1 #!/usr/bin/python
2
3 import sys
4 from shutil import copyfile
5 import filecmp
6 import os
7 import subprocess
8
9 def updateFile (status, snortRulesFileName):
10 print "working with file " + snortRulesFileName
11 ruleFile = open(snortRulesFileName, 'r')
12 w = open('output.txt', 'w')
13
14 if status.lower() == "enable":
15 for line in ruleFile:
16 # Get the first 7 characters
17 chars = line[:7]
18 if chars == "# alert":
19 line = line[2:] # Remove first two beginning characters
20 # Write the rule to another file
21 w.write(line)
22
23 if status.lower() == "disable":
24 for line in ruleFile:
25 # Add the comment chars
26 # Get the first five characters of the line
27 chars = line[:5]
28 if chars == "alert":
29 line = '# ' + line
30 # print line
31 w.write(line)
32 ruleFile.close()
33 # Copy the output file to the original file
34 #copyfile('output.txt', snortRulesFileName)
35 w.close()
36 res = subprocess.check_output(["cp", "output.txt", snortRulesFileName])
37 for line in res.splitlines():
38 print line
39 #subprocess.Popen("cp output.txt " + snortRulesFileName)
40 # Then delete the output file
41 os.remove('output.txt')
42
43 try:
44 n, status, snortRulesFileName = sys.argv
45 except ValueError:
46 print "Description: This script (un)comments rules in Snort rule files. " \
47 "Modifying of rule lines starts at line 30, and goes till the end of the rule file. " \
48 "Note: To uncomment rules, the rules must start in the following format: \"# \". " \
49 "To comment rules, there must not be any text before the rule, nor spaces.\n" \
50 "Arguments: Status[enable/disable] Name of Rule File"
51 sys.exit(1)
52
53 isaDirectory = os.path.isdir(snortRulesFileName)
54 isaFile = os.path.isfile(snortRulesFileName)
55
56 if(isaDirectory):
57 print "I notice this is a directory. Going to recursively modify the files"
58 files = os.listdir(snortRulesFileName)
59 for filename in files:
60 print "CHecking file: " + "/etc/snort/rules/"+filename
61 if os.path.isfile("/etc/snort/rules/"+filename):
62 print "this is a file!!!"
63 updateFile(status, snortRulesFileName + filename)
64 else:
65 print "File detected." + snortRulesFileName
66 updateFile(status, snortRulesFileName)
67
68 # Default input is to generate backup file
69 user_response = raw_input("Would you first like to make a backup of the snort rules? [Y/n]: ")
70 while user_response != "y" and user_response != "" and user_response != "n":
71 user_response = raw_input("Invalid user input. Please try again.\n"
72 "Would you first like to make a backup of the snort rules? [Y/n]: ")
73
74 if user_response == "y" or user_response == "":
75 # Name of the new backup file we are going to generate
76 backupFilename = snortRulesFileName + ".orig"
77 # Make a backup of the file with the extension of ".backup"
78 print "Making backup file..."
79 # Make a copy of the file
80 copyfile(snortRulesFileName, backupFilename)
81 print "Checking if backup file is identical to original..."
82 # Check to see if identical file matches contents of new backup file before proceeding
83 result = cmp(snortRulesFileName, backupFilename)
84 if result:
85 print "Success! Continuing..."
86 else:
87 print "[!] Failure. Exiting."
88 sys.exit(1)
89 else:
90 # Don't make a backup of the file
91 print "OK, don't say I didn't ask! Skipping backup of file"
92
93
94 #modifiedLines = "{:,}".format(modifiedLines)
95 #print "Script done executing. " + status + " " + str(modifiedLines) + " rules."
|
