aoandon 0.0.1 → 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: d60b2d838c6206b56aae170861b9d40aebd5b2c4d5f857b0d53f7ef5fdce5ca9
4
+ data.tar.gz: 119c1e89887f10c8ec64554357f9e0e74f1c82e6b8c3703450c29fc81da9c3b0
5
+ SHA512:
6
+ metadata.gz: 562da47deae49df1c8b8d9ddf41647fc902e67235e4876ea29479d136dafd9d6e303b8280dfca90266365916c37800f768f2371d470571b4f1b8ed9e368fe0c2
7
+ data.tar.gz: b5b623f88e1af383901b7ae3c85a7d91876076537a9bc09bd82a4471adc51ca390c7b5d68c481d4743a525b95a6ce476bb8182f62d98736d3261ad1e412c6b62
data/LICENSE.md ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2012-2021 Cyril Kato
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md CHANGED
@@ -1,22 +1,71 @@
1
1
  # Aoandon
2
2
 
3
- Aoandon (青行燈) is a minimalist network intrusion detection system (NIDS).
3
+ <span lang="ja"><ruby>青<rt>ao</rt>行燈<rt>andon</rt></ruby></span> is a minimalist network intrusion detection system (NIDS).
4
4
 
5
- ![Blue andon creature](https://raw.github.com/cyril/aoandon/master/blue-andon-creature.jpg)
5
+ ![Blue andon creature](https://raw.githubusercontent.com/cyril/aoandon.rb/main/blue-andon-creature.jpg)
6
+
7
+ ## Status
8
+
9
+ [![Gem Version](https://badge.fury.io/rb/aoandon.svg)](https://badge.fury.io/rb/aoandon)
10
+ [![Build Status](https://travis-ci.org/cyril/aoandon.rb.svg?branch=main)](https://travis-ci.org/cyril/aoandon.rb)
11
+ [![Inline Docs](https://inch-ci.org/github/cyril/aoandon.rb.svg)](https://inch-ci.org/github/cyril/aoandon.rb)
12
+ ![](https://ruby-gem-downloads-badge.herokuapp.com/aoandon?type=total)
6
13
 
7
14
  ## Installation
8
15
 
9
16
  Add this line to your application's Gemfile:
10
17
 
11
- gem 'aoandon'
18
+ ```ruby
19
+ gem "aoandon"
20
+ ```
12
21
 
13
22
  And then execute:
14
23
 
15
- $ bundle
24
+ ```sh
25
+ bundle
26
+ ```
16
27
 
17
28
  Or install it yourself as:
18
29
 
19
- $ gem install aoandon
30
+ ```sh
31
+ gem install accept_language
32
+ ```
33
+
34
+ ## Getting started
35
+
36
+ To start, let's look at the machine's network interfaces in console:
37
+
38
+ ```sh
39
+ ifconfig
40
+ ```
41
+
42
+ And let's display the help menu:
43
+
44
+ ```sh
45
+ aoandon -h
46
+ ```
47
+
48
+ Usage: aoandon [options]
49
+ -f, --file <path> Load the rules contained in file <path>.
50
+ -h, --help Help.
51
+ -i, --interface <if> Sniff on network interface <if>.
52
+ -v, --verbose Produce more verbose output.
53
+ -V, --version Show the version number and exit.
54
+ Stopping Aoandon NIDS... done.
55
+
56
+ Now, let's start scanning the network traffic on the machine's en0 network interface:
57
+
58
+ ```sh
59
+ sudo aoandon -i en0 -v
60
+ ```
61
+
62
+ Starting Aoandon NIDS on interface en0...
63
+ Log file: /var/log/aoandon.yml
64
+ Ruleset: /Users/bob/code/aoandon.rb/config/rules.yml
65
+ Modules: Less1024
66
+ You can stop Aoandon NIDS by pressing Ctrl-C.
67
+ 2014-05-30T11:46:44+02:00 | SYNTAX | info | Suspected packet! | 42.0.0.1:8080 > 192.168.1.88:64563 .AP...
68
+ 2014-05-30T11:46:44+02:00 | SYNTAX | info | Suspected packet! | 192.168.1.88:64563 > 42.0.0.1:8080 .A....
20
69
 
21
70
  ## Usage
22
71
 
@@ -166,13 +215,13 @@ Some semantic analysis can also be done through Aoandon NIDS extensions, using m
166
215
  module Aoandon
167
216
  module DynamicRule
168
217
  module Less1024
169
- MESSAGE = 'Port numbers < 1024'
218
+ MESSAGE = "Port numbers < 1024"
170
219
  PROTO_TCP = 6
171
220
  PROTO_UDP = 17
172
221
  WELL_KNOWN_PORTS = (0..1023)
173
222
 
174
223
  def self.control?(packet)
175
- (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
224
+ (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
176
225
  less_1024?(packet.sport) && less_1024?(packet.dport)
177
226
  end
178
227
 
@@ -207,7 +256,7 @@ end
207
256
  module Aoandon
208
257
  module DynamicRule
209
258
  module MoreFragments
210
- MESSAGE = 'More Fragment bit is set'
259
+ MESSAGE = "More Fragment bit is set"
211
260
 
212
261
  def self.control?(packet)
213
262
  packet.ip_mf?
@@ -226,8 +275,8 @@ end
226
275
  module Aoandon
227
276
  module DynamicRule
228
277
  module SameIp
229
- LOCALHOST = '127.0.0.1'
230
- MESSAGE = 'Same IP'
278
+ LOCALHOST = "127.0.0.1"
279
+ MESSAGE = "Same IP"
231
280
 
232
281
  def self.control?(packet)
233
282
  packet.ip_src == packet.ip_dst && !loopback?(packet.ip_src)
@@ -253,7 +302,7 @@ module Aoandon
253
302
  module DynamicRule
254
303
  module SynFlood
255
304
  BUFFER = 20
256
- MESSAGE = 'SYN flood attack'
305
+ MESSAGE = "SYN flood attack"
257
306
  PROTO_TCP = 6
258
307
 
259
308
  def self.control?(packet)
@@ -287,10 +336,10 @@ module Aoandon
287
336
  end
288
337
  ```
289
338
 
290
- ## Contributing
339
+ ## Versioning
340
+
341
+ __Aoandon__ uses [Semantic Versioning 2.0.0](https://semver.org/)
342
+
343
+ ## License
291
344
 
292
- 1. Fork it
293
- 2. Create your feature branch (`git checkout -b my-new-feature`)
294
- 3. Commit your changes (`git commit -am 'Add some feature'`)
295
- 4. Push to the branch (`git push origin my-new-feature`)
296
- 5. Create new Pull Request
345
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/bin/aoandon CHANGED
@@ -1,10 +1,7 @@
1
1
  #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
2
3
 
3
- require 'ipaddr'
4
- require 'optparse'
5
- require 'pcap'
6
- require 'time'
7
- require 'yaml'
8
- require_relative '../lib/aoandon'
4
+ require_relative "../lib/aoandon"
9
5
 
10
- Aoandon::Nids.new.run
6
+ ao = Aoandon::Nids.new
7
+ ao.run
data/lib/aoandon.rb CHANGED
@@ -1,18 +1,24 @@
1
- require_relative 'aoandon/analysis'
2
- require_relative 'aoandon/analysis/semantic'
3
- require_relative 'aoandon/analysis/syntax'
4
- require_relative 'aoandon/error/not_implemented_error'
5
- require_relative 'aoandon/log'
6
- require_relative 'aoandon/static_rule'
7
- require_relative 'aoandon/version'
1
+ # frozen_string_literal: false
8
2
 
9
- Dir['lib/aoandon/dynamic_rule/*.rb'].each do |src|
3
+ require "ipaddr"
4
+ require "optparse"
5
+ require "pcap"
6
+ require "time"
7
+ require "yaml"
8
+
9
+ require_relative "aoandon/analysis"
10
+ require_relative "aoandon/analysis/semantic"
11
+ require_relative "aoandon/analysis/syntax"
12
+ require_relative "aoandon/log"
13
+ require_relative "aoandon/static_rule"
14
+
15
+ Dir["lib/aoandon/dynamic_rule/*.rb"].each do |src|
10
16
  load src
11
17
  end
12
18
 
13
19
  module Aoandon
14
20
  class Nids
15
- CONF_PATH = 'config/rules.yml'
21
+ CONF_PATH = "config/rules.yml"
16
22
 
17
23
  def initialize
18
24
  options = Nids.parse
@@ -20,13 +26,13 @@ module Aoandon
20
26
  options[:interface] = Pcap.lookupdev unless options[:interface]
21
27
  puts "Starting Aoandon NIDS on interface #{options[:interface]}..."
22
28
  log = Log.new(options[:verbose])
23
- @syntax = Syntax.new(log, {file: options[:file]})
29
+ @syntax = Syntax.new(log, { file: options[:file] })
24
30
  @semantic = Semantic.new(log)
25
31
  @network_interface = Pcap::Capture.open_live(options[:interface])
26
32
  end
27
33
 
28
34
  def run
29
- puts 'You can stop Aoandon NIDS by pressing Ctrl-C.'
35
+ puts "You can stop Aoandon NIDS by pressing Ctrl-C."
30
36
 
31
37
  @network_interface.each_packet do |packet|
32
38
  if packet.ip?
@@ -42,12 +48,12 @@ module Aoandon
42
48
  options = {}
43
49
 
44
50
  OptionParser.new do |opts|
45
- opts.banner = "Usage: #$0 [options]"
46
- opts.on('-f', '--file <path>', 'Load the rules contained in file <path>.') {|f| options[:file] = f }
47
- opts.on('-h', '--help', 'Help.') { puts opts; exit }
48
- opts.on('-i', '--interface <if>', 'Sniff on network interface <if>.') {|i| options[:interface] = i }
49
- opts.on('-v', '--verbose', 'Produce more verbose output.') { options[:verbose] = true }
50
- opts.on('-V', '--version', 'Show the version number and exit.') { version; exit }
51
+ opts.banner = "Usage: #{$0} [options]"
52
+ opts.on("-f", "--file <path>", "Load the rules contained in file <path>.") { |f| options[:file] = f }
53
+ opts.on("-h", "--help", "Help.") { puts opts; exit }
54
+ opts.on("-i", "--interface <if>", "Sniff on network interface <if>.") { |i| options[:interface] = i }
55
+ opts.on("-v", "--verbose", "Produce more verbose output.") { options[:verbose] = true }
56
+ opts.on("-V", "--version", "Show the version number and exit.") { version; exit }
51
57
  end.parse!
52
58
 
53
59
  options
@@ -57,8 +63,8 @@ module Aoandon
57
63
  puts "Aoandon #{VERSION}"
58
64
  end
59
65
 
60
- trap('INT') { exit }
61
- at_exit { print 'Stopping Aoandon NIDS... ' }
62
- ObjectSpace.define_finalizer('string', proc { puts 'done.' })
66
+ trap("INT") { exit }
67
+ at_exit { print "Stopping Aoandon NIDS... " }
68
+ ObjectSpace.define_finalizer("string", proc { puts "done." })
63
69
  end
64
70
  end
@@ -1,11 +1,13 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
4
  class Analysis
3
- def initialize(logger, options = {})
5
+ def initialize(logger, _options = {})
4
6
  @logger = logger
5
7
  end
6
8
 
7
- def update(packet = '')
8
- raise NotImplementedError, 'Must subclass me'
9
+ def update(_packet = "")
10
+ raise NotImplementedError, "Must subclass me"
9
11
  end
10
12
  end
11
13
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
4
  class Semantic < Analysis
3
5
  def initialize(logger, options = {})
@@ -9,16 +11,12 @@ module Aoandon
9
11
  def test(packet)
10
12
  if defined? DynamicRule
11
13
  DynamicRule.constants.each do |rule|
12
- if DynamicRule.const_get(rule).control?(packet)
13
- dump = DynamicRule.const_get(rule).logging?(packet) ? packet : nil
14
- message = if DynamicRule.const_get(rule).constants.include?(:MESSAGE)
15
- DynamicRule.const_get(rule)::MESSAGE
16
- else
17
- nil
18
- end
14
+ next unless DynamicRule.const_get(rule).control?(packet)
15
+
16
+ dump = DynamicRule.const_get(rule).logging?(packet) ? packet : nil
17
+ message = (DynamicRule.const_get(rule)::MESSAGE if DynamicRule.const_get(rule).constants.include?(:MESSAGE))
19
18
 
20
- @logger.message(packet.time.iso8601, 'SEMANT', rule.downcase, message, dump)
21
- end
19
+ @logger.message(packet.time.iso8601, "SEMANT", rule.downcase, message, dump)
22
20
  end
23
21
  end
24
22
  end
@@ -1,40 +1,40 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
4
  class Syntax < Analysis
3
5
  def initialize(logger, options = {})
4
6
  super(logger, options)
5
7
 
6
8
  abort("Configuration file not found: #{options[:file]}") unless File.exist?(options[:file])
7
- @rules = Array(YAML::load_file(options[:file])['rules']).map {|rule| StaticRule.new(*rule) }
9
+ @rules = Array(YAML.load_file(options[:file])["rules"]).map { |rule| StaticRule.new(*rule) }
8
10
 
9
11
  puts "Ruleset: #{File.expand_path(options[:file])}"
10
12
  end
11
13
 
12
14
  def test(packet)
13
15
  @rules.each do |rule|
14
- if match?(packet, rule.context)
15
- break if (@last_rule = rule).options['quick']
16
- end
16
+ break if match?(packet, rule.context) && (@last_rule = rule).options["quick"]
17
17
  end
18
18
 
19
- if @last_rule && @last_rule.action != 'pass'
20
- message = @last_rule.options['msg'] || 'Bad packet detected!'
21
- dump = @last_rule.options['log'] ? packet : nil
22
- @logger.message(packet.time.iso8601, 'SYNTAX', @last_rule.action, message, dump)
19
+ if @last_rule && @last_rule.action != "pass"
20
+ message = @last_rule.options["msg"] || "Bad packet detected!"
21
+ dump = @last_rule.options["log"] ? packet : nil
22
+ @logger.message(packet.time.iso8601, "SYNTAX", @last_rule.action, message, dump)
23
23
  end
24
24
  end
25
25
 
26
26
  protected
27
27
 
28
28
  def match?(packet, network_context)
29
- network_context.update({'af' => af2id(packet.ip_ver)}) unless network_context.has_key?('af')
30
- match_proto?(packet, network_context) if packet.ip_ver == af(network_context.fetch('af'))
29
+ network_context.update({ "af" => af2id(packet.ip_ver) }) unless network_context.has_key?("af")
30
+ match_proto?(packet, network_context) if packet.ip_ver == af(network_context.fetch("af"))
31
31
  end
32
32
 
33
33
  def af2id(af)
34
34
  if af == 4
35
- 'inet'
35
+ "inet"
36
36
  elsif af == 6
37
- 'inet6'
37
+ "inet6"
38
38
  end
39
39
  end
40
40
 
@@ -47,8 +47,8 @@ module Aoandon
47
47
  end
48
48
 
49
49
  def match_proto?(packet, network_context)
50
- if network_context['proto']
51
- if packet.ip_proto == proto(network_context['proto'])
50
+ if network_context["proto"]
51
+ if packet.ip_proto == proto(network_context["proto"])
52
52
  if packet.ip_proto == 1
53
53
  match_proto_icmp?(packet, network_context)
54
54
  elsif packet.ip_proto == 6
@@ -89,9 +89,9 @@ module Aoandon
89
89
  def match_addr?(packet, network_context)
90
90
  result = true
91
91
 
92
- [['from', 'src'], ['to', 'dst']].each do |way, obj|
93
- unless network_context[way].fetch('addr') == 'any'
94
- result = result && refer2addr?((packet.send(obj)), network_context[way].fetch('addr'))
92
+ [%w[from src], %w[to dst]].each do |way, obj|
93
+ unless network_context[way].fetch("addr") == "any"
94
+ result &&= refer2addr?(packet.send(obj), network_context[way].fetch("addr"))
95
95
  end
96
96
  end
97
97
 
@@ -101,9 +101,9 @@ module Aoandon
101
101
  def match_port?(packet, network_context)
102
102
  result = true
103
103
 
104
- [['from', 'sport'], ['to', 'dport']].each do |way, obj|
105
- if network_context[way].has_key?('port')
106
- result = result && refer2port?((packet.send(obj)).to_i, network_context[way].fetch('port'))
104
+ [%w[from sport], %w[to dport]].each do |way, obj|
105
+ if network_context[way].has_key?("port")
106
+ result &&= refer2port?(packet.send(obj).to_i, network_context[way].fetch("port"))
107
107
  end
108
108
  end
109
109
 
@@ -111,9 +111,9 @@ module Aoandon
111
111
  end
112
112
 
113
113
  def match_flag?(packet, network_context)
114
- return true unless network_context['flags']
114
+ return true unless network_context["flags"]
115
115
 
116
- network_context['flags'].each do |flag|
116
+ network_context["flags"].each do |flag|
117
117
  return true if packet.send("tcp_#{flag}?")
118
118
  end
119
119
 
@@ -145,7 +145,7 @@ module Aoandon
145
145
  pattern.include?(number)
146
146
  elsif pattern.is_a? Hash
147
147
  pattern.has_key?(number)
148
- elsif pattern.is_a? Fixnum
148
+ elsif pattern.is_a? Integer
149
149
  number == pattern
150
150
  else
151
151
  false
@@ -1,22 +1,22 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
4
  module DynamicRule
3
5
  module Less1024
4
- MESSAGE = 'Port numbers < 1024'
6
+ MESSAGE = "Port numbers < 1024"
5
7
  PROTO_TCP = 6
6
8
  PROTO_UDP = 17
7
9
  WELL_KNOWN_PORTS = (0..1023)
8
10
 
9
11
  def self.control?(packet)
10
- (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
12
+ (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
11
13
  less_1024?(packet.sport) && less_1024?(packet.dport)
12
14
  end
13
15
 
14
- def self.logging?(packet)
15
- false
16
+ def self.logging?(_packet)
17
+ true
16
18
  end
17
19
 
18
- private
19
-
20
20
  def self.different_ports?(src_port, dst_port)
21
21
  src_port != dst_port
22
22
  end
data/lib/aoandon/log.rb CHANGED
@@ -1,14 +1,21 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
4
  class Log
3
5
  def initialize(verbose = false)
4
- @file = File.open('log/aoandon.yml', 'a')
6
+ @file = if File.exist?("log/aoandon.yml")
7
+ File.open("log/aoandon.yml", "a")
8
+ else
9
+ File.open("/var/log/aoandon.yml", "a")
10
+ end
11
+
5
12
  @verbose = verbose
6
13
 
7
14
  puts "Log file: #{File.expand_path(@file.path)}"
8
15
  end
9
16
 
10
17
  def message(*args)
11
- puts args.compact.map(&:to_s).join(' | ') if @verbose
18
+ puts args.compact.map(&:to_s).join(" | ") if @verbose
12
19
  @file.puts "- #{args.compact.map(&:to_s)}"
13
20
  @file.flush
14
21
  end
@@ -1,16 +1,18 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
- class StaticRule < Struct.new(:action, :context, :options)
4
+ StaticRule = Struct.new(:action, :context, :options) do
3
5
  def initialize(*args)
4
6
  super(*args)
5
7
 
6
- self.context['from'] ||= {'addr' => 'any'}
7
- self.context['to' ] ||= {'addr' => 'any'}
8
+ context["from"] ||= { "addr" => "any" }
9
+ context["to"] ||= { "addr" => "any" }
8
10
 
9
- self.context['from'].update('addr' => 'any') unless self.context['from']['addr']
10
- self.context['to' ].update('addr' => 'any') unless self.context['to' ]['addr']
11
+ context["from"].update("addr" => "any") unless context["from"]["addr"]
12
+ context["to"].update("addr" => "any") unless context["to"]["addr"]
11
13
 
12
14
  self.options ||= {}
13
- self.options.update('log' => false) unless self.options.has_key?('log')
15
+ self.options.update("log" => false) unless self.options.has_key?("log")
14
16
  end
15
17
  end
16
18
  end
metadata CHANGED
@@ -1,67 +1,178 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aoandon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
5
- prerelease:
4
+ version: 0.0.6
6
5
  platform: ruby
7
6
  authors:
8
- - Cyril Wack
7
+ - Cyril Kato
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2012-09-16 00:00:00.000000000 Z
13
- dependencies: []
11
+ date: 2021-05-21 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: ruby-pcap
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '0.7'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '0.7'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rubocop-md
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rubocop-performance
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rubocop-rake
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rubocop-thread_safety
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: simplecov
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
125
+ - !ruby/object:Gem::Dependency
126
+ name: yard
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - ">="
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - ">="
137
+ - !ruby/object:Gem::Version
138
+ version: '0'
14
139
  description: Aoandon (青行燈) is a minimalist network intrusion detection system (NIDS).
15
- email:
16
- - contact@cyril.io
17
- executables:
18
- - aoandon
140
+ email: contact@cyril.email
141
+ executables: []
19
142
  extensions: []
20
143
  extra_rdoc_files: []
21
144
  files:
22
- - .gitattributes
23
- - .gitignore
24
- - .rbenv-version
25
- - Gemfile
26
- - LICENSE
145
+ - LICENSE.md
27
146
  - README.md
28
- - Rakefile
29
- - aoandon.gemspec
30
147
  - bin/aoandon
31
- - config/rules.yml
32
148
  - lib/aoandon.rb
33
149
  - lib/aoandon/analysis.rb
34
150
  - lib/aoandon/analysis/semantic.rb
35
151
  - lib/aoandon/analysis/syntax.rb
36
152
  - lib/aoandon/dynamic_rule/less1024.rb
37
- - lib/aoandon/error/not_implemented_error.rb
38
153
  - lib/aoandon/log.rb
39
154
  - lib/aoandon/static_rule.rb
40
- - lib/aoandon/version.rb
41
- homepage: http://cyril.io
155
+ homepage: https://github.com/cyril/aoandon.rb
42
156
  licenses:
43
157
  - MIT
158
+ metadata: {}
44
159
  post_install_message:
45
160
  rdoc_options: []
46
161
  require_paths:
47
162
  - lib
48
- - config
49
163
  required_ruby_version: !ruby/object:Gem::Requirement
50
- none: false
51
164
  requirements:
52
- - - ! '>='
165
+ - - ">="
53
166
  - !ruby/object:Gem::Version
54
- version: '0'
167
+ version: 2.7.0
55
168
  required_rubygems_version: !ruby/object:Gem::Requirement
56
- none: false
57
169
  requirements:
58
- - - ! '>='
170
+ - - ">="
59
171
  - !ruby/object:Gem::Version
60
172
  version: '0'
61
173
  requirements: []
62
- rubyforge_project:
63
- rubygems_version: 1.8.23
174
+ rubygems_version: 3.1.6
64
175
  signing_key:
65
- specification_version: 3
176
+ specification_version: 4
66
177
  summary: Minimalist network intrusion detection system (NIDS).
67
178
  test_files: []
data/.gitattributes DELETED
@@ -1,10 +0,0 @@
1
- # Set default behaviour, in case users don't have core.autocrlf set.
2
- * text=auto
3
-
4
- # Explicitly declare text files we want to always be normalized and converted
5
- # to native line endings on checkout.
6
- *.rb text
7
-
8
- # Denote all files that are truly binary and should not be modified.
9
- *.png binary
10
- *.jpg binary
data/.gitignore DELETED
@@ -1,19 +0,0 @@
1
- *.gem
2
- *.rbc
3
- .bundle
4
- .config
5
- .DS_Store
6
- .yardoc
7
- Gemfile.lock
8
- InstalledFiles
9
- _yardoc
10
- coverage
11
- doc/
12
- lib/bundler/man
13
- log/*
14
- pkg
15
- rdoc
16
- spec/reports
17
- test/tmp
18
- test/version_tmp
19
- tmp
data/.rbenv-version DELETED
@@ -1 +0,0 @@
1
- 1.9.3-p194
data/Gemfile DELETED
@@ -1,5 +0,0 @@
1
- source 'https://rubygems.org'
2
-
3
- gemspec
4
-
5
- gem 'pcap', '~> 0.7.0'
data/LICENSE DELETED
@@ -1,22 +0,0 @@
1
- Copyright (c) 2012 Cyril Wack
2
-
3
- MIT License
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining
6
- a copy of this software and associated documentation files (the
7
- "Software"), to deal in the Software without restriction, including
8
- without limitation the rights to use, copy, modify, merge, publish,
9
- distribute, sublicense, and/or sell copies of the Software, and to
10
- permit persons to whom the Software is furnished to do so, subject to
11
- the following conditions:
12
-
13
- The above copyright notice and this permission notice shall be
14
- included in all copies or substantial portions of the Software.
15
-
16
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
- EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
- NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
- LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
- OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
- WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/Rakefile DELETED
@@ -1 +0,0 @@
1
- require 'bundler/gem_tasks'
data/aoandon.gemspec DELETED
@@ -1,22 +0,0 @@
1
- # -*- encoding: utf-8 -*-
2
- lib = File.expand_path('../lib', __FILE__)
3
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'aoandon/version'
5
-
6
- Gem::Specification.new do |gem|
7
- gem.name = 'aoandon'
8
- gem.version = Aoandon::VERSION
9
- gem.authors = ['Cyril Wack']
10
- gem.email = ['contact@cyril.io']
11
- gem.description = %q{Aoandon (青行燈) is a minimalist network intrusion detection system (NIDS).}
12
- gem.summary = %q{Minimalist network intrusion detection system (NIDS).}
13
- gem.homepage = 'http://cyril.io'
14
- gem.license = 'MIT'
15
-
16
- gem.bindir = 'bin'
17
-
18
- gem.files = `git ls-files`.split($/).reject {|f| f == 'blue-andon-creature.jpg' }
19
- gem.executables = gem.files.grep(%r{^bin/}).map {|f| File.basename(f) }
20
- gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
21
- gem.require_paths = ['lib', 'config']
22
- end
data/config/rules.yml DELETED
@@ -1,54 +0,0 @@
1
- # Aoandon NIDS configuration file
2
- ---
3
- #macros:
4
- # web_server: &web_server
5
- # 114.21.70.71
6
- # gateway: &gw
7
- # 192.168.0.1
8
-
9
- #tables:
10
- # redzone: &redzone
11
- # - "81.15.142.23"
12
- # hacker: &id001
13
- # - 81.15.142.23
14
- # - 42.154.25.213
15
- # blacklist: &blacklist
16
- # - *id001
17
- # - *gw
18
- # - 81.15.142.23
19
- # - "64.81.240.57"
20
- # unknown:
21
- # - any
22
- # mz: &mz
23
- # 192.168.0.201
24
- # dmz: &dmz
25
- # sql_server: &sql_server
26
- # 10.0.0.2
27
-
28
- #ports:
29
- # web: &www
30
- # - 80
31
- # - 443
32
- # p2p:
33
- # - 63192
34
-
35
- #messages:
36
- # - &msg001 "ICMP packet from Google to MZ"
37
- # - &msg002 "MZ intrusion detected!"
38
-
39
- rules:
40
- # # "default alert" approach
41
- # - [ info, {}, {quick: true, log: true, msg: "Suspected packet!"} ]
42
- #
43
- # # then, selectively ignore certain traffic
44
- # - [ pass, {af: inet, from: {addr: any}, to: {addr: any}} ]
45
- # - [ warn, {proto: tcp, from: {addr: *blacklist}, to: {addr: any, port: *www}, flags: syn} ]
46
- # - [ warn, {proto: tcp, from: {addr: any, port: 123}, to: {addr: *dmz}} ]
47
- # - [ crit, {af: inet6, from: {addr: any}, to: {addr: any}}, {log: true} ]
48
- # - [ pass, {af: inet, proto: tcp, from: {addr: *mz}, to: {addr: *web_server, port: *www}, {quick: true}} ]
49
- # - [ warn, {proto: udp, from: {addr: *redzone}, to: {addr: 10.1.0.32, port: 21}} ]
50
- # - [ info, {proto: tcp, from: {addr: 172.16.0.6}, to: {addr: 192.168.0.14, port: 22}} ]
51
- # - [ crit, {proto: tcp, from: {addr: *blacklist}, to: {addr: *mz}}, {log: true, msg: *msg002} ]
52
- # - [ info, {proto: tcp, to: {addr: 192.168.0.14, port: 22}} ]
53
- # - [ pass, {proto: tcp, from: {addr: *id001}, to: {addr: *sql_server, port: 3306}} ]
54
- # - [ info, {af: inet, proto: icmp, from: {addr: google.com}, to: {addr: *mz}}, {log: true, msg: *msg001} ]
@@ -1,4 +0,0 @@
1
- module Aoandon
2
- class NotImplementedError < StandardError
3
- end
4
- end
@@ -1,3 +0,0 @@
1
- module Aoandon
2
- VERSION = '0.0.1'
3
- end