## unreleased
- Python 3 fixes.
+- Bundle a copy of the index which can be used if download source for
+ the index is not available, and no index was previously
+ downloaded. Warnings will be issued.
## 1.0.0b1 - 2018-01-19
- Various fixes for Python 3.
sdist-upload:
python setup.py sdist upload
+
+update-index:
+ python -m suricata.update.data.update
"suricata.update.configs",
"suricata.update.compat",
"suricata.update.compat.argparse",
+ "suricata.update.data",
],
url="https://github.com/OISF/suricata-update",
license="GPLv2",
return 0
if not os.path.exists(sources.get_index_filename()):
- logger.warning(
- "Source index does not exist, "
- "try running suricata-update update-sources.")
- return 1
+ logger.warning("Source index does not exist, will use bundled one.")
+ logger.warning("Please run suricata-update update-sources.")
source_index = sources.load_source_index(config)
from suricata.update import sources
from suricata.update import util
from suricata.update.commands.updatesources import update_sources
+from suricata.update import exceptions
logger = logging.getLogger()
def list_sources():
if not sources.source_index_exists(config):
logger.info("No source index found, running update-sources")
- update_sources()
+ try:
+ update_sources()
+ except exceptions.ApplicationError as err:
+ logger.warning("%s: will use bundled index.", err)
index = sources.load_source_index(config)
for name, source in index.get_sources().items():
print("%s: %s" % (util.bright_cyan("Name"), util.bright_magenta(name)))
--- /dev/null
+index = {'sources': {'oisf/trafficid': {'vendor': 'OISF', 'license': 'MIT', 'url': 'https://raw.githubusercontent.com/jasonish/suricata-trafficid/master/rules/traffic-id.rules', 'min-version': '4.0.0', 'support-url': 'https://redmine.openinfosecfoundation.org/', 'summary': 'Suricata Traffic ID ruleset'}, 'ptresearch/attackdetection': {'vendor': 'Positive Technologies', 'description': u'The Attack Detection Team searches for new vulnerabilities and 0-days, reproduces it and creates PoC exploits to understand how these security flaws work and how related attacks can be detected on the network layer. Additionally, we are interested in malware and hackers\u2019 TTPs, so we develop Suricata rules for detecting all sorts of such activities.\n', 'license': 'Custom', 'url': 'https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz', 'license-url': 'https://raw.githubusercontent.com/ptresearch/AttackDetection/master/LICENSE', 'summary': 'Positive Technologies Attack Detection Team ruleset'}, 'sslbl/ssl-fp-blacklist': {'url': 'https://sslbl.abuse.ch/blacklist/sslblacklist.rules', 'vendor': 'Abuse.ch', 'license': 'Non-Commercial', 'summary': 'Abuse.ch SSL Blacklist'}, 'et/open': {'url': 'https://rules.emergingthreats.net/open/suricata-%(__version__)s/emerging.rules.tar.gz', 'vendor': 'Proofpoint', 'license': 'MIT', 'summary': 'Emerging Threats Open Ruleset'}, 'scwx/security': {'vendor': 'Secureworks', 'description': 'Broad ruleset composed of malware rules and other security-related countermeasures, and curated by the Secureworks Counter Threat Unit research team.\n', 'license': 'Commercial', 'url': 'https://ws.secureworks.com/ti/ruleset/%(secret-code)s/Suricata_suricata-security_latest.tgz', 'summary': 'Secureworks suricata-security ruleset.', 'min-version': '2.0.9', 'subscribe-url': 'https://www.secureworks.com/contact/ (Please reference CTU Countermeasures)', 'parameters': {'secret-code': {'prompt': 'Secureworks Threat Intelligence Authentication Token'}}}, 'scwx/malware': {'vendor': 'Secureworks', 'description': 'High-fidelity, high-priority ruleset composed mainly of malware-related countermeasures and curated by the Secureworks Counter Threat Unit research team.\n', 'license': 'Commercial', 'url': 'https://ws.secureworks.com/ti/ruleset/%(secret-code)s/Suricata_suricata-malware_latest.tgz', 'summary': 'Secureworks suricata-malware ruleset.', 'min-version': '2.0.9', 'subscribe-url': 'https://www.secureworks.com/contact/ (Please reference CTU Countermeasures)', 'parameters': {'secret-code': {'prompt': 'Secureworks Threat Intelligence Authentication Token'}}}, 'et/pro': {'replaces': ['et/open'], 'vendor': 'Proofpoint', 'description': 'Proofpoint ET Pro is a timely and accurate rule set for detecting and blocking advanced threats\n', 'license': 'Commercial', 'url': 'https://rules.emergingthreatspro.com/%(secret-code)s/suricata-%(__version__)s/etpro.rules.tar.gz', 'summary': 'Emerging Threats Pro Ruleset', 'subscribe-url': 'https://www.proofpoint.com/us/threat-insight/et-pro-ruleset', 'parameters': {'secret-code': {'prompt': 'Emerging Threats Pro access code'}}}}, 'version': 1}
\ No newline at end of file
--- /dev/null
+# Copyright (C) 2018 Open Information Security Foundation
+#
+# You can copy, redistribute or modify this Program under the terms of
+# the GNU General Public License version 2 as published by the Free
+# Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# version 2 along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+import os.path
+
+try:
+ from urllib2 import urlopen
+except:
+ from urllib.request import urlopen
+
+import yaml
+
+def embed_index():
+ """Embed a copy of the index as a Python source file. We can't use a
+ datafile yet as there is no easy way to do with distutils."""
+ dist_filename = os.path.join(os.path.dirname(__file__), "index.py")
+ url = "https://raw.githubusercontent.com/jasonish/suricata-intel-index/master/index.yaml"
+ response = urlopen(url)
+ index = yaml.safe_load(response.read())
+ with open(dist_filename, "w") as fileobj:
+ fileobj.write("index = %s" % (str(index)))
+
+if __name__ == "__main__":
+ embed_index()
# If we have new sources, we also need to load the index.
if enabled_sources:
- index_filename = os.path.join(
- config.get_cache_dir(), sources.SOURCE_INDEX_FILENAME)
- if os.path.exists(index_filename):
- index = sources.Index(index_filename)
- else:
- index = None
+ index_filename = sources.get_index_filename()
+ if not os.path.exists(index_filename):
+ logger.warning("No index exists, will use bundled index.")
+ logger.warning("Please run suricata-update update-sources.")
+ index = sources.Index(index_filename)
for (name, source) in enabled_sources.items():
params = source["params"] if "params" in source else {}
from suricata.update import net
from suricata.update import util
from suricata.update import loghandler
+from suricata.update.data.index import index as bundled_index
logger = logging.getLogger()
def __init__(self, filename):
self.filename = filename
self.index = {}
- self.reload()
-
- def reload(self):
- index = yaml.safe_load(open(self.filename, "rb"))
- self.index = index
+ self.load()
+
+ def load(self):
+ if os.path.exists(self.filename):
+ index = yaml.safe_load(open(self.filename, "rb"))
+ self.index = index
+ else:
+ self.index = bundled_index
def resolve_url(self, name, params={}):
if not name in self.index["sources"]:
projects / thirdparty / suricata-update.git / commitdiff
