by2 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +20 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +50 -0
- data/Rakefile +98 -0
- data/bin/by2 +16 -0
- data/by2.gemspec +32 -0
- data/config/database.yml.example +11 -0
- data/config/setup.sql +9 -0
- data/db/migrate/20140205014806_init_db.rb +147 -0
- data/db/schema.rb +160 -0
- data/lib/by2.rb +69 -0
- data/lib/by2/client.rb +109 -0
- data/lib/by2/config_loader.rb +34 -0
- data/lib/by2/ext/active_record.rb +105 -0
- data/lib/by2/models.rb +10 -0
- data/lib/by2/models/event.rb +50 -0
- data/lib/by2/models/icmphdr.rb +10 -0
- data/lib/by2/models/iphdr.rb +38 -0
- data/lib/by2/models/payload.rb +16 -0
- data/lib/by2/models/tcphdr.rb +30 -0
- data/lib/by2/models/udphdr.rb +30 -0
- data/lib/by2/options.rb +77 -0
- data/lib/by2/utils.rb +22 -0
- data/lib/by2/version.rb +3 -0
- data/man/by2.1 +105 -0
- data/man/by2.1.ronn +98 -0
- data/man/by2.1.txt +107 -0
- data/spec/by2/client_spec.rb +157 -0
- data/spec/by2/models/event_spec.rb +14 -0
- data/spec/by2/options_spec.rb +107 -0
- data/spec/by2/utils_spec.rb +19 -0
- data/spec/fixtures/data.yml +19 -0
- data/spec/fixtures/event.yml +36 -0
- data/spec/fixtures/icmphdr.yml +7 -0
- data/spec/fixtures/iphdr.yml +108 -0
- data/spec/fixtures/tcphdr.yml +55 -0
- data/spec/fixtures/udphdr.yml +7 -0
- data/spec/spec_helper.rb +55 -0
- metadata +235 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 7c5fe1f382eae68da92360236ee9a8d7884c963f
|
4
|
+
data.tar.gz: 8f22f2a626782a418952ebc915b529d086ea1af4
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 1eaa0643dbf1c7f5eaffbe52fc22c0703cbd5a8a84593a384ece71b00296aa89aa02de2e55abb83345ffff19f0e06feaa1ded33d7946f272e08dac98cb31dd3b
|
7
|
+
data.tar.gz: b7b5a013889d4ae2664d2a596063f9f40042eff50970d98f3f0d37f0f3d13828a030d536692ea9c9f1d5d2c2d1d1577c4989e63dc64155f4f0b7850106384e81
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2014 sahglie
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
# By2
|
2
|
+
|
3
|
+
Commandline tool for querying a barnyard2 database.
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
gem install by2
|
8
|
+
|
9
|
+
## Configuration
|
10
|
+
|
11
|
+
mkdir $HOME/.by2
|
12
|
+
touch $HOME/.by2/database.yml
|
13
|
+
touch $HOME/.by2/env.yml
|
14
|
+
|
15
|
+
Place database credentials in database.yml. You can have multiple database environments
|
16
|
+
configured in database.yml. By default, by2 will try to use the "development" environment.
|
17
|
+
It is recommended that you set the environment you want to use in *env.yml*. For example,
|
18
|
+
if env.yml contains the string "production", then by2 will use the production database
|
19
|
+
creds in database.yml. You can also set the environment variable BY2_ENV=<environment>
|
20
|
+
(which takes precedence over env.yml) to select the database environment.
|
21
|
+
|
22
|
+
## Usage
|
23
|
+
|
24
|
+
by2 -h # shows basic usage
|
25
|
+
by2 -H # shows man page
|
26
|
+
by2 -m "128.0.0.1:80 -> 128.0.0.2:81" # query database from dump string
|
27
|
+
|
28
|
+
## Development
|
29
|
+
|
30
|
+
### Dependencies
|
31
|
+
|
32
|
+
You should have a local install of postgres.
|
33
|
+
|
34
|
+
### Setup
|
35
|
+
* Check out the code: `git clone git@donjulio.security.berkeley.edu:by2.git`
|
36
|
+
|
37
|
+
* Create databases: execute ddl in config/setup.sql
|
38
|
+
|
39
|
+
* Copy config/database.yml.example to config/database.yml and set the credentials
|
40
|
+
appropriately.
|
41
|
+
|
42
|
+
* Run db Migrations:
|
43
|
+
`rake db:migrate BY2_ENV=development`
|
44
|
+
`rake db:migrate BY2_ENV=test`
|
45
|
+
|
46
|
+
* Populate your local db with fixture data:
|
47
|
+
`BY2_ENV=development rake db:fixtures:load`
|
48
|
+
`BY2_ENV=test rake db:fixtures:load`
|
49
|
+
|
50
|
+
* Run tests: `rake spec`
|
data/Rakefile
ADDED
@@ -0,0 +1,98 @@
|
|
1
|
+
require "./lib/by2"
|
2
|
+
require "bundler/gem_tasks"
|
3
|
+
require 'ronn'
|
4
|
+
require "rails/generators"
|
5
|
+
load "active_record/railties/databases.rake"
|
6
|
+
require 'rspec/core/rake_task'
|
7
|
+
|
8
|
+
module Rails
|
9
|
+
def self.root; By2.root end
|
10
|
+
end
|
11
|
+
|
12
|
+
include ActiveRecord::Tasks
|
13
|
+
|
14
|
+
DatabaseTasks.db_dir = "#{By2.root}/db"
|
15
|
+
DatabaseTasks.fixtures_path = By2.fixtures_dir
|
16
|
+
|
17
|
+
|
18
|
+
namespace :man do
|
19
|
+
directory "man"
|
20
|
+
|
21
|
+
Dir["man/*.ronn"].each do |ronn|
|
22
|
+
basename = File.basename(ronn, ".ronn")
|
23
|
+
roff = "man/#{basename}"
|
24
|
+
|
25
|
+
file roff => ["man", ronn] do
|
26
|
+
sh "#{Gem.ruby} -S ronn --roff --pipe #{ronn} > #{roff}"
|
27
|
+
end
|
28
|
+
|
29
|
+
file "#{roff}.txt" => roff do
|
30
|
+
sh "groff -Wall -mtty-char -mandoc -Tascii #{roff} | col -b > #{roff}.txt"
|
31
|
+
end
|
32
|
+
|
33
|
+
task :build_all_pages => "#{roff}.txt"
|
34
|
+
end
|
35
|
+
|
36
|
+
desc "Build the man pages"
|
37
|
+
task :build => "man:build_all_pages"
|
38
|
+
|
39
|
+
desc "Clean up from the built man pages"
|
40
|
+
task :clean do
|
41
|
+
file = "man/by2.1"
|
42
|
+
rm file if File.exists?(file)
|
43
|
+
|
44
|
+
file = "man/by2.1.txt"
|
45
|
+
rm file if File.exists?(file)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
task :build => ["man:clean", "man:build"]
|
50
|
+
task :svn_ci => :build
|
51
|
+
task :release => ["man:clean", "man:build"]
|
52
|
+
|
53
|
+
|
54
|
+
task :environment do
|
55
|
+
ENV["BY2_ENV"] ||= 'development'
|
56
|
+
By2.db_connect
|
57
|
+
end
|
58
|
+
|
59
|
+
|
60
|
+
task :svn_ci do
|
61
|
+
# TODO: remove hardcoded value, set from command line ENV var.
|
62
|
+
username = "runner"
|
63
|
+
repo_path = "svn+ssh://#{username}@donjulio.security.berkeley.edu/by2"
|
64
|
+
gem_name = "by2-#{By2::VERSION}.gem"
|
65
|
+
cmd = "svn import pkg/#{gem_name} #{repo_path}/trunk/#{gem_name} -m 'committed gem #{gem_name}'"
|
66
|
+
output = `#{cmd} 2>&1`
|
67
|
+
$stdout.puts(output)
|
68
|
+
end
|
69
|
+
|
70
|
+
namespace :db do
|
71
|
+
def self.migration(name, options="")
|
72
|
+
generator_params = [name] + options.split(" ")
|
73
|
+
Rails::Generators.invoke("active_record:migration", generator_params, :destination_root => Rails.root)
|
74
|
+
end
|
75
|
+
|
76
|
+
|
77
|
+
desc "Creates a new migration file with the specified name"
|
78
|
+
task :migration, :name, :options do |t, args|
|
79
|
+
name = args[:name] || ENV['name']
|
80
|
+
options = args[:options] || ENV['options']
|
81
|
+
|
82
|
+
unless name
|
83
|
+
puts "Error: must provide name of migration to generate."
|
84
|
+
puts "For example: rake #{t.name} name=add_field_to_form"
|
85
|
+
abort
|
86
|
+
end
|
87
|
+
|
88
|
+
options ? migration(name, options.gsub('/', ' ')) : migration(name)
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
|
93
|
+
RSpec::Core::RakeTask.new(:spec)
|
94
|
+
|
95
|
+
task :default => :spec
|
96
|
+
|
97
|
+
|
98
|
+
|
data/bin/by2
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
# Exit cleanly from an early interrupt
|
4
|
+
Signal.trap("INT") { exit 1 }
|
5
|
+
|
6
|
+
require_relative "../lib/by2"
|
7
|
+
|
8
|
+
begin
|
9
|
+
By2::Client.new(ARGV).run
|
10
|
+
rescue Errno::EPIPE
|
11
|
+
exit 0
|
12
|
+
rescue Errno::ENOENT => err
|
13
|
+
abort "by2: #{err.message}"
|
14
|
+
rescue By2::Options::OptionsError => err
|
15
|
+
abort err.message
|
16
|
+
end
|
data/by2.gemspec
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'by2/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "by2"
|
8
|
+
spec.version = By2::VERSION
|
9
|
+
spec.authors = ["runner"]
|
10
|
+
spec.email = ["runner@security.berkeley.edu"]
|
11
|
+
spec.summary = %q{Commandline tool for querying a barnyard2 db.}
|
12
|
+
spec.description = %q{Commandline tool for querying a barnyard2 db.}
|
13
|
+
spec.homepage = ""
|
14
|
+
spec.license = "MIT"
|
15
|
+
|
16
|
+
spec.files = `git ls-files`.split($/)
|
17
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
+
spec.test_files = spec.files.grep(%r{^(spec|features)/})
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_development_dependency "bundler", "~> 1.5"
|
22
|
+
spec.add_development_dependency "rake", "~> 10.3.1"
|
23
|
+
spec.add_development_dependency "rspec", "~> 2.14.1"
|
24
|
+
spec.add_development_dependency "rspec-rails"
|
25
|
+
spec.add_development_dependency "ronn"
|
26
|
+
|
27
|
+
spec.add_dependency "pg", "~> 0.17.1"
|
28
|
+
spec.add_dependency "activerecord", "~> 4.0.2"
|
29
|
+
spec.add_dependency "activesupport", "~> 4.0.2"
|
30
|
+
spec.add_dependency "railties", "~> 4.0.2"
|
31
|
+
spec.add_dependency "composite_primary_keys", "= 6.0.1"
|
32
|
+
end
|
data/config/setup.sql
ADDED
@@ -0,0 +1,9 @@
|
|
1
|
+
--
|
2
|
+
-- Create local dbs for test/development
|
3
|
+
--
|
4
|
+
|
5
|
+
create user barnyard;
|
6
|
+
create database barnyard_development with owner = barnyard;
|
7
|
+
create database barnyard_test with owner = barnyard;
|
8
|
+
grant all privileges on barnyard_development to barnyard;
|
9
|
+
grant all privileges on barnyard_test to barnyard;
|
@@ -0,0 +1,147 @@
|
|
1
|
+
class InitDb < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
# These are extensions that must be enabled in order to support this database
|
4
|
+
enable_extension "plpgsql"
|
5
|
+
|
6
|
+
create_table "data", id: false, force: true do |t|
|
7
|
+
t.integer "sid", null: false
|
8
|
+
t.integer "cid", limit: 8, null: false
|
9
|
+
t.text "data_payload"
|
10
|
+
end
|
11
|
+
|
12
|
+
create_table "detail", id: false, force: true do |t|
|
13
|
+
t.integer "detail_type", limit: 2, null: false
|
14
|
+
t.text "detail_text", null: false
|
15
|
+
end
|
16
|
+
|
17
|
+
create_table "encoding", id: false, force: true do |t|
|
18
|
+
t.integer "encoding_type", limit: 2, null: false
|
19
|
+
t.text "encoding_text", null: false
|
20
|
+
end
|
21
|
+
|
22
|
+
create_table "event", id: false, force: true do |t|
|
23
|
+
t.integer "sid", null: false
|
24
|
+
t.integer "cid", limit: 8, null: false
|
25
|
+
t.integer "signature", null: false
|
26
|
+
t.datetime "timestamp", null: false
|
27
|
+
end
|
28
|
+
|
29
|
+
add_index "event", ["signature"], name: "signature_idx", using: :btree
|
30
|
+
add_index "event", ["timestamp"], name: "timestamp_idx", using: :btree
|
31
|
+
|
32
|
+
create_table "icmphdr", id: false, force: true do |t|
|
33
|
+
t.integer "sid", null: false
|
34
|
+
t.integer "cid", limit: 8, null: false
|
35
|
+
t.integer "icmp_type", limit: 2, null: false
|
36
|
+
t.integer "icmp_code", limit: 2, null: false
|
37
|
+
t.integer "icmp_csum"
|
38
|
+
t.integer "icmp_id"
|
39
|
+
t.integer "icmp_seq"
|
40
|
+
end
|
41
|
+
|
42
|
+
add_index "icmphdr", ["icmp_type"], name: "icmp_type_idx", using: :btree
|
43
|
+
|
44
|
+
create_table "iphdr", id: false, force: true do |t|
|
45
|
+
t.integer "sid", null: false
|
46
|
+
t.integer "cid", limit: 8, null: false
|
47
|
+
t.integer "ip_src", limit: 8, null: false
|
48
|
+
t.integer "ip_dst", limit: 8, null: false
|
49
|
+
t.integer "ip_ver", limit: 2
|
50
|
+
t.integer "ip_hlen", limit: 2
|
51
|
+
t.integer "ip_tos", limit: 2
|
52
|
+
t.integer "ip_len"
|
53
|
+
t.integer "ip_id"
|
54
|
+
t.integer "ip_flags", limit: 2
|
55
|
+
t.integer "ip_off"
|
56
|
+
t.integer "ip_ttl", limit: 2
|
57
|
+
t.integer "ip_proto", limit: 2, null: false
|
58
|
+
t.integer "ip_csum"
|
59
|
+
end
|
60
|
+
|
61
|
+
add_index "iphdr", ["ip_dst"], name: "ip_dst_idx", using: :btree
|
62
|
+
add_index "iphdr", ["ip_src"], name: "ip_src_idx", using: :btree
|
63
|
+
|
64
|
+
create_table "opt", id: false, force: true do |t|
|
65
|
+
t.integer "sid", null: false
|
66
|
+
t.integer "cid", limit: 8, null: false
|
67
|
+
t.integer "optid", limit: 2, null: false
|
68
|
+
t.integer "opt_proto", limit: 2, null: false
|
69
|
+
t.integer "opt_code", limit: 2, null: false
|
70
|
+
t.integer "opt_len"
|
71
|
+
t.text "opt_data"
|
72
|
+
end
|
73
|
+
|
74
|
+
create_table "reference", primary_key: "ref_id", force: true do |t|
|
75
|
+
t.integer "ref_system_id", null: false
|
76
|
+
t.text "ref_tag", null: false
|
77
|
+
end
|
78
|
+
|
79
|
+
create_table "reference_system", primary_key: "ref_system_id", force: true do |t|
|
80
|
+
t.text "ref_system_name"
|
81
|
+
end
|
82
|
+
|
83
|
+
create_table "sensor", primary_key: "sid", force: true do |t|
|
84
|
+
t.text "hostname"
|
85
|
+
t.text "interface"
|
86
|
+
t.text "filter"
|
87
|
+
t.integer "detail", limit: 2
|
88
|
+
t.integer "encoding", limit: 2
|
89
|
+
t.integer "last_cid", limit: 8, null: false
|
90
|
+
end
|
91
|
+
|
92
|
+
create_table "sig_class", primary_key: "sig_class_id", force: true do |t|
|
93
|
+
t.text "sig_class_name", null: false
|
94
|
+
end
|
95
|
+
|
96
|
+
add_index "sig_class", ["sig_class_name"], name: "sig_class_name_idx", using: :btree
|
97
|
+
|
98
|
+
create_table "sig_reference", id: false, force: true do |t|
|
99
|
+
t.integer "sig_id", null: false
|
100
|
+
t.integer "ref_seq", null: false
|
101
|
+
t.integer "ref_id", null: false
|
102
|
+
end
|
103
|
+
|
104
|
+
create_table "signature", primary_key: "sig_id", force: true do |t|
|
105
|
+
t.text "sig_name", null: false
|
106
|
+
t.integer "sig_class_id", limit: 8
|
107
|
+
t.integer "sig_priority", limit: 8
|
108
|
+
t.integer "sig_rev", limit: 8
|
109
|
+
t.integer "sig_sid", limit: 8
|
110
|
+
t.integer "sig_gid", limit: 8
|
111
|
+
end
|
112
|
+
|
113
|
+
add_index "signature", ["sig_class_id"], name: "sig_class_idx", using: :btree
|
114
|
+
add_index "signature", ["sig_name"], name: "sig_name_idx", using: :btree
|
115
|
+
|
116
|
+
create_table "tcphdr", id: false, force: true do |t|
|
117
|
+
t.integer "sid", null: false
|
118
|
+
t.integer "cid", limit: 8, null: false
|
119
|
+
t.integer "tcp_sport", null: false
|
120
|
+
t.integer "tcp_dport", null: false
|
121
|
+
t.integer "tcp_seq", limit: 8
|
122
|
+
t.integer "tcp_ack", limit: 8
|
123
|
+
t.integer "tcp_off", limit: 2
|
124
|
+
t.integer "tcp_res", limit: 2
|
125
|
+
t.integer "tcp_flags", limit: 2, null: false
|
126
|
+
t.integer "tcp_win"
|
127
|
+
t.integer "tcp_csum"
|
128
|
+
t.integer "tcp_urp"
|
129
|
+
end
|
130
|
+
|
131
|
+
add_index "tcphdr", ["tcp_dport"], name: "tcp_dport_idx", using: :btree
|
132
|
+
add_index "tcphdr", ["tcp_flags"], name: "tcp_flags_idx", using: :btree
|
133
|
+
add_index "tcphdr", ["tcp_sport"], name: "tcp_sport_idx", using: :btree
|
134
|
+
|
135
|
+
create_table "udphdr", id: false, force: true do |t|
|
136
|
+
t.integer "sid", null: false
|
137
|
+
t.integer "cid", limit: 8, null: false
|
138
|
+
t.integer "udp_sport", null: false
|
139
|
+
t.integer "udp_dport", null: false
|
140
|
+
t.integer "udp_len"
|
141
|
+
t.integer "udp_csum"
|
142
|
+
end
|
143
|
+
|
144
|
+
add_index "udphdr", ["udp_dport"], name: "udp_dport_idx", using: :btree
|
145
|
+
add_index "udphdr", ["udp_sport"], name: "udp_sport_idx", using: :btree
|
146
|
+
end
|
147
|
+
end
|
data/db/schema.rb
ADDED
@@ -0,0 +1,160 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
# This file is auto-generated from the current state of the database. Instead
|
3
|
+
# of editing this file, please use the migrations feature of Active Record to
|
4
|
+
# incrementally modify your database, and then regenerate this schema definition.
|
5
|
+
#
|
6
|
+
# Note that this schema.rb definition is the authoritative source for your
|
7
|
+
# database schema. If you need to create the application database on another
|
8
|
+
# system, you should be using db:schema:load, not running all the migrations
|
9
|
+
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
|
10
|
+
# you'll amass, the slower it'll run and the greater likelihood for issues).
|
11
|
+
#
|
12
|
+
# It's strongly recommended that you check this file into your version control system.
|
13
|
+
|
14
|
+
ActiveRecord::Schema.define(version: 20140205014806) do
|
15
|
+
|
16
|
+
# These are extensions that must be enabled in order to support this database
|
17
|
+
enable_extension "plpgsql"
|
18
|
+
|
19
|
+
create_table "data", id: false, force: true do |t|
|
20
|
+
t.integer "sid", null: false
|
21
|
+
t.integer "cid", limit: 8, null: false
|
22
|
+
t.text "data_payload"
|
23
|
+
end
|
24
|
+
|
25
|
+
create_table "detail", id: false, force: true do |t|
|
26
|
+
t.integer "detail_type", limit: 2, null: false
|
27
|
+
t.text "detail_text", null: false
|
28
|
+
end
|
29
|
+
|
30
|
+
create_table "encoding", id: false, force: true do |t|
|
31
|
+
t.integer "encoding_type", limit: 2, null: false
|
32
|
+
t.text "encoding_text", null: false
|
33
|
+
end
|
34
|
+
|
35
|
+
create_table "event", id: false, force: true do |t|
|
36
|
+
t.integer "sid", null: false
|
37
|
+
t.integer "cid", limit: 8, null: false
|
38
|
+
t.integer "signature", null: false
|
39
|
+
t.datetime "timestamp", null: false
|
40
|
+
end
|
41
|
+
|
42
|
+
add_index "event", ["signature"], name: "signature_idx", using: :btree
|
43
|
+
add_index "event", ["timestamp"], name: "timestamp_idx", using: :btree
|
44
|
+
|
45
|
+
create_table "icmphdr", id: false, force: true do |t|
|
46
|
+
t.integer "sid", null: false
|
47
|
+
t.integer "cid", limit: 8, null: false
|
48
|
+
t.integer "icmp_type", limit: 2, null: false
|
49
|
+
t.integer "icmp_code", limit: 2, null: false
|
50
|
+
t.integer "icmp_csum"
|
51
|
+
t.integer "icmp_id"
|
52
|
+
t.integer "icmp_seq"
|
53
|
+
end
|
54
|
+
|
55
|
+
add_index "icmphdr", ["icmp_type"], name: "icmp_type_idx", using: :btree
|
56
|
+
|
57
|
+
create_table "iphdr", id: false, force: true do |t|
|
58
|
+
t.integer "sid", null: false
|
59
|
+
t.integer "cid", limit: 8, null: false
|
60
|
+
t.integer "ip_src", limit: 8, null: false
|
61
|
+
t.integer "ip_dst", limit: 8, null: false
|
62
|
+
t.integer "ip_ver", limit: 2
|
63
|
+
t.integer "ip_hlen", limit: 2
|
64
|
+
t.integer "ip_tos", limit: 2
|
65
|
+
t.integer "ip_len"
|
66
|
+
t.integer "ip_id"
|
67
|
+
t.integer "ip_flags", limit: 2
|
68
|
+
t.integer "ip_off"
|
69
|
+
t.integer "ip_ttl", limit: 2
|
70
|
+
t.integer "ip_proto", limit: 2, null: false
|
71
|
+
t.integer "ip_csum"
|
72
|
+
end
|
73
|
+
|
74
|
+
add_index "iphdr", ["ip_dst"], name: "ip_dst_idx", using: :btree
|
75
|
+
add_index "iphdr", ["ip_src"], name: "ip_src_idx", using: :btree
|
76
|
+
|
77
|
+
create_table "opt", id: false, force: true do |t|
|
78
|
+
t.integer "sid", null: false
|
79
|
+
t.integer "cid", limit: 8, null: false
|
80
|
+
t.integer "optid", limit: 2, null: false
|
81
|
+
t.integer "opt_proto", limit: 2, null: false
|
82
|
+
t.integer "opt_code", limit: 2, null: false
|
83
|
+
t.integer "opt_len"
|
84
|
+
t.text "opt_data"
|
85
|
+
end
|
86
|
+
|
87
|
+
create_table "reference", primary_key: "ref_id", force: true do |t|
|
88
|
+
t.integer "ref_system_id", null: false
|
89
|
+
t.text "ref_tag", null: false
|
90
|
+
end
|
91
|
+
|
92
|
+
create_table "reference_system", primary_key: "ref_system_id", force: true do |t|
|
93
|
+
t.text "ref_system_name"
|
94
|
+
end
|
95
|
+
|
96
|
+
create_table "sensor", primary_key: "sid", force: true do |t|
|
97
|
+
t.text "hostname"
|
98
|
+
t.text "interface"
|
99
|
+
t.text "filter"
|
100
|
+
t.integer "detail", limit: 2
|
101
|
+
t.integer "encoding", limit: 2
|
102
|
+
t.integer "last_cid", limit: 8, null: false
|
103
|
+
end
|
104
|
+
|
105
|
+
create_table "sig_class", primary_key: "sig_class_id", force: true do |t|
|
106
|
+
t.text "sig_class_name", null: false
|
107
|
+
end
|
108
|
+
|
109
|
+
add_index "sig_class", ["sig_class_name"], name: "sig_class_name_idx", using: :btree
|
110
|
+
|
111
|
+
create_table "sig_reference", id: false, force: true do |t|
|
112
|
+
t.integer "sig_id", null: false
|
113
|
+
t.integer "ref_seq", null: false
|
114
|
+
t.integer "ref_id", null: false
|
115
|
+
end
|
116
|
+
|
117
|
+
create_table "signature", primary_key: "sig_id", force: true do |t|
|
118
|
+
t.text "sig_name", null: false
|
119
|
+
t.integer "sig_class_id", limit: 8
|
120
|
+
t.integer "sig_priority", limit: 8
|
121
|
+
t.integer "sig_rev", limit: 8
|
122
|
+
t.integer "sig_sid", limit: 8
|
123
|
+
t.integer "sig_gid", limit: 8
|
124
|
+
end
|
125
|
+
|
126
|
+
add_index "signature", ["sig_class_id"], name: "sig_class_idx", using: :btree
|
127
|
+
add_index "signature", ["sig_name"], name: "sig_name_idx", using: :btree
|
128
|
+
|
129
|
+
create_table "tcphdr", id: false, force: true do |t|
|
130
|
+
t.integer "sid", null: false
|
131
|
+
t.integer "cid", limit: 8, null: false
|
132
|
+
t.integer "tcp_sport", null: false
|
133
|
+
t.integer "tcp_dport", null: false
|
134
|
+
t.integer "tcp_seq", limit: 8
|
135
|
+
t.integer "tcp_ack", limit: 8
|
136
|
+
t.integer "tcp_off", limit: 2
|
137
|
+
t.integer "tcp_res", limit: 2
|
138
|
+
t.integer "tcp_flags", limit: 2, null: false
|
139
|
+
t.integer "tcp_win"
|
140
|
+
t.integer "tcp_csum"
|
141
|
+
t.integer "tcp_urp"
|
142
|
+
end
|
143
|
+
|
144
|
+
add_index "tcphdr", ["tcp_dport"], name: "tcp_dport_idx", using: :btree
|
145
|
+
add_index "tcphdr", ["tcp_flags"], name: "tcp_flags_idx", using: :btree
|
146
|
+
add_index "tcphdr", ["tcp_sport"], name: "tcp_sport_idx", using: :btree
|
147
|
+
|
148
|
+
create_table "udphdr", id: false, force: true do |t|
|
149
|
+
t.integer "sid", null: false
|
150
|
+
t.integer "cid", limit: 8, null: false
|
151
|
+
t.integer "udp_sport", null: false
|
152
|
+
t.integer "udp_dport", null: false
|
153
|
+
t.integer "udp_len"
|
154
|
+
t.integer "udp_csum"
|
155
|
+
end
|
156
|
+
|
157
|
+
add_index "udphdr", ["udp_dport"], name: "udp_dport_idx", using: :btree
|
158
|
+
add_index "udphdr", ["udp_sport"], name: "udp_sport_idx", using: :btree
|
159
|
+
|
160
|
+
end
|