class Snort::RuleSet
This class stores a set of rules and allows actions against them
Public Class Methods
from_file(file)
click to toggle source
# File lib/snort/ruleset.rb, line 16 def RuleSet::from_file(file) if file.class == File fh = file else fh = open(file.to_s, 'r') end RuleSet::from_filehandle(fh) end
from_filehandle(fh)
click to toggle source
# File lib/snort/ruleset.rb, line 29 def RuleSet::from_filehandle(fh) rules = RuleSet.new comments = "" fh.each_line do |line| if line =~ /(alert|log|pass|activate|dynamic|drop|reject|sdrop)/ begin rule = Snort::Rule.parse(line) if rule if comments.length > 0 rule.comments = comments comments = "" end rules << rule else comments << line end rescue ArgumentError => e rescue NoMethodError => e end else comments << line end end rules end
from_url(url)
click to toggle source
# File lib/snort/ruleset.rb, line 25 def RuleSet::from_url(url) RuleSet::from_file(url) end
new(ruleset=[])
click to toggle source
# File lib/snort/ruleset.rb, line 75 def initialize(ruleset=[]) @ruleset = ruleset end
Public Instance Methods
-(rule)
click to toggle source
# File lib/snort/ruleset.rb, line 83 def -(rule) @ruleset -= rule end
<<(rule)
click to toggle source
# File lib/snort/ruleset.rb, line 79 def <<(rule) @ruleset << rule end
count(&block)
click to toggle source
# File lib/snort/ruleset.rb, line 95 def count(&block) @ruleset.count(&block) end
delete(&block)
click to toggle source
# File lib/snort/ruleset.rb, line 121 def delete(&block) len = @ruleset.length @ruleset.each do |rule| if block.call(rule) @ruleset -= [rule] end end len - @ruleset.length end
delete_all()
click to toggle source
# File lib/snort/ruleset.rb, line 143 def delete_all delete do |r| true end end
delete_by_name(name)
click to toggle source
# File lib/snort/ruleset.rb, line 165 def delete_by_name(name) delete do |r| if r.name =~ name true end end end
disable(&block)
click to toggle source
# File lib/snort/ruleset.rb, line 110 def disable(&block) count = 0 @ruleset.each do |rule| if block.call(rule) rule.disable count += 1 end end count end
disable_all()
click to toggle source
# File lib/snort/ruleset.rb, line 137 def disable_all disable do |r| true end end
disable_by_name(name)
click to toggle source
# File lib/snort/ruleset.rb, line 157 def disable_by_name(name) disable do |r| if r.name =~ name true end end end
each(&block)
click to toggle source
# File lib/snort/ruleset.rb, line 91 def each(&block) @ruleset.each(&block) end
enable(&block)
click to toggle source
# File lib/snort/ruleset.rb, line 99 def enable(&block) count = 0 @ruleset.each do |rule| if block.call(rule) rule.enable count += 1 end end count end
enable_all()
click to toggle source
# File lib/snort/ruleset.rb, line 131 def enable_all enable do |r| true end end
enable_by_name(name)
click to toggle source
# File lib/snort/ruleset.rb, line 149 def enable_by_name(name) enable do |r| if r.name =~ name true end end end
length()
click to toggle source
# File lib/snort/ruleset.rb, line 87 def length @ruleset.length end
to_file(file)
click to toggle source
# File lib/snort/ruleset.rb, line 61 def to_file(file) i_opened_it = false if file.class == File fh = file else i_opened_it = true fh = open(file.to_s, 'w') end to_filehandle(fh) if i_opened_it fh.close end end
to_filehandle(fh)
click to toggle source
# File lib/snort/ruleset.rb, line 55 def to_filehandle(fh) @ruleset.each do |rule| fh.puts rule.to_s end end