RmEye/Server/rule.py

import rule_engine
import rules.py.process as rule_process
import rules.py.action as rule_action
import plugin
g_sample_rule = {}
g_sample_rule['process'] = rule_process.rule
g_sample_rule['action'] = rule_action.rule

base_process_rules = []
base_action_rules = []
base_host_rules = []


def calc_score_in_action(log):
    global base_action_rules
    for iter in base_action_rules:
        for rule in iter['rules']:
            # 这是or
            try:
                if rule.matches(log):
                    return iter['score'], iter['name']
            except:
                print("error: {}  ".format(log))

    return 0, ''


def calc_score_in_create_process(log):
    global base_process_rules
    for iter in base_process_rules:
        for rule in iter['rules']:
            # 这是or
            if rule.matches(log):
                return iter['score'], iter['name']
    return 0, ''


def calc_score_in_host(log):
    global base_host_rules
    for iter in base_host_rules:
        for rule in iter['rules']:
            # 这是or
            if rule.matches(log):
                return iter['score'], iter['name']
    return 0, ''


def init_rule():
    global base_process_rules
    global base_action_rules
    global base_host_rules
    for iter in g_sample_rule['process']:
        temp_process_rules = []
        for iter_i in iter['rules']:
            print(iter_i)
            temp_process_rules.append(rule_engine.Rule(
                iter_i
            ))
        base_process_rules.append(
            {'name': iter['name'], 'score': iter['score'], 'rules': temp_process_rules})
    for iter in g_sample_rule['action']:
        temp_process_rules = []
        for iter_i in iter['rules']:
            print(iter_i)
            temp_process_rules.append(rule_engine.Rule(
                iter_i
            ))
        base_action_rules.append(
            {'name': iter['name'], 'score': iter['score'], 'rules': temp_process_rules})
        '''
    for iter in g_sample_rule['host']:
        temp_process_rules = []
        for iter_i in iter['rules']:
            print(iter_i)
            temp_process_rules.append(rule_engine.Rule(
                iter_i
            ))
        base_host_rules.append(
            {'name': iter['name'], 'score': iter['score'], 'rules': temp_process_rules})
    '''
    plugin.dispath_rule_init()
    print('init rule done')