RubyGems - intrusion - Versions diffs - 0.1.0 - Mend

intrusion 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

data.tar.gz.sig ADDED Viewed

	@@ -0,0 +1 @@
1	+ ��ä��f�٭�V�[$��(��)�߽��U��m�$��p�B\|Q.�T@��Y��ލ��1�oP��Ƶ�Y<K;U��Ń"�`�r6l��X0��*_��(�g��蓭Z�D��\|��I
	- [�ϗ��셹�k�}.��kJ��Gכ�q}�J-n!F�K�!lR��[��Q�F\|�9"Ff��&�$��/��k��ژB��(�?�*�ڗ%�C��p 2��V�@�X_<

data/Manifest ADDED Viewed

@@ -0,0 +1,4 @@
+Manifest
+README.rdoc
+Rakefile
+lib/intrusion.rb

data/README.rdoc ADDED Viewed

@@ -0,0 +1,46 @@
+= Intrusion
+Intrusion is a gem helping you to detect and prevent intrusion attempts within your ruby on rails application.
+== Preparation
+include intrusion in your Gemfile (Rails 3)
+  gem 'intrusion'
+create a 'ids' attribute for the ActiveRecord model you want to protect and migrate, e.g:
+  # rails generate migration add_ids_to_accounts ids:string
+  # rake db:migrate
+include Intrusion in your model:
+  class Account < ActiveRecord::Base
+    include Intrusion
+  end
+== Examples:
+=== Check if IP adress is blocked
+  return "your ip is blocked" if Account.find(1).is_blocked?(request.remote_addr)
+=== Report suspicious activity
+The internal counter will be increased. If you do this 10 times, blocking will be enabled
+  Account.find(1).ids_report!(request.remote_addr)
+=== Instantly block ip
+  Account.find(1).ids_report!(request.remote_addr, true)
+=== Reset
+This resets the counter to 0:
+  Account.find(1).ids_unblock!(request.remote_addr)
+=== Blocking objects with keywords
+You are not limited to IP adresses. You may block the object itself using any keyword:
+  Account.find(1).ids_report!('self')
+== Copyright
+(c) 2010 netsense LLC - managed security audits - http://netsense.ch

data/Rakefile ADDED Viewed

@@ -0,0 +1,14 @@
+require 'rubygems'
+require 'rake'
+require 'echoe'
+Echoe.new('intrusion', '0.1.0') do |p|
+  p.description     = "intrusion detection and prevention for rails apps"
+  p.url             = "http://github.com/symontech/intrusion"
+  p.author          = "Simon Wepfer"
+  p.email           = "sw@netsense.ch"
+  p.ignore_pattern  = ["tmp/*", "script/*"]
+  p.development_dependencies = []
+end
+Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }

data/intrusion.gemspec ADDED Viewed

@@ -0,0 +1,32 @@
+# -*- encoding: utf-8 -*-
+Gem::Specification.new do |s|
+  s.name = %q{intrusion}
+  s.version = "0.1.0"
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Simon Wepfer"]
+  s.cert_chain = ["/home/sw/gem-public_cert.pem"]
+  s.date = %q{2010-12-30}
+  s.description = %q{intrusion detection and prevention for rails apps}
+  s.email = %q{sw@netsense.ch}
+  s.extra_rdoc_files = ["README.rdoc", "lib/intrusion.rb"]
+  s.files = ["Manifest", "README.rdoc", "Rakefile", "lib/intrusion.rb", "intrusion.gemspec"]
+  s.homepage = %q{http://github.com/symontech/intrusion}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Intrusion", "--main", "README.rdoc"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{intrusion}
+  s.rubygems_version = %q{1.3.7}
+  s.signing_key = %q{/home/sw/gem-private_key.pem}
+  s.summary = %q{intrusion detection and prevention for rails apps}
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/lib/intrusion.rb ADDED Viewed

@@ -0,0 +1,61 @@
+module Intrusion
+    # check if ip is blocked
+    def ids_is_blocked?(ip)
+      ids_load.each { |d| return true if d[:ip] == ip and d[:counter] > 9 }
+      return false
+    end
+    # report suspicious activity
+    def ids_report!(ip, block=false)
+      dt = ids_load
+      found = nil
+      dt.each { |d| found = d if d[:ip] == ip }
+      if found
+	if block
+          found[:counter] = 10
+        else
+          found[:counter] += 1
+        end
+      else
+	new = { :ip => ip, :counter => 1 }
+	dt << new
+      end
+      # update
+      self.ids = dt.to_yaml
+      return self.save
+    end
+    # reset counter and stay
+    def ids_unblock!(ip)
+      dt = ids_load
+      found = false
+      dt.each { |d|
+	if d[:ip] == ip
+	  d[:counter] = 0
+	  found = true
+	end
+       }
+       if found
+         # update
+	 self.ids = dt.to_yaml
+	 return self.save
+       end
+      return false
+    end
+    protected
+    # convert yaml string helper
+    def ids_load
+      dt = []
+      dt = YAML::load(ids) if ids
+      return dt
+    end
+end

metadata ADDED Viewed

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification
+name: intrusion
+version: !ruby/object:Gem::Version
+  prerelease: false
+  segments:
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors:
+- Simon Wepfer
+autorequire:
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDKjCCAhKgAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQDDAJzdzEY
+  MBYGCgmSJomT8ixkARkWCG5ldHNlbnNlMRIwEAYKCZImiZPyLGQBGRYCY2gwHhcN
+  MTAxMjMwMDEzMjIzWhcNMTExMjMwMDEzMjIzWjA7MQswCQYDVQQDDAJzdzEYMBYG
+  CgmSJomT8ixkARkWCG5ldHNlbnNlMRIwEAYKCZImiZPyLGQBGRYCY2gwggEiMA0G
+  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQcaHghb4NyoI5/ktDVocH6/T6vIhB
+  rpxGCid4Ufk0nNJp2EQxzzJD2wpv+hmfndtH1yfA89RqIIBdHXhu/pY3Rs+7Rbuh
+  KAhMF3Bt0MvYa2cCMOV0WQaS1TF+xu1Ko5JGNIP2YHpcusXdjUflYn/enb1xiyJ0
+  tGe7au6H+gl55k+sy55KpSqije1sCRGsq001HEOgHMk99FWPglma1LSlHzHunCvr
+  E0yjmEYQnA0Bz1fK23IPXpg1/JDCicz1JlOx1LQ6EXp/DsJhYvrltqMs0d8pThLz
+  TK8zp88ciB3Je7ZV9gzCSRZn6eg7YAq3L6OGyCjXVDPeGutZ5A0+uNe5AgMBAAGj
+  OTA3MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNPOntwPYyIrXaEbpJDbJT3Td9ABMAsG
+  A1UdDwQEAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEAyKFvBXfbt8Rn/NjT5tObn9gF
+  XE6YMpQvKFqgtjJsuWyldjpjnbg86YsEnOEW2AtRKjQJvTtuyBvf+jiGpj4TFv2u
+  Z8lCtkHH7lOlotiqnrBpDn+4OGwHmRupmNbvs5JyWyCohFVEbTBcWuvVW+P7OM9E
+  eaEOpD9PVJds+gguxxsdaAHafRvcOdVqQ9qpeTrofTwCttMEe6XvBF+HSTZ3IrXK
+  ljm7jluHlbP28ywmLBUdz8bNLkoLrD77bYW5c8TqqhtgoaBXtG73y8V6WogvVV45
+  jCYr7DaTo4rUhQrgDmq/JUQYZmAaf73WG6iwQ2Nr68hWCjVTj/wvKLKurgjqkQ==
+  -----END CERTIFICATE-----
+date: 2010-12-30 00:00:00 +01:00
+default_executable:
+dependencies: []
+description: intrusion detection and prevention for rails apps
+email: sw@netsense.ch
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.rdoc
+- lib/intrusion.rb
+files:
+- Manifest
+- README.rdoc
+- Rakefile
+- lib/intrusion.rb
+- intrusion.gemspec
+has_rdoc: true
+homepage: http://github.com/symontech/intrusion
+licenses: []
+post_install_message:
+rdoc_options:
+- --line-numbers
+- --inline-source
+- --title
+- Intrusion
+- --main
+- README.rdoc
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      segments:
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      segments:
+      - 1
+      - 2
+      version: "1.2"
+requirements: []
+rubyforge_project: intrusion
+rubygems_version: 1.3.7
+signing_key:
+specification_version: 3
+summary: intrusion detection and prevention for rails apps
+test_files: []

metadata.gz.sig ADDED Viewed

Binary file