class Parser:
def __init__(self):
self.database = Database()
self.rules = Rules(self.database)
#self.messenger = Messenger()
def parse(self,msgqueue,command):
#print "Command received: "+command
'''
rules:
if a connection is matched, should be blocked.
if a connection is not matched, just log is.
if a connection is matched as an alert, the messenger thread must be alerted
problem: we have to alert the messenger somehow.
solution: alert all the threads and the messenger thread will hold the message to themself
'''
## EDIT RULE
# RULE(id,description,source_object,source_port,destination_ip,destination_port,service,parameters,enabled,alert)
expr = re.compile("^RULE\((.+)\)$",re.I|re.S)
match = expr.match(command)
if match:
data = match.group(1).strip()
rule = data.split(",")
if len(rule) < 10 and rule[1] != "delete":
return "Invalid Arguments"
if self.rules.editRule(rule) == True:
self.rules.loadRules()
return "OK"
else:
return "FAIL"
# OBJECT(id,name,value)
expr = re.compile("^OBJECT\((.+)\)$",re.I|re.S)
match = expr.match(command)
if match:
data = match.group(1).strip()
rule = data.split(",")
if len(rule) < 3 and rule[1] != "delete":
return "Invalid Arguments"
if self.rules.editObject(rule) == True:
self.rules.loadRules()
return "OK"
else:
return "FAIL"
## NEW CONNECTION
expr = re.compile("^NEW\((.+)\)$",re.I|re.S)
match = expr.match(command)
if match:
data = match.group(1).strip()
connection = data.split(",")
if len(connection) < 5:
return "Invalid Arguments"
self.rules.logConnection(connection)
alert_desc = []
ret = self.rules.createRuleIfMatch(connection,alert_desc)
if ret == 0:
## did not match any rule or alert
pass
elif ret == 1:
## rule was created!
pass
elif ret == 2:
## alert match, tell messenger
msgqueue.put("messenger: ALERT("+','.join(alert_desc)+")")
return "OK"
return "OK"
