Wrong syntax in policy rule file

[Amixtika]

When using the policy mode, the rules is created with invalid syntax, the following code change will resolve this issue:

            `fh.write(f'{rule["action"]} (gid:{rule["gid"]}; sid:{rule["sid"]}; enable;)\n')`

Note the added ; add the end of the line, this way SNORT loads the policy file correctly.

The instructions in the generated rules file is also incorrect, these can be updated with the following change:

# Prepare rules for output
    log.info(f'Writing rules to:  {conf.rule_path}')
    header = ('#-------------------------------------------------------------------\n'
              f'#  Rules file created by {SCRIPT_NAME}  at {conf.start_time}\n'
              '#  \n'
              '#  To Use this file: in your snort.lua, you need the following settings:\n'
              '#  ips =\n'
              '#  {{\n'
              '#  rules = [\n'
              f'#      include = "{conf.rule_path}",\n'
              '#  ],\n')
    if conf.rule_mode == 'policy':
        header += ('#  states = [\n' 
                   f'#      include "{conf.policy_path}",\n'
                   '#  ],\n'
                   '#      ...\n'
                   '#  }}\n#\n'
                   '#  detection=\n'
                   '#  {{\n'
                   '#      global_default_rule_state = false,\n')
    header += '#      ...\n'
    header += '#  }}\n#\n'

[amishmm]

Pull request is the right way to post / propose your code changes.

Pull requests documentation