Sisyphus repositório
Última atualização: 1 outubro 2023 | SRPMs: 18631 | Visitas: 37760001
en ru br
ALT Linux repositórios
S:0.5.5-alt1

Group :: Sistema/Configurações/Rede
RPM: alterator-snort

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs e FR  Repocop 

alterator-snort-0.2.4/000075500000000000000000000000001211034346100146465ustar00rootroot00000000000000alterator-snort-0.2.4/Makefile000064400000000000000000000004751211034346100163140ustar00rootroot00000000000000NAME=snort
INSTALL=/usr/bin/install
libexecdir?=/usr/lib

TOOLSDIR=tools

all:
clean:
install: install-module install-tools

install-tools:
	${INSTALL} -d ${libexecdir}/alterator-${NAME}/
	${INSTALL} -m755 ${TOOLSDIR}/reset-snort-db.sh ${libexecdir}/alterator-${NAME}/

include /usr/share/alterator/build/module.mak

alterator-snort-0.2.4/applications/000075500000000000000000000000001211034346100173345ustar00rootroot00000000000000alterator-snort-0.2.4/applications/snort.desktop000064400000000000000000000003771211034346100221030ustar00rootroot00000000000000[Desktop Entry]
Type=Application
Categories=X-Alterator-Firewall
Icon=snort
Terminal=false
Name=Intrusion Detection System
X-Alterator-URI=/snort
X-Alterator-UI=html
X-Alterator-Help=snort
Name[ru]=Система обнаружения вторжений
alterator-snort-0.2.4/backend3/000075500000000000000000000000001211034346100163205ustar00rootroot00000000000000alterator-snort-0.2.4/backend3/snort000075500000000000000000000336431211034346100174240ustar00rootroot00000000000000#!/bin/sh

module_name=alterator-snort
po_domain="$module_name"
alterator_api_version=1

. alterator-sh-functions
. shell-config
. alterator-net-functions

CONFDIR=/etc/snort
CONFIG="$CONFDIR/snort.conf"
RULESDIR=
RULESET_BEGIN_DEFAULT_TEMPLATE='# Include all relevant rulesets here'
RULESET_BEGIN_ALTERATOR_SNORT_TEMPLATE="# Rulesets list. Generated by $module_name."
BARNYARDCONF=/etc/barnyard2/barnyard2.conf
MYSQL_PASSWD="$(sed -n 's;^output[[:blank:]]\+database:.*mysql.*password=\([^[:blank:]]\+\).*;\1;p' "$BARNYARDCONF")"
MYSQL_COMM="/usr/bin/mysql --skip-column-names --batch -u snort --password='$MYSQL_PASSWD' snort"
SERVICE=/sbin/service
CHKCONFIG=/sbin/chkconfig
SNORT=/usr/sbin/snort
RULES_URL='http://www.snort.org/pub-bin/oinkmaster.cgi'
RULES_FILENAME=snortrules-snapshot
RULES_EXT=tar.gz
OINKMASTER=/usr/bin/oinkmaster
OINKMASTER_CONF=/etc/oinkmaster.conf
CRON_FILE=/etc/cron.d/alterator-snort

###

list_weekday()
{
    write_enum_item "1" "`_ "monday"`"
    write_enum_item "2" "`_ "tuesday"`"
    write_enum_item "3" "`_ "wednesday"`"
    write_enum_item "4" "`_ "thursday"`"
    write_enum_item "5" "`_ "friday"`"
    write_enum_item "6" "`_ "saturday"`"
    write_enum_item "0" "`_ "sunday"`"
}

set_rules_dir()
{
    local rules_path=

    [ -r "$CONFIG" ] || return
    rules_path="$(sed -n 's;^var[[:blank:]]\+RULE_PATH[[:blank:]]\+\(.\+\)$;\1;p' "$CONFIG")"
    [ -n "$rules_path" ] && RULESDIR="$rules_path"
}

list_rules()
{
    sed -n "s;^[[:blank:]]*include[[:blank:]]\+\$RULE_PATH/\(.*\).rules.*$;\1;p" "$CONFIG" 
}

list_rules_unused()
{
    for rule in $(ls -1 "$RULESDIR" | sed -n 's;^\(.\+\)\.rules$;\1;p'); do
        if grep -qs "^[[:blank:]]*include[[:blank:]]\$RULE_PATH/$rule.rules" "$CONFIG" || \
           ! grep -qs '^[^#]' "$RULESDIR/$rule.rules"; then
            continue
        fi
        echo "$rule"
    done
}

read_rule_description()
{
    local id_str='^#[[:blank:]]*\$Id:'
    [ -n "$1" ] || return

    sed -n "/$id_str/,/^[^#]/ { /$id_str/d; s|^#[[:blank:]]*\(.*\)$|\1|p }" "$RULESDIR/$1.rules"
}

rules_list_to_ruleset()
{
    [ -n "$1" ] || return
    local IFS=';'
    local ruleset_str=
    for i in $1; do
        ruleset_str="$ruleset_str${ruleset_str:+\n}include \$RULE_PATH/$i.rules"
    done
    echo "$ruleset_str"
}

write_ruleset()
{
    local rule_regexp='^#*[[:blank:]]*include[[:blank:]]\+\$RULE_PATH/.*\.rules.*$'

    [ -n "$1" ] || return

    if ! grep -qs "^$RULESET_BEGIN_ALTERATOR_SNORT_TEMPLATE" "$CONFIG"; then
        sed -i "\|$RULESET_BEGIN_DEFAULT_TEMPLATE|,\|$rule_regexp| { \|$rule_regexp|i$RULESET_BEGIN_ALTERATOR_SNORT_TEMPLATE
            }" "$CONFIG"
        grep -qs "^$RULESET_BEGIN_ALTERATOR_SNORT_TEMPLATE" "$CONFIG" ||
        printf "\n$RULESET_BEGIN_ALTERATOR_SNORT_TEMPLATE" >>"$CONFIG"
    fi  
    sed -i "\|$rule_regexp|d" "$CONFIG"
    sed -i "\|^$RULESET_BEGIN_ALTERATOR_SNORT_TEMPLATE|a$1" "$CONFIG"
}

num_to_ipv4addr()
{
    num="$1"; shift

    printf '%s.%s.%s.%s\n' \
        "$(($num >> 24 & 0xff))" \
        "$(($num >> 16 & 0xff))" \
        "$(($num >> 8 & 0xff))" \
        "$(($num & 0xff))"
}

utc_to_local_time()
{
    date --date=$1+00:00 +'%F %T'
}

local_to_utc_time()
{
    local z="$(date +%z)"
    date -u --date="$1$z" +'%F %T'
}

get_sig_name()
{
    echo "SELECT sig_name FROM signature WHERE sig_id=$1;" | eval "$MYSQL_COMM"
}

list_events()
{
    local start_date="$1"; shift
    local start_time="$1"; shift
    local end_date="$1"; shift
    local end_time="$1"; shift
    local iface= sid= sign_name=
    local start_datetime="$(local_to_utc_time "$start_date $start_time")"
    local end_datetime="$(local_to_utc_time "$end_date $end_time")"
    local IFS=$'\n'

    for i in $(echo "SELECT sid,interface FROM sensor;" | eval "$MYSQL_COMM"); do
        iface="$(echo "$i" | cut -f2)"
        sid="$(echo "$i" | cut -f1)"
        for j in $(echo "SELECT signature,COUNT(cid),MAX(timestamp) FROM event WHERE sid=$sid AND \
                         timestamp>='$start_datetime' AND timestamp<='$end_datetime' \
                         GROUP BY signature ORDER BY COUNT(cid) DESC;" | eval "$MYSQL_COMM"); do
            sig_id="$(echo "$j" | cut -f1)"
            count="$(echo "$j" | cut -f2)"
            [ "$count" -gt 0 ] || continue
            last_event_time="$(echo "$j" | cut -f3)"
            sign_name="$(get_sig_name "$sig_id")"
            write_table_item \
                name "$sid/$sig_id" \
                iface "$iface" \
                description "$sign_name" \
                count "$count" \
                last_event_time "$(utc_to_local_time "$last_event_time")"
        done
    done
}

is_snortd_enabled()
{
    $SERVICE snortd status >/dev/null 2>&1
}

read_state()
{
    if is_snortd_enabled; then
        write_bool_param state_enabled true
    else
        write_bool_param state_enabled false
    fi
}

read_dates()
{
    local curr_date="$(date +%F 2>/dev/null)"

    write_string_param start_date "$curr_date"
    write_string_param start_time '00:00:00'
    write_string_param end_date "$curr_date"
    write_string_param end_time '23:59:59'
}

write_state()
{
    if [ "$1" = '#f' ]; then
        if is_snortd_enabled; then
            "$CHKCONFIG" snortd off 2>/dev/null
            "$SERVICE" snortd stop >/dev/null 2>&1
        fi
    else
        if is_snortd_enabled; then
            "$SERVICE" snortd reload 2>/dev/null
        else
            "$CHKCONFIG" mysqld on 2>/dev/null
            "$CHKCONFIG" snortd on 2>/dev/null
            "$SERVICE" mysqld start >/dev/null 2>&1
            "$SERVICE" snortd start >/dev/null 2>&1
        fi
    fi
}

list_details()
{
    local list="$1"; shift
    local start_date="$1"; shift
    local start_time="$1"; shift
    local end_date="$1"; shift
    local end_time="$1"; shift
    local IFS=$'\n'
    local IFS="$IFS;"
    local iface= sid= sig_id= sig_name= source_ip= dest_ip= min_time= max_time=
    local start_datetime="$(local_to_utc_time "$start_date $start_time")"
    local end_datetime="$(local_to_utc_time "$end_date $end_time")"

    for i in $list; do
        [ "$i" = on ] && continue
        sid="${i%/*}"
        sig_id="${i#*/}"
        iface="$(echo "SELECT interface FROM sensor WHERE sid=$sid;" | eval "$MYSQL_COMM")"
        sig_name="$(get_sig_name "$sig_id")"

        for tmp in $(echo "SELECT COUNT(event.cid),MIN(event.timestamp),MAX(event.timestamp),iphdr.ip_src,iphdr.ip_dst \
                FROM event,iphdr WHERE event.sid=$sid AND iphdr.sid=$sid AND event.signature=$sig_id \
                AND event.cid=iphdr.cid AND event.timestamp>='$start_datetime' \
                AND event.timestamp<='$end_datetime' \
                GROUP BY iphdr.ip_src,iphdr.ip_dst ORDER BY COUNT(event.cid) DESC;" | eval "$MYSQL_COMM"); do
            count="$(echo "$tmp" | cut -f1)"
            min_time="$(echo "$tmp" | cut -f2)"
            max_time="$(echo "$tmp" | cut -f3)"
            source_ip="$(echo "$tmp" | cut -f4)"
            dest_ip="$(echo "$tmp" | cut -f5)"
            write_table_item \
                iface "$iface" \
                description "$sig_name" \
                source_ip "$(num_to_ipv4addr "$source_ip")" \
                dest_ip "$(num_to_ipv4addr "$dest_ip")" \
                count "$count" \
                min_time "$(utc_to_local_time "$min_time")" \
                max_time "$(utc_to_local_time "$max_time")"
        done
    done
}    

check_oinkconf_url()
{
    grep -qs "^[[:blank:]]*url[[:blank:]]*=" "$OINKMASTER_CONF"
}

write_oinkconf_url()
{
    url="$1"; shift

    [ -n "$url" ] || return

    if check_oinkconf_url; then
        sed -i "s;^[[:blank:]]*url[[:blank:]]*=.*$;url = $url;" "$OINKMASTER_CONF"
    else
        echo "url = $url" >>"$OINKMASTER_CONF"
    fi
}

read_oinkconf_url()
{
    sed -n "s;^[[:blank:]]*url[[:blank:]]*=[[:blank:]]*\(.*\)#*.*$;\1;p" "$OINKMASTER_CONF"
}

write_oinkcode()
{
    local oinkcode="$1"; shift
    local snort_version="$($SNORT -V 2>&1 | sed -n 's;^.*Version \([1-9]\+\.[0-9]\+\).*$;\1;p')"
    local url=

    [ -n "$snort_version" -a -n "$oinkcode" ] || return
    url="$RULES_URL/$oinkcode/$RULES_FILENAME-$snort_version.$RULES_EXT"

    write_oinkconf_url "$url"
}

read_oinkcode()
{
    sed -n "s;^[[:blank:]]*url[[:blank:]]*=[[:blank:]]*$RULES_URL/\(.*\)/.*$;\1;p" "$OINKMASTER_CONF"
}

read_cron_data()
{
    if [ -s "$CRON_FILE" ] ;then
        write_bool_param "auto_update" true
        while read min hour monthday month weekday rest;do
            [ -n "${min%\#*}" ] || continue

            write_string_param "time" "$hour:$min:00"
            if [ "$monthday" = "*" -a "$month" = "*" -a "$weekday" = "*" ]; then
                write_string_param "period" "daily"
            elif [ "$monthday" = "*" -a "$month" = "*" -a "$weekday" != "*" ];then
                write_string_param "period" "weekly"
                write_string_param "weekday" "$weekday"
            elif [ "$monthday" != "*" -a "$month" = "*" -a "$weekday" = "*" ]; then
                write_string_param "period" "monthly"
                write_string_param "monthday" "$monthday"
            else
                write_string_param "period" "daily"
            fi
            return
        done <"$CRON_FILE"
    else
        write_bool_param "auto_update" false
        write_string_param "time" "02:00:00"
        write_string_param "period" "daily"
    fi
}

write_cron_data()
{
    if test_bool "$in_auto_update"; then
        if [ "$in_period" = "weekly" -a -z "$in_weekday" ]; then
            write_error "`_ "Day of week should be selected"`"
            return
        fi

        if [ "$in_period" = "monthly" -a -z "$in_monthday" ];then
            write_error "`_ "Day of month should be defined"`"
            return
        fi

        in_time="${in_time%:*}"
        local hour="${in_time%:*}"
        local min="${in_time#*:}"
        local cmd="$OINKMASTER -Q -U $CONFIG -o $RULESDIR"

        local tmp="$(mktemp "$CRON_FILE.XXXXXXXXXX")"
        if [ -z "$tmp" ]; then
            write_error "`_ "Unable to create temp file"`"
            return
        fi

        printf "#autogenerated by alterator-snort\n" >"$tmp"
        case "$in_period" in
            daily)
            printf '%s %s * * * root %s\n' "$min" "$hour" "$cmd"
            ;;
            weekly)
            printf '%s %s * * %s root %s\n' "$min" "$hour" "$in_weekday" "$cmd"
            ;;
            monthly)
            printf '%s %s %s * * root %s\n' "$min" "$hour" "$in_monthday" "$cmd"
            ;;
        esac >>"$tmp"
        mv -f "$tmp" "$CRON_FILE"
    else
        rm -f "$CRON_FILE"
    fi
}

download_rules()
{
    if ! check_oinkconf_url; then
        write_error "`_ "URL not specified"`"
        return 1
    fi

    "$OINKMASTER" -Q -U $CONFIG -o "$RULESDIR" ||
        write_error "`_ "Download rules failed"`"
}

on_message()
{
    [ -n "$RULESDIR" ] || set_rules_dir
	case "$in_action" in
        type)
        write_type_item start_date date
        write_type_item start_time time
        write_type_item end_date date
        write_type_item end_time time
        write_type_item time time
		;;
		read)
		case "$in__objects" in
			state_enabled)
            read_state
            ;;
            rule-description)
            [ -n "$in_rules" ] &&
            write_string_param rule_description "$(read_rule_description "$in_rules")"
			;;
            dates)
            read_dates
            ;;
            download-data)
            local oinkcode="$(read_oinkcode)"
            if [ -n "$oinkcode" ]; then
                write_string_param rules_url 'oinkcode'
                write_string_param oinkcode "$oinkcode"
            else
                local custom_url="$(read_oinkconf_url)"
                if [ -n "$custom_url" ]; then
                    write_string_param rules_url 'custom'
                    write_string_param custom_url "$custom_url"
                fi
            fi
            read_cron_data
            ;;
		esac
		;;
		write)
		case "$in__objects" in
			state_enabled)
            [ -n "$in_state_enabled" ] && write_state "$in_state_enabled"
			;;
            rules-list)
            [ -n "$in_rules_list" ] && write_ruleset "$(rules_list_to_ruleset "$in_rules_list")"
            ;;
            download-now)
            download_rules
            ;;
            download-data)
            case "$in_rules_url" in
                oinkcode)
                if [ -n "$in_oinkcode" ]; then
                    write_oinkcode "$in_oinkcode"
                elif test_bool "$in_auto_update"; then
                    write_error "`_ "Oinkcode not specified!"`"
                    return
                fi
                ;;
                custom)
                if [ -n "$in_custom_url" ]; then
                    write_oinkconf_url "$in_custom_url"
                elif test_bool "$in_auto_update"; then
                    write_error "`_ "URL not specified!"`"
                    return
                fi
                ;;
                *)
                ;;
            esac
            write_cron_data
            ;;
		esac
		;;
		list)
		case "${in__objects##*/}" in
            avail_rules) #list_rules | write_enum
            for i in $(list_rules); do
                write_table_item \
                name "$i" \
                rule "$i"
            done
			;;
            avail_unused_rules)
            for i in $(list_rules_unused); do
                write_table_item \
                name "$i" \
                rule "$i"
            done
            ;;
            avail_weekday)
            list_weekday
            ;;
            events)
            [ -n "$in_start_date" -a -n "$in_end_date" -a -n "$in_start_time" -a -n "$in_end_time" ] &&
            list_events "$in_start_date" "$in_start_time" "$in_end_date" "$in_end_time"
            ;;
            details)
            [ -n "$in_details" -a "$in_details" != '#f' -a -n "$in_start_date" -a -n "$in_end_date" \
                                                        -a -n "$in_start_time" -a -n "$in_end_time" ] &&
            list_details "$in_details" "$in_start_date" "$in_start_time" "$in_end_date" "$in_end_time"
            ;;
		esac
		;;
	esac
}

message_loop

alterator-snort-0.2.4/tools/000075500000000000000000000000001211034346100160065ustar00rootroot00000000000000alterator-snort-0.2.4/tools/reset-snort-db.sh000064400000000000000000000032551211034346100212170ustar00rootroot00000000000000#!/bin/sh

SNORT_CONFIG=/etc/snort/snort.conf
SERVICE=/sbin/service
CHKCONFIG=/sbin/chkconfig
MYSQL=/usr/bin/mysql
SNORT=/usr/sbin/snort
SYSCONFIG_FILE=/etc/sysconfig/snort

# '$' is not valid symbol in snort.conf
while [ -z "$pass" ] || echo "$pass" | grep -qs '\$'; do
    pass=`/usr/bin/pwqgen`
done

$SERVICE mysqld start

STATUS=1
i=0
while [ "$STATUS" != "0" ] && [ $i -lt 10 ]; do
    sleep 1
    i="$(($i+1))"
    echo "DROP DATABASE IF EXISTS snort;" | $MYSQL
    echo "CREATE DATABASE snort;" | $MYSQL
    STATUS=$?
done

snort_version="$($SNORT -V 2>&1 | sed -n 's;^.*Version \([1-9.]\+\).*$;\1;p')"
$MYSQL -D snort -u root </usr/share/doc/snort-$snort_version/create_mysql

echo "GRANT INSERT,SELECT on snort.* to snort@localhost identified by \"$pass\";" | $MYSQL snort
echo "GRANT INSERT,SELECT,UPDATE on snort.sensor to snort@localhost identified by \"$pass\";" | $MYSQL snort

sed -i "/^ADDPARAMS_any/d" "$SYSCONFIG_FILE"
sed -i "/## EOF ##/i\ADDPARAMS_any='-U -D -c $SNORT_CONFIG'" "$SYSCONFIG_FILE"

output_db_prefix_str='output database: alert, mysql, host=localhost user=snort'
output_database="$output_db_prefix_str password=$pass dbname=snort"
find_pattern="[[:blank:]]*$output_db_prefix_str password"
if grep -qs "^$find_pattern" "$SNORT_CONFIG"; then
    sed -i "s/^$find_pattern.*\$/$(echo "$output_database"|sed -e 's/[\"\`\\&]/\\&/g')/" "$SNORT_CONFIG"
else
    find_pattern='^#[[:blank:]]*output database: log, oracle,'
    if grep -qs "$find_pattern" "$SNORT_CONFIG"; then
        sed -i "/$find_pattern/a\\$(echo "$output_database"|sed -e 's/[\"\`\\&]/\\&/g')" "$SNORT_CONFIG"
    else
        echo "$output_database" >>"$SNORT_CONFIG"
    fi
fi

$SERVICE snortd condrestart ||:
alterator-snort-0.2.4/ui/000075500000000000000000000000001211034346100152635ustar00rootroot00000000000000alterator-snort-0.2.4/ui/snort/000075500000000000000000000000001211034346100164305ustar00rootroot00000000000000alterator-snort-0.2.4/ui/snort/ajax.scm000064400000000000000000000041701211034346100200610ustar00rootroot00000000000000(define-module (ui snort ajax)
    :use-module (alterator ajax)
    :use-module (alterator woo)
    :export (init))

(define (read-state)
  (catch/message
    (lambda()
      (form-update-value-list '("state_enabled") (woo-read-first "/snort/state_enabled"
                                                              'language (form-value "language"))))))

(define (read-statistics)
  (catch/message
    (lambda()
      (form-update-enum "statistics" (woo-list "/snort/events"
                                               'start_date (form-value "start_date")
                                               'start_time (form-value "start_time")
                                               'end_date (form-value "end_date")
                                               'end_time (form-value "end_time"))))))

(define (ui-init)
  (form-update-enum "statistics" '())
  (form-update-enum "details" '())
  (read-state)
  (catch/message
    (lambda()
      (form-update-value-list '("start_date" "start_time" "end_date" "end_time")
                              (woo-read-first "/snort/dates"
                                              'language (form-value "language")))))
  (read-statistics))

(define (on-show)
  (read-statistics))

(define (on-details)
  (catch/message
    (lambda()
      (form-update-enum "details" (woo-list "/snort/details"
                                            'details (form-value "statistics")
                                            'start_date (form-value "start_date")
                                            'start_time (form-value "start_time")
                                            'end_date (form-value "end_date")
                                            'end_time (form-value "end_time")))))
  (read-state))

(define (on-apply-state)
  (catch/message
    (lambda()
      (woo-write "/snort/state_enabled"
                 'state_enabled (form-value "state_enabled")
                 'language (form-value "language")))))

(define (init)
  (form-bind "apply_state_button" "click" on-apply-state)
  (form-bind "details_button" "click" on-details)
  (form-bind "show_button" "click" on-show)
  (ui-init))
alterator-snort-0.2.4/ui/snort/index.html000064400000000000000000000116431211034346100204320ustar00rootroot00000000000000<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<!-- alterator-snort  -->
<html wf="none">
    <body>
        <table width="50%">
            <tr>
                <td style="text-align:center;"><b><span translate="_">Statistics</span></b></td>
                <td style="text-align:center;"><a href="/snort/rules">
                        <span translate="_">Rules</span></a>
                </td>
            </tr>
        </table>
        <hr/>
        <form method="POST" id="ajax-select">
            <table class="form-table">
                <tr>
                    <td colspan="2">&nbsp;</td>
                </tr>
                <tr>
                    <td>&nbsp;</td>
                    <td>
                        <input type="checkbox" name="state_enabled" value="#t"/><span translate="_">Enable snort</span>
                        &nbsp;&nbsp;&nbsp;
                        <input type="button" name="apply_state_button" value="Apply" class="btn"/>
                    </td>
                </tr>
                <tr>
                    <td colspan="2">
                        <hr/>
                    </td>
                </tr>
                <tr>
                    <td><span translate="_">Period from:</span></td>
                    <td>
                        <input type="text" class="text alterator-datepicker" name="start_date"/>
                        <input type="text" class="text" name="start_time" style="width:60px"/>
                        &nbsp;
                        <span translate="_">to</span>
                        &nbsp;
                        <input type="text" class="text alterator-datepicker" name="end_date"/>
                        <input type="text" class="text" name="end_time" style="width:60px"/>
                        &nbsp;
                        <input type="button" name="show_button" value="Update" class="btn"/>
                    </td>
                </tr>
                <tr><td>&nbsp;</td></tr>
            </table>
            <div style="width: 100%; max-height:200px;overflow:auto">
                <strong><span translate="_">Events</span></strong>
                <table name="statistics" class="alterator-listbox multi-select" width="50%">
                    <thead>
                        <tr>
                            <th><span translate="_">Description</span></th>
                            <th><span translate="_">Interface</span></th>
                            <th><span translate="_">Count</span></th>
                            <th><span translate="_">Last event</span></th>
                        </tr>
                    </thead>
                    <tbody>
                        <tr>
                            <td nowrap="yes"><span class="alterator-label" name="description"></span></td>
                            <td nowrap="yes"><span class="alterator-label" name="iface"></span></td>
                            <td nowrap="yes"><span class="alterator-label" name="count"></span></td>
                            <td nowrap="yes"><span class="alterator-label" name="last_event_time"></span></td>
                        </tr>
                    </tbody>
                </table>
            </div>
            <br/>
        <input type="button" name="details_button" value="Show details" class="btn"/><br/>
        <small><span translate="_">(for selected events)</span></small>
        <div style="width: 100%; max-height:500px;overflow:auto">
        <br/>
        <strong><span translate="_">Details</span></strong>
        <table name="details" class="alterator-listbox" width="50%">
            <thead>
                <tr>
                    <th><span translate="_">Description</span></th>
                    <th><span translate="_">Interface</span></th>
                    <th><span translate="_">Source IP</span></th>
                    <th><span translate="_">Destination IP</span></th>
                    <th><span translate="_">Count</span></th>
                    <th><span translate="_">First event</span></th>
                    <th><span translate="_">Last event</span></th>
                </tr>
            </thead>
            <tbody>
                <tr>
                    <td nowrap="yes"><span class="alterator-label" name="description"></span></td>
                    <td nowrap="yes"><span class="alterator-label" name="iface"></span></td>
                    <td nowrap="yes"><span class="alterator-label" name="source_ip"></span></td>
                    <td nowrap="yes"><span class="alterator-label" name="dest_ip"></span></td>
                    <td nowrap="yes"><span class="alterator-label" name="count"></span></td>
                    <td nowrap="yes"><span class="alterator-label" name="min_time"></span></td>
                    <td nowrap="yes"><span class="alterator-label" name="max_time"></span></td>
                </tr>
            </tbody>
        </table>
        </div>
        </form>
    </body>
</html>
alterator-snort-0.2.4/ui/snort/rules/000075500000000000000000000000001211034346100175625ustar00rootroot00000000000000alterator-snort-0.2.4/ui/snort/rules/ajax.scm000064400000000000000000000161371211034346100212210ustar00rootroot00000000000000(define-module (ui snort rules ajax)
    :use-module (alterator ajax)
    :use-module (alterator woo)
    :use-module (alterator effect)
    :use-module (srfi srfi-1)
    :use-module (srfi srfi-2)
    :use-module (srfi srfi-11)
    :export (init))

(define *rules-list* '())
(define *rules-unused-list* '())
(define *changed* #f)

(define (read-state)
  (catch/message
    (lambda()
      (form-update-value-list '("state_enabled")
                              (woo-read-first "/snort/state_enabled"
                                              'language (form-value "language"))))))

(define (update-rules-list rlist)
  (set! *rules-list* rlist)
  (form-update-enum "rules" rlist))

(define (update-rules-unused-list rlist)
  (set! *rules-unused-list* rlist)
  (form-update-enum "rules_unused" rlist)
  (form-update-activity "add_button" (not (null? rlist))))

(define (read-rules-list)
  (catch/message
    (lambda()
      (update-rules-list (woo-list "/snort/avail_rules" 'language (form-value "language"))))))

(define (read-rules-unused-list)
  (catch/message
    (lambda()
      (update-rules-unused-list (woo-list "/snort/avail_unused_rules" 'language (form-value "language"))))))

(define (rules-list)
  (map 
    (lambda(x)
      (second (member 'name x)))
    *rules-list*))

(define (rules-list-changed changed)
  (set! *changed* changed)
  (form-update-activity "apply_button" changed))

(define (rules-list-elem-name rlist)
  (second (member 'name rlist)))

(define (rules-list-elem-index name rlist)
  (and (string? name)
       (not (string=? name ""))
       (list-index (lambda(x)
                     (string=? name (rules-list-elem-name x)))
                   rlist)))

(define (rules-list-elem name rlist)
  (find (lambda(x)
          (string=? name (rules-list-elem-name x)))
        rlist))

(define (rules-list-elem=? el1 el2)
  (string=? (rules-list-elem-name el1) (rules-list-elem-name el2)))

(define (swap-elements n rlist)
  (let*-values (((head temp-tail) (split-at rlist n))
                ((pair tail) (split-at temp-tail 2)))
               (append head (cdr pair) (list (car pair)) tail)))

(define (move-element n)
  (and-let* ((name  (form-value "rules"))
             (index (rules-list-elem-index name *rules-list*))
             (shift (- index n)))
            (and (>= shift 0)
                 (< (+ shift 1)(length *rules-list*))
                 (begin
                   (update-rules-list (swap-elements shift *rules-list*))
                   (form-update-value "rules" name)))))

(define (update-activity)
  (let ((val (form-value "auto_update")))
    (form-update-activity "weekday" (and val
                                         (string=? "weekly" (form-value "period"))))
    (form-update-activity "monthday" (and val
                                          (string=? "monthly" (form-value "period"))))))

(define (ui-read)
  (read-rules-list)
  (read-rules-unused-list)
  (rules-list-changed #f))

(define (read-download-data)
  (form-update-value-list '("rules_url" "oinkcode" "custom_url" "auto_update" "period" "weekday" "monthday" "time")
                          (woo-read-first "/snort/download-data" 'language (form-value "language")))
  (update-effect)
  (update-activity))

(define (ui-init)
  (if (and (null? *rules-list*)
           (null? *rules-unused-list*))
    (ui-read)
    (begin (update-rules-list *rules-list*)
           (update-rules-unused-list *rules-unused-list*)
           (rules-list-changed *changed*)))
  (form-update-enum "weekday" (woo-list "/snort/avail_weekday" 'language (form-value "language")))
  (read-download-data))

(define (on-add)
  (let*-values (((add-list-names) (string-split (or (form-value "rules_unused")
                                                    "")
                                                #\;))
                ((add-list unused-list) (partition
                                          (lambda(x)
                                            (any (lambda(y)
                                                   (string=? y (rules-list-elem-name x)))
                                                 add-list-names))
                                          *rules-unused-list*)))
               (and (not (null? add-list-names))
                    (begin
                      (let* ((name (form-value "rules"))
                             (index (rules-list-elem-index name *rules-list*))
                             (n (if index
                                  (+ index 1)
                                  (length *rules-list*))))
                        (update-rules-list (append (take *rules-list* n) add-list (drop *rules-list* n)))
                        (form-update-value "rules" name)
                        (update-rules-unused-list unused-list)
                        (rules-list-changed #t))))))

(define (on-remove)
  (let ((elem (rules-list-elem (form-value "rules") *rules-list*)))
    (and elem
         (not (null? *rules-list*))
         (begin
           (update-rules-list (remove 
                                (lambda(x)
                                  (rules-list-elem=? x elem))
                                *rules-list*))
           (update-rules-unused-list (append *rules-unused-list* (list elem)))
           (rules-list-changed #t)))))

(define (on-up)
  (move-element 1))

(define (on-down)
  (move-element 0))

(define (on-apply)
  (woo-write "/snort/rules-list" 
             'rules_list (rules-list))
  (ui-read))

(define (on-reset)
  (ui-read))

(define (read-rule-description)
  (catch/message
    (lambda()
      (let ((rule (form-value "rules")))
        (and (string? rule)
             (form-update-value-list '("rule_description")
                                     (woo-read-first "/snort/rule-description"
                                                     'rules rule
                                                     'language (form-value "language"))))))))

(define (on-download-apply)
  (catch/message
    (lambda()
      (apply woo-write "/snort/download-data"
             (form-value-list
               '("rules_url" "oinkcode" "custom_url" "auto_update" "period" "weekday" "monthday" "time" "language")))))
  (read-download-data))

(define (on-download)
  (catch/message
    (lambda()
      (woo-write "/snort/download-now"
                 'language (form-value "language"))))
  (ui-read))

(define (init)
  (effect-enable "period" "auto_update" #t)
  (effect-enable "time" "auto_update" #t)
  (effect-enable "weekday" "period" "weekly")
  (effect-enable "monthday" "period" "monthly")
  (effect-enable "oinkcode" "rules_url" "oinkcode")
  (effect-enable "custom_url" "rules_url" "custom")
  (effect-disable "auto_update" "rules_url" #f) 
  (init-effect)
  (form-bind "auto_update" "change" update-activity)
  (form-bind "add_button" "click" on-add)
  (form-bind "remove_button" "click" on-remove)
  (form-bind "up_button" "click" on-up)
  (form-bind "down_button" "click" on-down)
  (form-bind "apply_button" "click" on-apply)
  (form-bind "reset_button" "click" on-reset)
  (form-bind "rules" "change" read-rule-description)
  (form-bind "download_apply_button" "click" on-download-apply)
  (form-bind "download_button" "click" on-download)
  (ui-init))
alterator-snort-0.2.4/ui/snort/rules/index.html000064400000000000000000000214621211034346100215640ustar00rootroot00000000000000<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
<!-- alterator-snort  -->
<html wf="none">
    <body>
        <table width="50%">
            <tr>
                <td style="text-align:center;"><a href="/snort">
                        <span translate="_">Statistics</span></a>
                </td>
                <td style="text-align:center;"><b><span translate="_">Rules</span></b></td>
            </tr>
        </table>
        <hr/>
        <form method="POST" id="ajax-select">
            <table>
                <tr>
                    <td>
                        <strong><span translate="_">Description</span></strong>
                    </td>
                </tr>
                <tr>
                    <td colspan="2">
                        <textarea rows="5" readonly="yes" name="rule_description" style="width:90%"/>
                    </td>
                </tr>
                <tr>
                    <td>
                        <table>
                            <tr>
                                <td>
                                    <strong><span translate="_">Rules</span></strong>
                                </td>
                            </tr>
                            <tr>
                                <td>
                                    <select name="rules" size="25"></select>
                                </td>
                                <td>
                                    <input type="button" name="up_button" value="Up" class="btn"/>
                                    <br/>
                                    <input type="button" name="down_button" value="Down" class="btn"/>
                                    <br/>
                                    <br/>
                                    <input type="button" name="remove_button" value="Remove" class="btn"/>
                                </td>
                            </tr>
                        </table>
                    </td>
                    <td style="width:30px">&nbsp;</td>
                    <td>
                        <table>
                            <tr>
                                <td>
                                    <strong><span translate="_">Unused rules</span></strong>
                                </td>
                            </tr>
                            <tr>
                                <td>
                                    <div style="width: 150%; max-height:300px;overflow:auto">
                                        <table name="rules_unused" class="alterator-listbox multi-select" style="width:100%">
                                            <thead>
                                                <tr>
                                                    <th><span translate="_">Rule</span></th>
                                                </tr>
                                            </thead>
                                            <tbody>
                                                <tr style="display:none">
                                                    <td><span class="alterator-label" name="rule"></span></td>
                                                </tr>
                                            </tbody>
                                        </table>
                                    </div>
                                </td>
                            </tr>
                            <tr>
                                <td>
                                    <input type="button" name="add_button" value="Add selected" class="btn"/>
                                </td>
                            </tr>
                        </table>
                    </td>
                </tr>
                <tr><td>&nbsp;</td></tr>
                <tr>
                    <td>
                        <input type="button" name="apply_button" value="Apply" class="btn"/>
                        &nbsp;&nbsp;&nbsp;
                        <input type="button" name="reset_button" value="Reset" class="btn"/>
                    </td>
                </tr>
            </table>
            <table>
                <tr>
                    <td colspan="2">
                        <hr/>
                    </td>
                </tr>
                <tr>
                    <td>
                        <table>
                            <tr>
                                <td>
                                    <strong><span translate="_">Download rules</span></strong>
                                </td>
                            </tr>
                            <tr><td>&nbsp;</td></tr>
                            <tr>
                                <td>
                                    <input type="radio" name="rules_url" value="oinkcode"/>
                                    <span name="oinkcode" translate="_">Oink code:</span>
                                </td>
                                <td>
                                    <input type="text" class="text" name="oinkcode"/>
                                </td>
                            </tr>
                            <tr>
                                <td>
                                    <input type="radio" name="rules_url" value="custom"/>
                                    <span name="custom_url" translate="_">Custom URL:</span>
                                </td>
                                <td>
                                    <input type="text" class="text" name="custom_url"/>
                                </td>
                            </tr>
                        </table>
                    </td>
                    <td>
                        <table>
                            <td colspan="2">
                                <input type="checkbox" name="auto_update" value="#t"/>
                                <span name="auto_update" translate="_">Auto update</span>
                            </td>
                            <tr>
                                <td colspan="2">
                                    <table>
                                        <tr>
                                            <td>
                                                <input type="radio" name="period" value="daily"/>
                                                <span name="period" translate="_">Every day</span>
                                            </td>
                                            <td>&nbsp;</td>
                                        </tr>
                                        <tr>
                                            <td>
                                                <input type="radio" name="period" value="weekly"/>
                                                <span name="period" translate="_">Every week at:</span>
                                                &nbsp;
                                            </td>
                                            <td>
                                                <select name="weekday"></select>
                                            </td>
                                        </tr>
                                        <tr>
                                            <td>
                                                <input type="radio" name="period" value="monthly"/>
                                                <span name="period" translate="_">Every month at day:</span>
                                                &nbsp;
                                            </td>
                                            <td>
                                                <input type="text" class="text" name="monthday" size="2"/>
                                            </td>
                                        </tr>
                                        <tr><td colspan="2">&nbsp;</td></tr>
                                        <tr><td colspan="2">
                                                <span translate="_" name="time">Time:</span>
                                                &nbsp;
                                                <input type="text" class="text" size="8" name="time"/>
                                            </td>
                                        </tr>
                                    </table>
                                </td>
                            </tr>
                        </table>
                    </td>
                </tr>
                <tr>
                    <td>
                        <input type="button" name="download_apply_button" value="Apply" class="btn"/>
                        &nbsp;&nbsp;&nbsp;
                        <input type="button" name="download_button" value="Download now" class="btn"/>
                    </td>
                </tr>
            </table>
        </form>
    </body>
</html>
 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009