(ids) refactor static paths into single definition

9f2d34e7 · Ad Schellevis · f45171e7 · 9f2d34e7 · 9f2d34e7 · 9f2d34e7
Commit 9f2d34e7 authored Jul 01, 2015 by Ad Schellevis
6 changed files
--- a/src/opnsense/scripts/suricata/installRules.py
+++ b/src/opnsense/scripts/suricata/installRules.py
@@ -31,14 +31,15 @@
    Install suricata ruleset into opnsense.rules directory
 """
 import os.path
-import lib.rulecache
 from ConfigParser import ConfigParser
+import lib.rulecache
+from lib import rule_source_directory
 RuleCache = lib.rulecache.RuleCache()
-rule_config_fn = ('%s../rules.config'%RuleCache.rule_source_dir)
+rule_config_fn = ('%s../rules.config'%rule_source_directory)
-rule_target_dir = ('%s../opnsense.rules'%RuleCache.rule_source_dir)
+rule_target_dir = ('%s../opnsense.rules'%rule_source_directory)
-rule_yaml_list = ('%s../installed_rules.yaml'%RuleCache.rule_source_dir)
+rule_yaml_list = ('%s../installed_rules.yaml'%rule_source_directory)
 # parse OPNsense rule config
 rule_updates = {}

--- a/src/opnsense/scripts/suricata/lib/__init__.py
+++ b/src/opnsense/scripts/suricata/lib/__init__.py
@@ -27,3 +27,6 @@
    POSSIBILITY OF SUCH DAMAGE.
 """
+# define paths used by suricata
+rule_source_directory='/usr/local/etc/suricata/rules/'
+suricata_alert_log='/var/log/suricata/eve.json'
--- a/src/opnsense/scripts/suricata/lib/rulecache.py
+++ b/src/opnsense/scripts/suricata/lib/rulecache.py
@@ -34,20 +34,21 @@ import os.path
 import glob
 import sqlite3
 import shlex
+from lib import rule_source_directory
 class RuleCache(object):
    """
    """
    def __init__(self):
        # suricata rule settings, source directory and cache json file to use
-        self.rule_source_dir = '/usr/local/etc/suricata/rules/'
+        self.cachefile = '%srules.sqlite'%rule_source_directory
-        self.cachefile = '%srules.sqlite'%self.rule_source_dir
        self._rule_fields = ['sid','msg','classtype','rev','gid','source','enabled','reference']
        self._rule_defaults = {'classtype':'##none##'}
    def listLocal(self):
        all_rule_files=[]
-        for filename in glob.glob('%s*.rules'%(self.rule_source_dir)):
+        for filename in glob.glob('%s*.rules'%(rule_source_directory)):
            all_rule_files.append(filename)
        return all_rule_files

--- a/src/opnsense/scripts/suricata/listAlertLogs.py
+++ b/src/opnsense/scripts/suricata/listAlertLogs.py
@@ -33,9 +33,10 @@
 import os
 import glob
 import ujson
+from lib import suricata_alert_log
 result = []
-for filename in sorted(glob.glob('/var/log/suricata/eve.json*')):
+for filename in sorted(glob.glob('%s*'%suricata_alert_log)):
    row = dict()
    row['modified'] = os.stat(filename).st_mtime
    row['filename'] = filename.split('/')[-1]

--- a/src/opnsense/scripts/suricata/queryAlertLog.py
+++ b/src/opnsense/scripts/suricata/queryAlertLog.py
@@ -37,6 +37,7 @@ import shlex
 import ujson
 from lib.log import reverse_log_reader
 from lib.params import updateParams
+from lib import suricata_alert_log
 # handle parameters
 parameters = {'limit':'0','offset':'0', 'filter':'','fileid':''}
@@ -44,9 +45,9 @@ updateParams(parameters)
 # choose logfile by number
 if parameters['fileid'].isdigit():
-    suricata_log = '/var/log/suricata/eve.json.%d'%int(parameters['fileid'])
+    suricata_log = '%s.%d'%(suricata_alert_log,int(parameters['fileid']))
 else:
-    suricata_log = '/var/log/suricata/eve.json'
+    suricata_log = suricata_alert_log
 if parameters['limit'].isdigit():
    limit = int(parameters['limit'])

--- a/src/opnsense/scripts/suricata/rule-updater.py
+++ b/src/opnsense/scripts/suricata/rule-updater.py
@@ -36,6 +36,7 @@ import fcntl
 from ConfigParser import ConfigParser
 from lib import metadata
 from lib import downloader
+from lib import rule_source_directory
 # check for a running update process, this may take a while so it's better to check...
 try:
@@ -49,7 +50,6 @@ if __name__ == '__main__':
    # load list of configured rules from generated config
    enabled_rulefiles=[]
    updater_conf='/usr/local/etc/suricata/rule-updater.config'
-    target_directory='/usr/local/etc/suricata/rules/'
    if os.path.exists(updater_conf):
        cnf = ConfigParser()
        cnf.read(updater_conf)
@@ -59,7 +59,7 @@ if __name__ == '__main__':
    # download / remove rules
    md = metadata.Metadata()
-    dl = downloader.Downloader(target_dir=target_directory)
+    dl = downloader.Downloader(target_dir=rule_source_directory)
    for rule in md.list_rules():
        if 'url' in rule['source']:
            download_proto=str(rule['source']['url']).split(':')[0].lower()
@@ -67,7 +67,7 @@ if __name__ == '__main__':
                if rule['filename'] not in enabled_rulefiles:
                    try:
                        # remove configurable but unselected file
-                        os.remove(('%s/%s'%(target_directory, rule['filename'])).replace('//', '/'))
+                        os.remove(('%s/%s'%(rule_source_directory, rule['filename'])).replace('//', '/'))
                    except:
                        pass
                else: