Class: Snort::Rule

Inherits:

Object

Object
Snort::Rule

show all

Defined in:: lib/snort/rule.rb,
lib/snort/rule/version.rb

Overview

This class stores and generates the features of a snort rule

Constant Summary collapse

VERSION =

"0.1.1"

Instance Attribute Summary collapse

#action ⇒ Object

Returns the value of attribute action.
#dir ⇒ Object

Returns the value of attribute dir.
#dport ⇒ Object

Returns the value of attribute dport.
#dst ⇒ Object

Returns the value of attribute dst.
#opts ⇒ Object

Returns the value of attribute opts.
#proto ⇒ Object

Returns the value of attribute proto.
#sport ⇒ Object

Returns the value of attribute sport.
#src ⇒ Object

Returns the value of attribute src.

Class Method Summary collapse

.parse(string) ⇒ Object

Parse a snort rule to generate an object.

Instance Method Summary collapse

#initialize(kwargs = {}) ⇒ Rule constructor

A new instance of Rule.
#to_s(options_only = false) ⇒ Object

Output the current object into a snort rule.

Constructor Details

#initialize(kwargs = {}) ⇒ `Rule`

Returns a new instance of Rule.

# File 'lib/snort/rule.rb', line 12

def initialize(kwargs={})
  @action = kwargs[:action] || 'alert'
  @proto = kwargs[:proto] || 'IP'
  @src = kwargs[:src] || 'any'
  @sport = kwargs[:sport] || 'any'
  @dir = kwargs[:dir] || '->'
  @dst = kwargs[:dst] || 'any'
  @dport = kwargs[:dport] || 'any'
  @opts = kwargs[:opts] || {}
end

Instance Attribute Details

#action ⇒ `Object`

Returns the value of attribute action.



10
11
12

# File 'lib/snort/rule.rb', line 10

def action
  @action
end

#dir ⇒ `Object`

Returns the value of attribute dir.



10
11
12

# File 'lib/snort/rule.rb', line 10

def dir
  @dir
end

#dport ⇒ `Object`

Returns the value of attribute dport.



10
11
12

# File 'lib/snort/rule.rb', line 10

def dport
  @dport
end

#dst ⇒ `Object`

Returns the value of attribute dst.



10
11
12

# File 'lib/snort/rule.rb', line 10

def dst
  @dst
end

#opts ⇒ `Object`

Returns the value of attribute opts.



10
11
12

# File 'lib/snort/rule.rb', line 10

def opts
  @opts
end

#proto ⇒ `Object`

Returns the value of attribute proto.



10
11
12

# File 'lib/snort/rule.rb', line 10

def proto
  @proto
end

#sport ⇒ `Object`

Returns the value of attribute sport.



10
11
12

# File 'lib/snort/rule.rb', line 10

def sport
  @sport
end

#src ⇒ `Object`

Returns the value of attribute src.



10
11
12

# File 'lib/snort/rule.rb', line 10

def src
  @src
end

Class Method Details

.parse(string) ⇒ `Object`

Parse a snort rule to generate an object

# File 'lib/snort/rule.rb', line 39

def Rule::parse(string)
  rule = Snort::Rule.new
  rulepart, optspart = string.split(/\s*\(\s*/,2)
  rule.action, rule.proto, rule.src, rule.sport, rule.dir, rule.dst, rule.dport = rulepart.split(/\s+/)
  rule.opts = Hash[optspart.gsub(/;\s*\).*$/,'').split(/\s*;\s*/).map { |x| 
    if x =~ /(.*?):(.*)/
      x.split(/:/,2)
    else
      [x,true]
    end
  }]
  rule
end

Instance Method Details

#to_s(options_only = false) ⇒ `Object`

Output the current object into a snort rule

# File 'lib/snort/rule.rb', line 24

def to_s(options_only=false)
  rule = ""
  rule = [@action, @proto, @src, @sport, @dir, @dst, @dport, '( '].join(" ") unless options_only
  opts.keys.sort.each do |k|
    rule += k if opts[k];
    unless opts[k] == true
      rule += ":#{opts[k]}"
    end
    rule += "; "
  end
  rule += ")" unless options_only
  rule
end

Class: Snort::Rule

Overview

Constant Summary collapse

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(kwargs = {}) ⇒ Rule

Instance Attribute Details

#action ⇒ Object

#dir ⇒ Object

#dport ⇒ Object

#dst ⇒ Object

#opts ⇒ Object

#proto ⇒ Object

#sport ⇒ Object

#src ⇒ Object