snort-rule 1.5.3 → 1.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/snort/rule.rb +6 -18
- data/lib/snort/rule/version.rb +1 -1
- data/lib/snort/ruleset.rb +11 -7
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2edb46ba49f19aed8a02939baca0f4fcc36f1513
|
|
4
|
+
data.tar.gz: 50fc0ba0b7bda87b7b48da6f9e17f9e8b46ee8b2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4518b8425bc07539da1c942024fbc82ff05e87c55777bc2736a7c77752abdeabf4c84f836e0f1c43552b2f85e9cf719e9a9bff12b4482062aa93ac11dd2841e9
|
|
7
|
+
data.tar.gz: b9e67ac011c246d1322c42aaf724c5990ee372456e35740603558df8a41516fb80b729d8e2b2e63b9d848ce0d12003a7661b624dda1714416d7ea45782af006f
|
data/lib/snort/rule.rb
CHANGED
|
@@ -10,25 +10,9 @@ require "snort/rule/option"
|
|
|
10
10
|
# License:: Distributes under the same terms as Ruby
|
|
11
11
|
module Snort
|
|
12
12
|
|
|
13
|
-
class Comment
|
|
14
|
-
def initialize(comment)
|
|
15
|
-
@comment = comment
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
def to_s
|
|
19
|
-
@comment
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
def enable
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def disable
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
13
|
# This class stores and generates the features of a snort rule
|
|
30
14
|
class Rule
|
|
31
|
-
attr_accessor :enabled, :action, :proto, :src, :sport, :dir, :dst, :dport, :options_hash
|
|
15
|
+
attr_accessor :enabled, :action, :proto, :src, :sport, :dir, :dst, :dport, :options_hash, :comments
|
|
32
16
|
attr_reader :options
|
|
33
17
|
|
|
34
18
|
# Initializes the Rule
|
|
@@ -62,13 +46,17 @@ module Snort
|
|
|
62
46
|
add_option(opt)
|
|
63
47
|
end
|
|
64
48
|
end
|
|
49
|
+
@comments = kwargs[:comments]
|
|
65
50
|
end
|
|
66
51
|
|
|
67
52
|
# Output the current object into a snort rule
|
|
68
53
|
def to_s(options_only=false)
|
|
69
54
|
rule = ""
|
|
55
|
+
if @comments
|
|
56
|
+
rule += @comments
|
|
57
|
+
end
|
|
70
58
|
if not @enabled
|
|
71
|
-
rule
|
|
59
|
+
rule += "#"
|
|
72
60
|
end
|
|
73
61
|
rule += [@action, @proto, @src, @sport, @dir, @dst, @dport].join(" ") unless options_only
|
|
74
62
|
if @options.any?
|
data/lib/snort/rule/version.rb
CHANGED
data/lib/snort/ruleset.rb
CHANGED
|
@@ -28,20 +28,25 @@ module Snort
|
|
|
28
28
|
|
|
29
29
|
def RuleSet::from_filehandle(fh)
|
|
30
30
|
rules = RuleSet.new
|
|
31
|
+
comments = ""
|
|
31
32
|
fh.each_line do |line|
|
|
32
33
|
if line =~ /(alert|log|pass|activate|dynamic|drop|reject|sdrop)/
|
|
33
34
|
begin
|
|
34
35
|
rule = Snort::Rule.parse(line)
|
|
35
36
|
if rule
|
|
37
|
+
if comments.length > 0
|
|
38
|
+
rule.comments = comments
|
|
39
|
+
comments = ""
|
|
40
|
+
end
|
|
36
41
|
rules << rule
|
|
37
42
|
else
|
|
38
|
-
|
|
43
|
+
comments << line
|
|
39
44
|
end
|
|
40
45
|
rescue ArgumentError => e
|
|
41
46
|
rescue NoMethodError => e
|
|
42
47
|
end
|
|
43
48
|
else
|
|
44
|
-
|
|
49
|
+
comments << line
|
|
45
50
|
end
|
|
46
51
|
end
|
|
47
52
|
rules
|
|
@@ -80,16 +85,16 @@ module Snort
|
|
|
80
85
|
end
|
|
81
86
|
|
|
82
87
|
def length
|
|
83
|
-
@ruleset.
|
|
88
|
+
@ruleset.length
|
|
84
89
|
end
|
|
85
90
|
|
|
86
91
|
def count(&block)
|
|
87
|
-
@ruleset.
|
|
92
|
+
@ruleset.count(&block)
|
|
88
93
|
end
|
|
89
94
|
|
|
90
95
|
def enable(&block)
|
|
91
96
|
count = 0
|
|
92
|
-
@ruleset.
|
|
97
|
+
@ruleset.each do |rule|
|
|
93
98
|
if block.call(rule)
|
|
94
99
|
rule.enable
|
|
95
100
|
count += 1
|
|
@@ -100,7 +105,7 @@ module Snort
|
|
|
100
105
|
|
|
101
106
|
def disable(&block)
|
|
102
107
|
count = 0
|
|
103
|
-
@ruleset.
|
|
108
|
+
@ruleset.each do |rule|
|
|
104
109
|
if block.call(rule)
|
|
105
110
|
rule.disable
|
|
106
111
|
count += 1
|
|
@@ -112,7 +117,6 @@ module Snort
|
|
|
112
117
|
def delete(&block)
|
|
113
118
|
len = @ruleset.length
|
|
114
119
|
@ruleset.each do |rule|
|
|
115
|
-
next if rule.class == Snort::Comment
|
|
116
120
|
if block.call(rule)
|
|
117
121
|
@ruleset -= [rule]
|
|
118
122
|
end
|