Class: Aoandon::Syntax

Inherits:
Analysis show all
Defined in:
lib/aoandon/analysis/syntax.rb

Instance Method Summary collapse

Methods inherited from Analysis

#update

Constructor Details

#initialize(logger, options = {}) ⇒ Syntax

Returns a new instance of Syntax.



3
4
5
6
7
8
9
10
 
# File 'lib/aoandon/analysis/syntax.rb', line 3

def initialize(logger, options = {})
  super(logger, options)

  abort("Configuration file not found: #{options[:file]}") unless File.exist?(options[:file])
  @rules = Array(YAML::load_file(options[:file])['rules']).map {|rule| StaticRule.new(*rule) }

  puts "Ruleset:  #{File.expand_path(options[:file])}"
end

Instance Method Details

#test(packet) ⇒ Object 



12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/aoandon/analysis/syntax.rb', line 12

def test(packet)
  @rules.each do |rule|
    if match?(packet, rule.context)
      break if (@last_rule = rule).options['quick']
    end
  end

  if @last_rule && @last_rule.action != 'pass'
    message = @last_rule.options['msg'] || 'Bad packet detected!'
    dump = @last_rule.options['log'] ? packet : nil
    @logger.message(packet.time.iso8601, 'SYNTAX', @last_rule.action, message, dump)
  end
end