(IDS) add action to backend rule cache

2026-03-16 17:44:41 +00:00 · 2015-11-19 14:59:51 +00:00 · 2015-11-19 14:59:51 +00:00 · 8cb86cc72b
commit 8cb86cc72b
parent bd2ca8021a
1 changed files with 6 additions and 3 deletions
--- a/src/opnsense/scripts/suricata/lib/rulecache.py
+++ b/src/opnsense/scripts/suricata/lib/rulecache.py
@ -43,7 +43,7 @@ class RuleCache(object):
    def __init__(self):
        # suricata rule settings, source directory and cache json file to use
        self.cachefile = '%srules.sqlite' % rule_source_directory
-        self._rule_fields = ['sid', 'msg', 'classtype', 'rev', 'gid', 'source', 'enabled', 'reference']
+        self._rule_fields = ['sid', 'msg', 'classtype', 'rev', 'gid', 'source', 'enabled', 'reference', 'action']
        self._rule_defaults = {'classtype': '##none##'}

    @staticmethod
@ -67,6 +67,9 @@ class RuleCache(object):
                record = {'enabled': True, 'source': filename.split('/')[-1]}
                if rule.strip()[0] == '#':
                    record['enabled'] = False
+                    record['action'] = rule.strip()[1:].split(' ')[0].replace('#', '')
+                else:
+                    record['action'] = rule.strip().split(' ')[0]

                rule_metadata = rule[rule.find('msg:'):-1]
                for field in rule_metadata.split(';'):
@ -137,8 +140,8 @@ class RuleCache(object):
        cur = db.cursor()
        cur.execute('CREATE TABLE stats (timestamp number, files number)')
        cur.execute("""CREATE TABLE rules (sid number, msg TEXT, classtype TEXT,
-                                           rev INTEGER, gid INTEGER,reference TEXT,
-                                           enabled BOOLEAN,source TEXT)""")
+                                           rev INTEGER, gid INTEGER, reference TEXT,
+                                           enabled BOOLEAN, action text, source TEXT)""")

        last_mtime = 0
        all_rule_files = self.list_local()