init

2022-08-22 20:14:03 +08:00
parent 7a2dad9291
commit 3475c90afe
50 changed files with 5523 additions and 19 deletions
--- a/Server/rule.py
+++ b/Server/rule.py
@@ -0,0 +1,82 @@
+import rule_engine
+import rules.py.process as rule_process
+import rules.py.action as rule_action
+import plugin
+g_sample_rule = {}
+g_sample_rule['process'] = rule_process.rule
+g_sample_rule['action'] = rule_action.rule
+
+base_process_rules = []
+base_action_rules = []
+base_host_rules = []
+
+
+def calc_score_in_action(log):
+    global base_action_rules
+    for iter in base_action_rules:
+        for rule in iter['rules']:
+            # 这是or
+            try:
+                if rule.matches(log):
+                    return iter['score'], iter['name']
+            except:
+                print("error: {}  ".format(log))
+
+    return 0, ''
+
+
+def calc_score_in_create_process(log):
+    global base_process_rules
+    for iter in base_process_rules:
+        for rule in iter['rules']:
+            # 这是or
+            if rule.matches(log):
+                return iter['score'], iter['name']
+    return 0, ''
+
+
+def calc_score_in_host(log):
+    global base_host_rules
+    for iter in base_host_rules:
+        for rule in iter['rules']:
+            # 这是or
+            if rule.matches(log):
+                return iter['score'], iter['name']
+    return 0, ''
+
+
+def init_rule():
+    global base_process_rules
+    global base_action_rules
+    global base_host_rules
+    for iter in g_sample_rule['process']:
+        temp_process_rules = []
+        for iter_i in iter['rules']:
+            print(iter_i)
+            temp_process_rules.append(rule_engine.Rule(
+                iter_i
+            ))
+        base_process_rules.append(
+            {'name': iter['name'], 'score': iter['score'], 'rules': temp_process_rules})
+    for iter in g_sample_rule['action']:
+        temp_process_rules = []
+        for iter_i in iter['rules']:
+            print(iter_i)
+            temp_process_rules.append(rule_engine.Rule(
+                iter_i
+            ))
+        base_action_rules.append(
+            {'name': iter['name'], 'score': iter['score'], 'rules': temp_process_rules})
+        '''
+    for iter in g_sample_rule['host']:
+        temp_process_rules = []
+        for iter_i in iter['rules']:
+            print(iter_i)
+            temp_process_rules.append(rule_engine.Rule(
+                iter_i
+            ))
+        base_host_rules.append(
+            {'name': iter['name'], 'score': iter['score'], 'rules': temp_process_rules})
+    '''
+    plugin.dispath_rule_init()
+    print('init rule done')