Beispiel #1
0
    def _checkVersion(self):
        error_type = _("Version Requirement error")
        if not prelude.checkVersion(siteconfig.libprelude_required_version):
            raise error.PrewikkaUserError(error_type, _("Prewikka %(vPre)s requires libprelude %(vLib)s or higher") % {'vPre':version.__version__, 'vLib':siteconfig.libprelude_required_version})

        elif not preludedb.checkVersion(siteconfig.libpreludedb_required_version):
            raise error.PrewikkaUserError(error_type, _("Prewikka %(vPre)s requires libpreludedb %(vLib)s or higher") % {'vPre':version.__version__, 'vLib':siteconfig.libpreludedb_required_version})
Beispiel #2
0
    def _check_version(self):
        error_type = _("Version Requirement error")
        if not prelude.checkVersion(siteconfig.libprelude_required_version):
            raise error.PrewikkaUserError(
                error_type,
                N_(
                    "Prewikka %(vPre)s requires libprelude %(vLib)s or higher",
                    {
                        'vPre': version.__version__,
                        'vLib': siteconfig.libprelude_required_version
                    }))

        elif not preludedb.checkVersion(
                siteconfig.libpreludedb_required_version):
            raise error.PrewikkaUserError(
                error_type,
                N_(
                    "Prewikka %(vPre)s requires libpreludedb %(vLib)s or higher",
                    {
                        'vPre': version.__version__,
                        'vLib': siteconfig.libpreludedb_required_version
                    }))
Beispiel #3
0
def runCorrelator():
    checkVersion(LIBPRELUDE_REQUIRED_VERSION)
    config_filename = require.get_config_filename("prelude-correlator.conf")

    parser = argparse.ArgumentParser()

    parser.add_argument("-c",
                        "--config",
                        default=config_filename,
                        metavar="FILE",
                        help="Configuration file to use")
    parser.add_argument("--dry-run",
                        action="store_true",
                        help="No report to the specified Manager will occur")
    parser.add_argument("-d",
                        "--daemon",
                        action="store_true",
                        help="Run in daemon mode")
    parser.add_argument("-P",
                        "--pidfile",
                        metavar="FILE",
                        help="Write Prelude Correlator PID to specified file")
    parser.add_argument(
        "--print-input",
        metavar="FILE",
        help="Dump alert input from manager to the specified file")
    parser.add_argument("--print-output",
                        metavar="FILE",
                        help="Dump alert output to the specified file")
    parser.add_argument("-D",
                        "--debug",
                        type=int,
                        default=0,
                        metavar="LEVEL",
                        nargs="?",
                        const=1,
                        help="Enable debugging output (level from 1 to 10)")
    parser.add_argument("-v", "--version", action="version", version=VERSION)

    group = parser.add_argument_group("IDMEF Input",
                                      "Read IDMEF events from file")
    group.add_argument("--input-file",
                       metavar="FILE",
                       help="Read IDMEF events from the specified file")
    group.add_argument(
        "--input-offset",
        type=int,
        default=0,
        metavar="OFFSET",
        help="Start processing events starting at the given offset")
    group.add_argument("--input-limit",
                       type=int,
                       default=-1,
                       metavar="LIMIT",
                       help="Read events until the given limit is reached")

    group = parser.add_argument_group("Prelude", "Prelude generic options")
    group.add_argument("--profile",
                       default=_DEFAULT_PROFILE,
                       help="Profile to use for this analyzer")

    options = parser.parse_args()

    builtins.env = Env(options)
    env.load_plugins()
    SignalHandler()

    ifd = None
    if options.print_input:
        if options.print_input == "-":
            ifd = sys.stdout
        else:
            ifd = open(options.print_input, "w")

    ofd = None
    if options.print_output:
        if options.print_output == "-":
            ofd = sys.stdout
        else:
            ofd = open(options.print_output, "w")

    if options.daemon:
        if os.fork():
            os._exit(0)

        os.setsid()
        if os.fork():
            os._exit(0)

        os.umask(0o77)

        fd = os.open('/dev/null', os.O_RDWR)
        for i in range(3):
            os.dup2(fd, i)

        os.close(fd)
        if options.pidfile:
            open(options.pidfile, "w").write(str(os.getpid()))

    try:
        env.prelude_client = PreludeClient(options,
                                           print_input=ifd,
                                           print_output=ofd)
    except Exception as e:
        raise error.UserError(e)

    idmef.set_prelude_client(env.prelude_client)

    env.prelude_client.run()

    # save existing context
    context.save(options.profile)
    env.pluginmanager.save()
def runCorrelator():
    checkVersion(LIBPRELUDE_REQUIRED_VERSION)
    config_filename = require.get_config_filename("prelude-correlator.conf")

    parser = OptionParser(usage="%prog", version="%prog " + VERSION)
    parser.add_option(
        "-c",
        "--config",
        action="store",
        dest="config",
        type="string",
        help="Configuration file to use",
        metavar="FILE",
        default=config_filename,
    )
    parser.add_option(
        "",
        "--dry-run",
        action="store_true",
        dest="dry_run",
        help="No report to the specified Manager will occur",
        default=False,
    )
    parser.add_option("-d", "--daemon", action="store_true", dest="daemon", help="Run in daemon mode")
    parser.add_option(
        "-P",
        "--pidfile",
        action="store",
        dest="pidfile",
        type="string",
        help="Write Prelude Correlator PID to specified file",
        metavar="FILE",
    )

    grp = OptionGroup(parser, "IDMEF Input", "Read IDMEF events from file")
    grp.add_option(
        "",
        "--input-file",
        action="store",
        dest="readfile",
        type="string",
        help="Read IDMEF events from the specified file",
        metavar="FILE",
    )
    grp.add_option(
        "",
        "--input-offset",
        action="store",
        dest="readoff",
        type="int",
        help="Start processing events starting at the given offset",
        metavar="OFFSET",
        default=0,
    )
    grp.add_option(
        "",
        "--input-limit",
        action="store",
        dest="readlimit",
        type="int",
        help="Read events until the given limit is reached",
        metavar="LIMIT",
        default=-1,
    )
    parser.add_option_group(grp)

    grp = OptionGroup(parser, "Prelude", "Prelude generic options")
    grp.add_option(
        "",
        "--profile",
        dest="profile",
        type="string",
        help="Profile to use for this analyzer",
        default=_DEFAULT_PROFILE,
    )
    parser.add_option_group(grp)

    parser.add_option(
        "",
        "--print-input",
        action="store",
        dest="print_input",
        type="string",
        help="Dump alert input from manager to the specified file",
        metavar="FILE",
    )
    parser.add_option(
        "",
        "--print-output",
        action="store",
        dest="print_output",
        type="string",
        help="Dump alert output to the specified file",
        metavar="FILE",
    )
    parser.add_option(
        "-D",
        "--debug",
        action="store",
        dest="debug",
        type="int",
        default=0,
        help="Enable debugging output (level from 1 to 10)",
        metavar="LEVEL",
    )
    (options, args) = parser.parse_args()

    env = Env(options)
    SignalHandler(env)

    ifd = None
    if options.print_input:
        if options.print_input == "-":
            ifd = sys.stdout
        else:
            ifd = open(options.print_input, "w")

    ofd = None
    if options.print_output:
        if options.print_output == "-":
            ofd = sys.stdout
        else:
            ofd = open(options.print_output, "w")

    if options.daemon:
        if os.fork():
            os._exit(0)

        os.setsid()
        if os.fork():
            os._exit(0)

        os.umask(0o77)

        fd = os.open("/dev/null", os.O_RDWR)
        for i in range(3):
            os.dup2(fd, i)

        os.close(fd)
        if options.pidfile:
            open(options.pidfile, "w").write(str(os.getpid()))

    try:
        env.prelude_client = PreludeClient(env, options, print_input=ifd, print_output=ofd)
    except Exception as e:
        raise error.UserError(e)

    idmef.set_prelude_client(env.prelude_client)

    env.prelude_client.run()

    # save existing context
    context.save(options.profile)