diff options
| author | Eric Fahlgren <ericfahlgren@gmail.com> | 2024-01-10 08:10:05 -0800 |
|---|---|---|
| committer | Rosen Penev <rosenp@gmail.com> | 2024-02-04 16:21:11 -0800 |
| commit | 203e9413e28defd62e376406b523eb7d9ac05d58 (patch) | |
| tree | baa539cf5d8fee315177f1243d881d0db6016644 /net/snort3/files/main.uc | |
| parent | 800218561dd235b6b9339ede3dbb981c1d4b9ea8 (diff) | |
snort3: finish up several incomplete capabilities
Reporting
- Use json alert data for 10x speed improvement in report generation
- Include both gid and sid, plus packet direction in report output
- Add by-date incident filtering
- Add verbose mode which displays actual rules triggered and their source
- Attempt to look up host names from IPs in verbose mode
- Clean up display of port number involved in incidents
Rules
- Complete downloader for subscription rules using oinkcode (only tested
with snort.org's "free" tier subscription)
- Auto-detect multiple rules files and include them in lua 'ips.rules'
- Add '--backup' option to copy out current rules before installing new
- Add '--persistent' option to 'snort-rules', storing in persistent location
CLI interface
- Completely rework command line option parsing in all user scripts
- Allow options and commands to be in any order on command line
- Add long-form names for all options ('--help' for '-h' and so on)
- Detect errors properly in options, enhance help pages
Bug fixes
- Use 'mkdir -p' on all directory creation
- Use proper tmp directory from 'snort.snort.temp_dir' everywhere
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Diffstat (limited to 'net/snort3/files/main.uc')
| -rw-r--r-- | net/snort3/files/main.uc | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/net/snort3/files/main.uc b/net/snort3/files/main.uc index 3a15f73c6..4f2a63ca8 100644 --- a/net/snort3/files/main.uc +++ b/net/snort3/files/main.uc @@ -1,6 +1,6 @@ {% //------------------------------------------------------------------------------ -// Copyright (c) 2023 Eric Fahlgren <eric.fahlgren@gmail.com> +// Copyright (c) 2023-2024 Eric Fahlgren <eric.fahlgren@gmail.com> // SPDX-License-Identifier: GPL-2.0 // // The tables defined using 'config_item' are the source of record for the @@ -9,11 +9,14 @@ // //------------------------------------------------------------------------------ +QUIET; // Reference globals passed from CLI, so we get errors when missing. +TYPE; + import { cursor } from 'uci'; let uci = cursor(); function wrn(fmt, ...args) { - if (getenv("QUIET")) + if (QUIET) exit(1); let msg = "ERROR: " + sprintf(fmt, ...args); @@ -25,6 +28,15 @@ function wrn(fmt, ...args) { exit(1); } +function rpad(str, fill, len) +{ + str = rtrim(str) + ' '; + while (length(str) < len) { + str += fill; + } + return str; +} + //------------------------------------------------------------------------------ function config_item(type, values, def) { @@ -221,11 +233,11 @@ function dump_config(settings) { } function render_snort() { - include("templates/snort.uc", { snort, nfq }); + include("templates/snort.uc", { snort, nfq, rpad }); } function render_nftables() { - include("templates/nftables.uc", { snort, nfq }); + include("templates/nftables.uc", { snort, nfq, rpad }); } function render_config() { @@ -242,7 +254,7 @@ function render_help() { load_all(); -let table_type = getenv("TYPE"); +let table_type = TYPE; // Supply on cli with '-D TYPE=snort'... switch (table_type) { case "snort": render_snort(); |