From a0aa2307322cd47bbf416810ac0292925e03be87 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 19:39:49 +0200 Subject: Adding upstream version 1:7.0.3. Signed-off-by: Daniel Baumann --- python/Makefile.am | 47 +++ python/Makefile.in | 569 ++++++++++++++++++++++++++++++++++ python/bin/suricatactl | 39 +++ python/bin/suricatasc | 100 ++++++ python/suricata/__init__.py | 0 python/suricata/config/__init__.py | 0 python/suricata/config/defaults.py | 3 + python/suricata/config/defaults.py.in | 3 + python/suricata/ctl/__init__.py | 0 python/suricata/ctl/filestore.py | 129 ++++++++ python/suricata/ctl/loghandler.py | 81 +++++ python/suricata/ctl/main.py | 46 +++ python/suricata/ctl/test_filestore.py | 18 ++ python/suricata/sc/__init__.py | 1 + python/suricata/sc/specs.py | 228 ++++++++++++++ python/suricata/sc/suricatasc.py | 293 +++++++++++++++++ python/suricatasc/__init__.py | 1 + 17 files changed, 1558 insertions(+) create mode 100644 python/Makefile.am create mode 100644 python/Makefile.in create mode 100755 python/bin/suricatactl create mode 100755 python/bin/suricatasc create mode 100644 python/suricata/__init__.py create mode 100644 python/suricata/config/__init__.py create mode 100644 python/suricata/config/defaults.py create mode 100644 python/suricata/config/defaults.py.in create mode 100644 python/suricata/ctl/__init__.py create mode 100644 python/suricata/ctl/filestore.py create mode 100644 python/suricata/ctl/loghandler.py create mode 100644 python/suricata/ctl/main.py create mode 100644 python/suricata/ctl/test_filestore.py create mode 100644 python/suricata/sc/__init__.py create mode 100644 python/suricata/sc/specs.py create mode 100644 python/suricata/sc/suricatasc.py create mode 100644 python/suricatasc/__init__.py (limited to 'python') diff --git a/python/Makefile.am b/python/Makefile.am new file mode 100644 index 0000000..b354719 --- /dev/null +++ b/python/Makefile.am @@ -0,0 +1,47 @@ +LIBS = \ + suricata/__init__.py \ + suricata/config/__init__.py \ + suricata/ctl/__init__.py \ + suricata/ctl/filestore.py \ + suricata/ctl/loghandler.py \ + suricata/ctl/main.py \ + suricata/ctl/test_filestore.py \ + suricata/sc/__init__.py \ + suricata/sc/specs.py \ + suricata/sc/suricatasc.py \ + suricatasc/__init__.py + +BINS = \ + suricatasc \ + suricatactl + +EXTRA_DIST = $(LIBS) bin suricata/config/defaults.py + +if HAVE_PYTHON + +install-exec-local: + install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/config" + install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/ctl" + install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/sc" + install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricatasc" + install -d -m 0755 "$(DESTDIR)$(prefix)/bin" + for src in $(LIBS); do \ + install -m 0644 $(srcdir)/$$src "$(DESTDIR)$(prefix)/lib/suricata/python/$$src"; \ + done + install suricata/config/defaults.py \ + "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/config/defaults.py" + for bin in $(BINS); do \ + cat "$(srcdir)/bin/$$bin" | \ + sed -e "1 s,.*,#"'!'" ${HAVE_PYTHON}," > "${DESTDIR}$(bindir)/$$bin"; \ + chmod 0755 "$(DESTDIR)$(bindir)/$$bin"; \ + done + +uninstall-local: + rm -f $(DESTDIR)$(bindir)/suricatactl + rm -f $(DESTDIR)$(bindir)/suricatasc + rm -rf $(DESTDIR)$(prefix)/lib/suricata/python + +clean-local: + find . -name \*.pyc -print0 | xargs -0 rm -f + +endif diff --git a/python/Makefile.in b/python/Makefile.in new file mode 100644 index 0000000..d1e7f1d --- /dev/null +++ b/python/Makefile.in @@ -0,0 +1,569 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = python +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/autoconf.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CARGO = @CARGO@ +CARGO_BUILD_TARGET = @CARGO_BUILD_TARGET@ +CARGO_HOME = @CARGO_HOME@ +CBINDGEN = @CBINDGEN@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CLANG = @CLANG@ +CLANG_CFLAGS = @CLANG_CFLAGS@ +CONFIGURE_DATAROOTDIR = @CONFIGURE_DATAROOTDIR@ +CONFIGURE_LOCALSTATEDIR = @CONFIGURE_LOCALSTATEDIR@ +CONFIGURE_PREFIX = @CONFIGURE_PREFIX@ +CONFIGURE_SYSCONDIR = @CONFIGURE_SYSCONDIR@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FILECMD = @FILECMD@ +GCC_CFLAGS = @GCC_CFLAGS@ +GREP = @GREP@ +HAVE_COCCINELLE_CONFIG = @HAVE_COCCINELLE_CONFIG@ +HAVE_CURL = @HAVE_CURL@ +HAVE_CYGPATH = @HAVE_CYGPATH@ +HAVE_GETCONF_CMD = @HAVE_GETCONF_CMD@ +HAVE_GIT_CMD = @HAVE_GIT_CMD@ +HAVE_PCAP_CONFIG = @HAVE_PCAP_CONFIG@ +HAVE_PDFLATEX = @HAVE_PDFLATEX@ +HAVE_PKG_CONFIG = @HAVE_PKG_CONFIG@ +HAVE_PYTHON = @HAVE_PYTHON@ +HAVE_WGET = @HAVE_WGET@ +HTP_DIR = @HTP_DIR@ +HTP_LDADD = @HTP_LDADD@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBHTPDEVVERSION_CFLAGS = @LIBHTPDEVVERSION_CFLAGS@ +LIBHTPDEVVERSION_LIBS = @LIBHTPDEVVERSION_LIBS@ +LIBHTPMINVERSION_CFLAGS = @LIBHTPMINVERSION_CFLAGS@ +LIBHTPMINVERSION_LIBS = @LIBHTPMINVERSION_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = \ + suricata/__init__.py \ + suricata/config/__init__.py \ + suricata/ctl/__init__.py \ + suricata/ctl/filestore.py \ + suricata/ctl/loghandler.py \ + suricata/ctl/main.py \ + suricata/ctl/test_filestore.py \ + suricata/sc/__init__.py \ + suricata/sc/specs.py \ + suricata/sc/suricatasc.py \ + suricatasc/__init__.py + +LIBTOOL = @LIBTOOL@ +LIB_FUZZING_ENGINE = @LIB_FUZZING_ENGINE@ +LIPO = @LIPO@ +LLC = @LLC@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LUAJIT_CFLAGS = @LUAJIT_CFLAGS@ +LUAJIT_LIBS = @LUAJIT_LIBS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_INT8 = @LUA_INT8@ +LUA_LIBS = @LUA_LIBS@ +MAJOR_MINOR = @MAJOR_MINOR@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPTIMIZATION_CFLAGS = @OPTIMIZATION_CFLAGS@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PCAP_CFLAGS = @PCAP_CFLAGS@ +PCAP_LIBS = @PCAP_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POW_LIB = @POW_LIB@ +RANLIB = @RANLIB@ +RUSTC = @RUSTC@ +RUSTUP_HOME_PATH = @RUSTUP_HOME_PATH@ +RUST_FEATURES = @RUST_FEATURES@ +RUST_LDADD = @RUST_LDADD@ +RUST_SURICATA_LIB = @RUST_SURICATA_LIB@ +RUST_SURICATA_LIBDIR = @RUST_SURICATA_LIBDIR@ +RUST_SURICATA_LIBNAME = @RUST_SURICATA_LIBNAME@ +SECCFLAGS = @SECCFLAGS@ +SECLDFLAGS = @SECLDFLAGS@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SPHINX_BUILD = @SPHINX_BUILD@ +STRIP = @STRIP@ +SURICATA_UPDATE_DIR = @SURICATA_UPDATE_DIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +e_datadir = @e_datadir@ +e_datarulesdir = @e_datarulesdir@ +e_defaultruledir = @e_defaultruledir@ +e_enable_evelog = @e_enable_evelog@ +e_localstatedir = @e_localstatedir@ +e_logcertsdir = @e_logcertsdir@ +e_logdir = @e_logdir@ +e_logfilesdir = @e_logfilesdir@ +e_magic_file = @e_magic_file@ +e_magic_file_comment = @e_magic_file_comment@ +e_rundir = @e_rundir@ +e_rustdir = @e_rustdir@ +e_sysconfdir = @e_sysconfdir@ +enable_non_bundled_htp = @enable_non_bundled_htp@ +exec_prefix = @exec_prefix@ +have_rustup = @have_rustup@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +install_suricata_update_reason = @install_suricata_update_reason@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhs_CFLAGS = @libhs_CFLAGS@ +libhs_LIBS = @libhs_LIBS@ +libhtp_CFLAGS = @libhtp_CFLAGS@ +libhtp_LIBS = @libhtp_LIBS@ +libnetfilter_queue_CFLAGS = @libnetfilter_queue_CFLAGS@ +libnetfilter_queue_LIBS = @libnetfilter_queue_LIBS@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +rust_vendor_comment = @rust_vendor_comment@ +rustup_home = @rustup_home@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +BINS = \ + suricatasc \ + suricatactl + +EXTRA_DIST = $(LIBS) bin suricata/config/defaults.py +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu python/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +@HAVE_PYTHON_FALSE@clean-local: +@HAVE_PYTHON_FALSE@install-exec-local: +@HAVE_PYTHON_FALSE@uninstall-local: +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-exec-local + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-local + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local cscopelist-am ctags-am distclean distclean-generic \ + distclean-libtool distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-exec-local \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags-am uninstall uninstall-am uninstall-local + +.PRECIOUS: Makefile + + +@HAVE_PYTHON_TRUE@install-exec-local: +@HAVE_PYTHON_TRUE@ install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/config" +@HAVE_PYTHON_TRUE@ install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/ctl" +@HAVE_PYTHON_TRUE@ install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/sc" +@HAVE_PYTHON_TRUE@ install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricatasc" +@HAVE_PYTHON_TRUE@ install -d -m 0755 "$(DESTDIR)$(prefix)/bin" +@HAVE_PYTHON_TRUE@ for src in $(LIBS); do \ +@HAVE_PYTHON_TRUE@ install -m 0644 $(srcdir)/$$src "$(DESTDIR)$(prefix)/lib/suricata/python/$$src"; \ +@HAVE_PYTHON_TRUE@ done +@HAVE_PYTHON_TRUE@ install suricata/config/defaults.py \ +@HAVE_PYTHON_TRUE@ "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/config/defaults.py" +@HAVE_PYTHON_TRUE@ for bin in $(BINS); do \ +@HAVE_PYTHON_TRUE@ cat "$(srcdir)/bin/$$bin" | \ +@HAVE_PYTHON_TRUE@ sed -e "1 s,.*,#"'!'" ${HAVE_PYTHON}," > "${DESTDIR}$(bindir)/$$bin"; \ +@HAVE_PYTHON_TRUE@ chmod 0755 "$(DESTDIR)$(bindir)/$$bin"; \ +@HAVE_PYTHON_TRUE@ done + +@HAVE_PYTHON_TRUE@uninstall-local: +@HAVE_PYTHON_TRUE@ rm -f $(DESTDIR)$(bindir)/suricatactl +@HAVE_PYTHON_TRUE@ rm -f $(DESTDIR)$(bindir)/suricatasc +@HAVE_PYTHON_TRUE@ rm -rf $(DESTDIR)$(prefix)/lib/suricata/python + +@HAVE_PYTHON_TRUE@clean-local: +@HAVE_PYTHON_TRUE@ find . -name \*.pyc -print0 | xargs -0 rm -f + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/python/bin/suricatactl b/python/bin/suricatactl new file mode 100755 index 0000000..2780589 --- /dev/null +++ b/python/bin/suricatactl @@ -0,0 +1,39 @@ +#! /usr/bin/env python +# +# Copyright (C) 2017-2022 Open Information Security Foundation +# +# You can copy, redistribute or modify this Program under the terms of +# the GNU General Public License version 2 as published by the Free +# Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# version 2 along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +import sys +import os +import site + +exec_dir = os.path.dirname(__file__) + +if os.path.exists(os.path.join(exec_dir, "..", "suricata", "ctl", "main.py")): + # Looks like we're running from the development directory. + sys.path.insert(0, ".") +else: + # Check if the Python modules are installed in the Suricata installation + # prefix. + version_info = sys.version_info + pyver = "%d.%d" % (version_info.major, version_info.minor) + path = os.path.realpath(os.path.join( + exec_dir, "..", "lib", "suricata", "python", "suricata")) + if os.path.exists(path): + sys.path.insert(0, os.path.dirname(path)) + +from suricata.ctl.main import main +sys.exit(main()) diff --git a/python/bin/suricatasc b/python/bin/suricatasc new file mode 100755 index 0000000..d090f85 --- /dev/null +++ b/python/bin/suricatasc @@ -0,0 +1,100 @@ +#! /usr/bin/env python +# +# Copyright(C) 2013-2023 Open Information Security Foundation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +from __future__ import print_function + +import sys +import os +import argparse + +# Find the Python libdir. +exec_dir = os.path.dirname(__file__) +if os.path.exists(os.path.join(exec_dir, "..", "suricata", "ctl", "main.py")): + # Looks like we're running from the development directory. + sys.path.insert(0, ".") +else: + # Check if the Python modules are installed in the Suricata installation + # prefix. + version_info = sys.version_info + pyver = "%d.%d" % (version_info.major, version_info.minor) + path = os.path.realpath(os.path.join( + exec_dir, "..", "lib", "suricata", "python", "suricata")) + if os.path.exists(path): + sys.path.insert(0, os.path.dirname(path)) + +from suricata.sc import * + +try: + from suricata.config import defaults + has_defaults = True +except: + has_defaults = False + +parser = argparse.ArgumentParser(prog='suricatasc', description='Client for Suricata unix socket') +parser.add_argument('-v', '--verbose', action='store_const', const=True, help='verbose output (including JSON dump)') +parser.add_argument('-c', '--command', default=None, help='execute on single command and return JSON') +parser.add_argument('socket', metavar='socket', nargs='?', help='socket file to connect to', default=None) +args = parser.parse_args() + +if args.socket != None: + SOCKET_PATH = args.socket +elif has_defaults: + SOCKET_PATH = os.path.join(defaults.localstatedir, "suricata-command.socket") +else: + print("Unable to determine path to suricata-command.socket.", file=sys.stderr) + sys.exit(1) + +sc = SuricataSC(SOCKET_PATH, verbose=args.verbose) +try: + sc.connect() +except SuricataNetException as err: + print("Unable to connect to socket %s: %s" % (SOCKET_PATH, err), file=sys.stderr) + sys.exit(1) +except SuricataReturnException as err: + print("Unable to negotiate version with server: %s" % (err), file=sys.stderr) + sys.exit(1) + +if args.command: + try: + (command, arguments) = sc.parse_command(args.command) + except SuricataCommandException as err: + print(err.value) + sys.exit(1) + try: + res = sc.send_command(command, arguments) + except (SuricataCommandException, SuricataReturnException) as err: + print(err.value) + sys.exit(1) + print(json.dumps(res)) + sc.close() + if res['return'] == 'OK': + sys.exit(0) + else: + sys.exit(1) + +try: + sc.interactive() +except SuricataNetException as err: + print("Communication error: %s" % (err)) + sys.exit(1) +except SuricataReturnException as err: + print("Invalid return from server: %s" % (err)) + sys.exit(1) + +print("[+] Quit command client") + +sc.close() diff --git a/python/suricata/__init__.py b/python/suricata/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python/suricata/config/__init__.py b/python/suricata/config/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python/suricata/config/defaults.py b/python/suricata/config/defaults.py new file mode 100644 index 0000000..4930d7f --- /dev/null +++ b/python/suricata/config/defaults.py @@ -0,0 +1,3 @@ +sysconfdir = "/usr/local/etc/suricata/" +datarulesdir = "/usr/local/share/suricata/rules" +localstatedir = "/usr/local/var/run/suricata" diff --git a/python/suricata/config/defaults.py.in b/python/suricata/config/defaults.py.in new file mode 100644 index 0000000..f469351 --- /dev/null +++ b/python/suricata/config/defaults.py.in @@ -0,0 +1,3 @@ +sysconfdir = "@e_sysconfdir@" +datarulesdir = "@e_datarulesdir@" +localstatedir = "@e_localstatedir@" diff --git a/python/suricata/ctl/__init__.py b/python/suricata/ctl/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python/suricata/ctl/filestore.py b/python/suricata/ctl/filestore.py new file mode 100644 index 0000000..2901f59 --- /dev/null +++ b/python/suricata/ctl/filestore.py @@ -0,0 +1,129 @@ +# Copyright (C) 2018 Open Information Security Foundation +# +# You can copy, redistribute or modify this Program under the terms of +# the GNU General Public License version 2 as published by the Free +# Software Foundation. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# version 2 along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +from __future__ import print_function + +import sys +import os +import os.path +import time +import re +import logging + +logger = logging.getLogger("filestore") + + +class InvalidAgeFormatError(Exception): + pass + + +def register_args(parser): + subparser = parser.add_subparsers(help="sub-command help") + prune_parser = subparser.add_parser("prune", + help="Remove files in specified directory older than specified age") + required_args = prune_parser.add_argument_group("required arguments") + required_args.add_argument("-d", "--directory", + help="filestore directory", required=True) + required_args.add_argument("--age", + help="prune files older than age, units: s, m, h, d") + prune_parser.add_argument( + "-n", "--dry-run", action="store_true", default=False, + help="only print what would happen") + prune_parser.add_argument( + "-v", "--verbose", action="store_true", + default=False, help="increase verbosity") + prune_parser.add_argument( + "-q", "--quiet", action="store_true", default=False, + help="be quiet, log warnings and errors only") + prune_parser.set_defaults(func=prune) + + +def is_fileinfo(path): + return path.endswith(".json") + + +def parse_age(age): + matched_age = re.match(r"(\d+)\s*(\w+)", age) + if not matched_age: + raise InvalidAgeFormatError(age) + val = int(matched_age.group(1)) + unit = matched_age.group(2) + ts_units = ["s", "m", "h", "d"] + try: + idx = ts_units.index(unit) + except ValueError: + raise InvalidAgeFormatError("bad unit: %s" % (unit)) + multiplier = 60 ** idx if idx != 3 else 24 * 60 ** 2 + return val * multiplier + + +def get_filesize(path): + return os.stat(path).st_size + + +def remove_file(path, dry_run): + size = 0 + size += get_filesize(path) + if not dry_run: + os.unlink(path) + return size + + +def set_logger_level(args): + if args.verbose: + logger.setLevel(logging.DEBUG) + if args.quiet: + logger.setLevel(logging.WARNING) + + +def perform_sanity_checks(args): + set_logger_level(args) + err_msg = { + "directory": "filestore directory must be provided", + "age": "no age provided, nothing to do", + } + for val, msg in err_msg.items(): + if not getattr(args, val): + print("Error: {}".format(msg), file=sys.stderr) + sys.exit(1) + required_dirs = ["tmp", "00", "ff"] + for required_dir in required_dirs: + if not os.path.exists(os.path.join(args.directory, required_dir)): + logger.error("Provided directory is not a filestore directory") + sys.exit(1) + + +def prune(args): + perform_sanity_checks(args) + age = parse_age(args.age) + now = time.time() + size = 0 + count = 0 + + for dirpath, dirnames, filenames in os.walk(args.directory, topdown=True): + # Do not go into the tmp directory. + if "tmp" in dirnames: + dirnames.remove("tmp") + for filename in filenames: + path = os.path.join(dirpath, filename) + mtime = os.path.getmtime(path) + this_age = now - mtime + if this_age > age: + logger.debug("Deleting %s; age=%ds", path, this_age) + size += remove_file(path, args.dry_run) + count += 1 + logger.info("Removed %d files; %d bytes.", count, size) + return 0 diff --git a/python/suricata/ctl/loghandler.py b/python/suricata/ctl/loghandler.py new file mode 100644 index 0000000..553b896 --- /dev/null +++ b/python/suricata/ctl/loghandler.py @@ -0,0 +1,81 @@ +# Copyright (C) 2017 Open Information Security Foundation +# Copyright (c) 2016 Jason Ish +# +# You can copy, redistribute or modify this Program under the terms of +# the GNU General Public License version 2 as published by the Free +# Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# version 2 along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +import logging +import time + +GREEN = "\x1b[32m" +BLUE = "\x1b[34m" +REDB = "\x1b[1;31m" +YELLOW = "\x1b[33m" +RED = "\x1b[31m" +YELLOWB = "\x1b[1;33m" +ORANGE = "\x1b[38;5;208m" +RESET = "\x1b[0m" + +# A list of secrets that will be replaced in the log output. +secrets = {} + +def add_secret(secret, replacement): + """Register a secret to be masked. The secret will be replaced with: + + """ + secrets[str(secret)] = str(replacement) + +class SuriColourLogHandler(logging.StreamHandler): + """An alternative stream log handler that logs with Suricata inspired + log colours.""" + + @staticmethod + def format_time(record): + local_time = time.localtime(record.created) + formatted_time = "%d/%d/%d -- %02d:%02d:%02d" % (local_time.tm_mday, + local_time.tm_mon, + local_time.tm_year, + local_time.tm_hour, + local_time.tm_min, + local_time.tm_sec) + return "%s" % (formatted_time) + + def emit(self, record): + + if record.levelname == "ERROR": + level_prefix = REDB + message_prefix = REDB + elif record.levelname == "WARNING": + level_prefix = ORANGE + message_prefix = ORANGE + else: + level_prefix = YELLOW + message_prefix = "" + + self.stream.write("%s%s%s - <%s%s%s> -- %s%s%s\n" % ( + GREEN, + self.format_time(record), + RESET, + level_prefix, + record.levelname.title(), + RESET, + message_prefix, + self.mask_secrets(record.getMessage()), + RESET)) + + @staticmethod + def mask_secrets(msg): + for secret in secrets: + msg = msg.replace(secret, "<%s>" % secrets[secret]) + return msg diff --git a/python/suricata/ctl/main.py b/python/suricata/ctl/main.py new file mode 100644 index 0000000..d51a5be --- /dev/null +++ b/python/suricata/ctl/main.py @@ -0,0 +1,46 @@ +# Copyright (C) 2018 Open Information Security Foundation +# +# You can copy, redistribute or modify this Program under the terms of +# the GNU General Public License version 2 as published by the Free +# Software Foundation. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# version 2 along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +import sys +import os +import argparse +import logging + +from suricata.ctl import filestore, loghandler + +def init_logger(): + """ Initialize logging, use colour if on a tty. """ + if os.isatty(sys.stderr.fileno()): + logger = logging.getLogger() + logger.setLevel(level=logging.INFO) + logger.addHandler(loghandler.SuriColourLogHandler()) + else: + logging.basicConfig( + level=logging.INFO, + format="%(asctime)s - <%(levelname)s> - %(message)s") + +def main(): + init_logger() + parser = argparse.ArgumentParser() + subparsers = parser.add_subparsers(help='sub-command help') + fs_parser = subparsers.add_parser("filestore", help="Filestore related commands") + filestore.register_args(parser=fs_parser) + args = parser.parse_args() + try: + func = args.func + except AttributeError: + parser.error("too few arguments") + func(args) diff --git a/python/suricata/ctl/test_filestore.py b/python/suricata/ctl/test_filestore.py new file mode 100644 index 0000000..3bac1c6 --- /dev/null +++ b/python/suricata/ctl/test_filestore.py @@ -0,0 +1,18 @@ +from __future__ import print_function + +import unittest + +from suricata.ctl import filestore + +class PruneTestCase(unittest.TestCase): + + def test_parse_age(self): + self.assertEqual(filestore.parse_age("1s"), 1) + self.assertEqual(filestore.parse_age("1m"), 60) + self.assertEqual(filestore.parse_age("1h"), 3600) + self.assertEqual(filestore.parse_age("1d"), 86400) + + with self.assertRaises(filestore.InvalidAgeFormatError): + filestore.parse_age("1") + with self.assertRaises(filestore.InvalidAgeFormatError): + filestore.parse_age("1y") diff --git a/python/suricata/sc/__init__.py b/python/suricata/sc/__init__.py new file mode 100644 index 0000000..976e1fc --- /dev/null +++ b/python/suricata/sc/__init__.py @@ -0,0 +1 @@ +from suricata.sc.suricatasc import * diff --git a/python/suricata/sc/specs.py b/python/suricata/sc/specs.py new file mode 100644 index 0000000..c7e0458 --- /dev/null +++ b/python/suricata/sc/specs.py @@ -0,0 +1,228 @@ +argsd = { + "pcap-file": [ + { + "name": "filename", + "required": 1, + }, + { + "name": "output-dir", + "required": 1, + }, + { + "name": "tenant", + "type": int, + "required": 0, + }, + { + "name": "continuous", + "required": 0, + }, + { + "name": "delete-when-done", + "required": 0, + }, + ], + "pcap-file-continuous": [ + { + "name": "filename", + "required": 1, + }, + { + "name": "output-dir", + "required": 1, + }, + { + "name": "continuous", + "val": True, + "required": 1, + }, + { + "name": "tenant", + "type": int, + "required": 0, + }, + { + "name": "delete-when-done", + "required": 0, + }, + ], + "iface-stat": [ + { + "name": "iface", + "required": 1, + }, + ], + "conf-get": [ + { + "name": "variable", + "required": 1, + } + ], + "unregister-tenant-handler": [ + { + "name": "id", + "type": int, + "required": 1, + }, + { + "name": "htype", + "required": 1, + }, + { + "name": "hargs", + "type": int, + "required": 0, + }, + ], + "register-tenant-handler": [ + { + "name": "id", + "type": int, + "required": 1, + }, + { + "name": "htype", + "required": 1, + }, + { + "name": "hargs", + "type": int, + "required": 0, + }, + ], + "unregister-tenant": [ + { + "name": "id", + "type": int, + "required": 1, + }, + ], + "register-tenant": [ + { + "name": "id", + "type": int, + "required": 1, + }, + { + "name": "filename", + "required": 1, + }, + ], + "reload-tenant": [ + { + "name": "id", + "type": int, + "required": 1, + }, + { + "name": "filename", + "required": 0, + }, + ], + "add-hostbit": [ + { + "name": "ipaddress", + "required": 1, + }, + { + "name": "hostbit", + "required": 1, + }, + { + "name": "expire", + "type": int, + "required": 1, + }, + ], + "remove-hostbit": [ + { + "name": "ipaddress", + "required": 1, + }, + { + "name": "hostbit", + "required": 1, + }, + ], + "list-hostbit": [ + { + "name": "ipaddress", + "required": 1, + }, + ], + "memcap-set": [ + { + "name": "config", + "required": 1, + }, + { + "name": "memcap", + "required": 1, + }, + ], + "memcap-show": [ + { + "name": "config", + "required": 1, + }, + ], + "dataset-add": [ + { + "name": "setname", + "required": 1, + }, + { + "name": "settype", + "required": 1, + }, + { + "name": "datavalue", + "required": 1, + }, + ], + "dataset-remove": [ + { + "name": "setname", + "required": 1, + }, + { + "name": "settype", + "required": 1, + }, + { + "name": "datavalue", + "required": 1, + }, + ], + "get-flow-stats-by-id": [ + { + "name": "flow_id", + "type": int, + "required": 1, + }, + ], + "dataset-clear": [ + { + "name": "setname", + "required": 1, + }, + { + "name": "settype", + "required": 1, + } + ], + "dataset-lookup": [ + { + "name": "setname", + "required": 1, + }, + { + "name": "settype", + "required": 1, + }, + { + "name": "datavalue", + "required": 1, + }, + ], + } diff --git a/python/suricata/sc/suricatasc.py b/python/suricata/sc/suricatasc.py new file mode 100644 index 0000000..fc07037 --- /dev/null +++ b/python/suricata/sc/suricatasc.py @@ -0,0 +1,293 @@ +# Copyright(C) 2012-2023 Open Information Security Foundation + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +try: + import simplejson as json +except ImportError: + import json +import readline +import select +import sys +from socket import AF_UNIX, error, socket +from inspect import currentframe + +from suricata.sc.specs import argsd + +SURICATASC_VERSION = "1.0" +VERSION = "0.2" +INC_SIZE = 1024 + + +def get_linenumber(): + cf = currentframe() + return cf.f_back.f_lineno + + +class SuricataException(Exception): + """ + Generic class for suricatasc exception + """ + def __init__(self, value): + super(SuricataException, self).__init__(value) + self.value = value + + def __str__(self): + return str(self.value) + + +class SuricataNetException(SuricataException): + """ + Exception raised when a network error occurs + """ + + +class SuricataCommandException(SuricataException): + """ + Exception raised when the command is incorrect + """ + + +class SuricataReturnException(SuricataException): + """ + Exception raised when return message is incorrect + """ + + +class SuricataCompleter: + def __init__(self, words): + self.words = words + self.generator = None + + def complete(self, text): + for word in self.words: + if word.startswith(text): + yield word + + def __call__(self, text, state): + if state == 0: + self.generator = self.complete(text) + try: + return next(self.generator) + except StopIteration: + return None + + +class SuricataSC: + def __init__(self, sck_path, verbose=False): + self.basic_commands = [ + "shutdown", + "quit", + "pcap-file-number", + "pcap-file-list", + "pcap-last-processed", + "pcap-interrupt", + "iface-list", + "reload-tenants", + ] + self.fn_commands = [ + "pcap-file", + "pcap-file-continuous", + "iface-stat", + "conf-get", + "unregister-tenant-handler", + "register-tenant-handler", + "unregister-tenant", + "register-tenant", + "reload-tenant", + "add-hostbit", + "remove-hostbit", + "list-hostbit", + "memcap-set", + "memcap-show", + "dataset-add", + "dataset-remove", + "get-flow-stats-by-id", + "dataset-clear", + "dataset-lookup", + ] + self.cmd_list = self.basic_commands + self.fn_commands + self.sck_path = sck_path + self.verbose = verbose + self.socket = socket(AF_UNIX) + + def json_recv(self): + cmdret = None + data = "" + while True: + if sys.version < '3': + received = self.socket.recv(INC_SIZE) + else: + received = self.socket.recv(INC_SIZE).decode('iso-8859-1') + + if not received: + break + + data += received + if data.endswith('\n'): + cmdret = json.loads(data) + break + return cmdret + + def send_command(self, command, arguments=None): + if command not in self.cmd_list and command != 'command-list': + raise SuricataCommandException("L{}: Command not found: {}".format(get_linenumber(), command)) + + cmdmsg = {} + cmdmsg['command'] = command + if arguments: + cmdmsg['arguments'] = arguments + if self.verbose: + print("SND: " + json.dumps(cmdmsg)) + cmdmsg_str = json.dumps(cmdmsg) + "\n" + if sys.version < '3': + self.socket.send(cmdmsg_str) + else: + self.socket.send(bytes(cmdmsg_str, 'iso-8859-1')) + + ready = select.select([self.socket], [], [], 600) + if ready[0]: + cmdret = self.json_recv() + else: + cmdret = None + if not cmdret: + raise SuricataReturnException("L{}: Unable to get message from server".format(get_linenumber)) + + if self.verbose: + print("RCV: "+ json.dumps(cmdret)) + + return cmdret + + def connect(self): + try: + if self.socket is None: + self.socket = socket(AF_UNIX) + self.socket.connect(self.sck_path) + except error as err: + raise SuricataNetException("L{}: {}".format(get_linenumber(), err)) + + self.socket.settimeout(10) + #send version + if self.verbose: + print("SND: " + json.dumps({"version": VERSION})) + if sys.version < '3': + self.socket.send(json.dumps({"version": VERSION})) + else: + self.socket.send(bytes(json.dumps({"version": VERSION}), 'iso-8859-1')) + + ready = select.select([self.socket], [], [], 600) + if ready[0]: + cmdret = self.json_recv() + else: + cmdret = None + + if not cmdret: + raise SuricataReturnException("L{}: Unable to get message from server".format(get_linenumber())) + + if self.verbose: + print("RCV: "+ json.dumps(cmdret)) + + if cmdret["return"] == "NOK": + raise SuricataReturnException("L{}: Error: {}".format(get_linenumber(), cmdret["message"])) + + cmdret = self.send_command("command-list") + + # we silently ignore NOK as this means server is old + if cmdret["return"] == "OK": + self.cmd_list = cmdret["message"]["commands"] + self.cmd_list.append("quit") + + def close(self): + self.socket.close() + self.socket = None + + def execute(self, command): + full_cmd = command.split() + cmd = full_cmd[0] + cmd_specs = argsd[cmd] + required_args_count = len([d["required"] for d in cmd_specs if d["required"] and not "val" in d]) + arguments = dict() + for c, spec in enumerate(cmd_specs, 1): + spec_type = str if "type" not in spec else spec["type"] + if spec["required"]: + if spec.get("val"): + arguments[spec["name"]] = spec_type(spec["val"]) + continue + try: + arguments[spec["name"]] = spec_type(full_cmd[c]) + except IndexError: + phrase = " at least" if required_args_count != len(cmd_specs) else "" + msg = "Missing arguments: expected{} {}".format(phrase, required_args_count) + raise SuricataCommandException("L{}: {}".format(get_linenumber(), msg)) + except ValueError as ve: + raise SuricataCommandException("L{}: Erroneous arguments: {}".format(get_linenumber(), ve)) + elif c < len(full_cmd): + arguments[spec["name"]] = spec_type(full_cmd[c]) + return cmd, arguments + + def parse_command(self, command): + arguments = None + cmd = command.split()[0] if command else None + if cmd in self.cmd_list: + if cmd in self.fn_commands: + cmd, arguments = getattr(self, "execute")(command=command) + else: + raise SuricataCommandException("L{}: Unknown command: {}".format(get_linenumber(), command)) + return cmd, arguments + + def interactive(self): + print("Command list: " + ", ".join(self.cmd_list)) + try: + readline.set_completer(SuricataCompleter(self.cmd_list)) + readline.set_completer_delims(";") + readline.parse_and_bind('tab: complete') + while True: + if sys.version < '3': + command = raw_input(">>> ").strip() + else: + command = input(">>> ").strip() + if command == "quit": + break + if len(command.strip()) == 0: + continue + try: + cmd, arguments = self.parse_command(command) + except SuricataCommandException as err: + print(err) + continue + try: + cmdret = self.send_command(cmd, arguments) + except IOError as err: + # try to reconnect and resend command + print("Connection lost, trying to reconnect") + try: + self.close() + self.connect() + except (SuricataNetException, SuricataReturnException) as err: + print(err.value) + continue + cmdret = self.send_command(cmd, arguments) + except (SuricataCommandException, SuricataReturnException) as err: + print("An exception occured: " + str(err.value)) + continue + #decode json message + if cmdret["return"] == "NOK": + print("Error:") + print(json.dumps(cmdret["message"], sort_keys=True, indent=4, separators=(',', ': '))) + else: + print("Success:") + print(json.dumps(cmdret["message"], sort_keys=True, indent=4, separators=(',', ': '))) + except KeyboardInterrupt: + print("[!] Interrupted") + sys.exit(0) diff --git a/python/suricatasc/__init__.py b/python/suricatasc/__init__.py new file mode 100644 index 0000000..2868984 --- /dev/null +++ b/python/suricatasc/__init__.py @@ -0,0 +1 @@ +from suricata.sc import * -- cgit v1.2.3