1 files changed, 266 insertions, 0 deletions

diff --git a/suricata/update/config.py b/suricata/update/config.py
new file mode 100644
index 0000000..ad95996
--- /dev/null
+++ b/suricata/update/config.py
@@ -0,0 +1,266 @@
+# Copyright (C) 2017 Open Information Security Foundation
+# Copyright (c) 2015-2017 Jason Ish
+#
+# You can copy, redistribute or modify this Program under the terms of
+# the GNU General Public License version 2 as published by the Free
+# Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# version 2 along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+import os.path
+import logging
+
+import yaml
+
+import suricata.update.engine
+from suricata.update.exceptions import ApplicationError
+
+try:
+    from suricata.config import defaults
+    has_defaults = True
+except:
+    has_defaults = False
+
+logger = logging.getLogger()
+
+DEFAULT_DATA_DIRECTORY = "/var/lib/suricata"
+
+# Cache directory - relative to the data directory.
+CACHE_DIRECTORY = os.path.join("update", "cache")
+
+# Source directory - relative to the data directory.
+SOURCE_DIRECTORY = os.path.join("update", "sources")
+
+# Configuration keys.
+DATA_DIRECTORY_KEY = "data-directory"
+CACHE_DIRECTORY_KEY = "cache-directory"
+IGNORE_KEY = "ignore"
+DISABLE_CONF_KEY = "disable-conf"
+ENABLE_CONF_KEY = "enable-conf"
+MODIFY_CONF_KEY = "modify-conf"
+DROP_CONF_KEY = "drop-conf"
+LOCAL_CONF_KEY = "local"
+OUTPUT_KEY = "output"
+DIST_RULE_DIRECTORY_KEY = "dist-rule-directory"
+
+if has_defaults:
+    DEFAULT_UPDATE_YAML_PATH = os.path.join(defaults.sysconfdir, "update.yaml")
+else:
+    DEFAULT_UPDATE_YAML_PATH = "/etc/suricata/update.yaml"
+
+DEFAULT_SURICATA_YAML_PATH = [
+    "/etc/suricata/suricata.yaml",
+    "/usr/local/etc/suricata/suricata.yaml",
+    "/etc/suricata/suricata-debian.yaml"
+]
+
+if has_defaults:
+    DEFAULT_DIST_RULE_PATH = [
+        defaults.datarulesdir,
+        "/etc/suricata/rules",
+    ]
+else:
+    DEFAULT_DIST_RULE_PATH = [
+        "/etc/suricata/rules",
+    ]
+
+DEFAULT_CONFIG = {
+    "sources": [],
+    LOCAL_CONF_KEY: [],
+
+    # The default file patterns to ignore.
+    "ignore": [
+        "*deleted.rules",
+    ],
+}
+
+_args = None
+_config = {}
+
+# The filename the config was read from, if any.
+filename = None
+
+def has(key):
+    """Return true if a configuration key exists."""
+    return key in _config
+
+def set(key, value):
+    """Set a configuration value."""
+    _config[key] = value
+
+def get(key):
+    """Get a configuration value."""
+    if key in _config:
+        return _config[key]
+    return None
+
+def set_state_dir(directory):
+    _config[DATA_DIRECTORY_KEY] = directory
+
+def get_state_dir():
+    """Get the data directory. This is more of the Suricata state
+    directory than a specific Suricata-Update directory, and is used
+    as the root directory for Suricata-Update data.
+    """
+    if os.getenv("DATA_DIRECTORY"):
+        return os.getenv("DATA_DIRECTORY")
+    if DATA_DIRECTORY_KEY in _config:
+        return _config[DATA_DIRECTORY_KEY]
+    return DEFAULT_DATA_DIRECTORY
+
+def set_cache_dir(directory):
+    """Set an alternate cache directory."""
+    _config[CACHE_DIRECTORY_KEY] = directory
+
+def get_cache_dir():
+    """Get the cache directory."""
+    if CACHE_DIRECTORY_KEY in _config:
+        return _config[CACHE_DIRECTORY_KEY]
+    return os.path.join(get_state_dir(), CACHE_DIRECTORY)
+
+def get_output_dir():
+    """Get the rule output directory."""
+    if OUTPUT_KEY in _config:
+        return _config[OUTPUT_KEY]
+    return os.path.join(get_state_dir(), "rules")
+
+def args():
+    """Return sthe parsed argument object."""
+    return _args
+
+def get_arg(key):
+    key = key.replace("-", "_")
+    if hasattr(_args, key):
+        val = getattr(_args, key)
+        if val not in [[], None]:
+            return val
+    return None
+
+def init(args):
+    global _args
+    global filename
+
+    _args = args
+    _config.update(DEFAULT_CONFIG)
+
+    if args.config:
+        logger.info("Loading %s", args.config)
+        with open(args.config, "rb") as fileobj:
+            config = yaml.safe_load(fileobj)
+            if config:
+                _config.update(config)
+                filename = args.config
+    elif os.path.exists(DEFAULT_UPDATE_YAML_PATH):
+        logger.info("Loading %s", DEFAULT_UPDATE_YAML_PATH)
+        with open(DEFAULT_UPDATE_YAML_PATH, "rb") as fileobj:
+            config = yaml.safe_load(fileobj)
+            if config:
+                _config.update(config)
+                filename = DEFAULT_UPDATE_YAML_PATH
+
+    # Apply command line arguments to the config.
+    for arg in vars(args):
+        if arg == "local":
+            for local in args.local:
+                logger.debug("Adding local ruleset to config: %s", local)
+                _config[LOCAL_CONF_KEY].append(local)
+        elif arg == "data_dir" and args.data_dir:
+            logger.debug("Setting data directory to %s", args.data_dir)
+            _config[DATA_DIRECTORY_KEY] = args.data_dir
+        elif getattr(args, arg) is not None:
+            key = arg.replace("_", "-")
+            val = getattr(args, arg)
+            logger.debug("Setting configuration value %s -> %s", key, val)
+            _config[key] = val
+
+    # Find and set the path to suricata if not provided.
+    if "suricata" in _config:
+        if not os.path.exists(_config["suricata"]):
+            raise ApplicationError(
+                "Configured path to suricata does not exist: %s" % (
+                    _config["suricata"]))
+    else:
+        suricata_path = suricata.update.engine.get_path()
+        if not suricata_path:
+            logger.warning("No suricata application binary found on path.")
+        else:
+            _config["suricata"] = suricata_path
+
+    if "suricata" in _config:
+        build_info = suricata.update.engine.get_build_info(_config["suricata"])
+
+        # Set the first suricata.yaml to check for to the one in the
+        # --sysconfdir provided by build-info.
+        if not "suricata_conf" in _config and "sysconfdir" in build_info:
+            DEFAULT_SURICATA_YAML_PATH.insert(
+                0, os.path.join(
+                    build_info["sysconfdir"], "suricata/suricata.yaml"))
+
+        # Amend the path to look for Suricata provided rules based on
+        # the build info. As we are inserting at the front, put the
+        # highest priority path last.
+        if "sysconfdir" in build_info:
+            DEFAULT_DIST_RULE_PATH.insert(
+                0, os.path.join(build_info["sysconfdir"], "suricata/rules"))
+        if "datarootdir" in build_info:
+            DEFAULT_DIST_RULE_PATH.insert(
+                0, os.path.join(build_info["datarootdir"], "suricata/rules"))
+
+        # Set the data-directory prefix to that of the --localstatedir
+        # found in the build-info.
+        if not DATA_DIRECTORY_KEY in _config and "localstatedir" in build_info:
+            data_directory = os.path.join(
+                build_info["localstatedir"], "lib/suricata")
+            logger.info("Using data-directory %s.", data_directory)
+            _config[DATA_DIRECTORY_KEY] = data_directory
+
+        # Fixup the default locations for Suricata-Update configuration files, but only if
+        # they exist, otherwise keep the defaults.
+        conf_search_path = ["/etc"]
+        if "sysconfdir" in build_info:
+            sysconfdir = build_info["sysconfdir"]
+            if not sysconfdir in conf_search_path:
+                conf_search_path.insert(0, sysconfdir)
+        configs = (
+            ("disable-conf", "disable.conf"),
+            ("enable-conf", "enable.conf"),
+            ("drop-conf", "drop.conf"),
+            ("modify-conf", "modify.conf"),
+        )
+        for key, filename in configs:
+            if getattr(args, key.replace("-", "_"), None) is not None:
+                continue
+            if _config.get(key) is not None:
+                continue
+            for conf_dir in conf_search_path:
+                config_path = os.path.join(conf_dir, "suricata", filename)
+                logger.debug("Looking for {}".format(config_path))
+                if os.path.exists(config_path):
+                    logger.debug("Found {}".format(config_path))
+                    logger.debug("Using {} for {}".format(config_path, key))
+                    _config[key] = config_path
+                    break
+
+    # If suricata-conf not provided on the command line or in the
+    # configuration file, look for it.
+    if not "suricata-conf" in _config:
+        for conf in DEFAULT_SURICATA_YAML_PATH:
+            if os.path.exists(conf):
+                logger.info("Using Suricata configuration %s" % (conf))
+                _config["suricata-conf"] = conf
+                break
+
+    if not DIST_RULE_DIRECTORY_KEY in _config:
+        for path in DEFAULT_DIST_RULE_PATH:
+            if os.path.exists(path):
+                logger.info("Using %s for Suricata provided rules.", path)
+                _config[DIST_RULE_DIRECTORY_KEY] = path
+                break