aoandon 0.0.5 → 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 288e3328eee2b51da9106adecdfbefe4c78cd2ac
4
- data.tar.gz: f9d68c2c82944649f86ede9b5fef55de75baf3b0
2
+ SHA256:
3
+ metadata.gz: d60b2d838c6206b56aae170861b9d40aebd5b2c4d5f857b0d53f7ef5fdce5ca9
4
+ data.tar.gz: 119c1e89887f10c8ec64554357f9e0e74f1c82e6b8c3703450c29fc81da9c3b0
5
5
  SHA512:
6
- metadata.gz: 471ef73763dcd8466a693e7536947d17334bc819639eac5798488301968a4cb09cb29a302dc922e5bf9e76a15e3670d2e7c14ede50f735be66a001adc6bbea95
7
- data.tar.gz: 103d18f77b3a06681ef8114ac18d48ac11bc1ede75c7aae6204858b56672e5100be54a5e797f154b0bb9306f85191d7229d981be2e2028c0786eb797c4a660b6
6
+ metadata.gz: 562da47deae49df1c8b8d9ddf41647fc902e67235e4876ea29479d136dafd9d6e303b8280dfca90266365916c37800f768f2371d470571b4f1b8ed9e368fe0c2
7
+ data.tar.gz: b5b623f88e1af383901b7ae3c85a7d91876076537a9bc09bd82a4471adc51ca390c7b5d68c481d4743a525b95a6ce476bb8182f62d98736d3261ad1e412c6b62
data/LICENSE.md CHANGED
@@ -1,22 +1,21 @@
1
- Copyright (c) 2012 Cyril Wack
1
+ The MIT License (MIT)
2
2
 
3
- MIT License
3
+ Copyright (c) 2012-2021 Cyril Kato
4
4
 
5
- Permission is hereby granted, free of charge, to any person obtaining
6
- a copy of this software and associated documentation files (the
7
- "Software"), to deal in the Software without restriction, including
8
- without limitation the rights to use, copy, modify, merge, publish,
9
- distribute, sublicense, and/or sell copies of the Software, and to
10
- permit persons to whom the Software is furnished to do so, subject to
11
- the following conditions:
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
12
11
 
13
- The above copyright notice and this permission notice shall be
14
- included in all copies or substantial portions of the Software.
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
15
14
 
16
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
- EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
- NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
- LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
- OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
- WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md CHANGED
@@ -2,37 +2,63 @@
2
2
 
3
3
  <span lang="ja"><ruby>青<rt>ao</rt>行燈<rt>andon</rt></ruby></span> is a minimalist network intrusion detection system (NIDS).
4
4
 
5
- ![Blue andon creature](https://raw.githubusercontent.com/cyril/aoandon.rb/master/blue-andon-creature.jpg)
5
+ ![Blue andon creature](https://raw.githubusercontent.com/cyril/aoandon.rb/main/blue-andon-creature.jpg)
6
6
 
7
7
  ## Status
8
8
 
9
- * [![Gem Version](https://badge.fury.io/rb/aoandon.svg)](//badge.fury.io/rb/aoandon)
9
+ [![Gem Version](https://badge.fury.io/rb/aoandon.svg)](https://badge.fury.io/rb/aoandon)
10
+ [![Build Status](https://travis-ci.org/cyril/aoandon.rb.svg?branch=main)](https://travis-ci.org/cyril/aoandon.rb)
11
+ [![Inline Docs](https://inch-ci.org/github/cyril/aoandon.rb.svg)](https://inch-ci.org/github/cyril/aoandon.rb)
12
+ ![](https://ruby-gem-downloads-badge.herokuapp.com/aoandon?type=total)
10
13
 
11
14
  ## Installation
12
15
 
13
16
  Add this line to your application's Gemfile:
14
17
 
15
- gem 'aoandon'
18
+ ```ruby
19
+ gem "aoandon"
20
+ ```
16
21
 
17
22
  And then execute:
18
23
 
19
- $ bundle
24
+ ```sh
25
+ bundle
26
+ ```
20
27
 
21
28
  Or install it yourself as:
22
29
 
23
- $ gem install aoandon
30
+ ```sh
31
+ gem install accept_language
32
+ ```
24
33
 
25
34
  ## Getting started
26
35
 
27
- $ ifconfig
28
- $ aoandon -h
29
- Usage: bin/aoandon [options]
36
+ To start, let's look at the machine's network interfaces in console:
37
+
38
+ ```sh
39
+ ifconfig
40
+ ```
41
+
42
+ And let's display the help menu:
43
+
44
+ ```sh
45
+ aoandon -h
46
+ ```
47
+
48
+ Usage: aoandon [options]
30
49
  -f, --file <path> Load the rules contained in file <path>.
31
50
  -h, --help Help.
32
51
  -i, --interface <if> Sniff on network interface <if>.
33
52
  -v, --verbose Produce more verbose output.
34
53
  -V, --version Show the version number and exit.
35
- $ sudo aoandon -i en0 -v
54
+ Stopping Aoandon NIDS... done.
55
+
56
+ Now, let's start scanning the network traffic on the machine's en0 network interface:
57
+
58
+ ```sh
59
+ sudo aoandon -i en0 -v
60
+ ```
61
+
36
62
  Starting Aoandon NIDS on interface en0...
37
63
  Log file: /var/log/aoandon.yml
38
64
  Ruleset: /Users/bob/code/aoandon.rb/config/rules.yml
@@ -189,13 +215,13 @@ Some semantic analysis can also be done through Aoandon NIDS extensions, using m
189
215
  module Aoandon
190
216
  module DynamicRule
191
217
  module Less1024
192
- MESSAGE = 'Port numbers < 1024'
218
+ MESSAGE = "Port numbers < 1024"
193
219
  PROTO_TCP = 6
194
220
  PROTO_UDP = 17
195
221
  WELL_KNOWN_PORTS = (0..1023)
196
222
 
197
223
  def self.control?(packet)
198
- (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
224
+ (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
199
225
  less_1024?(packet.sport) && less_1024?(packet.dport)
200
226
  end
201
227
 
@@ -230,7 +256,7 @@ end
230
256
  module Aoandon
231
257
  module DynamicRule
232
258
  module MoreFragments
233
- MESSAGE = 'More Fragment bit is set'
259
+ MESSAGE = "More Fragment bit is set"
234
260
 
235
261
  def self.control?(packet)
236
262
  packet.ip_mf?
@@ -249,8 +275,8 @@ end
249
275
  module Aoandon
250
276
  module DynamicRule
251
277
  module SameIp
252
- LOCALHOST = '127.0.0.1'
253
- MESSAGE = 'Same IP'
278
+ LOCALHOST = "127.0.0.1"
279
+ MESSAGE = "Same IP"
254
280
 
255
281
  def self.control?(packet)
256
282
  packet.ip_src == packet.ip_dst && !loopback?(packet.ip_src)
@@ -276,7 +302,7 @@ module Aoandon
276
302
  module DynamicRule
277
303
  module SynFlood
278
304
  BUFFER = 20
279
- MESSAGE = 'SYN flood attack'
305
+ MESSAGE = "SYN flood attack"
280
306
  PROTO_TCP = 6
281
307
 
282
308
  def self.control?(packet)
@@ -310,10 +336,10 @@ module Aoandon
310
336
  end
311
337
  ```
312
338
 
313
- ## Contributing
339
+ ## Versioning
340
+
341
+ __Aoandon__ uses [Semantic Versioning 2.0.0](https://semver.org/)
342
+
343
+ ## License
314
344
 
315
- 1. Fork it
316
- 2. Create your feature branch (`git checkout -b my-new-feature`)
317
- 3. Commit your changes (`git commit -am 'Add some feature'`)
318
- 4. Push to the branch (`git push origin my-new-feature`)
319
- 5. Create a new Pull Request
345
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/bin/aoandon CHANGED
@@ -1,6 +1,7 @@
1
1
  #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
2
3
 
3
- require_relative '../lib/aoandon'
4
+ require_relative "../lib/aoandon"
4
5
 
5
6
  ao = Aoandon::Nids.new
6
7
  ao.run
data/lib/aoandon.rb CHANGED
@@ -1,23 +1,24 @@
1
- require 'ipaddr'
2
- require 'optparse'
3
- require 'pcap'
4
- require 'time'
5
- require 'yaml'
1
+ # frozen_string_literal: false
6
2
 
7
- require_relative 'aoandon/analysis'
8
- require_relative 'aoandon/analysis/semantic'
9
- require_relative 'aoandon/analysis/syntax'
10
- require_relative 'aoandon/error/not_implemented_error'
11
- require_relative 'aoandon/log'
12
- require_relative 'aoandon/static_rule'
3
+ require "ipaddr"
4
+ require "optparse"
5
+ require "pcap"
6
+ require "time"
7
+ require "yaml"
13
8
 
14
- Dir['lib/aoandon/dynamic_rule/*.rb'].each do |src|
9
+ require_relative "aoandon/analysis"
10
+ require_relative "aoandon/analysis/semantic"
11
+ require_relative "aoandon/analysis/syntax"
12
+ require_relative "aoandon/log"
13
+ require_relative "aoandon/static_rule"
14
+
15
+ Dir["lib/aoandon/dynamic_rule/*.rb"].each do |src|
15
16
  load src
16
17
  end
17
18
 
18
19
  module Aoandon
19
20
  class Nids
20
- CONF_PATH = 'config/rules.yml'
21
+ CONF_PATH = "config/rules.yml"
21
22
 
22
23
  def initialize
23
24
  options = Nids.parse
@@ -25,13 +26,13 @@ module Aoandon
25
26
  options[:interface] = Pcap.lookupdev unless options[:interface]
26
27
  puts "Starting Aoandon NIDS on interface #{options[:interface]}..."
27
28
  log = Log.new(options[:verbose])
28
- @syntax = Syntax.new(log, {file: options[:file]})
29
+ @syntax = Syntax.new(log, { file: options[:file] })
29
30
  @semantic = Semantic.new(log)
30
31
  @network_interface = Pcap::Capture.open_live(options[:interface])
31
32
  end
32
33
 
33
34
  def run
34
- puts 'You can stop Aoandon NIDS by pressing Ctrl-C.'
35
+ puts "You can stop Aoandon NIDS by pressing Ctrl-C."
35
36
 
36
37
  @network_interface.each_packet do |packet|
37
38
  if packet.ip?
@@ -47,12 +48,12 @@ module Aoandon
47
48
  options = {}
48
49
 
49
50
  OptionParser.new do |opts|
50
- opts.banner = "Usage: #$0 [options]"
51
- opts.on('-f', '--file <path>', 'Load the rules contained in file <path>.') {|f| options[:file] = f }
52
- opts.on('-h', '--help', 'Help.') { puts opts; exit }
53
- opts.on('-i', '--interface <if>', 'Sniff on network interface <if>.') {|i| options[:interface] = i }
54
- opts.on('-v', '--verbose', 'Produce more verbose output.') { options[:verbose] = true }
55
- opts.on('-V', '--version', 'Show the version number and exit.') { version; exit }
51
+ opts.banner = "Usage: #{$0} [options]"
52
+ opts.on("-f", "--file <path>", "Load the rules contained in file <path>.") { |f| options[:file] = f }
53
+ opts.on("-h", "--help", "Help.") { puts opts; exit }
54
+ opts.on("-i", "--interface <if>", "Sniff on network interface <if>.") { |i| options[:interface] = i }
55
+ opts.on("-v", "--verbose", "Produce more verbose output.") { options[:verbose] = true }
56
+ opts.on("-V", "--version", "Show the version number and exit.") { version; exit }
56
57
  end.parse!
57
58
 
58
59
  options
@@ -62,8 +63,8 @@ module Aoandon
62
63
  puts "Aoandon #{VERSION}"
63
64
  end
64
65
 
65
- trap('INT') { exit }
66
- at_exit { print 'Stopping Aoandon NIDS... ' }
67
- ObjectSpace.define_finalizer('string', proc { puts 'done.' })
66
+ trap("INT") { exit }
67
+ at_exit { print "Stopping Aoandon NIDS... " }
68
+ ObjectSpace.define_finalizer("string", proc { puts "done." })
68
69
  end
69
70
  end
@@ -1,11 +1,13 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
4
  class Analysis
3
- def initialize(logger, options = {})
5
+ def initialize(logger, _options = {})
4
6
  @logger = logger
5
7
  end
6
8
 
7
- def update(packet = '')
8
- raise NotImplementedError, 'Must subclass me'
9
+ def update(_packet = "")
10
+ raise NotImplementedError, "Must subclass me"
9
11
  end
10
12
  end
11
13
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
4
  class Semantic < Analysis
3
5
  def initialize(logger, options = {})
@@ -9,16 +11,12 @@ module Aoandon
9
11
  def test(packet)
10
12
  if defined? DynamicRule
11
13
  DynamicRule.constants.each do |rule|
12
- if DynamicRule.const_get(rule).control?(packet)
13
- dump = DynamicRule.const_get(rule).logging?(packet) ? packet : nil
14
- message = if DynamicRule.const_get(rule).constants.include?(:MESSAGE)
15
- DynamicRule.const_get(rule)::MESSAGE
16
- else
17
- nil
18
- end
14
+ next unless DynamicRule.const_get(rule).control?(packet)
15
+
16
+ dump = DynamicRule.const_get(rule).logging?(packet) ? packet : nil
17
+ message = (DynamicRule.const_get(rule)::MESSAGE if DynamicRule.const_get(rule).constants.include?(:MESSAGE))
19
18
 
20
- @logger.message(packet.time.iso8601, 'SEMANT', rule.downcase, message, dump)
21
- end
19
+ @logger.message(packet.time.iso8601, "SEMANT", rule.downcase, message, dump)
22
20
  end
23
21
  end
24
22
  end
@@ -1,40 +1,40 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
4
  class Syntax < Analysis
3
5
  def initialize(logger, options = {})
4
6
  super(logger, options)
5
7
 
6
8
  abort("Configuration file not found: #{options[:file]}") unless File.exist?(options[:file])
7
- @rules = Array(YAML::load_file(options[:file])['rules']).map {|rule| StaticRule.new(*rule) }
9
+ @rules = Array(YAML.load_file(options[:file])["rules"]).map { |rule| StaticRule.new(*rule) }
8
10
 
9
11
  puts "Ruleset: #{File.expand_path(options[:file])}"
10
12
  end
11
13
 
12
14
  def test(packet)
13
15
  @rules.each do |rule|
14
- if match?(packet, rule.context)
15
- break if (@last_rule = rule).options['quick']
16
- end
16
+ break if match?(packet, rule.context) && (@last_rule = rule).options["quick"]
17
17
  end
18
18
 
19
- if @last_rule && @last_rule.action != 'pass'
20
- message = @last_rule.options['msg'] || 'Bad packet detected!'
21
- dump = @last_rule.options['log'] ? packet : nil
22
- @logger.message(packet.time.iso8601, 'SYNTAX', @last_rule.action, message, dump)
19
+ if @last_rule && @last_rule.action != "pass"
20
+ message = @last_rule.options["msg"] || "Bad packet detected!"
21
+ dump = @last_rule.options["log"] ? packet : nil
22
+ @logger.message(packet.time.iso8601, "SYNTAX", @last_rule.action, message, dump)
23
23
  end
24
24
  end
25
25
 
26
26
  protected
27
27
 
28
28
  def match?(packet, network_context)
29
- network_context.update({'af' => af2id(packet.ip_ver)}) unless network_context.has_key?('af')
30
- match_proto?(packet, network_context) if packet.ip_ver == af(network_context.fetch('af'))
29
+ network_context.update({ "af" => af2id(packet.ip_ver) }) unless network_context.has_key?("af")
30
+ match_proto?(packet, network_context) if packet.ip_ver == af(network_context.fetch("af"))
31
31
  end
32
32
 
33
33
  def af2id(af)
34
34
  if af == 4
35
- 'inet'
35
+ "inet"
36
36
  elsif af == 6
37
- 'inet6'
37
+ "inet6"
38
38
  end
39
39
  end
40
40
 
@@ -47,8 +47,8 @@ module Aoandon
47
47
  end
48
48
 
49
49
  def match_proto?(packet, network_context)
50
- if network_context['proto']
51
- if packet.ip_proto == proto(network_context['proto'])
50
+ if network_context["proto"]
51
+ if packet.ip_proto == proto(network_context["proto"])
52
52
  if packet.ip_proto == 1
53
53
  match_proto_icmp?(packet, network_context)
54
54
  elsif packet.ip_proto == 6
@@ -89,9 +89,9 @@ module Aoandon
89
89
  def match_addr?(packet, network_context)
90
90
  result = true
91
91
 
92
- [['from', 'src'], ['to', 'dst']].each do |way, obj|
93
- unless network_context[way].fetch('addr') == 'any'
94
- result = result && refer2addr?((packet.send(obj)), network_context[way].fetch('addr'))
92
+ [%w[from src], %w[to dst]].each do |way, obj|
93
+ unless network_context[way].fetch("addr") == "any"
94
+ result &&= refer2addr?(packet.send(obj), network_context[way].fetch("addr"))
95
95
  end
96
96
  end
97
97
 
@@ -101,9 +101,9 @@ module Aoandon
101
101
  def match_port?(packet, network_context)
102
102
  result = true
103
103
 
104
- [['from', 'sport'], ['to', 'dport']].each do |way, obj|
105
- if network_context[way].has_key?('port')
106
- result = result && refer2port?((packet.send(obj)).to_i, network_context[way].fetch('port'))
104
+ [%w[from sport], %w[to dport]].each do |way, obj|
105
+ if network_context[way].has_key?("port")
106
+ result &&= refer2port?(packet.send(obj).to_i, network_context[way].fetch("port"))
107
107
  end
108
108
  end
109
109
 
@@ -111,9 +111,9 @@ module Aoandon
111
111
  end
112
112
 
113
113
  def match_flag?(packet, network_context)
114
- return true unless network_context['flags']
114
+ return true unless network_context["flags"]
115
115
 
116
- network_context['flags'].each do |flag|
116
+ network_context["flags"].each do |flag|
117
117
  return true if packet.send("tcp_#{flag}?")
118
118
  end
119
119
 
@@ -145,7 +145,7 @@ module Aoandon
145
145
  pattern.include?(number)
146
146
  elsif pattern.is_a? Hash
147
147
  pattern.has_key?(number)
148
- elsif pattern.is_a? Fixnum
148
+ elsif pattern.is_a? Integer
149
149
  number == pattern
150
150
  else
151
151
  false
@@ -1,22 +1,22 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
4
  module DynamicRule
3
5
  module Less1024
4
- MESSAGE = 'Port numbers < 1024'
6
+ MESSAGE = "Port numbers < 1024"
5
7
  PROTO_TCP = 6
6
8
  PROTO_UDP = 17
7
9
  WELL_KNOWN_PORTS = (0..1023)
8
10
 
9
11
  def self.control?(packet)
10
- (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
12
+ (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
11
13
  less_1024?(packet.sport) && less_1024?(packet.dport)
12
14
  end
13
15
 
14
- def self.logging?(packet)
16
+ def self.logging?(_packet)
15
17
  true
16
18
  end
17
19
 
18
- private
19
-
20
20
  def self.different_ports?(src_port, dst_port)
21
21
  src_port != dst_port
22
22
  end
data/lib/aoandon/log.rb CHANGED
@@ -1,11 +1,13 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
4
  class Log
3
5
  def initialize(verbose = false)
4
- @file = if File.exist?('log/aoandon.yml')
5
- File.open('log/aoandon.yml', 'a')
6
- else
7
- File.open('/var/log/aoandon.yml', 'a')
8
- end
6
+ @file = if File.exist?("log/aoandon.yml")
7
+ File.open("log/aoandon.yml", "a")
8
+ else
9
+ File.open("/var/log/aoandon.yml", "a")
10
+ end
9
11
 
10
12
  @verbose = verbose
11
13
 
@@ -13,7 +15,7 @@ module Aoandon
13
15
  end
14
16
 
15
17
  def message(*args)
16
- puts args.compact.map(&:to_s).join(' | ') if @verbose
18
+ puts args.compact.map(&:to_s).join(" | ") if @verbose
17
19
  @file.puts "- #{args.compact.map(&:to_s)}"
18
20
  @file.flush
19
21
  end
@@ -1,16 +1,18 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aoandon
2
- class StaticRule < Struct.new(:action, :context, :options)
4
+ StaticRule = Struct.new(:action, :context, :options) do
3
5
  def initialize(*args)
4
6
  super(*args)
5
7
 
6
- self.context['from'] ||= {'addr' => 'any'}
7
- self.context['to' ] ||= {'addr' => 'any'}
8
+ context["from"] ||= { "addr" => "any" }
9
+ context["to"] ||= { "addr" => "any" }
8
10
 
9
- self.context['from'].update('addr' => 'any') unless self.context['from']['addr']
10
- self.context['to' ].update('addr' => 'any') unless self.context['to' ]['addr']
11
+ context["from"].update("addr" => "any") unless context["from"]["addr"]
12
+ context["to"].update("addr" => "any") unless context["to"]["addr"]
11
13
 
12
14
  self.options ||= {}
13
- self.options.update('log' => false) unless self.options.has_key?('log')
15
+ self.options.update("log" => false) unless self.options.has_key?("log")
14
16
  end
15
17
  end
16
18
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aoandon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.6
5
5
  platform: ruby
6
6
  authors:
7
- - Cyril Wack
7
+ - Cyril Kato
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-05-30 00:00:00.000000000 Z
11
+ date: 2021-05-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ruby-pcap
@@ -28,70 +28,128 @@ dependencies:
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '1.6'
33
+ version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '1.6'
40
+ version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
- name: minitest
42
+ name: rake
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
- version: '5'
47
+ version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
- version: '5'
54
+ version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
- name: rake
56
+ name: rubocop-md
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - "~>"
59
+ - - ">="
60
60
  - !ruby/object:Gem::Version
61
- version: '10'
61
+ version: '0'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - "~>"
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rubocop-performance
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rubocop-rake
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rubocop-thread_safety
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
67
109
  - !ruby/object:Gem::Version
68
- version: '10'
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: simplecov
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
125
+ - !ruby/object:Gem::Dependency
126
+ name: yard
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - ">="
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - ">="
137
+ - !ruby/object:Gem::Version
138
+ version: '0'
69
139
  description: Aoandon (青行燈) is a minimalist network intrusion detection system (NIDS).
70
- email:
71
- - contact@cyril.io
72
- executables:
73
- - aoandon
140
+ email: contact@cyril.email
141
+ executables: []
74
142
  extensions: []
75
143
  extra_rdoc_files: []
76
144
  files:
77
- - ".gitattributes"
78
- - ".gitignore"
79
- - ".ruby-version"
80
- - Gemfile
81
145
  - LICENSE.md
82
146
  - README.md
83
- - Rakefile
84
- - VERSION.semver
85
- - aoandon.gemspec
86
147
  - bin/aoandon
87
- - blue-andon-creature.jpg
88
- - config/rules.yml
89
148
  - lib/aoandon.rb
90
149
  - lib/aoandon/analysis.rb
91
150
  - lib/aoandon/analysis/semantic.rb
92
151
  - lib/aoandon/analysis/syntax.rb
93
152
  - lib/aoandon/dynamic_rule/less1024.rb
94
- - lib/aoandon/error/not_implemented_error.rb
95
153
  - lib/aoandon/log.rb
96
154
  - lib/aoandon/static_rule.rb
97
155
  homepage: https://github.com/cyril/aoandon.rb
@@ -106,15 +164,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
106
164
  requirements:
107
165
  - - ">="
108
166
  - !ruby/object:Gem::Version
109
- version: '0'
167
+ version: 2.7.0
110
168
  required_rubygems_version: !ruby/object:Gem::Requirement
111
169
  requirements:
112
170
  - - ">="
113
171
  - !ruby/object:Gem::Version
114
172
  version: '0'
115
173
  requirements: []
116
- rubyforge_project:
117
- rubygems_version: 2.2.2
174
+ rubygems_version: 3.1.6
118
175
  signing_key:
119
176
  specification_version: 4
120
177
  summary: Minimalist network intrusion detection system (NIDS).
data/.gitattributes DELETED
@@ -1,10 +0,0 @@
1
- # Set default behaviour, in case users don't have core.autocrlf set.
2
- * text=auto
3
-
4
- # Explicitly declare text files we want to always be normalized and converted
5
- # to native line endings on checkout.
6
- *.rb text
7
-
8
- # Denote all files that are truly binary and should not be modified.
9
- *.png binary
10
- *.jpg binary
data/.gitignore DELETED
@@ -1,20 +0,0 @@
1
- *.gem
2
- *.jpg
3
- *.rbc
4
- .bundle
5
- .config
6
- .DS_Store
7
- .yardoc
8
- Gemfile.lock
9
- InstalledFiles
10
- _yardoc
11
- coverage
12
- doc/
13
- lib/bundler/man
14
- log/*
15
- pkg
16
- rdoc
17
- spec/reports
18
- test/tmp
19
- test/version_tmp
20
- tmp
data/.ruby-version DELETED
@@ -1 +0,0 @@
1
- 2.1.2
data/Gemfile DELETED
@@ -1,2 +0,0 @@
1
- source 'https://rubygems.org'
2
- gemspec
data/Rakefile DELETED
@@ -1,7 +0,0 @@
1
- require 'bundler/gem_tasks'
2
- require 'rake/testtask'
3
-
4
- Rake::TestTask.new do |t|
5
- end
6
-
7
- task default: :test
data/VERSION.semver DELETED
@@ -1 +0,0 @@
1
- 0.0.5
data/aoandon.gemspec DELETED
@@ -1,21 +0,0 @@
1
- Gem::Specification.new do |spec|
2
- spec.name = 'aoandon'
3
- spec.version = File.read('VERSION.semver')
4
- spec.authors = ['Cyril Wack']
5
- spec.email = ['contact@cyril.io']
6
- spec.homepage = 'https://github.com/cyril/aoandon.rb'
7
- spec.summary = %q{Minimalist network intrusion detection system (NIDS).}
8
- spec.description = %q{Aoandon (青行燈) is a minimalist network intrusion detection system (NIDS).}
9
- spec.license = 'MIT'
10
-
11
- spec.files = `git ls-files -z`.split("\x0")
12
- spec.executables = spec.files.grep(%r{^bin/}) {|f| File.basename(f) }
13
- spec.test_files = spec.files.grep(%r{^test/})
14
- spec.require_paths = ['lib']
15
-
16
- spec.add_dependency 'ruby-pcap', '~> 0.7'
17
-
18
- spec.add_development_dependency 'bundler', '~> 1.6'
19
- spec.add_development_dependency 'minitest', '~> 5'
20
- spec.add_development_dependency 'rake', '~> 10'
21
- end
data/config/rules.yml DELETED
@@ -1,54 +0,0 @@
1
- # Aoandon NIDS configuration file
2
- ---
3
- #macros:
4
- # web_server: &web_server
5
- # 114.21.70.71
6
- # gateway: &gw
7
- # 192.168.0.1
8
-
9
- #tables:
10
- # redzone: &redzone
11
- # - "81.15.142.23"
12
- # hacker: &id001
13
- # - 81.15.142.23
14
- # - 42.154.25.213
15
- # blacklist: &blacklist
16
- # - *id001
17
- # - *gw
18
- # - 81.15.142.23
19
- # - "64.81.240.57"
20
- # unknown:
21
- # - any
22
- # mz: &mz
23
- # 192.168.0.201
24
- # dmz: &dmz
25
- # sql_server: &sql_server
26
- # 10.0.0.2
27
-
28
- #ports:
29
- # web: &www
30
- # - 80
31
- # - 443
32
- # p2p:
33
- # - 63192
34
-
35
- #messages:
36
- # - &msg001 "ICMP packet from Google to MZ"
37
- # - &msg002 "MZ intrusion detected!"
38
-
39
- rules:
40
- # # "default alert" approach
41
- # - [ info, {}, {quick: true, log: true, msg: "Suspected packet!"} ]
42
- #
43
- # # then, selectively ignore certain traffic
44
- # - [ pass, {af: inet, from: {addr: any}, to: {addr: any}} ]
45
- # - [ warn, {proto: tcp, from: {addr: *blacklist}, to: {addr: any, port: *www}, flags: syn} ]
46
- # - [ warn, {proto: tcp, from: {addr: any, port: 123}, to: {addr: *dmz}} ]
47
- # - [ crit, {af: inet6, from: {addr: any}, to: {addr: any}}, {log: true} ]
48
- # - [ pass, {af: inet, proto: tcp, from: {addr: *mz}, to: {addr: *web_server, port: *www}, {quick: true}} ]
49
- # - [ warn, {proto: udp, from: {addr: *redzone}, to: {addr: 10.1.0.32, port: 21}} ]
50
- # - [ info, {proto: tcp, from: {addr: 172.16.0.6}, to: {addr: 192.168.0.14, port: 22}} ]
51
- # - [ crit, {proto: tcp, from: {addr: *blacklist}, to: {addr: *mz}}, {log: true, msg: *msg002} ]
52
- # - [ info, {proto: tcp, to: {addr: 192.168.0.14, port: 22}} ]
53
- # - [ pass, {proto: tcp, from: {addr: *id001}, to: {addr: *sql_server, port: 3306}} ]
54
- # - [ info, {af: inet, proto: icmp, from: {addr: google.com}, to: {addr: *mz}}, {log: true, msg: *msg001} ]
@@ -1,4 +0,0 @@
1
- module Aoandon
2
- class NotImplementedError < StandardError
3
- end
4
- end