lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-20 03:16:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

(ids) add option to drop/reset suricata log file (eve.json*), closes https://github.com/opnsense/core/issues/997

Browse Source
This commit is contained in:
Ad Schellevis 2016-06-09 21:35:22 +02:00
parent 65f074b64f
commit 40e4bdc22e
4 changed files with 105 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php
View File

@ -311,4 +311,24 @@ class ServiceController extends ApiControllerBase
return array();
}
}
/**
* drop alert log
* @return array status
*/
public function dropAlertLogAction()
{
if ($this->request->isPost()) {
// close session for long running action
$this->sessionClose();
$backend = new Backend();
$filename = $this->request->getPost('filename', 'string', null);
if ($filename != null) {
$filename = basename($filename);
$backend->configdpRun("ids drop alertlog", array($filename));
return array("status" => "ok");
}
}
return array("status" => "failed");
}
}

33
src/opnsense/mvc/app/views/OPNsense/IDS/index.volt
View File

@ -69,9 +69,9 @@ POSSIBILITY OF SUCH DAMAGE.
$('#alert-logfile').html("");
$.each(data, function(key, value) {
if (value['sequence'] == undefined) {
$('#alert-logfile').append($("<option></option>").attr("value",'none').text(value['modified']));
$('#alert-logfile').append($("<option/>").data('filename', value['filename']).attr("value",'none').text(value['modified']));
} else {
$('#alert-logfile').append($("<option></option>").attr("value",value['sequence']).text(value['modified']));
$('#alert-logfile').append($("<option/>").data('filename', value['filename']).attr("value",value['sequence']).text(value['modified']));
}
});
$('.selectpicker').selectpicker('refresh');
@ -427,6 +427,34 @@ POSSIBILITY OF SUCH DAMAGE.
history.pushState(null, null, e.target.hash);
});
// delete selected alert log
$("#actDeleteLog").click(function(){
var selected_log = $("#alert-logfile > option:selected");
BootstrapDialog.show({
type:BootstrapDialog.TYPE_DANGER,
title: '{{ lang._('Remove log file ') }} ' + selected_log.html(),
message: '{{ lang._('Removing this file will cleanup disk space, but cannot be undone.') }}',
buttons: [{
icon: 'fa fa-trash-o',
label: '{{ lang._('Yes') }}',
cssClass: 'btn-primary',
action: function(dlg){
ajaxCall(url="/api/ids/service/dropAlertLog/",sendData={filename: selected_log.data('filename')},
callback=function(data,status){
updateAlertLogs();
});
dlg.close();
}
}, {
label: 'Close',
action: function(dlg){
dlg.close();
}
}]
});
});
});
@ -568,6 +596,7 @@ POSSIBILITY OF SUCH DAMAGE.
<div class="row">
<div class="col-sm-12 actionBar">
<select id="alert-logfile" class="selectpicker" data-width="200px"></select>
<span id="actDeleteLog" class="btn btn-lg fa fa-trash" style="cursor: pointer;"></span>
<select id="alert-logfile-max" class="selectpicker" data-width="80px">
<option value="7">7</option>
<option value="50">50</option>

48
src/opnsense/scripts/suricata/dropAlertLog.py Executable file
View File

@ -0,0 +1,48 @@
#!/usr/local/bin/python2.7
"""
Copyright (c) 2016 Ad Schellevis
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
--------------------------------------------------------------------------------------
drop requested alert log
"""
import os
import sys
import glob
from lib import suricata_alert_log
if __name__ == '__main__' and len(sys.argv) > 1:
result = []
for filename in glob.glob('%s*' % suricata_alert_log):
if os.path.basename(filename) == sys.argv[1]:
if os.path.basename(filename) == 'eve.json':
# current logfile, truncate to 0
with open(filename, 'wb') as f:
f.truncate()
else:
# archive, remove
os.remove(filename)
print ("removed %s" % filename)

6
src/opnsense/service/conf/actions.d/actions_ids.conf
View File

@ -22,6 +22,12 @@ parameters:
type:script_output
message:list available suricata alert logs
[drop.alertlog]
command:/usr/local/opnsense/scripts/suricata/dropAlertLog.py
parameters:%s
type:script_output
message:drop suricata alert log %s
[query.rules]
command:/usr/local/opnsense/scripts/suricata/queryInstalledRules.py
parameters:/limit %s /offset %s /filter %s /sort_by %s