intrusion 0.1.3 → 0.1.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/intrusion.rb +54 -59
- metadata +30 -82
- data.tar.gz.sig +0 -0
- data/Manifest +0 -4
- data/README.rdoc +0 -55
- data/Rakefile +0 -14
- data/intrusion.gemspec +0 -32
- metadata.gz.sig +0 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 5f7c0b79c12c817d564e55ecba6f86540a09bb083ac97b5ad7b8e3a31c07fa53
|
4
|
+
data.tar.gz: 876156a63816e18184eb72af76f3634e80a15542d6d66e39d26fdaf2176b2860
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 702186b662da7e7db61cfc65264f3fab1e833d32743add8afe39675a567b58a0c4afd85c7ad0d91f3a1eae35b371e7160f4a315bbbd1140591f168e03537fd19
|
7
|
+
data.tar.gz: 13adcc68d21d57813d5d2771239d03b61fcedf31c434a91e378de2253972ef66377d1166f55e81f788cca779622edd58c8a64f3e44a0568780665d48066e1f42
|
data/lib/intrusion.rb
CHANGED
@@ -1,59 +1,54 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
return
|
7
|
-
end
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
return dt
|
56
|
-
end
|
57
|
-
|
58
|
-
|
59
|
-
end
|
1
|
+
# Intrusion main module
|
2
|
+
module Intrusion
|
3
|
+
# check if ip is blocked
|
4
|
+
def ids_is_blocked?(address)
|
5
|
+
ids_load.each do |d|
|
6
|
+
return true if d[:ip] == address && d[:counter] > 9
|
7
|
+
end
|
8
|
+
false
|
9
|
+
end
|
10
|
+
|
11
|
+
# return block counter of address
|
12
|
+
def ids_counter(address)
|
13
|
+
ids_load.each { |d| return d[:counter] if d[:ip] == address }
|
14
|
+
0
|
15
|
+
end
|
16
|
+
|
17
|
+
# report suspicious activity
|
18
|
+
def ids_report!(address, block = false)
|
19
|
+
dt = ids_load
|
20
|
+
found = nil
|
21
|
+
dt.each { |d| found = d if d[:ip] == address }
|
22
|
+
if found
|
23
|
+
block ? found[:counter] = 10 : found[:counter] += 1
|
24
|
+
else
|
25
|
+
dt << { ip: address, counter: block ? 10 : 1 }
|
26
|
+
end
|
27
|
+
|
28
|
+
# update record
|
29
|
+
update(ids: dt.to_yaml)
|
30
|
+
end
|
31
|
+
|
32
|
+
# reset counter and stay
|
33
|
+
def ids_unblock!(address)
|
34
|
+
dt = ids_load
|
35
|
+
found = false
|
36
|
+
dt.each { |d| found = d if d[:ip] == address }
|
37
|
+
|
38
|
+
if found
|
39
|
+
dt.delete(found)
|
40
|
+
# update
|
41
|
+
return update(ids: dt.to_yaml)
|
42
|
+
end
|
43
|
+
false
|
44
|
+
end
|
45
|
+
|
46
|
+
# convert yaml string helper
|
47
|
+
def ids_load
|
48
|
+
data = ids.blank? ? [] : YAML.safe_load(ids, [Symbol])
|
49
|
+
raise 'invalid data in ids field' unless data.is_a?(Array)
|
50
|
+
data
|
51
|
+
rescue RuntimeError
|
52
|
+
[]
|
53
|
+
end
|
54
|
+
end
|
metadata
CHANGED
@@ -1,95 +1,43 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: intrusion
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
segments:
|
6
|
-
- 0
|
7
|
-
- 1
|
8
|
-
- 3
|
9
|
-
version: 0.1.3
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.8
|
10
5
|
platform: ruby
|
11
|
-
authors:
|
12
|
-
- Simon
|
13
|
-
autorequire:
|
6
|
+
authors:
|
7
|
+
- Simon Duncombe
|
8
|
+
autorequire:
|
14
9
|
bindir: bin
|
15
|
-
cert_chain:
|
16
|
-
-
|
17
|
-
-----BEGIN CERTIFICATE-----
|
18
|
-
MIIDKjCCAhKgAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQDDAJzdzEY
|
19
|
-
MBYGCgmSJomT8ixkARkWCG5ldHNlbnNlMRIwEAYKCZImiZPyLGQBGRYCY2gwHhcN
|
20
|
-
MTAxMjMwMDEzMjIzWhcNMTExMjMwMDEzMjIzWjA7MQswCQYDVQQDDAJzdzEYMBYG
|
21
|
-
CgmSJomT8ixkARkWCG5ldHNlbnNlMRIwEAYKCZImiZPyLGQBGRYCY2gwggEiMA0G
|
22
|
-
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQcaHghb4NyoI5/ktDVocH6/T6vIhB
|
23
|
-
rpxGCid4Ufk0nNJp2EQxzzJD2wpv+hmfndtH1yfA89RqIIBdHXhu/pY3Rs+7Rbuh
|
24
|
-
KAhMF3Bt0MvYa2cCMOV0WQaS1TF+xu1Ko5JGNIP2YHpcusXdjUflYn/enb1xiyJ0
|
25
|
-
tGe7au6H+gl55k+sy55KpSqije1sCRGsq001HEOgHMk99FWPglma1LSlHzHunCvr
|
26
|
-
E0yjmEYQnA0Bz1fK23IPXpg1/JDCicz1JlOx1LQ6EXp/DsJhYvrltqMs0d8pThLz
|
27
|
-
TK8zp88ciB3Je7ZV9gzCSRZn6eg7YAq3L6OGyCjXVDPeGutZ5A0+uNe5AgMBAAGj
|
28
|
-
OTA3MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNPOntwPYyIrXaEbpJDbJT3Td9ABMAsG
|
29
|
-
A1UdDwQEAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEAyKFvBXfbt8Rn/NjT5tObn9gF
|
30
|
-
XE6YMpQvKFqgtjJsuWyldjpjnbg86YsEnOEW2AtRKjQJvTtuyBvf+jiGpj4TFv2u
|
31
|
-
Z8lCtkHH7lOlotiqnrBpDn+4OGwHmRupmNbvs5JyWyCohFVEbTBcWuvVW+P7OM9E
|
32
|
-
eaEOpD9PVJds+gguxxsdaAHafRvcOdVqQ9qpeTrofTwCttMEe6XvBF+HSTZ3IrXK
|
33
|
-
ljm7jluHlbP28ywmLBUdz8bNLkoLrD77bYW5c8TqqhtgoaBXtG73y8V6WogvVV45
|
34
|
-
jCYr7DaTo4rUhQrgDmq/JUQYZmAaf73WG6iwQ2Nr68hWCjVTj/wvKLKurgjqkQ==
|
35
|
-
-----END CERTIFICATE-----
|
36
|
-
|
37
|
-
date: 2010-12-30 00:00:00 +01:00
|
38
|
-
default_executable:
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-10-08 00:00:00.000000000 Z
|
39
12
|
dependencies: []
|
40
|
-
|
41
|
-
|
42
|
-
email:
|
13
|
+
description: Intrusion is a gem helping you to block objects for IP addresses within
|
14
|
+
your Ruby on Rails Application.
|
15
|
+
email: sd@netsense.ch
|
43
16
|
executables: []
|
44
|
-
|
45
17
|
extensions: []
|
46
|
-
|
47
|
-
|
48
|
-
- README.rdoc
|
18
|
+
extra_rdoc_files: []
|
19
|
+
files:
|
49
20
|
- lib/intrusion.rb
|
50
|
-
|
51
|
-
- Manifest
|
52
|
-
- README.rdoc
|
53
|
-
- Rakefile
|
54
|
-
- lib/intrusion.rb
|
55
|
-
- intrusion.gemspec
|
56
|
-
has_rdoc: true
|
57
|
-
homepage: http://spectify.com
|
21
|
+
homepage: http://github.com/symontech/intrusion
|
58
22
|
licenses: []
|
59
|
-
|
60
|
-
post_install_message:
|
61
|
-
rdoc_options:
|
62
|
-
|
63
|
-
- --inline-source
|
64
|
-
- --title
|
65
|
-
- Intrusion
|
66
|
-
- --main
|
67
|
-
- README.rdoc
|
68
|
-
require_paths:
|
23
|
+
metadata: {}
|
24
|
+
post_install_message:
|
25
|
+
rdoc_options: []
|
26
|
+
require_paths:
|
69
27
|
- lib
|
70
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
71
|
-
|
72
|
-
requirements:
|
28
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
29
|
+
requirements:
|
73
30
|
- - ">="
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
79
|
-
none: false
|
80
|
-
requirements:
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '0'
|
33
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
34
|
+
requirements:
|
81
35
|
- - ">="
|
82
|
-
- !ruby/object:Gem::Version
|
83
|
-
|
84
|
-
- 1
|
85
|
-
- 2
|
86
|
-
version: "1.2"
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
87
38
|
requirements: []
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
specification_version: 3
|
93
|
-
summary: intrusion detection and prevention for rails apps
|
39
|
+
rubygems_version: 3.0.8
|
40
|
+
signing_key:
|
41
|
+
specification_version: 4
|
42
|
+
summary: intrusion detection and prevention for rails applications
|
94
43
|
test_files: []
|
95
|
-
|
data.tar.gz.sig
DELETED
Binary file
|
data/Manifest
DELETED
data/README.rdoc
DELETED
@@ -1,55 +0,0 @@
|
|
1
|
-
= Intrusion
|
2
|
-
|
3
|
-
Intrusion is a gem helping you to detect and prevent intrusion attempts within your ruby on rails application.
|
4
|
-
|
5
|
-
== Installation
|
6
|
-
Install the gem:
|
7
|
-
gem install intrusion
|
8
|
-
|
9
|
-
Rails 3: include intrusion in your Gemfile
|
10
|
-
gem 'intrusion'
|
11
|
-
|
12
|
-
Rails 2: include the gem in config/environment.rb
|
13
|
-
config.gem "intrusion"
|
14
|
-
|
15
|
-
create a 'ids' attribute for the ActiveRecord model you want to protect and migrate, e.g:
|
16
|
-
|
17
|
-
# rails generate migration add_ids_to_accounts ids:string
|
18
|
-
# rake db:migrate
|
19
|
-
|
20
|
-
include Intrusion in your model:
|
21
|
-
|
22
|
-
class Account < ActiveRecord::Base
|
23
|
-
include Intrusion
|
24
|
-
end
|
25
|
-
|
26
|
-
== Examples:
|
27
|
-
|
28
|
-
=== Check if IP adress is blocked
|
29
|
-
return "your ip is blocked" if Account.find(1).ids_is_blocked?(request.remote_addr)
|
30
|
-
|
31
|
-
|
32
|
-
=== Report suspicious activity
|
33
|
-
The internal counter will be increased. If you do this 10 times, blocking will be enabled
|
34
|
-
|
35
|
-
Account.find(1).ids_report!(request.remote_addr)
|
36
|
-
|
37
|
-
=== Instantly block ip
|
38
|
-
Account.find(1).ids_report!(request.remote_addr, true)
|
39
|
-
|
40
|
-
=== Reset
|
41
|
-
This resets the counter to 0:
|
42
|
-
Account.find(1).ids_unblock!(request.remote_addr)
|
43
|
-
|
44
|
-
|
45
|
-
=== Blocking objects with keywords
|
46
|
-
You are not limited to IP adresses. You may block the object itself using any keyword:
|
47
|
-
Account.find(1).ids_report!('self')
|
48
|
-
|
49
|
-
|
50
|
-
== Hint
|
51
|
-
Try http://spectify.com to scan your servers and applications for vulnerabilities - for free!
|
52
|
-
|
53
|
-
== Copyright
|
54
|
-
|
55
|
-
(c) 2010 -2011 netsense LLC - managed security audits - http://netsense.ch
|
data/Rakefile
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'rake'
|
3
|
-
require 'echoe'
|
4
|
-
|
5
|
-
Echoe.new('intrusion', '0.1.3') do |p|
|
6
|
-
p.description = "intrusion detection and prevention for rails apps"
|
7
|
-
p.url = "http://spectify.com"
|
8
|
-
p.author = "Simon Wepfer"
|
9
|
-
p.email = "sw@netsense.ch"
|
10
|
-
p.ignore_pattern = ["tmp/*", "script/*"]
|
11
|
-
p.development_dependencies = []
|
12
|
-
end
|
13
|
-
|
14
|
-
Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }
|
data/intrusion.gemspec
DELETED
@@ -1,32 +0,0 @@
|
|
1
|
-
# -*- encoding: utf-8 -*-
|
2
|
-
|
3
|
-
Gem::Specification.new do |s|
|
4
|
-
s.name = %q{intrusion}
|
5
|
-
s.version = "0.1.3"
|
6
|
-
|
7
|
-
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
|
-
s.authors = ["Simon Wepfer"]
|
9
|
-
s.cert_chain = ["/home/sw/gem-public_cert.pem"]
|
10
|
-
s.date = %q{2010-12-30}
|
11
|
-
s.description = %q{intrusion detection and prevention for rails apps}
|
12
|
-
s.email = %q{sw@netsense.ch}
|
13
|
-
s.extra_rdoc_files = ["README.rdoc", "lib/intrusion.rb"]
|
14
|
-
s.files = ["Manifest", "README.rdoc", "Rakefile", "lib/intrusion.rb", "intrusion.gemspec"]
|
15
|
-
s.homepage = %q{http://spectify.com}
|
16
|
-
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Intrusion", "--main", "README.rdoc"]
|
17
|
-
s.require_paths = ["lib"]
|
18
|
-
s.rubyforge_project = %q{intrusion}
|
19
|
-
s.rubygems_version = %q{1.3.7}
|
20
|
-
s.signing_key = %q{/home/sw/gem-private_key.pem}
|
21
|
-
s.summary = %q{intrusion detection and prevention for rails apps}
|
22
|
-
|
23
|
-
if s.respond_to? :specification_version then
|
24
|
-
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
25
|
-
s.specification_version = 3
|
26
|
-
|
27
|
-
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
28
|
-
else
|
29
|
-
end
|
30
|
-
else
|
31
|
-
end
|
32
|
-
end
|
metadata.gz.sig
DELETED
Binary file
|