summaryrefslogtreecommitdiffstats
path: root/samples/services/snort_ids/docker/grpc/snort_server.py
blob: 223461a1181bece2b0a382bd985e0975c3959920 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# Copyright (c) Authors of Clover
#
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0

from concurrent import futures
import time

import grpc
import subprocess
import os
import logging

import snort_pb2
import snort_pb2_grpc

_ONE_DAY_IN_SECONDS = 60 * 60 * 24
GRPC_PORT = '[::]:50052'


class Controller(snort_pb2_grpc.ControllerServicer):

    def __init__(self):
        logging.basicConfig(filename='snort.log', level=logging.DEBUG)
        self.snort = 0
        self.StartSnort("", "")

    # Add custom rules
    def AddRules(self, r, context):
        try:
            # file_local = 'testfile'
            file_local = '/etc/snort/rules/local.rules'
            f = open(file_local, 'a')
            if r.content:
                rule = 'alert {} {} {} -> {} {} '.format(
                    r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \
                    + '(msg:"{}"; content:{}; sid:{}; rev:{};)\n'.format(
                                          r.msg, r.content, r.sid, r.rev)
            else:
                rule = 'alert {} {} {} -> {} {} '.format(
                    r.protocol, r.src_ip, r.src_port, r.dest_ip, r.dest_port) \
                    + '(msg:"{}"; sid:{}; rev:{};)\n'.format(
                                          r.msg, r.sid, r.rev)
            f.write(rule)
            f.close
            msg = "Added to local rules"
        except Exception as e:
            msg = "Failed to add to local rules"
            logging.debug(e)
        return snort_pb2.SnortReply(message=msg)

    def StartSnort(self, request, context):
        try:
            if self.snort == 0:
                p = subprocess.Popen(
                  ["snort -i eth0 -u snort -g snort -c /etc/snort/snort.conf \
                                                -k none"], shell=True)
                self.snort = p
                msg = "Started Snort on pid: {}".format(p.pid)
            else:
                msg = "Snort already running"
        except Exception as e:
            self.snort = 0
            logging.debug(e)
            msg = "Failed to start Snort"
        return snort_pb2.SnortReply(message=msg)

    def StopSnort(self, request, context):
        try:
            subprocess.Popen.kill(self.snort)
            msg1 = "Stopped Snort on pid: {}, ".format(self.snort.pid)
            self.snort = 0
        except Exception as e:
            msg1 = "Failed to stop Snort, "
            logging.debug(e)
        try:
            # clear logs
            logPath = '/var/log/snort'
            logList = os.listdir(logPath)
            for logName in logList:
                os.remove(logPath+"/"+logName)
            msg2 = "Cleared Snort logs"
        except Exception as e:
            msg2 = "Failed to clear logs"
            logging.debug(e)
        msg = msg1 + msg2
        return snort_pb2.SnortReply(message=msg)


def serve():
    server = grpc.server(futures.ThreadPoolExecutor(max_workers=10))
    snort_pb2_grpc.add_ControllerServicer_to_server(Controller(), server)
    server.add_insecure_port(GRPC_PORT)
    server.start()
    try:
        while True:
            time.sleep(_ONE_DAY_IN_SECONDS)
    except KeyboardInterrupt:
        server.stop(0)


if __name__ == '__main__':
    serve()