aoandon 0.0.5 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 288e3328eee2b51da9106adecdfbefe4c78cd2ac
-  data.tar.gz: f9d68c2c82944649f86ede9b5fef55de75baf3b0
+SHA256:
+  metadata.gz: d60b2d838c6206b56aae170861b9d40aebd5b2c4d5f857b0d53f7ef5fdce5ca9
+  data.tar.gz: 119c1e89887f10c8ec64554357f9e0e74f1c82e6b8c3703450c29fc81da9c3b0
 SHA512:
-  metadata.gz: 471ef73763dcd8466a693e7536947d17334bc819639eac5798488301968a4cb09cb29a302dc922e5bf9e76a15e3670d2e7c14ede50f735be66a001adc6bbea95
-  data.tar.gz: 103d18f77b3a06681ef8114ac18d48ac11bc1ede75c7aae6204858b56672e5100be54a5e797f154b0bb9306f85191d7229d981be2e2028c0786eb797c4a660b6
+  metadata.gz: 562da47deae49df1c8b8d9ddf41647fc902e67235e4876ea29479d136dafd9d6e303b8280dfca90266365916c37800f768f2371d470571b4f1b8ed9e368fe0c2
+  data.tar.gz: b5b623f88e1af383901b7ae3c85a7d91876076537a9bc09bd82a4471adc51ca390c7b5d68c481d4743a525b95a6ce476bb8182f62d98736d3261ad1e412c6b62

data/LICENSE.md

@@ -1,22 +1,21 @@
-Copyright (c) 2012 Cyril Wack
+The MIT License (MIT)
 
-MIT License
+Copyright (c) 2012-2021 Cyril Kato
 
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -2,37 +2,63 @@
 
 <span lang="ja"><ruby>青<rt>ao</rt>行燈<rt>andon</rt></ruby></span> is a minimalist network intrusion detection system (NIDS).
 
-![Blue andon creature](https://raw.githubusercontent.com/cyril/aoandon.rb/master/blue-andon-creature.jpg)
+![Blue andon creature](https://raw.githubusercontent.com/cyril/aoandon.rb/main/blue-andon-creature.jpg)
 
 ## Status
 
-* [![Gem Version](https://badge.fury.io/rb/aoandon.svg)](//badge.fury.io/rb/aoandon)
+[![Gem Version](https://badge.fury.io/rb/aoandon.svg)](https://badge.fury.io/rb/aoandon)
+[![Build Status](https://travis-ci.org/cyril/aoandon.rb.svg?branch=main)](https://travis-ci.org/cyril/aoandon.rb)
+[![Inline Docs](https://inch-ci.org/github/cyril/aoandon.rb.svg)](https://inch-ci.org/github/cyril/aoandon.rb)
+![](https://ruby-gem-downloads-badge.herokuapp.com/aoandon?type=total)
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
-    gem 'aoandon'
+```ruby
+gem "aoandon"
+```
 
 And then execute:
 
-    $ bundle
+```sh
+bundle
+```
 
 Or install it yourself as:
 
-    $ gem install aoandon
+```sh
+gem install accept_language
+```
 
 ## Getting started
 
-    $ ifconfig
-    $ aoandon -h
-    Usage: bin/aoandon [options]
+To start, let's look at the machine's network interfaces in console:
+
+```sh
+ifconfig
+```
+
+And let's display the help menu:
+
+```sh
+aoandon -h
+```
+
+    Usage: aoandon [options]
         -f, --file <path>                Load the rules contained in file <path>.
         -h, --help                       Help.
         -i, --interface <if>             Sniff on network interface <if>.
         -v, --verbose                    Produce more verbose output.
         -V, --version                    Show the version number and exit.
-    $ sudo aoandon -i en0 -v
+    Stopping Aoandon NIDS... done.
+
+Now, let's start scanning the network traffic on the machine's en0 network interface:
+
+```sh
+sudo aoandon -i en0 -v
+```
+
     Starting Aoandon NIDS on interface en0...
     Log file: /var/log/aoandon.yml
     Ruleset:  /Users/bob/code/aoandon.rb/config/rules.yml
@@ -189,13 +215,13 @@ Some semantic analysis can also be done through Aoandon NIDS extensions, using m
 module Aoandon
   module DynamicRule
     module Less1024
-      MESSAGE = 'Port numbers < 1024'
+      MESSAGE = "Port numbers < 1024"
       PROTO_TCP = 6
       PROTO_UDP = 17
       WELL_KNOWN_PORTS = (0..1023)
 
       def self.control?(packet)
-        (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) && 
+        (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
           less_1024?(packet.sport) && less_1024?(packet.dport)
       end
 
@@ -230,7 +256,7 @@ end
 module Aoandon
   module DynamicRule
     module MoreFragments
-      MESSAGE = 'More Fragment bit is set'
+      MESSAGE = "More Fragment bit is set"
 
       def self.control?(packet)
         packet.ip_mf?
@@ -249,8 +275,8 @@ end
 module Aoandon
   module DynamicRule
     module SameIp
-      LOCALHOST = '127.0.0.1'
-      MESSAGE = 'Same IP'
+      LOCALHOST = "127.0.0.1"
+      MESSAGE = "Same IP"
 
       def self.control?(packet)
         packet.ip_src == packet.ip_dst && !loopback?(packet.ip_src)
@@ -276,7 +302,7 @@ module Aoandon
   module DynamicRule
     module SynFlood
       BUFFER = 20
-      MESSAGE = 'SYN flood attack'
+      MESSAGE = "SYN flood attack"
       PROTO_TCP = 6
 
       def self.control?(packet)
@@ -310,10 +336,10 @@ module Aoandon
 end
 ```
 
-## Contributing
+## Versioning
+
+__Aoandon__ uses [Semantic Versioning 2.0.0](https://semver.org/)
+
+## License
 
-1. Fork it
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create a new Pull Request
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/bin/aoandon

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require_relative '../lib/aoandon'
+require_relative "../lib/aoandon"
 
 ao = Aoandon::Nids.new
 ao.run

data/lib/aoandon.rb

@@ -1,23 +1,24 @@
-require 'ipaddr'
-require 'optparse'
-require 'pcap'
-require 'time'
-require 'yaml'
+# frozen_string_literal: false
 
-require_relative 'aoandon/analysis'
-require_relative 'aoandon/analysis/semantic'
-require_relative 'aoandon/analysis/syntax'
-require_relative 'aoandon/error/not_implemented_error'
-require_relative 'aoandon/log'
-require_relative 'aoandon/static_rule'
+require "ipaddr"
+require "optparse"
+require "pcap"
+require "time"
+require "yaml"
 
-Dir['lib/aoandon/dynamic_rule/*.rb'].each do |src|
+require_relative "aoandon/analysis"
+require_relative "aoandon/analysis/semantic"
+require_relative "aoandon/analysis/syntax"
+require_relative "aoandon/log"
+require_relative "aoandon/static_rule"
+
+Dir["lib/aoandon/dynamic_rule/*.rb"].each do |src|
   load src
 end
 
 module Aoandon
   class Nids
-    CONF_PATH = 'config/rules.yml'
+    CONF_PATH = "config/rules.yml"
 
     def initialize
       options = Nids.parse
@@ -25,13 +26,13 @@ module Aoandon
       options[:interface] = Pcap.lookupdev unless options[:interface]
       puts "Starting Aoandon NIDS on interface #{options[:interface]}..."
       log = Log.new(options[:verbose])
-      @syntax = Syntax.new(log, {file: options[:file]})
+      @syntax = Syntax.new(log, { file: options[:file] })
       @semantic = Semantic.new(log)
       @network_interface = Pcap::Capture.open_live(options[:interface])
     end
 
     def run
-      puts 'You can stop Aoandon NIDS by pressing Ctrl-C.'
+      puts "You can stop Aoandon NIDS by pressing Ctrl-C."
 
       @network_interface.each_packet do |packet|
         if packet.ip?
@@ -47,12 +48,12 @@ module Aoandon
       options = {}
 
       OptionParser.new do |opts|
-        opts.banner = "Usage: #$0 [options]"
-        opts.on('-f', '--file <path>', 'Load the rules contained in file <path>.') {|f| options[:file] = f }
-        opts.on('-h', '--help', 'Help.') { puts opts; exit }
-        opts.on('-i', '--interface <if>', 'Sniff on network interface <if>.') {|i| options[:interface] = i }
-        opts.on('-v', '--verbose', 'Produce more verbose output.') { options[:verbose] = true }
-        opts.on('-V', '--version', 'Show the version number and exit.') { version; exit }
+        opts.banner = "Usage: #{$0} [options]"
+        opts.on("-f", "--file <path>", "Load the rules contained in file <path>.") { |f| options[:file] = f }
+        opts.on("-h", "--help", "Help.") { puts opts; exit }
+        opts.on("-i", "--interface <if>", "Sniff on network interface <if>.") { |i| options[:interface] = i }
+        opts.on("-v", "--verbose", "Produce more verbose output.") { options[:verbose] = true }
+        opts.on("-V", "--version", "Show the version number and exit.") { version; exit }
       end.parse!
 
       options
@@ -62,8 +63,8 @@ module Aoandon
       puts "Aoandon #{VERSION}"
     end
 
-    trap('INT') { exit }
-    at_exit { print 'Stopping Aoandon NIDS... ' }
-    ObjectSpace.define_finalizer('string', proc { puts 'done.' })
+    trap("INT") { exit }
+    at_exit { print "Stopping Aoandon NIDS... " }
+    ObjectSpace.define_finalizer("string", proc { puts "done." })
   end
 end

data/lib/aoandon/analysis.rb

@@ -1,11 +1,13 @@
+# frozen_string_literal: true
+
 module Aoandon
   class Analysis
-    def initialize(logger, options = {})
+    def initialize(logger, _options = {})
       @logger = logger
     end
 
-    def update(packet = '')
-      raise NotImplementedError, 'Must subclass me'
+    def update(_packet = "")
+      raise NotImplementedError, "Must subclass me"
     end
   end
 end

data/lib/aoandon/analysis/semantic.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aoandon
   class Semantic < Analysis
     def initialize(logger, options = {})
@@ -9,16 +11,12 @@ module Aoandon
     def test(packet)
       if defined? DynamicRule
         DynamicRule.constants.each do |rule|
-          if DynamicRule.const_get(rule).control?(packet)
-            dump = DynamicRule.const_get(rule).logging?(packet) ? packet : nil
-            message = if DynamicRule.const_get(rule).constants.include?(:MESSAGE)
-              DynamicRule.const_get(rule)::MESSAGE
-            else
-              nil
-            end
+          next unless DynamicRule.const_get(rule).control?(packet)
+
+          dump = DynamicRule.const_get(rule).logging?(packet) ? packet : nil
+          message = (DynamicRule.const_get(rule)::MESSAGE if DynamicRule.const_get(rule).constants.include?(:MESSAGE))
 
-            @logger.message(packet.time.iso8601, 'SEMANT', rule.downcase, message, dump)
-          end
+          @logger.message(packet.time.iso8601, "SEMANT", rule.downcase, message, dump)
         end
       end
     end

data/lib/aoandon/analysis/syntax.rb

@@ -1,40 +1,40 @@
+# frozen_string_literal: true
+
 module Aoandon
   class Syntax < Analysis
     def initialize(logger, options = {})
       super(logger, options)
 
       abort("Configuration file not found: #{options[:file]}") unless File.exist?(options[:file])
-      @rules = Array(YAML::load_file(options[:file])['rules']).map {|rule| StaticRule.new(*rule) }
+      @rules = Array(YAML.load_file(options[:file])["rules"]).map { |rule| StaticRule.new(*rule) }
 
       puts "Ruleset:  #{File.expand_path(options[:file])}"
     end
 
     def test(packet)
       @rules.each do |rule|
-        if match?(packet, rule.context)
-          break if (@last_rule = rule).options['quick']
-        end
+        break if match?(packet, rule.context) && (@last_rule = rule).options["quick"]
       end
 
-      if @last_rule && @last_rule.action != 'pass'
-        message = @last_rule.options['msg'] || 'Bad packet detected!'
-        dump = @last_rule.options['log'] ? packet : nil
-        @logger.message(packet.time.iso8601, 'SYNTAX', @last_rule.action, message, dump)
+      if @last_rule && @last_rule.action != "pass"
+        message = @last_rule.options["msg"] || "Bad packet detected!"
+        dump = @last_rule.options["log"] ? packet : nil
+        @logger.message(packet.time.iso8601, "SYNTAX", @last_rule.action, message, dump)
       end
     end
 
     protected
 
     def match?(packet, network_context)
-      network_context.update({'af' => af2id(packet.ip_ver)}) unless network_context.has_key?('af')
-      match_proto?(packet, network_context) if packet.ip_ver == af(network_context.fetch('af'))
+      network_context.update({ "af" => af2id(packet.ip_ver) }) unless network_context.has_key?("af")
+      match_proto?(packet, network_context) if packet.ip_ver == af(network_context.fetch("af"))
     end
 
     def af2id(af)
       if af == 4
-        'inet'
+        "inet"
       elsif af == 6
-        'inet6'
+        "inet6"
       end
     end
 
@@ -47,8 +47,8 @@ module Aoandon
     end
 
     def match_proto?(packet, network_context)
-      if network_context['proto']
-        if packet.ip_proto == proto(network_context['proto'])
+      if network_context["proto"]
+        if packet.ip_proto == proto(network_context["proto"])
           if packet.ip_proto == 1
             match_proto_icmp?(packet, network_context)
           elsif packet.ip_proto == 6
@@ -89,9 +89,9 @@ module Aoandon
     def match_addr?(packet, network_context)
       result = true
 
-      [['from', 'src'], ['to', 'dst']].each do |way, obj|
-        unless network_context[way].fetch('addr') == 'any'
-          result = result && refer2addr?((packet.send(obj)), network_context[way].fetch('addr'))
+      [%w[from src], %w[to dst]].each do |way, obj|
+        unless network_context[way].fetch("addr") == "any"
+          result &&= refer2addr?(packet.send(obj), network_context[way].fetch("addr"))
         end
       end
 
@@ -101,9 +101,9 @@ module Aoandon
     def match_port?(packet, network_context)
       result = true
 
-      [['from', 'sport'], ['to', 'dport']].each do |way, obj|
-        if network_context[way].has_key?('port')
-          result = result && refer2port?((packet.send(obj)).to_i, network_context[way].fetch('port'))
+      [%w[from sport], %w[to dport]].each do |way, obj|
+        if network_context[way].has_key?("port")
+          result &&= refer2port?(packet.send(obj).to_i, network_context[way].fetch("port"))
         end
       end
 
@@ -111,9 +111,9 @@ module Aoandon
     end
 
     def match_flag?(packet, network_context)
-      return true unless network_context['flags']
+      return true unless network_context["flags"]
 
-      network_context['flags'].each do |flag|
+      network_context["flags"].each do |flag|
         return true if packet.send("tcp_#{flag}?")
       end
 
@@ -145,7 +145,7 @@ module Aoandon
         pattern.include?(number)
       elsif pattern.is_a? Hash
         pattern.has_key?(number)
-      elsif pattern.is_a? Fixnum
+      elsif pattern.is_a? Integer
         number == pattern
       else
         false

data/lib/aoandon/dynamic_rule/less1024.rb

@@ -1,22 +1,22 @@
+# frozen_string_literal: true
+
 module Aoandon
   module DynamicRule
     module Less1024
-      MESSAGE = 'Port numbers < 1024'
+      MESSAGE = "Port numbers < 1024"
       PROTO_TCP = 6
       PROTO_UDP = 17
       WELL_KNOWN_PORTS = (0..1023)
 
       def self.control?(packet)
-        (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) && 
+        (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
           less_1024?(packet.sport) && less_1024?(packet.dport)
       end
 
-      def self.logging?(packet)
+      def self.logging?(_packet)
         true
       end
 
-      private
-
       def self.different_ports?(src_port, dst_port)
         src_port != dst_port
       end

data/lib/aoandon/log.rb

@@ -1,11 +1,13 @@
+# frozen_string_literal: true
+
 module Aoandon
   class Log
     def initialize(verbose = false)
-      @file = if File.exist?('log/aoandon.yml')
-        File.open('log/aoandon.yml', 'a')
-      else
-        File.open('/var/log/aoandon.yml', 'a')
-      end
+      @file = if File.exist?("log/aoandon.yml")
+                File.open("log/aoandon.yml", "a")
+              else
+                File.open("/var/log/aoandon.yml", "a")
+              end
 
       @verbose = verbose
 
@@ -13,7 +15,7 @@ module Aoandon
     end
 
     def message(*args)
-      puts args.compact.map(&:to_s).join(' | ') if @verbose
+      puts args.compact.map(&:to_s).join(" | ") if @verbose
       @file.puts "- #{args.compact.map(&:to_s)}"
       @file.flush
     end

data/lib/aoandon/static_rule.rb

@@ -1,16 +1,18 @@
+# frozen_string_literal: true
+
 module Aoandon
-  class StaticRule < Struct.new(:action, :context, :options)
+  StaticRule = Struct.new(:action, :context, :options) do
     def initialize(*args)
       super(*args)
 
-      self.context['from'] ||= {'addr' => 'any'}
-      self.context['to'  ] ||= {'addr' => 'any'}
+      context["from"] ||= { "addr" => "any" }
+      context["to"] ||= { "addr" => "any" }
 
-      self.context['from'].update('addr' => 'any') unless self.context['from']['addr']
-      self.context['to'  ].update('addr' => 'any') unless self.context['to'  ]['addr']
+      context["from"].update("addr" => "any") unless context["from"]["addr"]
+      context["to"].update("addr" => "any") unless context["to"]["addr"]
 
       self.options ||= {}
-      self.options.update('log' => false) unless self.options.has_key?('log')
+      self.options.update("log" => false) unless self.options.has_key?("log")
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aoandon
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
-- Cyril Wack
+- Cyril Kato
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-30 00:00:00.000000000 Z
+date: 2021-05-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-pcap
@@ -28,70 +28,128 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rubocop-md
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-thread_safety
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10'
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Aoandon (青行燈) is a minimalist network intrusion detection system (NIDS).
-email:
-- contact@cyril.io
-executables:
-- aoandon
+email: contact@cyril.email
+executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitattributes"
-- ".gitignore"
-- ".ruby-version"
-- Gemfile
 - LICENSE.md
 - README.md
-- Rakefile
-- VERSION.semver
-- aoandon.gemspec
 - bin/aoandon
-- blue-andon-creature.jpg
-- config/rules.yml
 - lib/aoandon.rb
 - lib/aoandon/analysis.rb
 - lib/aoandon/analysis/semantic.rb
 - lib/aoandon/analysis/syntax.rb
 - lib/aoandon/dynamic_rule/less1024.rb
-- lib/aoandon/error/not_implemented_error.rb
 - lib/aoandon/log.rb
 - lib/aoandon/static_rule.rb
 homepage: https://github.com/cyril/aoandon.rb
@@ -106,15 +164,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Minimalist network intrusion detection system (NIDS).

data/.gitattributes

@@ -1,10 +0,0 @@
-# Set default behaviour, in case users don't have core.autocrlf set.
-* text=auto
-
-# Explicitly declare text files we want to always be normalized and converted 
-# to native line endings on checkout.
-*.rb text
-
-# Denote all files that are truly binary and should not be modified.
-*.png binary
-*.jpg binary

data/.gitignore

@@ -1,20 +0,0 @@
-*.gem
-*.jpg
-*.rbc
-.bundle
-.config
-.DS_Store
-.yardoc
-Gemfile.lock
-InstalledFiles
-_yardoc
-coverage
-doc/
-lib/bundler/man
-log/*
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp

data/.ruby-version

@@ -1 +0,0 @@
-2.1.2

data/Gemfile

@@ -1,2 +0,0 @@
-source 'https://rubygems.org'
-gemspec

data/Rakefile

@@ -1,7 +0,0 @@
-require 'bundler/gem_tasks'
-require 'rake/testtask'
-
-Rake::TestTask.new do |t|
-end
-
-task default: :test

data/VERSION.semver

@@ -1 +0,0 @@
-0.0.5

data/aoandon.gemspec

@@ -1,21 +0,0 @@
-Gem::Specification.new do |spec|
-  spec.name          = 'aoandon'
-  spec.version       = File.read('VERSION.semver')
-  spec.authors       = ['Cyril Wack']
-  spec.email         = ['contact@cyril.io']
-  spec.homepage      = 'https://github.com/cyril/aoandon.rb'
-  spec.summary       = %q{Minimalist network intrusion detection system (NIDS).}
-  spec.description   = %q{Aoandon (青行燈) is a minimalist network intrusion detection system (NIDS).}
-  spec.license       = 'MIT'
-
-  spec.files         = `git ls-files -z`.split("\x0")
-  spec.executables   = spec.files.grep(%r{^bin/}) {|f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^test/})
-  spec.require_paths = ['lib']
-
-  spec.add_dependency 'ruby-pcap', '~> 0.7'
-
-  spec.add_development_dependency 'bundler',  '~> 1.6'
-  spec.add_development_dependency 'minitest', '~> 5'
-  spec.add_development_dependency 'rake',     '~> 10'
-end

data/config/rules.yml

@@ -1,54 +0,0 @@
-# Aoandon NIDS configuration file
----
-#macros:
-#  web_server: &web_server
-#    114.21.70.71
-#  gateway: &gw
-#    192.168.0.1
-
-#tables:
-#  redzone: &redzone
-#    - "81.15.142.23"
-#  hacker: &id001
-#    - 81.15.142.23
-#    - 42.154.25.213
-#  blacklist: &blacklist
-#    - *id001
-#    - *gw
-#    - 81.15.142.23
-#    - "64.81.240.57"
-#  unknown:
-#    - any
-#  mz: &mz
-#    192.168.0.201
-#  dmz: &dmz
-#    sql_server: &sql_server
-#      10.0.0.2
-
-#ports:
-#  web: &www
-#    - 80
-#    - 443
-#  p2p:
-#    - 63192
-
-#messages:
-#  - &msg001 "ICMP packet from Google to MZ"
-#  - &msg002 "MZ intrusion detected!"
-
-rules:
-#  # "default alert" approach
-#  - [ info, {}, {quick: true, log: true, msg: "Suspected packet!"} ]
-#
-#  # then, selectively ignore certain traffic
-#  - [ pass, {af: inet, from: {addr: any}, to: {addr: any}} ]
-#  - [ warn, {proto: tcp, from: {addr: *blacklist}, to: {addr: any, port: *www}, flags: syn} ]
-#  - [ warn, {proto: tcp, from: {addr: any, port: 123}, to: {addr: *dmz}} ]
-#  - [ crit, {af: inet6, from: {addr: any}, to: {addr: any}}, {log: true} ]
-#  - [ pass, {af: inet, proto: tcp, from: {addr: *mz}, to: {addr: *web_server, port: *www}, {quick: true}} ]
-#  - [ warn, {proto: udp, from: {addr: *redzone}, to: {addr: 10.1.0.32, port: 21}} ]
-#  - [ info, {proto: tcp, from: {addr: 172.16.0.6}, to: {addr: 192.168.0.14, port: 22}} ]
-#  - [ crit, {proto: tcp, from: {addr: *blacklist}, to: {addr: *mz}}, {log: true, msg: *msg002} ]
-#  - [ info, {proto: tcp, to: {addr: 192.168.0.14, port: 22}} ]
-#  - [ pass, {proto: tcp, from: {addr: *id001}, to: {addr: *sql_server, port: 3306}} ]
-#  - [ info, {af: inet, proto: icmp, from: {addr: google.com}, to: {addr: *mz}}, {log: true, msg: *msg001} ]

data/lib/aoandon/error/not_implemented_error.rb

@@ -1,4 +0,0 @@
-module Aoandon
-  class NotImplementedError < StandardError
-  end
-end