evectl 0.1.0-alpha.4

Controller Suricata and EveBox
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

// SPDX-FileCopyrightText: (C) 2024 Jason Ish <jason@codemonkey.net>
// SPDX-License-Identifier: MIT

use crate::{add_index, context::Context, term, SelectItem};

pub(crate) fn menu(context: &mut Context) {
    loop {
        term::title("Simple IDS: Configure Suricata");

        let current_bpf = if let Some(bpf) = &context.config.suricata.bpf {
            format!(" [{}]", bpf)
        } else {
            "".to_string()
        };

        let selections = vec![
            SelectItem::new("bpf-filter", format!("BPF filter{}", current_bpf)),
            SelectItem::new("return", "Return"),
        ];

        let selections = add_index(&selections);

        match inquire::Select::new("Select an option", selections).prompt() {
            Ok(selection) => match selection.tag.as_ref() {
                "bpf-filter" => set_bpf_filter(context),
                _ => return,
            },
            Err(_) => return,
        }
    }
}

fn set_bpf_filter(context: &mut Context) {
    let default = context
        .config
        .suricata
        .bpf
        .as_ref()
        .map(|s| s.to_string())
        .unwrap_or("".to_string());
    if let Ok(filter) = inquire::Text::new("Enter BPF filter")
        .with_default(&default)
        .prompt()
    {
        context.config.suricata.bpf = Some(filter);
        context.config.save().unwrap();
    }
}