From 203e9413e28defd62e376406b523eb7d9ac05d58 Mon Sep 17 00:00:00 2001 From: Eric Fahlgren Date: Wed, 10 Jan 2024 08:10:05 -0800 Subject: snort3: finish up several incomplete capabilities Reporting - Use json alert data for 10x speed improvement in report generation - Include both gid and sid, plus packet direction in report output - Add by-date incident filtering - Add verbose mode which displays actual rules triggered and their source - Attempt to look up host names from IPs in verbose mode - Clean up display of port number involved in incidents Rules - Complete downloader for subscription rules using oinkcode (only tested with snort.org's "free" tier subscription) - Auto-detect multiple rules files and include them in lua 'ips.rules' - Add '--backup' option to copy out current rules before installing new - Add '--persistent' option to 'snort-rules', storing in persistent location CLI interface - Completely rework command line option parsing in all user scripts - Allow options and commands to be in any order on command line - Add long-form names for all options ('--help' for '-h' and so on) - Detect errors properly in options, enhance help pages Bug fixes - Use 'mkdir -p' on all directory creation - Use proper tmp directory from 'snort.snort.temp_dir' everywhere Signed-off-by: Eric Fahlgren --- net/snort3/files/main.uc | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) (limited to 'net/snort3/files/main.uc') diff --git a/net/snort3/files/main.uc b/net/snort3/files/main.uc index 3a15f73c6..4f2a63ca8 100644 --- a/net/snort3/files/main.uc +++ b/net/snort3/files/main.uc @@ -1,6 +1,6 @@ {% //------------------------------------------------------------------------------ -// Copyright (c) 2023 Eric Fahlgren +// Copyright (c) 2023-2024 Eric Fahlgren // SPDX-License-Identifier: GPL-2.0 // // The tables defined using 'config_item' are the source of record for the @@ -9,11 +9,14 @@ // //------------------------------------------------------------------------------ +QUIET; // Reference globals passed from CLI, so we get errors when missing. +TYPE; + import { cursor } from 'uci'; let uci = cursor(); function wrn(fmt, ...args) { - if (getenv("QUIET")) + if (QUIET) exit(1); let msg = "ERROR: " + sprintf(fmt, ...args); @@ -25,6 +28,15 @@ function wrn(fmt, ...args) { exit(1); } +function rpad(str, fill, len) +{ + str = rtrim(str) + ' '; + while (length(str) < len) { + str += fill; + } + return str; +} + //------------------------------------------------------------------------------ function config_item(type, values, def) { @@ -221,11 +233,11 @@ function dump_config(settings) { } function render_snort() { - include("templates/snort.uc", { snort, nfq }); + include("templates/snort.uc", { snort, nfq, rpad }); } function render_nftables() { - include("templates/nftables.uc", { snort, nfq }); + include("templates/nftables.uc", { snort, nfq, rpad }); } function render_config() { @@ -242,7 +254,7 @@ function render_help() { load_all(); -let table_type = getenv("TYPE"); +let table_type = TYPE; // Supply on cli with '-D TYPE=snort'... switch (table_type) { case "snort": render_snort(); -- cgit v1.2.3