_input_pcap="pcapfile(path: test/)]"
_mode="[rbac-ac|ac|rbac|rb]"
_file="[new|hold]"
_ntests="[(number of tests)]"
usage="usage: $0 $_input_pcap $_mode $_file $_ntests {comments}"
snort_dir="/usr/local/snort"
snort_bin_dir="$snort_dir/bin"
snort_etc_dir="$snort_dir/etc"
pcap_dir=".../test/"
rbac=" RB AC+Match AC Match MPSE Total Fi_Rate(%) SE_Rate(%) Alerts Patterns BF_Pats AbColl ReColl b ß hash bf matrix {$5}"
ac=" AC+Match AC Match MPSE Total SE_Rate Alerts Patterns {$5}"
if [ $# -lt 4 ]
then
echo $usage
exit
else
file=$1
case $2 in
"rbac-ac")
snort_conf_rbac="$snort_etc_dir/snort_rbac.conf"
snort_conf_ac="$snort_etc_dir/snort_ac.conf";;
"ac")
snort_conf="$snort_etc_dir/snort_ac.conf";;
"rbac")
snort_conf="$snort_etc_dir/snort_rbac.conf";;
"rb")
snort_conf="$snort_etc_dir/snort_rb.conf";;
*)
echo "error in second parameter: $_mode"
snort_conf="ERROR"
echo $usage
exit;;
esac
case $3 in
"new")
case $2 in
"rbac-ac")
date +"%F %X" > log_rbac.csv
echo "$rbac" >> log_rbac.csv
date +"%F %X" > log_ac.csv
echo "$ac" >> log_ac.csv;;
*)
date +"%F %X" > log_$2.csv
case $2 in
"ac")
echo "$ac" >> log_ac.csv;;
"rb")
echo " RB {$5}" >> log_rb.csv;;
"rbac")
echo "$rbac" >> log_rbac.csv;;
esac;;
esac;;
"hold")
case $2 in
"rbac-ac")
date +"%F %X" >> log_rbac.csv
echo "$rbac" >> log_rbac.csv
date +"%F %X" >> log_ac.csv
echo "$ac" >> log_ac.csv;;
*)
date +"%F %X" >> log_$2.csv
case $2 in
"ac")
echo "$ac" >> log_ac.csv;;
"rb")
echo " RB {$5}" >> log_rb.csv;;
"rbac")
echo "$rbac" >> log_rbac.csv;;
esac;;
esac;;
*)
echo "error in third parameter: $_file"
snort_conf="ERROR"
echo $usage
exit;;
esac
fi
for ((i=1; i<=$4; i++));
do
case $2 in
"rbac-ac")
echo "$i -> $snort_bin_dir/snort -c $snort_conf_rbac --daq pcap --daq-mode read-file -r $pcap_dir$file"
sudo $snort_bin_dir/snort -c $snort_conf_rbac --daq pcap --daq-mode read-file -r $pcap_dir$file
echo "$i -> $snort_bin_dir/snort -c $snort_conf_ac --daq pcap --daq-mode read-file -r $pcap_dir$file"
sudo $snort_bin_dir/snort -c $snort_conf_ac --daq pcap --daq-mode read-file -r $pcap_dir$file;;
*)
echo "$i -> $snort_bin_dir/snort -c $snort_conf --daq pcap --daq-mode read-file -r $pcap_dir$file"
sudo $snort_bin_dir/snort -c $snort_conf --daq pcap --daq-mode read-file -r $pcap_dir$file;;
esac
done
case $2 in
"rbac-ac")
echo "-> $snort_bin_dir/snort -c $snort_conf_rbac --daq pcap --daq-mode read-file -r $pcap_dir$file"
echo "-> $snort_bin_dir/snort -c $snort_conf_ac --daq pcap --daq-mode read-file -r $pcap_dir$file";;
*)
echo "-> $snort_bin_dir/snort -c $snort_conf --daq pcap --daq-mode read-file -r $pcap_dir$file";;
esac
sudo rm /var/log/snort/snort.*
sed -i 's/\./\,/g' *.csv
e-REdING. Biblioteca de la Escuela Superior de Ingenieros de Sevilla.
