -113,7 +115,10 @@ class RuleCache(object):
...
@@ -113,7 +115,10 @@ class RuleCache(object):
for
rule_field
in
self
.
_rule_fields
:
for
rule_field
in
self
.
_rule_fields
:
if
rule_field
not
in
record
:
if
rule_field
not
in
record
:
record
[
rule_field
]
=
None
if
rule_field
in
self
.
_rule_defaults
:
record
[
rule_field
]
=
self
.
_rule_defaults
[
rule_field
]
else
:
record
[
rule_field
]
=
None
rules
.
append
(
record
)
rules
.
append
(
record
)
...
@@ -123,12 +128,11 @@ class RuleCache(object):
...
@@ -123,12 +128,11 @@ class RuleCache(object):
cur
.
execute
(
'insert into stats (timestamp,files) values (?,?) '
,(
last_mtime
,
len
(
all_rule_files
)))
cur
.
execute
(
'insert into stats (timestamp,files) values (?,?) '
,(
last_mtime
,
len
(
all_rule_files
)))
db
.
commit
()
db
.
commit
()
def
search
(
self
,
limit
,
offset
,
filter
,
filter_fields
,
sort_by
):
def
search
(
self
,
limit
,
offset
,
filter
,
sort_by
):
""" search installed rules
""" search installed rules
:param limit: limit number of rows
:param limit: limit number of rows
:param offset: limit offset
:param offset: limit offset
:param filter: text to search
:param filter: text to search, used format fieldname1,fieldname2/searchphrase include
%
to match on a part
:param filter_fields: list of fields to apply filter
:param sort: order by, list of fields and possible asc/desc parameter
:param sort: order by, list of fields and possible asc/desc parameter
:return: dict
:return: dict
"""
"""
...
@@ -139,14 +143,27 @@ class RuleCache(object):
...
@@ -139,14 +143,27 @@ class RuleCache(object):
# construct query including filters
# construct query including filters
sql
=
'select * from rules '
sql
=
'select * from rules '
sql_filters
=
{}
sql_filters
=
{}
for
field
in
map
(
lambda
x
:
x
.
lower
()
.
strip
(),
filter_fields
.
split
(
','
)):
if
field
in
self
.
_rule_fields
:
for
filtertag
in
shlex
.
split
(
filter
):
if
len
(
sql_filters
)
>
0
:
fieldnames
=
filtertag
.
split
(
'/'
)[
0
]
sql
+=
' or '
searchcontent
=
'/'
.
join
(
filtertag
.
split
(
'/'
)[
1
:])
if
len
(
sql_filters
)
>
0
:
sql
+=
' and ( '
else
:
sql
+=
' where ( '
for
fieldname
in
map
(
lambda
x
:
x
.
lower
()
.
strip
(),
fieldnames
.
split
(
','
)):
if
fieldname
in
self
.
_rule_fields
:
if
fieldname
!=
fieldnames
.
split
(
','
)[
0
]
.
strip
():
sql
+=
' or '
if
searchcontent
.
find
(
'
%
'
)
==
-
1
:
sql
+=
'cast('
+
fieldname
+
" as text) like :"
+
fieldname
+
" "
else
:
sql
+=
'cast('
+
fieldname
+
" as text) like '
%
'|| :"
+
fieldname
+
" || '
%
' "
sql_filters
[
fieldname
]
=
searchcontent
.
replace
(
'
%
'
,
''
)
else
:
else
:
sql
+=
' where '
# not a valid fieldname, add a tag to make sure our sql statement is valid
sql
+=
'cast('
+
field
+
" as text) like '
%
'|| :"
+
field
+
" || '
%
' "
sql
+=
' 1 = 1 '
sql_filters
[
field
]
=
filter
sql
+=
' ) '
# apply sort order (if any)
# apply sort order (if any)
sql_sort
=
[]
sql_sort
=
[]
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment