aoandon 0.0.6 → 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +7 -7
  3. data/lib/aoandon.rb +5 -3
  4. data/lib/aoandon/analysis/syntax.rb +29 -23
  5. data/lib/aoandon/dynamic_rule/less1024.rb +1 -1
  6. data/lib/aoandon/log.rb +10 -6
  7. data/lib/aoandon/static_rule.rb +1 -1
  8. data/lib/aoandon/version.rb +5 -0
  9. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d60b2d838c6206b56aae170861b9d40aebd5b2c4d5f857b0d53f7ef5fdce5ca9
4
- data.tar.gz: 119c1e89887f10c8ec64554357f9e0e74f1c82e6b8c3703450c29fc81da9c3b0
3
+ metadata.gz: 0b404ee00be509e8bb241c123cf12145e43028c9ea4e8bd8e3e85e83ab310633
4
+ data.tar.gz: b755263c90d97d880e36c86a85b654bf8f421889296c3bec01bc03e8a61a8e0e
5
5
  SHA512:
6
- metadata.gz: 562da47deae49df1c8b8d9ddf41647fc902e67235e4876ea29479d136dafd9d6e303b8280dfca90266365916c37800f768f2371d470571b4f1b8ed9e368fe0c2
7
- data.tar.gz: b5b623f88e1af383901b7ae3c85a7d91876076537a9bc09bd82a4471adc51ca390c7b5d68c481d4743a525b95a6ce476bb8182f62d98736d3261ad1e412c6b62
6
+ metadata.gz: 35a6d37a43a59c56ee946c2dc440565473bc8d0b1dfece934433c1b6f583de42cc91363374166e5fd8af146f32670fbe5b06e65b109ddef36069ab0903e277b4
7
+ data.tar.gz: 92c55e993652ef9afa7ceb415ff54864a173717aff11a571cf2558e91380b4aae7a2cbcf872ffd5e6a0a254ff7252a750b93447d5a7c45a3dc7eec260ab16cea
data/README.md CHANGED
@@ -28,7 +28,7 @@ bundle
28
28
  Or install it yourself as:
29
29
 
30
30
  ```sh
31
- gem install accept_language
31
+ gem install aoandon
32
32
  ```
33
33
 
34
34
  ## Getting started
@@ -215,10 +215,10 @@ Some semantic analysis can also be done through Aoandon NIDS extensions, using m
215
215
  module Aoandon
216
216
  module DynamicRule
217
217
  module Less1024
218
- MESSAGE = "Port numbers < 1024"
218
+ MESSAGE = "Port numbers < 1024".freeze
219
219
  PROTO_TCP = 6
220
220
  PROTO_UDP = 17
221
- WELL_KNOWN_PORTS = (0..1023)
221
+ WELL_KNOWN_PORTS = (0..1023).freeze
222
222
 
223
223
  def self.control?(packet)
224
224
  (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
@@ -256,7 +256,7 @@ end
256
256
  module Aoandon
257
257
  module DynamicRule
258
258
  module MoreFragments
259
- MESSAGE = "More Fragment bit is set"
259
+ MESSAGE = "More Fragment bit is set".freeze
260
260
 
261
261
  def self.control?(packet)
262
262
  packet.ip_mf?
@@ -275,8 +275,8 @@ end
275
275
  module Aoandon
276
276
  module DynamicRule
277
277
  module SameIp
278
- LOCALHOST = "127.0.0.1"
279
- MESSAGE = "Same IP"
278
+ LOCALHOST = "127.0.0.1".freeze
279
+ MESSAGE = "Same IP".freeze
280
280
 
281
281
  def self.control?(packet)
282
282
  packet.ip_src == packet.ip_dst && !loopback?(packet.ip_src)
@@ -302,7 +302,7 @@ module Aoandon
302
302
  module DynamicRule
303
303
  module SynFlood
304
304
  BUFFER = 20
305
- MESSAGE = "SYN flood attack"
305
+ MESSAGE = "SYN flood attack".freeze
306
306
  PROTO_TCP = 6
307
307
 
308
308
  def self.control?(packet)
data/lib/aoandon.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: false
2
2
 
3
+ require "bundler/setup"
3
4
  require "ipaddr"
4
5
  require "optparse"
5
6
  require "pcap"
@@ -11,6 +12,7 @@ require_relative "aoandon/analysis/semantic"
11
12
  require_relative "aoandon/analysis/syntax"
12
13
  require_relative "aoandon/log"
13
14
  require_relative "aoandon/static_rule"
15
+ require_relative "aoandon/version"
14
16
 
15
17
  Dir["lib/aoandon/dynamic_rule/*.rb"].each do |src|
16
18
  load src
@@ -18,10 +20,10 @@ end
18
20
 
19
21
  module Aoandon
20
22
  class Nids
21
- CONF_PATH = "config/rules.yml"
23
+ CONF_PATH = "config/rules.yml".freeze
22
24
 
23
25
  def initialize
24
- options = Nids.parse
26
+ options = self.class.parse
25
27
  options[:file] = CONF_PATH unless options[:file]
26
28
  options[:interface] = Pcap.lookupdev unless options[:interface]
27
29
  puts "Starting Aoandon NIDS on interface #{options[:interface]}..."
@@ -48,7 +50,7 @@ module Aoandon
48
50
  options = {}
49
51
 
50
52
  OptionParser.new do |opts|
51
- opts.banner = "Usage: #{$0} [options]"
53
+ opts.banner = "Usage: #{$PROGRAM_NAME} [options]"
52
54
  opts.on("-f", "--file <path>", "Load the rules contained in file <path>.") { |f| options[:file] = f }
53
55
  opts.on("-h", "--help", "Help.") { puts opts; exit }
54
56
  opts.on("-i", "--interface <if>", "Sniff on network interface <if>.") { |i| options[:interface] = i }
data/lib/aoandon/analysis/syntax.rb CHANGED
@@ -26,22 +26,24 @@ module Aoandon
26
26
  protected
27
27
 
28
28
  def match?(packet, network_context)
29
- network_context.update({ "af" => af2id(packet.ip_ver) }) unless network_context.has_key?("af")
29
+ network_context.update({ "af" => af2id(packet.ip_ver) }) unless network_context.key?("af")
30
30
  match_proto?(packet, network_context) if packet.ip_ver == af(network_context.fetch("af"))
31
31
  end
32
32
 
33
33
  def af2id(af)
34
- if af == 4
34
+ case af
35
+ when 4
35
36
  "inet"
36
- elsif af == 6
37
+ when 6
37
38
  "inet6"
38
39
  end
39
40
  end
40
41
 
41
42
  def af(name)
42
- if name.to_sym == :inet
43
+ case name.to_sym
44
+ when :inet
43
45
  4
44
- elsif name.to_sym == :inet6
46
+ when :inet6
45
47
  6
46
48
  end
47
49
  end
@@ -49,13 +51,14 @@ module Aoandon
49
51
  def match_proto?(packet, network_context)
50
52
  if network_context["proto"]
51
53
  if packet.ip_proto == proto(network_context["proto"])
52
- if packet.ip_proto == 1
54
+ case packet.ip_proto
55
+ when 1
53
56
  match_proto_icmp?(packet, network_context)
54
- elsif packet.ip_proto == 6
57
+ when 6
55
58
  match_proto_tcp?(packet, network_context)
56
- elsif packet.ip_proto == 17
59
+ when 17
57
60
  match_proto_udp?(packet, network_context)
58
- elsif packet.ip_proto == 58
61
+ when 58
59
62
  match_proto_icmp6?(packet, network_context)
60
63
  else
61
64
  match_addr?(packet, network_context)
@@ -67,13 +70,14 @@ module Aoandon
67
70
  end
68
71
 
69
72
  def proto(name)
70
- if name.to_sym == :icmp
73
+ case name.to_sym
74
+ when :icmp
71
75
  1
72
- elsif name.to_sym == :icmp6
76
+ when :icmp6
73
77
  58
74
- elsif name.to_sym == :tcp
78
+ when :tcp
75
79
  6
76
- elsif name.to_sym == :udp
80
+ when :udp
77
81
  17
78
82
  end
79
83
  end
@@ -102,7 +106,7 @@ module Aoandon
102
106
  result = true
103
107
 
104
108
  [%w[from sport], %w[to dport]].each do |way, obj|
105
- if network_context[way].has_key?("port")
109
+ if network_context[way].key?("port")
106
110
  result &&= refer2port?(packet.send(obj).to_i, network_context[way].fetch("port"))
107
111
  end
108
112
  end
@@ -129,23 +133,25 @@ module Aoandon
129
133
  end
130
134
 
131
135
  def refer2addr?(addr, pattern)
132
- if pattern.is_a? Array
136
+ case pattern
137
+ when Array
133
138
  pattern.include?(addr.to_num_s) || pattern.include?(addr.hostname)
134
- elsif pattern.is_a? Hash
135
- pattern.has_key?(addr.to_num_s) || pattern.has_key?(addr.hostname)
136
- elsif pattern.is_a? String
137
- addr.to_num_s == pattern || addr.hostname == pattern
139
+ when Hash
140
+ pattern.key?(addr.to_num_s) || pattern.key?(addr.hostname)
141
+ when String
142
+ addr.to_num_s == pattern || addr.hostname == pattern
138
143
  else
139
144
  false
140
145
  end
141
146
  end
142
147
 
143
148
  def refer2port?(number, pattern)
144
- if pattern.is_a? Array
149
+ case pattern
150
+ when Array
145
151
  pattern.include?(number)
146
- elsif pattern.is_a? Hash
147
- pattern.has_key?(number)
148
- elsif pattern.is_a? Integer
152
+ when Hash
153
+ pattern.key?(number)
154
+ when Integer
149
155
  number == pattern
150
156
  else
151
157
  false
data/lib/aoandon/dynamic_rule/less1024.rb CHANGED
@@ -6,7 +6,7 @@ module Aoandon
6
6
  MESSAGE = "Port numbers < 1024"
7
7
  PROTO_TCP = 6
8
8
  PROTO_UDP = 17
9
- WELL_KNOWN_PORTS = (0..1023)
9
+ WELL_KNOWN_PORTS = (0..1023).freeze
10
10
 
11
11
  def self.control?(packet)
12
12
  (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
data/lib/aoandon/log.rb CHANGED
@@ -2,16 +2,20 @@
2
2
 
3
3
  module Aoandon
4
4
  class Log
5
+ LOCAL_PATH = "log/aoandon.yml"
6
+ GLOBAL_PATH = "/var/log/aoandon.yml"
7
+
5
8
  def initialize(verbose = false)
6
- @file = if File.exist?("log/aoandon.yml")
7
- File.open("log/aoandon.yml", "a")
8
- else
9
- File.open("/var/log/aoandon.yml", "a")
10
- end
9
+ file_path = if File.exist?(LOCAL_PATH)
10
+ LOCAL_PATH
11
+ else
12
+ GLOBAL_PATH
13
+ end
11
14
 
15
+ @file = ::File.open(file_path, "a")
12
16
  @verbose = verbose
13
17
 
14
- puts "Log file: #{File.expand_path(@file.path)}"
18
+ puts "Log file: #{::File.expand_path(@file.path)}"
15
19
  end
16
20
 
17
21
  def message(*args)
data/lib/aoandon/static_rule.rb CHANGED
@@ -12,7 +12,7 @@ module Aoandon
12
12
  context["to"].update("addr" => "any") unless context["to"]["addr"]
13
13
 
14
14
  self.options ||= {}
15
- self.options.update("log" => false) unless self.options.has_key?("log")
15
+ self.options.update("log" => false) unless self.options.key?("log")
16
16
  end
17
17
  end
18
18
  end
data/lib/aoandon/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: false
2
+
3
+ module Aoandon
4
+ VERSION = ::Gem.loaded_specs[name.downcase].version.to_s
5
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aoandon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.6
4
+ version: 0.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cyril Kato
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-21 00:00:00.000000000 Z
11
+ date: 2021-05-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ruby-pcap
@@ -152,6 +152,7 @@ files:
152
152
  - lib/aoandon/dynamic_rule/less1024.rb
153
153
  - lib/aoandon/log.rb
154
154
  - lib/aoandon/static_rule.rb
155
+ - lib/aoandon/version.rb
155
156
  homepage: https://github.com/cyril/aoandon.rb
156
157
  licenses:
157
158
  - MIT