• Your recent searches
CAPE-Utils
1 match

 view release on metacpan or  search on metacpan

src_bin/suricata_extract_submit  view on Meta::CPAN 

    {
      "foo": {
        "ua_auth": 1,
        "path_auth": 1,
        "ua_regex_allow": [
          "^foo bar$"
        ],
        "paths_regex_allow": [
          "^\\/derp.exe$"
        ],
        "final": 1
      }
    }

Each key will be tests twice. First with the IP set to the src
IP and then set to the client IP. The var mapping is as below.

    .http.http_user_agent -> ua
    .fileinfo.filename -> path

    .dest_ip -> ip
    .src_ip -> ip

=cut

my $help;
my $version;
GetOptions(
	'h'       => \$help,
	'help'    => \$help,
	'version' => \$version,
	'v'       => \$version,
);

if ($version) {
	version;
	exit 255;
}
if ($help) {
	pod2usage( -exitval => 255, -verbose => 2, -output => \*STDOUT, );
}

my $t          = localtime;
my $today_name = $t->strftime('%F');

# sends stuff to syslog
sub log_something {
	my ( $level, $message ) = @_;

	if ( !defined($level) ) {
		$level = 'info';
	}

	openlog( 'suricata_extract_submit', 'cons,pid', 'daemon' );
	syslog( $level, '%s', $message );
	closelog();

	print $message. "\n";
} ## end sub log_something

my $alive;
eval { $alive = Proc::PID::File->running(); };
if ($@) {
	log_something( 'err', 'PID file check failed... ' . $@ );
	exit 1;
}
if ($alive) {
	log_something( 'err', 'Already running as ' . $alive );
	exit 1;
}

log_something( 'info', 'Suricata Malware Extractor starting up..' );

# sensor config file
my $config_file = '/usr/local/etc/suricata_extract_submit.ini';
my $config      = Config::Tiny->read($config_file);
log_something( 'info', 'Config ' . $config_file . ' read...' );

# information for submitting it...
my $apikey = $config->{_}->{apikey};
if ( !defined($apikey) ) {
	$apikey = '';
}
my $url = $config->{_}->{url};
if ( !defined($url) ) {
	my $message = 'No malware detonator specified via the setting url';
	log_something( 'err', $message );
}

# make sure we have a slug
my $slug = $config->{_}->{slug};
if ( !defined($url) ) {
	my $message = 'No value for slug set';
	log_something( 'err', $message );
}

# get the file store dir
my $filestore = $config->{_}->{filestore};
if ( !defined($filestore) ) {
	$filestore = '/var/log/suricata/files/';
}

# get the env proxy
my $use_env_proxy = $config->{_}->{env_proxy};
if ( !defined($use_env_proxy) ) {
	$use_env_proxy = 0;
}

# get the stats file
my $stats_file = $config->{_}->{stats_file};
if ( !defined($stats_file) ) {
	$stats_file = '/var/cache/suricata_extract_submit_stats.json';
}

# get the ignoreMaxSize
my $max_size = $config->{_}->{ignoreMaxSize};
if ( !defined($max_size) ) {
	$max_size = '52428800';
}

# get the stats dir
my $stats_dir = $config->{_}->{stats_dir};
if ( !defined($stats_dir) ) {
	$stats_dir = '/var/cache/suricata_extract_submit_stats/';
}

my $stats_default = {
	sub                   => 0,



( run in 1.734 second using v1.01-cache-2.11-cpan-39bf76dae61 )