intrusion 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. data.tar.gz.sig +1 -1
  2. data/Manifest +4 -0
  3. data/README.rdoc +46 -0
  4. data/Rakefile +14 -0
  5. data/intrusion.gemspec +32 -0
  6. data/lib/intrusion.rb +61 -0
  7. metadata +95 -0
  8. metadata.gz.sig +0 -0
data.tar.gz.sig ADDED
@@ -0,0 +1 @@
1
+ ���ä�� f�٭�V�[$��(��)�߽��U��m�$�����p�B|Q.�T@���Y��ލ����1�oP���Ƶ�Y<K;U��Ń"�`�r6l��X0��*_���(�g���蓭Z�D���|��I
- [�ϗ����셹�k�}.��kJ��Gכ�q}�J-n!F�K�!lR��[��Q�F|�9"Ff������&–�$��/����k��ژB��(�?�*�ڗ%�C���p 2���V�@� X_<
data/Manifest ADDED
@@ -0,0 +1,4 @@
1
+ Manifest
2
+ README.rdoc
3
+ Rakefile
4
+ lib/intrusion.rb
data/README.rdoc ADDED
@@ -0,0 +1,46 @@
1
+ = Intrusion
2
+
3
+ Intrusion is a gem helping you to detect and prevent intrusion attempts within your ruby on rails application.
4
+
5
+ == Preparation
6
+ include intrusion in your Gemfile (Rails 3)
7
+ gem 'intrusion'
8
+
9
+ create a 'ids' attribute for the ActiveRecord model you want to protect and migrate, e.g:
10
+
11
+ # rails generate migration add_ids_to_accounts ids:string
12
+ # rake db:migrate
13
+
14
+ include Intrusion in your model:
15
+
16
+ class Account < ActiveRecord::Base
17
+ include Intrusion
18
+ end
19
+
20
+ == Examples:
21
+
22
+ === Check if IP adress is blocked
23
+ return "your ip is blocked" if Account.find(1).is_blocked?(request.remote_addr)
24
+
25
+
26
+ === Report suspicious activity
27
+ The internal counter will be increased. If you do this 10 times, blocking will be enabled
28
+
29
+ Account.find(1).ids_report!(request.remote_addr)
30
+
31
+ === Instantly block ip
32
+ Account.find(1).ids_report!(request.remote_addr, true)
33
+
34
+ === Reset
35
+ This resets the counter to 0:
36
+ Account.find(1).ids_unblock!(request.remote_addr)
37
+
38
+
39
+ === Blocking objects with keywords
40
+ You are not limited to IP adresses. You may block the object itself using any keyword:
41
+ Account.find(1).ids_report!('self')
42
+
43
+
44
+ == Copyright
45
+
46
+ (c) 2010 netsense LLC - managed security audits - http://netsense.ch
data/Rakefile ADDED
@@ -0,0 +1,14 @@
1
+ require 'rubygems'
2
+ require 'rake'
3
+ require 'echoe'
4
+
5
+ Echoe.new('intrusion', '0.1.0') do |p|
6
+ p.description = "intrusion detection and prevention for rails apps"
7
+ p.url = "http://github.com/symontech/intrusion"
8
+ p.author = "Simon Wepfer"
9
+ p.email = "sw@netsense.ch"
10
+ p.ignore_pattern = ["tmp/*", "script/*"]
11
+ p.development_dependencies = []
12
+ end
13
+
14
+ Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }
data/intrusion.gemspec ADDED
@@ -0,0 +1,32 @@
1
+ # -*- encoding: utf-8 -*-
2
+
3
+ Gem::Specification.new do |s|
4
+ s.name = %q{intrusion}
5
+ s.version = "0.1.0"
6
+
7
+ s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
8
+ s.authors = ["Simon Wepfer"]
9
+ s.cert_chain = ["/home/sw/gem-public_cert.pem"]
10
+ s.date = %q{2010-12-30}
11
+ s.description = %q{intrusion detection and prevention for rails apps}
12
+ s.email = %q{sw@netsense.ch}
13
+ s.extra_rdoc_files = ["README.rdoc", "lib/intrusion.rb"]
14
+ s.files = ["Manifest", "README.rdoc", "Rakefile", "lib/intrusion.rb", "intrusion.gemspec"]
15
+ s.homepage = %q{http://github.com/symontech/intrusion}
16
+ s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Intrusion", "--main", "README.rdoc"]
17
+ s.require_paths = ["lib"]
18
+ s.rubyforge_project = %q{intrusion}
19
+ s.rubygems_version = %q{1.3.7}
20
+ s.signing_key = %q{/home/sw/gem-private_key.pem}
21
+ s.summary = %q{intrusion detection and prevention for rails apps}
22
+
23
+ if s.respond_to? :specification_version then
24
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
25
+ s.specification_version = 3
26
+
27
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
28
+ else
29
+ end
30
+ else
31
+ end
32
+ end
data/lib/intrusion.rb ADDED
@@ -0,0 +1,61 @@
1
+ module Intrusion
2
+
3
+ # check if ip is blocked
4
+ def ids_is_blocked?(ip)
5
+ ids_load.each { |d| return true if d[:ip] == ip and d[:counter] > 9 }
6
+ return false
7
+ end
8
+
9
+ # report suspicious activity
10
+ def ids_report!(ip, block=false)
11
+ dt = ids_load
12
+
13
+ found = nil
14
+ dt.each { |d| found = d if d[:ip] == ip }
15
+
16
+ if found
17
+ if block
18
+ found[:counter] = 10
19
+ else
20
+ found[:counter] += 1
21
+ end
22
+ else
23
+ new = { :ip => ip, :counter => 1 }
24
+ dt << new
25
+ end
26
+
27
+ # update
28
+ self.ids = dt.to_yaml
29
+ return self.save
30
+ end
31
+
32
+ # reset counter and stay
33
+ def ids_unblock!(ip)
34
+ dt = ids_load
35
+ found = false
36
+ dt.each { |d|
37
+ if d[:ip] == ip
38
+ d[:counter] = 0
39
+ found = true
40
+ end
41
+ }
42
+
43
+ if found
44
+ # update
45
+ self.ids = dt.to_yaml
46
+ return self.save
47
+ end
48
+ return false
49
+ end
50
+
51
+ protected
52
+
53
+ # convert yaml string helper
54
+ def ids_load
55
+ dt = []
56
+ dt = YAML::load(ids) if ids
57
+ return dt
58
+ end
59
+
60
+
61
+ end
metadata ADDED
@@ -0,0 +1,95 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: intrusion
3
+ version: !ruby/object:Gem::Version
4
+ prerelease: false
5
+ segments:
6
+ - 0
7
+ - 1
8
+ - 0
9
+ version: 0.1.0
10
+ platform: ruby
11
+ authors:
12
+ - Simon Wepfer
13
+ autorequire:
14
+ bindir: bin
15
+ cert_chain:
16
+ - |
17
+ -----BEGIN CERTIFICATE-----
18
+ MIIDKjCCAhKgAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQDDAJzdzEY
19
+ MBYGCgmSJomT8ixkARkWCG5ldHNlbnNlMRIwEAYKCZImiZPyLGQBGRYCY2gwHhcN
20
+ MTAxMjMwMDEzMjIzWhcNMTExMjMwMDEzMjIzWjA7MQswCQYDVQQDDAJzdzEYMBYG
21
+ CgmSJomT8ixkARkWCG5ldHNlbnNlMRIwEAYKCZImiZPyLGQBGRYCY2gwggEiMA0G
22
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQcaHghb4NyoI5/ktDVocH6/T6vIhB
23
+ rpxGCid4Ufk0nNJp2EQxzzJD2wpv+hmfndtH1yfA89RqIIBdHXhu/pY3Rs+7Rbuh
24
+ KAhMF3Bt0MvYa2cCMOV0WQaS1TF+xu1Ko5JGNIP2YHpcusXdjUflYn/enb1xiyJ0
25
+ tGe7au6H+gl55k+sy55KpSqije1sCRGsq001HEOgHMk99FWPglma1LSlHzHunCvr
26
+ E0yjmEYQnA0Bz1fK23IPXpg1/JDCicz1JlOx1LQ6EXp/DsJhYvrltqMs0d8pThLz
27
+ TK8zp88ciB3Je7ZV9gzCSRZn6eg7YAq3L6OGyCjXVDPeGutZ5A0+uNe5AgMBAAGj
28
+ OTA3MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNPOntwPYyIrXaEbpJDbJT3Td9ABMAsG
29
+ A1UdDwQEAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEAyKFvBXfbt8Rn/NjT5tObn9gF
30
+ XE6YMpQvKFqgtjJsuWyldjpjnbg86YsEnOEW2AtRKjQJvTtuyBvf+jiGpj4TFv2u
31
+ Z8lCtkHH7lOlotiqnrBpDn+4OGwHmRupmNbvs5JyWyCohFVEbTBcWuvVW+P7OM9E
32
+ eaEOpD9PVJds+gguxxsdaAHafRvcOdVqQ9qpeTrofTwCttMEe6XvBF+HSTZ3IrXK
33
+ ljm7jluHlbP28ywmLBUdz8bNLkoLrD77bYW5c8TqqhtgoaBXtG73y8V6WogvVV45
34
+ jCYr7DaTo4rUhQrgDmq/JUQYZmAaf73WG6iwQ2Nr68hWCjVTj/wvKLKurgjqkQ==
35
+ -----END CERTIFICATE-----
36
+
37
+ date: 2010-12-30 00:00:00 +01:00
38
+ default_executable:
39
+ dependencies: []
40
+
41
+ description: intrusion detection and prevention for rails apps
42
+ email: sw@netsense.ch
43
+ executables: []
44
+
45
+ extensions: []
46
+
47
+ extra_rdoc_files:
48
+ - README.rdoc
49
+ - lib/intrusion.rb
50
+ files:
51
+ - Manifest
52
+ - README.rdoc
53
+ - Rakefile
54
+ - lib/intrusion.rb
55
+ - intrusion.gemspec
56
+ has_rdoc: true
57
+ homepage: http://github.com/symontech/intrusion
58
+ licenses: []
59
+
60
+ post_install_message:
61
+ rdoc_options:
62
+ - --line-numbers
63
+ - --inline-source
64
+ - --title
65
+ - Intrusion
66
+ - --main
67
+ - README.rdoc
68
+ require_paths:
69
+ - lib
70
+ required_ruby_version: !ruby/object:Gem::Requirement
71
+ none: false
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ segments:
76
+ - 0
77
+ version: "0"
78
+ required_rubygems_version: !ruby/object:Gem::Requirement
79
+ none: false
80
+ requirements:
81
+ - - ">="
82
+ - !ruby/object:Gem::Version
83
+ segments:
84
+ - 1
85
+ - 2
86
+ version: "1.2"
87
+ requirements: []
88
+
89
+ rubyforge_project: intrusion
90
+ rubygems_version: 1.3.7
91
+ signing_key:
92
+ specification_version: 3
93
+ summary: intrusion detection and prevention for rails apps
94
+ test_files: []
95
+
metadata.gz.sig ADDED
Binary file