def _get_userpoints(self, env):
if not env.config.has_section("python_rules"):
python_rules_dirs = require.get_config_filename("rules/python")
else:
python_rules_dirs = env.config.get("python_rules", "paths", default="")
for pathdir in python_rules_dirs.splitlines():
if not os.access(pathdir, os.R_OK) or not os.path.isdir(pathdir):
logger.warning("Can not load %s python rules dir" % pathdir)
continue
for f in os.listdir(pathdir):
if not f.endswith('.py') or f == '__init__.py':
continue
if os.path.isdir(os.path.join(pathdir, f)):
continue
yield (f.rpartition('.')[0], pathdir)
def _get_userpoints(self):
if not env.config.has_section("python_rules"):
python_rules_dirs = require.get_config_filename("rules/python")
else:
python_rules_dirs = env.config.get("python_rules", "paths", fallback="")
for pathdir in python_rules_dirs.splitlines():
if not os.access(pathdir, os.R_OK) or not os.path.isdir(pathdir):
logger.warning("Can not load %s python rules dir" % pathdir)
continue
for f in os.listdir(pathdir):
if not f.endswith('.py') or f == '__init__.py':
continue
if os.path.isdir(os.path.join(pathdir, f)):
continue
yield (f.rpartition('.')[0], pathdir)
def runCorrelator():
checkVersion(LIBPRELUDE_REQUIRED_VERSION)
config_filename = require.get_config_filename("prelude-correlator.conf")
parser = argparse.ArgumentParser()
parser.add_argument("-c",
"--config",
default=config_filename,
metavar="FILE",
help="Configuration file to use")
parser.add_argument("--dry-run",
action="store_true",
help="No report to the specified Manager will occur")
parser.add_argument("-d",
"--daemon",
action="store_true",
help="Run in daemon mode")
parser.add_argument("-P",
"--pidfile",
metavar="FILE",
help="Write Prelude Correlator PID to specified file")
parser.add_argument(
"--print-input",
metavar="FILE",
help="Dump alert input from manager to the specified file")
parser.add_argument("--print-output",
metavar="FILE",
help="Dump alert output to the specified file")
parser.add_argument("-D",
"--debug",
type=int,
default=0,
metavar="LEVEL",
nargs="?",
const=1,
help="Enable debugging output (level from 1 to 10)")
parser.add_argument("-v", "--version", action="version", version=VERSION)
group = parser.add_argument_group("IDMEF Input",
"Read IDMEF events from file")
group.add_argument("--input-file",
metavar="FILE",
help="Read IDMEF events from the specified file")
group.add_argument(
"--input-offset",
type=int,
default=0,
metavar="OFFSET",
help="Start processing events starting at the given offset")
group.add_argument("--input-limit",
type=int,
default=-1,
metavar="LIMIT",
help="Read events until the given limit is reached")
group = parser.add_argument_group("Prelude", "Prelude generic options")
group.add_argument("--profile",
default=_DEFAULT_PROFILE,
help="Profile to use for this analyzer")
options = parser.parse_args()
builtins.env = Env(options)
env.load_plugins()
SignalHandler()
ifd = None
if options.print_input:
if options.print_input == "-":
ifd = sys.stdout
else:
ifd = open(options.print_input, "w")
ofd = None
if options.print_output:
if options.print_output == "-":
ofd = sys.stdout
else:
ofd = open(options.print_output, "w")
if options.daemon:
if os.fork():
os._exit(0)
os.setsid()
if os.fork():
os._exit(0)
os.umask(0o77)
fd = os.open('/dev/null', os.O_RDWR)
for i in range(3):
os.dup2(fd, i)
os.close(fd)
if options.pidfile:
open(options.pidfile, "w").write(str(os.getpid()))
try:
env.prelude_client = PreludeClient(options,
print_input=ifd,
print_output=ofd)
except Exception as e:
raise error.UserError(e)
idmef.set_prelude_client(env.prelude_client)
env.prelude_client.run()
# save existing context
context.save(options.profile)
env.pluginmanager.save()
def runCorrelator():
checkVersion(LIBPRELUDE_REQUIRED_VERSION)
config_filename = require.get_config_filename("prelude-correlator.conf")
parser = OptionParser(usage="%prog", version="%prog " + VERSION)
parser.add_option(
"-c",
"--config",
action="store",
dest="config",
type="string",
help="Configuration file to use",
metavar="FILE",
default=config_filename,
)
parser.add_option(
"",
"--dry-run",
action="store_true",
dest="dry_run",
help="No report to the specified Manager will occur",
default=False,
)
parser.add_option("-d", "--daemon", action="store_true", dest="daemon", help="Run in daemon mode")
parser.add_option(
"-P",
"--pidfile",
action="store",
dest="pidfile",
type="string",
help="Write Prelude Correlator PID to specified file",
metavar="FILE",
)
grp = OptionGroup(parser, "IDMEF Input", "Read IDMEF events from file")
grp.add_option(
"",
"--input-file",
action="store",
dest="readfile",
type="string",
help="Read IDMEF events from the specified file",
metavar="FILE",
)
grp.add_option(
"",
"--input-offset",
action="store",
dest="readoff",
type="int",
help="Start processing events starting at the given offset",
metavar="OFFSET",
default=0,
)
grp.add_option(
"",
"--input-limit",
action="store",
dest="readlimit",
type="int",
help="Read events until the given limit is reached",
metavar="LIMIT",
default=-1,
)
parser.add_option_group(grp)
grp = OptionGroup(parser, "Prelude", "Prelude generic options")
grp.add_option(
"",
"--profile",
dest="profile",
type="string",
help="Profile to use for this analyzer",
default=_DEFAULT_PROFILE,
)
parser.add_option_group(grp)
parser.add_option(
"",
"--print-input",
action="store",
dest="print_input",
type="string",
help="Dump alert input from manager to the specified file",
metavar="FILE",
)
parser.add_option(
"",
"--print-output",
action="store",
dest="print_output",
type="string",
help="Dump alert output to the specified file",
metavar="FILE",
)
parser.add_option(
"-D",
"--debug",
action="store",
dest="debug",
type="int",
default=0,
help="Enable debugging output (level from 1 to 10)",
metavar="LEVEL",
)
(options, args) = parser.parse_args()
env = Env(options)
SignalHandler(env)
ifd = None
if options.print_input:
if options.print_input == "-":
ifd = sys.stdout
else:
ifd = open(options.print_input, "w")
ofd = None
if options.print_output:
if options.print_output == "-":
ofd = sys.stdout
else:
ofd = open(options.print_output, "w")
if options.daemon:
if os.fork():
os._exit(0)
os.setsid()
if os.fork():
os._exit(0)
os.umask(0o77)
fd = os.open("/dev/null", os.O_RDWR)
for i in range(3):
os.dup2(fd, i)
os.close(fd)
if options.pidfile:
open(options.pidfile, "w").write(str(os.getpid()))
try:
env.prelude_client = PreludeClient(env, options, print_input=ifd, print_output=ofd)
except Exception as e:
raise error.UserError(e)
idmef.set_prelude_client(env.prelude_client)
env.prelude_client.run()
# save existing context
context.save(options.profile)