From 8cb86cc72b59169dc243f2b33ec3505f2483ac3a Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Thu, 19 Nov 2015 14:59:51 +0000 Subject: [PATCH] (IDS) add action to backend rule cache --- src/opnsense/scripts/suricata/lib/rulecache.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/opnsense/scripts/suricata/lib/rulecache.py b/src/opnsense/scripts/suricata/lib/rulecache.py index 142582b87..521898354 100644 --- a/src/opnsense/scripts/suricata/lib/rulecache.py +++ b/src/opnsense/scripts/suricata/lib/rulecache.py @@ -43,7 +43,7 @@ class RuleCache(object): def __init__(self): # suricata rule settings, source directory and cache json file to use self.cachefile = '%srules.sqlite' % rule_source_directory - self._rule_fields = ['sid', 'msg', 'classtype', 'rev', 'gid', 'source', 'enabled', 'reference'] + self._rule_fields = ['sid', 'msg', 'classtype', 'rev', 'gid', 'source', 'enabled', 'reference', 'action'] self._rule_defaults = {'classtype': '##none##'} @staticmethod @@ -67,6 +67,9 @@ class RuleCache(object): record = {'enabled': True, 'source': filename.split('/')[-1]} if rule.strip()[0] == '#': record['enabled'] = False + record['action'] = rule.strip()[1:].split(' ')[0].replace('#', '') + else: + record['action'] = rule.strip().split(' ')[0] rule_metadata = rule[rule.find('msg:'):-1] for field in rule_metadata.split(';'): @@ -137,8 +140,8 @@ class RuleCache(object): cur = db.cursor() cur.execute('CREATE TABLE stats (timestamp number, files number)') cur.execute("""CREATE TABLE rules (sid number, msg TEXT, classtype TEXT, - rev INTEGER, gid INTEGER,reference TEXT, - enabled BOOLEAN,source TEXT)""") + rev INTEGER, gid INTEGER, reference TEXT, + enabled BOOLEAN, action text, source TEXT)""") last_mtime = 0 all_rule_files = self.list_local()