forked from OISF/suricata
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathunix.sh
executable file
·92 lines (79 loc) · 2.02 KB
/
unix.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#!/bin/bash
# Script for QA purposes to exercise the unix socket runmode.
# Call from the suricata directory, with a single argument:
# Path to a checkout out Suricata-Verify repo.
# The script will start Suricata, then find all pcap files from the
# SV repo and use the unix socket to pass them to Suricata.
set -x
#set -e
SV="$1"
PCAPS="${SV}/tests/"
USOCKET="/var/run/suricata/suricata.socket"
mkdir -p /var/run/suricata/
# Use ET open from SV
RULES="${SV}/tests/test-ruleparse-etopen-01/emerging-all.rules"
VERBOSE=""
UnixCommand () {
COMMAND=$1
PYTHONPATH=python/ python3 python/bin/suricatasc -c "${COMMAND}" ${USOCKET}
}
Start () {
src/suricata -c suricata.yaml --unix-socket --set "default-log-dir=." \
--set "unix-command.filename=$USOCKET" -S ${RULES} \
--set classification-file=classification.config \
--set reference-config-file=reference.config -k none &
SURIPID=$!
echo "SURIPID $SURIPID"
}
Stop () {
echo "sending shutdown command"
UnixCommand shutdown
echo "waiting for suri $SURIPID to exit"
wait $SURIPID
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
echo "FAILURE"
exit 1
else
echo "success"
exit 0
fi
}
SocketReady() {
RETVAL=255
CNT=0
while [ $RETVAL -ne 0 ]; do
UnixCommand version
RETVAL=$?
sleep 1
((CNT++))
if [ $CNT -eq 300 ]; then
echo "ERROR: failed to start up"
exit 1
fi
done
}
FeedPcaps() {
PCAPLIST=$(find ${PCAPS} -type f -name '*.pcap')
for P in $PCAPLIST; do
UnixCommand "pcap-file ${P} ."
done
# wait for engine to report 0 pcaps in list
CNT=1
while [ $CNT -ne 0 ]; do
RAWCNT=$(UnixCommand pcap-file-number)
CNT=$(echo $RAWCNT|jq -r 'select(.message)|.message')
sleep 3
echo $CNT
done
echo "FeedPcaps: loop done"
sleep 60
echo "FeedPcaps: end"
}
Start
SocketReady
FeedPcaps
echo "stopping suri"
Stop
echo "suri stopped"
exit 0