Class: Snort::RuleSet

Inherits:
Object
  • Object
show all
Defined in:
lib/snort/ruleset.rb

Overview

This class stores a set of rules and allows actions against them

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(ruleset = []) ⇒ RuleSet

Returns a new instance of RuleSet.



70
71
72
 
# File 'lib/snort/ruleset.rb', line 70

def initialize(ruleset=[])
  @ruleset = ruleset
end

Class Method Details

.from_file(file) ⇒ Object 



16
17
18
19
20
21
22
23
 
# File 'lib/snort/ruleset.rb', line 16

def RuleSet::from_file(file)
  if file.class == File
    fh = file
  else
    fh = open(file.to_s, 'r')
  end
  RuleSet::from_filehandle(fh)
end

.from_filehandle(fh) ⇒ Object 



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/snort/ruleset.rb', line 29

def RuleSet::from_filehandle(fh)
  rules = RuleSet.new
  fh.each_line do |line|
    if line =~ /(alert|log|pass|activate|dynamic|drop|reject|sdrop)/
      begin
        rule = Snort::Rule.parse(line)
        if rule
          rules << rule
        else
          rules << Snort::Comment.new(line.strip)
        end
      rescue ArgumentError => e
      rescue NoMethodError => e
      end
    else
      rules << Snort::Comment.new(line.strip)
    end
  end
  rules
end

.from_url(url) ⇒ Object 



25
26
27
 
# File 'lib/snort/ruleset.rb', line 25

def RuleSet::from_url(url)
  RuleSet::from_file(url)
end

Instance Method Details

#-(rule) ⇒ Object 



78
79
80
 
# File 'lib/snort/ruleset.rb', line 78

def -(rule)
  @ruleset -= rule
end

#<<(rule) ⇒ Object 



74
75
76
 
# File 'lib/snort/ruleset.rb', line 74

def <<(rule)
  @ruleset << rule
end

#count(&block) ⇒ Object 



86
87
88
 
# File 'lib/snort/ruleset.rb', line 86

def count(&block)
  @ruleset.find_all {|r| r.class == Snort::Rule}.count(&block)
end

#delete(&block) ⇒ Object 



112
113
114
115
116
117
118
119
120
121
 
# File 'lib/snort/ruleset.rb', line 112

def delete(&block)
  len = @ruleset.length
  @ruleset.each do |rule|
    next if rule.class == Snort::Comment
    if block.call(rule)
      @ruleset -= [rule]
    end
  end
  len - @ruleset.length
end

#delete_allObject 



135
136
137
138
139
 
# File 'lib/snort/ruleset.rb', line 135

def delete_all
  delete do |r|
    true
  end
end

#delete_by_name(name) ⇒ Object 



157
158
159
160
161
162
163
 
# File 'lib/snort/ruleset.rb', line 157

def delete_by_name(name)
  delete do |r|
    if r.name =~ name
      true
    end
  end
end

#disable(&block) ⇒ Object 



101
102
103
104
105
106
107
108
109
110
 
# File 'lib/snort/ruleset.rb', line 101

def disable(&block)
  count = 0
  @ruleset.find_all {|r| r.class == Snort::Rule}.each do |rule|
    if block.call(rule)
      rule.disable
      count += 1
    end
  end
  count
end

#disable_allObject 



129
130
131
132
133
 
# File 'lib/snort/ruleset.rb', line 129

def disable_all
  disable do |r|
    true
  end
end

#disable_by_name(name) ⇒ Object 



149
150
151
152
153
154
155
 
# File 'lib/snort/ruleset.rb', line 149

def disable_by_name(name)
  disable do |r|
    if r.name =~ name
      true
    end
  end
end

#enable(&block) ⇒ Object 



90
91
92
93
94
95
96
97
98
99
 
# File 'lib/snort/ruleset.rb', line 90

def enable(&block)
  count = 0
  @ruleset.find_all {|r| r.class == Snort::Rule}.each do |rule|
    if block.call(rule)
      rule.enable
      count += 1
    end
  end
  count
end

#enable_allObject 



123
124
125
126
127
 
# File 'lib/snort/ruleset.rb', line 123

def enable_all
  enable do |r|
    true
  end
end

#enable_by_name(name) ⇒ Object 



141
142
143
144
145
146
147
 
# File 'lib/snort/ruleset.rb', line 141

def enable_by_name(name)
  enable do |r|
    if r.name =~ name
      true
    end
  end
end

#lengthObject 



82
83
84
 
# File 'lib/snort/ruleset.rb', line 82

def length
  @ruleset.find_all {|r| r.class == Snort::Rule}.length
end

#to_file(file) ⇒ Object 



56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/snort/ruleset.rb', line 56

def to_file(file)
  i_opened_it = false
  if file.class == File
    fh = file
  else
    i_opened_it = true
    fh = open(file.to_s, 'w')
  end
  to_filehandle(fh)
  if i_opened_it
    fh.close
  end
end

#to_filehandle(fh) ⇒ Object 



50
51
52
53
54
 
# File 'lib/snort/ruleset.rb', line 50

def to_filehandle(fh)
  @ruleset.each do |rule|
    fh.puts rule.to_s
  end
end