aoandon 0.0.6 → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d60b2d838c6206b56aae170861b9d40aebd5b2c4d5f857b0d53f7ef5fdce5ca9
4
- data.tar.gz: 119c1e89887f10c8ec64554357f9e0e74f1c82e6b8c3703450c29fc81da9c3b0
3
+ metadata.gz: 0b404ee00be509e8bb241c123cf12145e43028c9ea4e8bd8e3e85e83ab310633
4
+ data.tar.gz: b755263c90d97d880e36c86a85b654bf8f421889296c3bec01bc03e8a61a8e0e
5
5
  SHA512:
6
- metadata.gz: 562da47deae49df1c8b8d9ddf41647fc902e67235e4876ea29479d136dafd9d6e303b8280dfca90266365916c37800f768f2371d470571b4f1b8ed9e368fe0c2
7
- data.tar.gz: b5b623f88e1af383901b7ae3c85a7d91876076537a9bc09bd82a4471adc51ca390c7b5d68c481d4743a525b95a6ce476bb8182f62d98736d3261ad1e412c6b62
6
+ metadata.gz: 35a6d37a43a59c56ee946c2dc440565473bc8d0b1dfece934433c1b6f583de42cc91363374166e5fd8af146f32670fbe5b06e65b109ddef36069ab0903e277b4
7
+ data.tar.gz: 92c55e993652ef9afa7ceb415ff54864a173717aff11a571cf2558e91380b4aae7a2cbcf872ffd5e6a0a254ff7252a750b93447d5a7c45a3dc7eec260ab16cea
data/README.md CHANGED
@@ -28,7 +28,7 @@ bundle
28
28
  Or install it yourself as:
29
29
 
30
30
  ```sh
31
- gem install accept_language
31
+ gem install aoandon
32
32
  ```
33
33
 
34
34
  ## Getting started
@@ -215,10 +215,10 @@ Some semantic analysis can also be done through Aoandon NIDS extensions, using m
215
215
  module Aoandon
216
216
  module DynamicRule
217
217
  module Less1024
218
- MESSAGE = "Port numbers < 1024"
218
+ MESSAGE = "Port numbers < 1024".freeze
219
219
  PROTO_TCP = 6
220
220
  PROTO_UDP = 17
221
- WELL_KNOWN_PORTS = (0..1023)
221
+ WELL_KNOWN_PORTS = (0..1023).freeze
222
222
 
223
223
  def self.control?(packet)
224
224
  (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
@@ -256,7 +256,7 @@ end
256
256
  module Aoandon
257
257
  module DynamicRule
258
258
  module MoreFragments
259
- MESSAGE = "More Fragment bit is set"
259
+ MESSAGE = "More Fragment bit is set".freeze
260
260
 
261
261
  def self.control?(packet)
262
262
  packet.ip_mf?
@@ -275,8 +275,8 @@ end
275
275
  module Aoandon
276
276
  module DynamicRule
277
277
  module SameIp
278
- LOCALHOST = "127.0.0.1"
279
- MESSAGE = "Same IP"
278
+ LOCALHOST = "127.0.0.1".freeze
279
+ MESSAGE = "Same IP".freeze
280
280
 
281
281
  def self.control?(packet)
282
282
  packet.ip_src == packet.ip_dst && !loopback?(packet.ip_src)
@@ -302,7 +302,7 @@ module Aoandon
302
302
  module DynamicRule
303
303
  module SynFlood
304
304
  BUFFER = 20
305
- MESSAGE = "SYN flood attack"
305
+ MESSAGE = "SYN flood attack".freeze
306
306
  PROTO_TCP = 6
307
307
 
308
308
  def self.control?(packet)
data/lib/aoandon.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: false
2
2
 
3
+ require "bundler/setup"
3
4
  require "ipaddr"
4
5
  require "optparse"
5
6
  require "pcap"
@@ -11,6 +12,7 @@ require_relative "aoandon/analysis/semantic"
11
12
  require_relative "aoandon/analysis/syntax"
12
13
  require_relative "aoandon/log"
13
14
  require_relative "aoandon/static_rule"
15
+ require_relative "aoandon/version"
14
16
 
15
17
  Dir["lib/aoandon/dynamic_rule/*.rb"].each do |src|
16
18
  load src
@@ -18,10 +20,10 @@ end
18
20
 
19
21
  module Aoandon
20
22
  class Nids
21
- CONF_PATH = "config/rules.yml"
23
+ CONF_PATH = "config/rules.yml".freeze
22
24
 
23
25
  def initialize
24
- options = Nids.parse
26
+ options = self.class.parse
25
27
  options[:file] = CONF_PATH unless options[:file]
26
28
  options[:interface] = Pcap.lookupdev unless options[:interface]
27
29
  puts "Starting Aoandon NIDS on interface #{options[:interface]}..."
@@ -48,7 +50,7 @@ module Aoandon
48
50
  options = {}
49
51
 
50
52
  OptionParser.new do |opts|
51
- opts.banner = "Usage: #{$0} [options]"
53
+ opts.banner = "Usage: #{$PROGRAM_NAME} [options]"
52
54
  opts.on("-f", "--file <path>", "Load the rules contained in file <path>.") { |f| options[:file] = f }
53
55
  opts.on("-h", "--help", "Help.") { puts opts; exit }
54
56
  opts.on("-i", "--interface <if>", "Sniff on network interface <if>.") { |i| options[:interface] = i }
@@ -26,22 +26,24 @@ module Aoandon
26
26
  protected
27
27
 
28
28
  def match?(packet, network_context)
29
- network_context.update({ "af" => af2id(packet.ip_ver) }) unless network_context.has_key?("af")
29
+ network_context.update({ "af" => af2id(packet.ip_ver) }) unless network_context.key?("af")
30
30
  match_proto?(packet, network_context) if packet.ip_ver == af(network_context.fetch("af"))
31
31
  end
32
32
 
33
33
  def af2id(af)
34
- if af == 4
34
+ case af
35
+ when 4
35
36
  "inet"
36
- elsif af == 6
37
+ when 6
37
38
  "inet6"
38
39
  end
39
40
  end
40
41
 
41
42
  def af(name)
42
- if name.to_sym == :inet
43
+ case name.to_sym
44
+ when :inet
43
45
  4
44
- elsif name.to_sym == :inet6
46
+ when :inet6
45
47
  6
46
48
  end
47
49
  end
@@ -49,13 +51,14 @@ module Aoandon
49
51
  def match_proto?(packet, network_context)
50
52
  if network_context["proto"]
51
53
  if packet.ip_proto == proto(network_context["proto"])
52
- if packet.ip_proto == 1
54
+ case packet.ip_proto
55
+ when 1
53
56
  match_proto_icmp?(packet, network_context)
54
- elsif packet.ip_proto == 6
57
+ when 6
55
58
  match_proto_tcp?(packet, network_context)
56
- elsif packet.ip_proto == 17
59
+ when 17
57
60
  match_proto_udp?(packet, network_context)
58
- elsif packet.ip_proto == 58
61
+ when 58
59
62
  match_proto_icmp6?(packet, network_context)
60
63
  else
61
64
  match_addr?(packet, network_context)
@@ -67,13 +70,14 @@ module Aoandon
67
70
  end
68
71
 
69
72
  def proto(name)
70
- if name.to_sym == :icmp
73
+ case name.to_sym
74
+ when :icmp
71
75
  1
72
- elsif name.to_sym == :icmp6
76
+ when :icmp6
73
77
  58
74
- elsif name.to_sym == :tcp
78
+ when :tcp
75
79
  6
76
- elsif name.to_sym == :udp
80
+ when :udp
77
81
  17
78
82
  end
79
83
  end
@@ -102,7 +106,7 @@ module Aoandon
102
106
  result = true
103
107
 
104
108
  [%w[from sport], %w[to dport]].each do |way, obj|
105
- if network_context[way].has_key?("port")
109
+ if network_context[way].key?("port")
106
110
  result &&= refer2port?(packet.send(obj).to_i, network_context[way].fetch("port"))
107
111
  end
108
112
  end
@@ -129,23 +133,25 @@ module Aoandon
129
133
  end
130
134
 
131
135
  def refer2addr?(addr, pattern)
132
- if pattern.is_a? Array
136
+ case pattern
137
+ when Array
133
138
  pattern.include?(addr.to_num_s) || pattern.include?(addr.hostname)
134
- elsif pattern.is_a? Hash
135
- pattern.has_key?(addr.to_num_s) || pattern.has_key?(addr.hostname)
136
- elsif pattern.is_a? String
137
- addr.to_num_s == pattern || addr.hostname == pattern
139
+ when Hash
140
+ pattern.key?(addr.to_num_s) || pattern.key?(addr.hostname)
141
+ when String
142
+ addr.to_num_s == pattern || addr.hostname == pattern
138
143
  else
139
144
  false
140
145
  end
141
146
  end
142
147
 
143
148
  def refer2port?(number, pattern)
144
- if pattern.is_a? Array
149
+ case pattern
150
+ when Array
145
151
  pattern.include?(number)
146
- elsif pattern.is_a? Hash
147
- pattern.has_key?(number)
148
- elsif pattern.is_a? Integer
152
+ when Hash
153
+ pattern.key?(number)
154
+ when Integer
149
155
  number == pattern
150
156
  else
151
157
  false
@@ -6,7 +6,7 @@ module Aoandon
6
6
  MESSAGE = "Port numbers < 1024"
7
7
  PROTO_TCP = 6
8
8
  PROTO_UDP = 17
9
- WELL_KNOWN_PORTS = (0..1023)
9
+ WELL_KNOWN_PORTS = (0..1023).freeze
10
10
 
11
11
  def self.control?(packet)
12
12
  (tcp?(packet) || (udp?(packet) && different_ports?(packet.sport, packet.dport))) &&
data/lib/aoandon/log.rb CHANGED
@@ -2,16 +2,20 @@
2
2
 
3
3
  module Aoandon
4
4
  class Log
5
+ LOCAL_PATH = "log/aoandon.yml"
6
+ GLOBAL_PATH = "/var/log/aoandon.yml"
7
+
5
8
  def initialize(verbose = false)
6
- @file = if File.exist?("log/aoandon.yml")
7
- File.open("log/aoandon.yml", "a")
8
- else
9
- File.open("/var/log/aoandon.yml", "a")
10
- end
9
+ file_path = if File.exist?(LOCAL_PATH)
10
+ LOCAL_PATH
11
+ else
12
+ GLOBAL_PATH
13
+ end
11
14
 
15
+ @file = ::File.open(file_path, "a")
12
16
  @verbose = verbose
13
17
 
14
- puts "Log file: #{File.expand_path(@file.path)}"
18
+ puts "Log file: #{::File.expand_path(@file.path)}"
15
19
  end
16
20
 
17
21
  def message(*args)
@@ -12,7 +12,7 @@ module Aoandon
12
12
  context["to"].update("addr" => "any") unless context["to"]["addr"]
13
13
 
14
14
  self.options ||= {}
15
- self.options.update("log" => false) unless self.options.has_key?("log")
15
+ self.options.update("log" => false) unless self.options.key?("log")
16
16
  end
17
17
  end
18
18
  end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: false
2
+
3
+ module Aoandon
4
+ VERSION = ::Gem.loaded_specs[name.downcase].version.to_s
5
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aoandon
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.6
4
+ version: 0.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cyril Kato
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-21 00:00:00.000000000 Z
11
+ date: 2021-05-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ruby-pcap
@@ -152,6 +152,7 @@ files:
152
152
  - lib/aoandon/dynamic_rule/less1024.rb
153
153
  - lib/aoandon/log.rb
154
154
  - lib/aoandon/static_rule.rb
155
+ - lib/aoandon/version.rb
155
156
  homepage: https://github.com/cyril/aoandon.rb
156
157
  licenses:
157
158
  - MIT