def generate(self):
# FIXME extract archive file for sources
# generate rule file
rules = self.ruleset.to_buffer()
# write to file
with open(self.output_directory + "/" + "scirius.rules", 'w') as rfile:
rfile.write(rules.encode('utf-8'))
# export files at version
self.ruleset.export_files(self.output_directory)
# FIXME gruick
with open(self.output_directory + "/" + "rules.json", 'w') as rfile:
for rule in Rule.objects.all():
dic = {'sid': rule.pk, 'created': unicode(rule.created), 'updated': unicode(rule.updated)}
rfile.write(json.dumps(dic) + '\n')
# Export IPrep
export_iprep_files(self.output_directory)
def generate(self):
# FIXME extract archive file for sources
# generate rule file
rules = self.ruleset.to_buffer()
# write to file
with open(self.output_directory + "/" + "scirius.rules", 'w') as rfile:
rfile.write(rules.encode('utf-8'))
# export files at version
self.ruleset.export_files(self.output_directory)
# FIXME gruick
with open(self.output_directory + "/" + "rules.json", 'w') as rfile:
for rule in Rule.objects.all():
dic = {
'sid': rule.pk,
'created': str(rule.created),
'updated': str(rule.updated)
}
rfile.write(json.dumps(dic) + '\n')
# Export IPrep
export_iprep_files(self.output_directory)
def rule_buffer(self,
rule_buffer,
config_buffer=None,
related_files=None,
reference_config=None,
classification_config=None,
cats_content='',
iprep_content=''):
# create temp directory
tmpdir = tempfile.mkdtemp()
# write the rule file in temp dir
rule_file = os.path.join(tmpdir, "file.rules")
rf = open(rule_file, 'w')
rf.write(rule_buffer)
rf.close()
if not reference_config:
refence_config = self.REFERENCE_CONFIG
reference_file = os.path.join(tmpdir, "reference.config")
rf = open(reference_file, 'w')
rf.write(refence_config)
rf.close()
if not classification_config:
classification_config = self.CLASSIFICATION_CONFIG
classification_file = os.path.join(tmpdir, "classification.config")
cf = open(classification_file, 'w')
cf.write(classification_config)
cf.close()
if not config_buffer:
config_buffer = self.CONFIG_FILE
config_file = os.path.join(tmpdir, "suricata.yaml")
cf = open(config_file, 'w')
# write the config file in temp dir
cf.write(config_buffer)
cf.write("mpm-algo: ac-bs\n")
cf.write("default-rule-path: " + tmpdir + "\n")
cf.write("reference-config-file: " + tmpdir + "/reference.config\n")
cf.write("classification-file: " + tmpdir + "/classification.config\n")
cf.write("reputation-categories-file: " + tmpdir +
"/scirius-categories.txt\n")
cf.write("default-reputation-path: " + tmpdir + "\n")
cf.write("""reputation-files:
- scirius-iprep.list
""")
cf.close()
related_files = related_files or {}
for rfile in related_files:
related_file = os.path.join(tmpdir, rfile)
rf = open(related_file, 'w')
rf.write(related_files[rfile])
rf.close()
from rules.models import export_iprep_files
export_iprep_files(tmpdir, cats_content, iprep_content)
suri_cmd = [
settings.SURICATA_BINARY, '-T', '-l', tmpdir, '-S', rule_file,
'-c', config_file
]
# start suricata in test mode
suriprocess = subprocess.Popen(suri_cmd,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
(outdata, errdata) = suriprocess.communicate()
shutil.rmtree(tmpdir)
# if success ok
if suriprocess.returncode == 0:
return {'status': True, 'errors': ''}
# if not return error
return {'status': False, 'errors': errdata.decode('utf-8')}
def rule_buffer(self, rule_buffer, config_buffer = None, related_files = None, reference_config = None, classification_config = None):
# create temp directory
tmpdir = tempfile.mkdtemp()
# write the rule file in temp dir
rule_file = os.path.join(tmpdir, "file.rules")
rf = open(rule_file, 'w')
try:
rf.write(rule_buffer)
except UnicodeEncodeError:
rf.write(rule_buffer.encode('utf-8'))
rf.close()
if not reference_config:
refence_config = self.REFERENCE_CONFIG
reference_file = os.path.join(tmpdir, "reference.config")
rf = open(reference_file, 'w')
rf.write(refence_config)
rf.close()
if not classification_config:
classification_config = self.CLASSIFICATION_CONFIG
classification_file = os.path.join(tmpdir, "classification.config")
cf = open(classification_file, 'w')
cf.write(classification_config)
cf.close()
if not config_buffer:
config_buffer = self.CONFIG_FILE
config_file = os.path.join(tmpdir, "suricata.yaml")
cf = open(config_file, 'w')
# write the config file in temp dir
cf.write(config_buffer)
cf.write("mpm-algo: ac-bs\n")
cf.write("default-rule-path: " + tmpdir + "\n")
cf.write("reference-config-file: " + tmpdir + "/reference.config\n")
cf.write("classification-file: " + tmpdir + "/classification.config\n")
cf.write("reputation-categories-file: " + tmpdir + "/scirius-categories.txt\n")
cf.write("default-reputation-path: " + tmpdir + "\n")
cf.write("""reputation-files:
- scirius-iprep.list
""")
cf.close()
related_files = related_files or {}
for rfile in related_files:
related_file = os.path.join(tmpdir, rfile)
rf = open(related_file, 'w')
rf.write(related_files[rfile])
rf.close()
from rules.models import export_iprep_files
export_iprep_files(tmpdir)
suri_cmd = ['suricata', '-T', '-l', tmpdir, '-S', rule_file, '-c', config_file]
# start suricata in test mode
suriprocess = subprocess.Popen(suri_cmd , stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(outdata, errdata) = suriprocess.communicate()
shutil.rmtree(tmpdir)
# if success ok
if suriprocess.returncode == 0:
return {'status': True, 'errors': ''}
# if not return error
return {'status': False, 'errors': errdata}
