diff options
author | Eddie Arrage <eddie.arrage@huawei.com> | 2018-03-20 23:51:35 +0000 |
---|---|---|
committer | Eddie Arrage <eddie.arrage@huawei.com> | 2018-03-31 00:11:00 +0000 |
commit | 56f50acd66d6f041b0347babb131150db3ca2023 (patch) | |
tree | 4a631df908d55fa7cd2fbf59c5854d06d811bf64 /samples/services/snort_ids/docker/grpc/snort_server.py | |
parent | c43c773fc33167f46461b4fd1ae58e40d390d59e (diff) |
Develop snort IDS and content inspect service
- Initial commit to show potential structure of a sample service
- This wil be part of a larger sample application currently dubbed
Service Delivery Controller
- Docker container needs to be built and employs open-source Linux packages
- Service is deployable in Istio service mesh using provided yaml
- Control snort daemon and add custom rules with GRPC messaging
- Process snort alerts actively and send to redis and upstream service
mesh components
- Integrates a web server for better HTTP signature detection
- Improved build script for CI with variables
- Render k8s yaml snort manifest dynamically with command
line options
- Improve snort_client sample script for runtime modifications
including passing args on CLI, error checking
- Update nginx proxy interface
- Added logging to snort server and alert process
Change-Id: Ic56f9fcd9ed21f64b84b85ac8ee280d69af7b7c9
Signed-off-by: Eddie Arrage <eddie.arrage@huawei.com>
Diffstat (limited to 'samples/services/snort_ids/docker/grpc/snort_server.py')
-rw-r--r-- | samples/services/snort_ids/docker/grpc/snort_server.py | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/samples/services/snort_ids/docker/grpc/snort_server.py b/samples/services/snort_ids/docker/grpc/snort_server.py new file mode 100644 index 0000000..3c2fdb1 --- /dev/null +++ b/samples/services/snort_ids/docker/grpc/snort_server.py @@ -0,0 +1,98 @@ +# Copyright (c) Authors of Clover +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 + +from concurrent import futures +import time + +import grpc +import subprocess +import os +import logging + +import snort_pb2 +import snort_pb2_grpc + +_ONE_DAY_IN_SECONDS = 60 * 60 * 24 +GRPC_PORT = '[::]:50052' + + +class Controller(snort_pb2_grpc.ControllerServicer): + + def __init__(self): + logging.basicConfig(filename='snort.log', level=logging.DEBUG) + self.snort = 0 + self.StartSnort("", "") + + # Add custom rules + def AddRules(self, r, context): + try: + # file_local = 'testfile' + file_local = '/etc/snort/rules/local.rules' + f = open(file_local, 'a') + rule = 'alert {} {} {} -> {} {} '.format( + r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \ + + '(msg:"{}"; sid:{}; rev:{};)\n'.format(r.msg, r.sid, r.rev) + f.write(rule) + f.close + msg = "Added to local rules" + except Exception as e: + msg = "Failed to add to local rules" + logging.debug(e) + return snort_pb2.SnortReply(message=msg) + + def StartSnort(self, request, context): + try: + if self.snort == 0: + p = subprocess.Popen( + ["snort -i eth0 -u snort -g snort -c /etc/snort/snort.conf \ + -k none"], shell=True) + self.snort = p + msg = "Started Snort on pid: {}".format(p.pid) + else: + msg = "Snort already running" + except Exception as e: + self.snort = 0 + logging.debug(e) + msg = "Failed to start Snort" + return snort_pb2.SnortReply(message=msg) + + def StopSnort(self, request, context): + try: + subprocess.Popen.kill(self.snort) + msg1 = "Stopped Snort on pid: {}, ".format(self.snort.pid) + self.snort = 0 + except Exception as e: + msg1 = "Failed to stop Snort, " + logging.debug(e) + try: + # clear logs + logPath = '/var/log/snort' + logList = os.listdir(logPath) + for logName in logList: + os.remove(logPath+"/"+logName) + msg2 = "Cleared Snort logs" + except Exception as e: + msg2 = "Failed to clear logs" + logging.debug(e) + msg = msg1 + msg2 + return snort_pb2.SnortReply(message=msg) + + +def serve(): + server = grpc.server(futures.ThreadPoolExecutor(max_workers=10)) + snort_pb2_grpc.add_ControllerServicer_to_server(Controller(), server) + server.add_insecure_port(GRPC_PORT) + server.start() + try: + while True: + time.sleep(_ONE_DAY_IN_SECONDS) + except KeyboardInterrupt: + server.stop(0) + + +if __name__ == '__main__': + serve() |