File Coverage

blib/lib/Ixchel/Actions/suricata_outputs.pm

Criterion	Covered	Total	%
statement	17	60	28.3
branch	0	20	0.0
condition			n/a
subroutine	6	10	60.0
pod	2	4	50.0
total	25	94	26.6

line	stmt	bran	sub	pod	time	code
1						package Ixchel::Actions::suricata_outputs;
2
3	1		1		137005	use 5.006;
	1				3
4	1		1		3	use strict;
	1				1
	1				21
5	1		1		3	use warnings;
	1				2
	1				47
6	1		1		401	use File::Slurp;
	1				29120
	1				75
7	1		1		479	use String::ShellQuote;
	1				746
	1				53
8	1		1		5	use base 'Ixchel::Actions::base';
	1				1
	1				341
9
10						=head1 NAME
11
12						Ixchel::Actions::suricata_ouputs - Generate a outputs include for suricata.
13
14						=head1 VERSION
15
16						Version 0.2.0
17
18						=cut
19
20						our $VERSION = '0.2.0';
21
22						=head1 CLI SYNOPSIS
23
24						ixchel -a suricata_outputs [B<-d> ] [B<-i> ]
25
26						ixchel -a suricata_outputs B<-w> [B<-d> ] [B<-i> ] [B<--np>]
27
28						=head1 CODE SYNOPSIS
29
30						use Data::Dumper;
31
32						my $results=$ixchel->action(action=>'suricata_outputs', opts=>{np=>1, w=>1, });
33
34						print Dumper($results);
35
36						=head1 DESCRIPTION
37
38						The template used is 'suricata_outputs'.
39
40						.suricata.enable_fastlog :: Perl boolean if to enable fastlog output.
41						Default ::
42						Map To :: .vars.enable_fastlog
43
44						.suricata.enable_syslog :: Perl boolean if to enable syslog output.
45						Default :: 0
46						Map To :: .vars.enable_syslog
47
48						.suricata.filestore_enable :: Perl boolean if to enable the filestore.
49						Default :: 0
50						Map To :: .vars.filestore_enable
51
52						.suricata.dhcp_in_alert_eve :: Perl boolean if DHCP type items should be in the alert eve.
53						Default :: 0
54						Map To :: .vars.dhcp_in_alert_eve
55
56						.suricata.config_base :: The variable used for controlling where the outputs.yaml
57						file is created.
58
59						.suricata.enable_pcap_log :: Enable PCAP logging.
60						Default :: 0
61						Map To :: .vars.enable_pcap_log
62
63						The logging options are as below.
64
65						.suricata.logging.in_outputs :: Put the .logging section in the outputs include.
66						Default :: 1
67						Map To :: .vars.logging.in_outputs
68
69						.suricata.logging.level :: Value for .logging.default-log-level .
70						Default :: notice
71						Map To :: .vars.logging.level
72
73						.suricata.logging.console :: If enabled should be yes or no for the syslog console output.
74						Default :: no
75						Map To :: .vars.logging.console
76
77						.suricata.logging.file :: If enabled should be yes or no for the file logging output.
78						Default :: yes
79						Map To :: .vars.logging.file
80
81						.suricata.logging.file_level :: Value for level for the file output.
82						Default :: info
83						Map To :: .vars.logging.file_level
84
85						.suricata.logging.syslog :: If enabled should be yes or no for the syslog logging output.
86						Default :: no
87						Map To :: .vars.logging.syslog
88
89						.suricata.logging.syslog_facility :: Value for facility for syslog logging output.
90						Default :: local5
91						Map To :: .vars.logging.syslog_facility
92
93						.suricata.logging.syslog_format :: Value for format for syslog logging output.
94						Default :: "[%i] <%d> -- "
95						Map To :: .vars.logging.syslog_format
96
97						Multiinstance handling. Ixchel supports multiple Suricata instances on Linux.
98						If .suricata.multi_instace is set to 1, then the following is done.
99
100						1: Instance vars are generated via first copying the ones above and then
101						overwriting them with .suricata.instances.$instance.$var .
102
103						2: .vars.instance_part is set to "-$instance". If instances are not in use
104						this value is ''.
105
106						3: .vars.instance_part2 is set to "$instance.". If instances are not in use
107						this value is ''.
108
109						4: The output file is named "outputs-$instance.yaml".
110
111						=head1 FLAGS
112
113						=head2 -w
114
115						Write the generated services to service files.
116
117						=head2 -i instance
118
119						A instance to operate on.
120
121						=head2 -d
122
123						Use this as the base dir instead of .suricata.config_base from the config.
124
125						=head1 RESULT HASH REF
126
127						.errors :: A array of errors encountered.
128						.status_text :: A string description of what was done and the results.
129						.ok :: Set to zero if any of the above errored.
130
131						=cut
132
133			0	0		sub new_extra { }
134
135						sub action_extra {
136	0		0	0		my $self = $_[0];
137
138	0					my $config_base;
139	0	0				if ( !defined( $self->{opts}{d} ) ) {
140	0					$config_base = $self->{config}{suricata}{config_base};
141						} else {
142	0	0				if ( !-d $self->{opts}{d} ) {
143	0					$self->status_add( status => '-d, "' . $self->{opts}{d} . '" is not a directory', error => 1 );
144	0					return undef;
145						}
146	0					$config_base = $self->{opts}{d};
147						}
148
149	0	0				if ( $self->{config}{suricata}{multi_instance} ) {
150	0					my @instances;
151
152	0					my @vars_to_migrate = ( 'enable_fastlog', 'enable_syslog', 'filestore_enable', 'dhcp_in_alert_eve' );
153
154	0	0				if ( defined( $self->{opts}{i} ) ) {
155	0					@instances = ( $self->{opts}{i} );
156						} else {
157	0					@instances = keys( %{ $self->{config}{suricata}{instances} } );
	0
158						}
159	0					foreach my $instance (@instances) {
160						my $vars = {
161						enable_fastlog => $self->{config}{suricata}{enable_fastlog},
162						enable_syslog => $self->{config}{suricata}{enable_syslog},
163						filestore_enable => $self->{config}{suricata}{filestore_enable},
164						dhcp_in_alert_eve => $self->{config}{suricata}{dhcp_in_alert_eve},
165						enable_pcap_log => => $self->{config}{suricata}{enable_pcap_log},
166						logging => $self->{config}{suricata}{logging},
167	0					instance_part => '-' . $instance,
168						instance_part2 => $instance . '.',
169						};
170
171	0					foreach my $to_migrate (@vars_to_migrate) {
172	0	0				if ( defined( $self->{config}{suricata}{instances}{$instance}{$to_migrate} ) ) {
173	0					$vars->{$to_migrate} = $self->{config}{suricata}{instances}{$instance}{$to_migrate};
174						}
175						}
176
177	0					my $filled_in;
178	0					eval {
179						$filled_in = $self->{ixchel}->action(
180	0					action => 'template',
181						vars => $vars,
182						opts => {
183						np => 1,
184						t => 'suricata_outputs',
185						},
186						);
187	0	0				if ( $self->{opts}{w} ) {
188	0					write_file( $config_base . '/' . $instance . '-outputs.yaml', $filled_in );
189						}
190						};
191	0	0				if ($@) {
192	0					$self->status_add(
193						status => '-----[ Errored: '
194						. $instance
195						. ' ]-------------------------------------' . "\n" . '# '
196						. $@ . "\n",
197						error => 1
198						);
199						} else {
200	0					$self->status_add( status => '-----[ '
201						. $instance
202						. ' ]-------------------------------------' . "\n"
203						. $filled_in
204						. "\n" );
205						}
206						} ## end foreach my $instance (@instances)
207						} else {
208	0	0				if ( defined( $self->{opts}{i} ) ) {
209	0					$self->status_add(
210						status => '-i may not be used in single instance mode',
211						error => 1,
212						);
213	0					return undef;
214						}
215
216						my $vars = {
217						enable_fastlog => $self->{config}{suricata}{enable_fastlog},
218						enable_syslog => $self->{config}{suricata}{enable_syslog},
219						filestore_enable => $self->{config}{suricata}{filestore_enable},
220						dhcp_in_alert_eve => $self->{config}{suricata}{dhcp_in_alert_eve},
221						dhcp_in_alert_eve => $self->{config}{suricata}{dhcp_in_alert_eve},
222						enable_pcap_log => $self->{config}{suricata}{enable_pcap_log},
223						logging => $self->{config}{suricata}{logging},
224	0					instance_part => '',
225						instance_part2 => '',
226						};
227
228	0					my $filled_in;
229	0					eval {
230						$filled_in = $self->{ixchel}->action(
231	0					action => 'template',
232						vars => $vars,
233						opts => {
234						np => 1,
235						t => 'suricata_outputs',
236						},
237						);
238
239	0	0				if ( $self->{opts}{w} ) {
240	0					write_file( $config_base . '/outputs.yaml', $filled_in );
241						}
242						};
243	0	0				if ($@) {
244	0					$self->status_add( status => $@, error => 1 );
245						} else {
246	0					$self->status_add( status => "Filled in...\n" . $filled_in );
247						}
248						} ## end else [ if ( $self->{config}{suricata}{multi_instance...})]
249
250	0					return undef;
251						} ## end sub action_extra
252
253						sub short {
254	0		0	1		return 'Generate a outputs include for suricata.';
255						}
256
257						sub opts_data {
258	0		0	1		return 'i=s
259						w
260						d=s
261						';
262						}
263
264						1;