snort_rules/doc/signatures 规则解析放入MySql数据中
来源:互联网 发布:沙龙 陈奕迅 知乎 编辑:程序博客网 时间:2024/05/29 10:33
程序功能描述:
对snort_rules/doc/signatures 下的所有规则文件(如图1),进行单个规则文件读取(每个文件如图2所示),提取对规则的描述信息,然后对应PID-SID为关键字存储到MySql数据库当中(如图3所示)
图1——signatures文件夹,文件目录截图
图2——单个规则文件打开截图
图3——运行最终结果图
程序代码:
Parserules.c
流程:1.遍历整个目录,2.取出每个文件,3.解析每个文件,4.将解析结果存入数据库
#include <stdio.h>#include <dirent.h>#include <string.h>#include <stdlib.h>#include "/usr/include/mysql/mysql.h"#define BUFF_SIZE 1024#define MAX_PATH 200#define RULESDIR "/root/snort_rules/doc/signatures"#define RULESDIRTEST "/root/snort_rules/doc/test"#define CONTENT_SIZE 10240#define MYSQLBUFF_SIZE 102400/** 定义连接信息*/#define MYSQL_CONNECT_IP "XXX.XXX.XXX.XXX"#define MYSQL_USER_NAME "root"#define MYSQL_USER_PWD "passwd" #define MYSQL_DATABASE "databaseName"struct ParseContent{ char summary[CONTENT_SIZE]; char impact[CONTENT_SIZE]; char detailedInfo[CONTENT_SIZE]; char affectSystem[CONTENT_SIZE]; char attackscenar[CONTENT_SIZE]; char easeOfAttack[CONTENT_SIZE]; char falsePostitves[CONTENT_SIZE]; char falseNegatives[CONTENT_SIZE]; char correctiveAction[CONTENT_SIZE];}ruleStruct;MYSQL *conn_global;int insertfileNum;int insetFailNum;int Parserule(char *chFileNameIn);int mysqlInit();int InsertDatebase(char *psid[2],char *chFileNameIn);void strReplace(char *context);int main(){ char filePath[MAX_PATH]=RULESDIRTEST; char chFileNameIn[MAX_PATH]={0}; char *psid[2]; char *p; int i; DIR *dir; struct dirent *ptr; insertfileNum=0; insetFailNum=0; mysqlInit(); if(filePath==NULL) { printf("file path is empty"); return -1; } if((dir=opendir(filePath))==NULL) { printf("can not open the dir: %s \n",filePath); return -1; } while((ptr=readdir(dir))!=NULL) { if(strcmp(ptr->d_name,".")==0||strcmp(ptr->d_name,"..")==0) continue; memset(chFileNameIn,'\0',MAX_PATH); if(ptr->d_type==DT_REG) { sprintf(chFileNameIn,"%s/%s",filePath,ptr->d_name); if(strstr(ptr->d_name,"-")!=NULL) { p=strtok(ptr->d_name,"-"); for(i=0;p!=NULL;i++) { psid[i]=p; p=strtok(NULL,"-"); } } else { psid[0]="1"; psid[1]=ptr->d_name; } psid[1]=strtok(psid[1],"."); //printf("this current file name is : %s the pid:%s the sid:%s\n",chFileNameIn,psid[0],psid[1]); Parserule(chFileNameIn); InsertDatebase(psid,chFileNameIn); } } mysql_close(conn_global); printf("共尝试插入%5d 个文件\n",insertfileNum); printf("插入失败 %5d 个文件\n",insetFailNum); return 0;}int mysqlInit(){ if( (conn_global=mysql_init(NULL))==NULL ) { printf("mysql connection init error!\n"); return 0; } if(!mysql_real_connect(conn_global,"MYSQL_CONNECT_IP","MYSQL_USER_NAME","MYSQL_USER_PWD","MYSQL_DATABASE",0,NULL,0)) { printf("Failed to connect to Mysql!\n"); return 0; } //printf("mysql connect success!\n");}int Parserule(char *pFileNameIn){ FILE *pFileIn; char chBuff[BUFF_SIZE]; int lineNum=0; memset(ruleStruct.summary,'\0',CONTENT_SIZE); memset(ruleStruct.impact,'\0',CONTENT_SIZE); memset(ruleStruct.detailedInfo,'\0',CONTENT_SIZE); memset(ruleStruct.affectSystem,'\0',CONTENT_SIZE); memset(ruleStruct.attackscenar,'\0',CONTENT_SIZE); memset(ruleStruct.easeOfAttack,'\0',CONTENT_SIZE); memset(ruleStruct.falsePostitves,'\0',CONTENT_SIZE); memset(ruleStruct.falseNegatives,'\0',CONTENT_SIZE); memset(ruleStruct.correctiveAction,'\0',CONTENT_SIZE); pFileIn=fopen(pFileNameIn,"r"); if(pFileIn==NULL) { printf("can not open the file:%s\n",pFileNameIn); return 0; } while(!feof(pFileIn)) { lineNum++; //printf("第 %2d 行:",lineNum); memset(chBuff,'\0',BUFF_SIZE); fgets(chBuff,BUFF_SIZE,pFileIn); if(strcmp(chBuff,"Summary:\n")==0) { while(strcmp(chBuff,"--\n")!=0) { memset(chBuff,'\0',BUFF_SIZE); fgets(chBuff,BUFF_SIZE,pFileIn); if(strcmp(chBuff,"--\n")!=0) { strcat(ruleStruct.summary,chBuff); } } strReplace(ruleStruct.summary); } if(strcmp(chBuff,"Impact:\n")==0) { while(strcmp(chBuff,"--\n")!=0) { memset(chBuff,'\0',BUFF_SIZE); fgets(chBuff,BUFF_SIZE,pFileIn); if(strcmp(chBuff,"--\n")!=0) { strcat(ruleStruct.impact,chBuff); } } strReplace(ruleStruct.impact); } if(strcmp(chBuff,"Detailed Information:\n")==0) { while(strcmp(chBuff,"--\n")!=0) { memset(chBuff,'\0',BUFF_SIZE); fgets(chBuff,BUFF_SIZE,pFileIn); if(strcmp(chBuff,"--\n")!=0) { strcat(ruleStruct.detailedInfo,chBuff); } } strReplace(ruleStruct.detailedInfo); } if(strcmp(chBuff,"Affected Systems:\n")==0) { while(strcmp(chBuff,"--\n")!=0) { memset(chBuff,'\0',BUFF_SIZE); fgets(chBuff,BUFF_SIZE,pFileIn); if(strcmp(chBuff,"--\n")!=0) { strcat(ruleStruct.affectSystem,chBuff); } } strReplace(ruleStruct.affectSystem); } if(strcmp(chBuff,"Attack Scenarios:\n")==0) { while(strcmp(chBuff,"--\n")!=0) { memset(chBuff,'\0',BUFF_SIZE); fgets(chBuff,BUFF_SIZE,pFileIn); if(strcmp(chBuff,"--\n")!=0) { strcat(ruleStruct.attackscenar,chBuff); } } strReplace(ruleStruct.attackscenar); } if(strcmp(chBuff,"Ease of Attack:\n")==0) { while(strcmp(chBuff,"--\n")!=0) { memset(chBuff,'\0',BUFF_SIZE); fgets(chBuff,BUFF_SIZE,pFileIn); if(strcmp(chBuff,"--\n")!=0) { strcat(ruleStruct.easeOfAttack,chBuff); } } strReplace(ruleStruct.easeOfAttack); } if(strcmp(chBuff,"False Positives:\n")==0) { while(strcmp(chBuff,"--\n")!=0) { memset(chBuff,'\0',BUFF_SIZE); fgets(chBuff,BUFF_SIZE,pFileIn); if(strcmp(chBuff,"--\n")!=0) { strcat(ruleStruct.falsePostitves,chBuff); } } strReplace(ruleStruct.falsePostitves); } if(strcmp(chBuff,"False Negatives:\n")==0) { while(strcmp(chBuff,"--\n")!=0) { memset(chBuff,'\0',BUFF_SIZE); fgets(chBuff,BUFF_SIZE,pFileIn); if(strcmp(chBuff,"--\n")!=0) { strcat(ruleStruct.falseNegatives,chBuff); } } strReplace(ruleStruct.falseNegatives); } if(strcmp(chBuff,"Corrective Action:\n")==0) { while(strcmp(chBuff,"--\n")!=0) { memset(chBuff,'\0',BUFF_SIZE); fgets(chBuff,BUFF_SIZE,pFileIn); if(strcmp(chBuff,"--\n")!=0) { strcat(ruleStruct.correctiveAction,chBuff); } } strReplace(ruleStruct.correctiveAction); } } fclose(pFileIn);}void strReplace(char *context){ int i; for(i=0;i<strlen(context);i++) { if((context[i]=='\"')||(context[i]=='\'')) context[i]='`'; }}int InsertDatebase(char *psid[2],char *chFileNameIn){ insertfileNum++; //printf("正在插入第 %5d 个文件\n",insertfileNum); //printf("pid:%s,sid:%s,summary: %s\n impact : %s\n detailinfo : %s\n affectsystm: %s\n attackscenar:%s\n easeofattack:%s\n falsePostives:%s\n falseNegatives:%s\n coorectiveAction:%s\n",psid[0],psid[1],ruleStruct.summary,ruleStruct.impact,ruleStruct.detailedInfo,ruleStruct.affectSystem,ruleStruct.attackscenar,ruleStruct.easeOfAttack,ruleStruct.falsePostitves,ruleStruct.falseNegatives,ruleStruct.correctiveAction); char mysqlbuf[MYSQLBUFF_SIZE]; memset(mysqlbuf,'\0',MYSQLBUFF_SIZE); sprintf(mysqlbuf,"INSERT INTO rule_detail (PID,SID,DESCRIPTION,IMPACT,DETAIL,EFFECT,ATTACKSCEN,EASEOFATTACK,FALSEPOSTITVES,FALSENEGATIVES,RESOLUTION)VALUES('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')",psid[0],psid[1],ruleStruct.summary,ruleStruct.impact,ruleStruct.detailedInfo,ruleStruct.affectSystem,ruleStruct.attackscenar,ruleStruct.easeOfAttack,ruleStruct.falsePostitves,ruleStruct.falseNegatives,ruleStruct.correctiveAction); //printf("the sql:\n %s",mysqlbuf); if(mysql_real_query(conn_global,mysqlbuf,(unsigned long)strlen(mysqlbuf))) { insetFailNum++; printf("insert the file %s failed!\n",chFileNameIn); return 0; } return 1;}
编译命令:
gcc -o parseRule Parserules.c -I/usr/include/mysql -rdynamic -L/usr/lib64/mysql -lmysqlclient
- snort_rules/doc/signatures 规则解析放入MySql数据中
- 向剪贴板中放入数据
- 往sdcard中放入数据
- set中怎么放入结构体数据
- 读取txt每行数据,放入list中
- 网络加载数据放入数据库中
- mysql中批量添加一定规则的数据
- 解析txt后放入list中,太初级了。。
- 将网络解析的图片数组放入scrollview中
- 解析txt后放入list中,太初级了。。
- 把数据库中数据放入select下拉列表中
- 将数据从文件中读出来放入list中
- json解析放入数据库
- 把查询的数据放入多维数组中
- 如何将表单中复选框中的数据放入数据库
- java 将数据库中的数据取出放入数组中
- java 将数据库中的数据取出放入数组中
- C#中将大量不变的数据放入cache中
- 110408 Football (aka Soccer)
- 杂记
- IEEE754标准实数转化类(转)
- css盒子模型 在不同浏览器中的差别
- c 动态内存分配
- snort_rules/doc/signatures 规则解析放入MySql数据中
- 三维计算几何模板整理
- Lua学习笔记(八)
- ubuntu 安装gcc
- debug 宏
- log4j 分级别写入不同的日志文件
- NEERC 2008 Aerodynamics
- wordpress标签列表
- The reference to entity "characterEncoding" must end with the ';' delimiter