class Snort::RuleSet

This class stores a set of rules and allows actions against them

Public Class Methods

from_file(file) click to toggle source
# File lib/snort/ruleset.rb, line 16
def RuleSet::from_file(file)
  if file.class == File
    fh = file
  else
    fh = open(file.to_s, 'r')
  end
  RuleSet::from_filehandle(fh)
end
from_filehandle(fh) click to toggle source
# File lib/snort/ruleset.rb, line 29
def RuleSet::from_filehandle(fh)
  rules = RuleSet.new
  comments = ""
  fh.each_line do |line|
    if line =~ /(alert|log|pass|activate|dynamic|drop|reject|sdrop)/
      begin
        rule = Snort::Rule.parse(line)
        if rule
          if comments.length > 0
            rule.comments = comments
            comments = ""
          end
          rules << rule
        else
          comments << line
        end
      rescue ArgumentError => e
      rescue NoMethodError => e
      end
    else
      comments << line
    end
  end
  rules
end
from_url(url) click to toggle source
# File lib/snort/ruleset.rb, line 25
def RuleSet::from_url(url)
  RuleSet::from_file(url)
end
new(ruleset=[]) click to toggle source
# File lib/snort/ruleset.rb, line 75
def initialize(ruleset=[])
  @ruleset = ruleset
end

Public Instance Methods

-(rule) click to toggle source
# File lib/snort/ruleset.rb, line 83
def -(rule)
  @ruleset -= rule
end
<<(rule) click to toggle source
# File lib/snort/ruleset.rb, line 79
def <<(rule)
  @ruleset << rule
end
count(&block) click to toggle source
# File lib/snort/ruleset.rb, line 95
def count(&block)
  @ruleset.count(&block)
end
delete(&block) click to toggle source
# File lib/snort/ruleset.rb, line 121
def delete(&block)
  len = @ruleset.length
  @ruleset.each do |rule|
    if block.call(rule)
      @ruleset -= [rule]
    end
  end
  len - @ruleset.length
end
delete_all() click to toggle source
# File lib/snort/ruleset.rb, line 143
def delete_all
  delete do |r|
    true
  end
end
delete_by_name(name) click to toggle source
# File lib/snort/ruleset.rb, line 165
def delete_by_name(name)
  delete do |r|
    if r.name =~ name
      true
    end
  end
end
disable(&block) click to toggle source
# File lib/snort/ruleset.rb, line 110
def disable(&block)
  count = 0
  @ruleset.each do |rule|
    if block.call(rule)
      rule.disable
      count += 1
    end
  end
  count
end
disable_all() click to toggle source
# File lib/snort/ruleset.rb, line 137
def disable_all
  disable do |r|
    true
  end
end
disable_by_name(name) click to toggle source
# File lib/snort/ruleset.rb, line 157
def disable_by_name(name)
  disable do |r|
    if r.name =~ name
      true
    end
  end
end
each(&block) click to toggle source
# File lib/snort/ruleset.rb, line 91
def each(&block)
  @ruleset.each(&block)
end
enable(&block) click to toggle source
# File lib/snort/ruleset.rb, line 99
def enable(&block)
  count = 0
  @ruleset.each do |rule|
    if block.call(rule)
      rule.enable
      count += 1
    end
  end
  count
end
enable_all() click to toggle source
# File lib/snort/ruleset.rb, line 131
def enable_all
  enable do |r|
    true
  end
end
enable_by_name(name) click to toggle source
# File lib/snort/ruleset.rb, line 149
def enable_by_name(name)
  enable do |r|
    if r.name =~ name
      true
    end
  end
end
length() click to toggle source
# File lib/snort/ruleset.rb, line 87
def length
  @ruleset.length
end
to_file(file) click to toggle source
# File lib/snort/ruleset.rb, line 61
def to_file(file)
  i_opened_it = false
  if file.class == File
    fh = file
  else
    i_opened_it = true
    fh = open(file.to_s, 'w')
  end
  to_filehandle(fh)
  if i_opened_it
    fh.close
  end
end
to_filehandle(fh) click to toggle source
# File lib/snort/ruleset.rb, line 55
def to_filehandle(fh)
  @ruleset.each do |rule|
    fh.puts rule.to_s
  end
end