From dfc73ba2cadcb98506dabc32c7f31ded1a476ef6 Mon Sep 17 00:00:00 2001
From: thomashaw <thomashaw@gmail.com>
Date: Sun, 10 Jul 2022 17:27:04 +0100
Subject: [PATCH] web_test -- test if it works w/ proxy or not

---
 lib/helpers/rules.rb                          |  7 +--
 .../files/alert_actioner/web_test.rb          | 49 +++++++++++++++++++
 2 files changed, 53 insertions(+), 3 deletions(-)
 create mode 100644 modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/web_test.rb

diff --git a/lib/helpers/rules.rb b/lib/helpers/rules.rb
index c32e67596..183779bc3 100644
--- a/lib/helpers/rules.rb
+++ b/lib/helpers/rules.rb
@@ -69,10 +69,11 @@ class Rules
         "filter:\n" +
         "  - query:\n" +
         "      query_string:\n" +
-        # TODO: Test the timing of this simpler rule
-        '        query: "combined_path: \"' + goal['file_path'] + '\" AND auditd.result: success AND event.action: opened-file AND process.executable: \"/bin/cat\")"' + "\n" +
+        '        query: "combined_path: \"' + goal['file_path'] + '\" AND auditd.result: success AND event.action: opened-file AND (process.executable: \"/bin/cat\" OR process.executable: \"/usr/bin/vim.basic\" OR process.executable: \"/bin/less\" OR process.executable: \"/bin/more\" OR process.executable: \"/bin/nano\" OR process.executable: \"/usr/bin/kate\")"' + "\n" +
+        # Different OR clause in EA
+        #
         # TODO: WIP - improve this rule!
-        # The rule with KATE etc in, takes 30 sec ish to run! '        query: "combined_path: \"' + goal['file_path'] + '\" AND auditd.result: success AND event.action: opened-file AND (process.executable: \"/bin/cat\" OR process.executable: \"/usr/bin/vim.basic\" OR process.executable: \"/bin/less\" OR process.executable: \"/bin/more\" OR process.executable: \"/bin/nano\" OR process.executable: \"/usr/bin/kate\")"' + "\n" +
+        #
         #
         # '        query: "combined_path: \"' + goal['file_path'] + '\" AND auditd.result: success AND event.action: opened-file"' + "\n" +
         #
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/web_test.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/web_test.rb
new file mode 100644
index 000000000..d83feddaf
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/web_test.rb
@@ -0,0 +1,49 @@
+require 'net/http'
+require 'uri'
+
+class WebActioner
+  attr_accessor :url
+  attr_accessor :request_type
+  attr_accessor :data
+
+  def initialize
+    self.url = "http://www.google.com"
+    self.request_type = "GET"
+    self.data = nil
+  end
+
+  def run
+    uri = URI.parse(self.url)
+
+    case self.request_type
+    when 'GET'
+      response = Net::HTTP.get_response(uri)
+    when 'POST'
+      request = Net::HTTP::Post.new(uri.request_uri, 'Content-Type' => 'application/json')
+      request.body = self.data
+      response = Net::HTTP.start(uri.hostname, uri.port) do |http|
+        http.request(request)
+      end
+    when 'PUT'
+      # TODO: later
+      response = ''
+    when 'DELETE'
+      # TODO: later
+      response = ''
+    else
+      response = Net::HTTP.get_response(uri)
+    end
+    puts response.body.to_s
+    puts
+    puts
+    puts "Web Action complete"
+  end
+
+  # TODO: Override me in superclass to print actioner type + all parameters??
+  def to_s
+    "WebActioner:\n  URL: #{self.url}\n  Request Type: #{self.request_type}\n  Data: #{self.data.to_s}"
+  end
+
+end
+
+WebActioner.new.run
\ No newline at end of file