RubyGems - repsheet_visualizer - Versions diffs - 1.0.0 → 1.1.0 - Mend

repsheet_visualizer 1.0.0 → 1.1.0

Files changed (254) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f5de4349de8c35b7c4e5abc4055c1b7f7d66cba1
-  data.tar.gz: d005f992eab2dadb2fb4c1b029887fc341cd211c
+  metadata.gz: cd4eeda4bad79b51779af5f7f28411cbdc33be35
+  data.tar.gz: 5a1dac9229792475e0365c850d8df150e0812222
 SHA512:
-  metadata.gz: 86c153744dfd81b319a119e49d8b90257309e05b4752c5e10d44a2d9c28f4f789d106d9c177e687920646edbda09b8da5675f65d22906cc8ef274e3789f7dc4a
-  data.tar.gz: 878709b76181ed260acd8fa727661723fde1b21406c4eccb1f40720a05ad6d0d5910fe31c017431685fb1ead263bc5342822f25aeb0a15954169e0bbd2e912e7
+  metadata.gz: 3d246b1c4c8e86cb7d442a41302ed309f08efefddce7df8fdb0dcfa0fa5bb17973b7827929ee259486f6ace2d43d55686af5c4a2b5d2e03306951c483ff0ce7f
+  data.tar.gz: 0ef3a230ca6bdbea03a65b4b4b98edd261e8f5fafb7022ce7d8e9349dd080808b5c598c7e4c05514469f22c0aac8e21cc80e5a46d2fca286b446e7f8035f3ad6

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    repsheet_visualizer (1.0.0)
+    repsheet_visualizer (1.1.0)
       geoip
       ipaddress
       json

data/README.md CHANGED

@@ -1,6 +1,6 @@
 #Repsheet Visualizer [![Build Status](https://secure.travis-ci.org/repsheet/visualizer.png)](http://travis-ci.org/repsheet/visualizer?branch=master)
-This is the visualization component for Repsheet. It displays information on offending actors and allows for manual blacklisting. It provides a world map that displays the location of offending actors which allows for identification of global attack patterns. It is still under active development and will undergo some pretty major changes over the next several months.
+This is the visualization component for Repsheet. It displays information on offending actors and allows for manual blacklisting. It provides a world map that displays the location of offending actors which allows for identification of global attack patterns.
 ## Setup
@@ -12,3 +12,27 @@ bin/repsheet_visualizer <redis_host> <redis_port> <path_to_geolite_database>
 ```
 Visit [http://localhost:4567](http://localhost:4567) to view the application
+## Running as a Rack application
+This is the most common running configuration for the Visualizer. This just runs the application as if it was any other Rack application. You just have to create a config.ru file and start the application under your favorite application server.
+```ruby
+require 'repsheet_visualizer'
+RepsheetVisualizer::App.set :redis_host, "localhost"
+RepsheetVisualizer::App.set :redis_port, 6379
+RepsheetVisualizer::App.set :geoip_database, "/Users/abedra/src/opensource/repsheet/vendor/geoip/GeoLiteCity.dat"
+run RepsheetVisualizer::App
+```
+## Running as an embedded Rack application
+Since the Visualizer is a rack based application, you can embed it in any other rack app. Along with the above settings, you can specify a mount point:
+```
+RepsheetVisualizer::App.set :mount "/repsheet"
+```
+This will re-root the application so that everything continues to function properly under the mount point you desire.

data/bin/repsheet_visualizer CHANGED

@@ -3,20 +3,22 @@
 begin
   require 'repsheet_visualizer/application/app.rb'
   if ARGV.count == 3
-    RepsheetVisualizer.set :redis_host, ARGV[0]
-    RepsheetVisualizer.set :redis_port, ARGV[1]
-    RepsheetVisualizer.set :geoip_database, ARGV[2]
+    RepsheetVisualizer::App.set :redis_host, ARGV[0]
+    RepsheetVisualizer::App.set :redis_port, ARGV[1]
+    RepsheetVisualizer::App.set :geoip_database, ARGV[2]
   end
-  RepsheetVisualizer.run!
+  RepsheetVisualizer::App.run!
 rescue LoadError => e
   require 'rubygems'
   path = File.expand_path '../../lib', __FILE__
   $:.unshift(path) if File.directory?(path) && !$:.include?(path)
   require 'repsheet_visualizer/application/app.rb'
   if ARGV.count == 3
-    RepsheetVisualizer.set :redis_host, ARGV[0]
-    RepsheetVisualizer.set :redis_port, ARGV[1]
-    RepsheetVisualizer.set :geoip_database, ARGV[2]
+    RepsheetVisualizer::App.set :redis_host, ARGV[0]
+    RepsheetVisualizer::App.set :redis_port, ARGV[1]
+    RepsheetVisualizer::App.set :geoip_database, ARGV[2]
   end
-  RepsheetVisualizer.run!
+  RepsheetVisualizer::App.run!
 end

data/config.ru ADDED

@@ -0,0 +1,8 @@
+require 'repsheet_visualizer'
+RepsheetVisualizer::App.set :redis_host, "localhost"
+RepsheetVisualizer::App.set :redis_port, 6379
+RepsheetVisualizer::App.set :geoip_database, "/Users/abedra/src/opensource/repsheet/vendor/geoip/GeoLiteCity.dat"
+run RepsheetVisualizer::App

data/lib/repsheet_visualizer/application/app.rb CHANGED

@@ -5,133 +5,146 @@ require 'json'
 require 'ipaddress'
 require_relative 'backend'
-class RepsheetVisualizer < Sinatra::Base
-  before do
-    @mount = mount
-  end
+module RepsheetVisualizer
+  class App < Sinatra::Base
+    set :show_exceptions, false
-  helpers do
-    def action(ip, blacklist=nil)
-      blacklist = redis_connection.get("#{ip}:repsheet:blacklist") if blacklist.nil?
-      if blacklist.nil? || blacklist == "false"
-        "blacklist"
-      else
-        "whitelist"
+    before do
+      @mount = mount
+    end
+    helpers do
+      def action(ip, blacklist=nil)
+        blacklist = redis_connection.get("#{ip}:repsheet:blacklist") if blacklist.nil?
+        if blacklist.nil? || blacklist == "false"
+          "blacklist"
+        else
+          "whitelist"
+        end
+      end
+      def replace_invalid_chars(str)
+        str.encode('UTF-16le', :invalid => :replace, :replace => '?').encode('UTF-8')
+      end
+      def h(text)
+        begin
+          Rack::Utils.escape_html(text)
+        rescue ArgumentError
+          replace_invalid_chars(text)
+        end
       end
     end
-    def replace_invalid_chars(str)
-      str.encode('UTF-16le', :invalid => :replace, :replace => '?').encode('UTF-8')
+    def redis_connection
+      host = defined?(settings.redis_host) ? settings.redis_host : "localhost"
+      port = defined?(settings.redis_port) ? settings.redis_port : 6379
+      Redis.new(:host => host, :port => port)
     end
-    def h(text)
-      begin
-        Rack::Utils.escape_html(text)
-      rescue ArgumentError
-        replace_invalid_chars(text)
-      end
+    def geoip_database
+      geoip_database = defined?(settings.geoip_database) ? settings.geoip_database : nil
+      raise "Missing GeoIP database settings" if geoip_database.nil?
+      raise "Could not locate GeoIP database" unless File.exist?(geoip_database)
+      GeoIP.new(settings.geoip_database)
     end
-  end
-  def redis_connection
-    host = defined?(settings.redis_host) ? settings.redis_host : "localhost"
-    port = defined?(settings.redis_port) ? settings.redis_port : 6379
-    Redis.new(:host => host, :port => port)
-  end
+    def mount
+      defined?(settings.mount) ? (settings.mount + "/") : "/"
+    end
-  def geoip_database
-    geoip_database = defined?(settings.geoip_database) ? settings.geoip_database : nil
-    raise "Missing GeoIP database settings" if geoip_database.nil?
-    raise "Could not locate GeoIP database" unless File.exist?(geoip_database)
-    GeoIP.new(settings.geoip_database)
-  end
+    def redis_expiry
+      defined?(settings.redis_expiry) ? (settings.redis_expiry * 60 * 60) : (24 * 60 * 60)
+    end
-  def mount
-    defined?(settings.mount) ? (settings.mount + "/") : "/"
-  end
+    not_found do
+      erb :'404'
+    end
-  def redis_expiry
-    defined?(settings.redis_expiry) ? (settings.redis_expiry * 60 * 60) : (24 * 60 * 60)
-  end
+    error do
+      @e = request.env['sinatra_error']
+      erb :'500'
+    end
-  get '/' do
-    @suspects, @blacklisted = Backend.summary(redis_connection)
-    @whitelist = Backend.whitelist(redis_connection)
-    @blacklist_total = Backend.blacklist_total(redis_connection)
-    erb :index
-  end
+    get '/' do
+      @suspects, @blacklisted = Backend.summary(redis_connection)
+      @whitelist = Backend.whitelist(redis_connection)
+      @blacklist_total = Backend.blacklist_total(redis_connection)
+      erb :index
+    end
-  get '/whitelist' do
-    @whitelist = Backend.whitelist(redis_connection)
-    erb :whitelist
-  end
+    get '/whitelist' do
+      @whitelist = Backend.whitelist(redis_connection)
+      erb :whitelist
+    end
-  get '/blacklist' do
-    @blacklist = Backend.blacklist(redis_connection)
-    erb :blacklist
-  end
+    get '/blacklist' do
+      @blacklist = Backend.blacklist(redis_connection)
+      erb :blacklist
+    end
-  get '/suspects' do
-    @suspects, _ = Backend.suspects(redis_connection)
-    erb :suspects
-  end
+    get '/suspects' do
+      @suspects, _ = Backend.suspects(redis_connection)
+      erb :suspects
+    end
-  get '/breakdown' do
-    @data = Backend.breakdown(redis_connection)
-    erb :breakdown
-  end
+    get '/breakdown' do
+      @data = Backend.breakdown(redis_connection)
+      erb :breakdown
+    end
-  get '/worldview' do
-    @data = Backend.worldview(redis_connection, geoip_database)
-    erb :worldview
-  end
+    get '/worldview' do
+      @data = Backend.worldview(redis_connection, geoip_database)
+      erb :worldview
+    end
-  get '/actors/:ip' do
-    @ip = params[:ip]
-    @activity = Backend.activity(redis_connection, @ip)
-    triggered = Backend.triggered_rules(redis_connection, @ip)
-    offenses = Backend.score_actor(redis_connection, @ip, triggered, false)
-    @modsecurity = {:triggered => triggered.join(", "), :offenses => offenses}
-    @ofdp_score = Backend.ofdp_score(redis_connection, @ip) || 0
-    @whitelisted = Backend.whitelisted?(redis_connection, @ip)
-    @blacklisted = Backend.blacklisted?(redis_connection, @ip)
-    details = geoip_database.country(@ip)
-    unless details.nil?
-      @lat = details.latitude
-      @lng = details.longitude
-      @country = details.country_name
-      @region = details.region_name
-      @city = details.city_name
-    end
-    @action = action(@ip)
-    erb :actor
-  end
+    get '/actors/:ip' do
+      @ip = params[:ip]
+      @activity = Backend.activity(redis_connection, @ip)
+      triggered = Backend.triggered_rules(redis_connection, @ip)
+      offenses = Backend.score_actor(redis_connection, @ip, triggered, false)
+      @modsecurity = {:triggered => triggered.join(", "), :offenses => offenses}
+      @ofdp_score = Backend.ofdp_score(redis_connection, @ip) || 0
+      @whitelisted = Backend.whitelisted?(redis_connection, @ip)
+      @blacklisted = Backend.blacklisted?(redis_connection, @ip)
+      details = geoip_database.country(@ip)
+      unless details.nil?
+        @lat = details.latitude
+        @lng = details.longitude
+        @country = details.country_name
+        @region = details.region_name
+        @city = details.city_name
+      end
-  post '/search' do
-    @ip = params[:ip]
-    if IPAddress.valid?(@ip)
-      redirect "#{@mount}actors/#{@ip}"
-    else
-      redirect "#{@mount}"
+      @action = action(@ip)
+      erb :actor
     end
-  end
-  post '/action' do
-    connection = redis_connection
-    if params["action"] == "whitelist"
-      connection.set("#{params[:ip]}:repsheet:whitelist", "true")
-      connection.del("#{params[:ip]}:repsheet:blacklist")
-      connection.del("#{params[:ip]}:repsheet")
-      connection.del("#{params[:ip]}:detected")
-      connection.srem("repsheet:blacklist:history", params[:ip])
-    elsif params["action"] == "blacklist"
-      ttl = connection.ttl("#{params[:ip]}:requests")
-      connection.setex("#{params[:ip]}:repsheet:blacklist", ttl, "true")
-      connection.sadd("repsheet:blacklist:history", params[:ip])
-      connection.del("#{params[:ip]}:repsheet:whitelist")
-    end
-    redirect back
+    post '/search' do
+      @ip = params[:ip]
+      if IPAddress.valid?(@ip)
+        redirect "#{@mount}actors/#{@ip}"
+      else
+        redirect "#{@mount}"
+      end
+    end
+    post '/action' do
+      connection = redis_connection
+      if params["action"] == "whitelist"
+        connection.set("#{params[:ip]}:repsheet:whitelist", "true")
+        connection.del("#{params[:ip]}:repsheet:blacklist")
+        connection.del("#{params[:ip]}:repsheet")
+        connection.del("#{params[:ip]}:detected")
+        connection.srem("repsheet:blacklist:history", params[:ip])
+      elsif params["action"] == "blacklist"
+        ttl = connection.ttl("#{params[:ip]}:requests")
+        connection.setex("#{params[:ip]}:repsheet:blacklist", ttl, "true")
+        connection.sadd("repsheet:blacklist:history", params[:ip])
+        connection.del("#{params[:ip]}:repsheet:whitelist")
+      end
+      redirect back
+    end
   end
 end

data/lib/repsheet_visualizer/application/views/404.erb ADDED

@@ -0,0 +1,66 @@
+<div id="sidebar-wrapper" class="collapse sidebar-collapse">
+  <div id="search">
+    <form method="post" action="<%= @mount %>search">
+      <input name="ip" id="ip" class="form-control input-sm" type="text" name="search" placeholder="Search for an Actor" />
+      <button type="submit" id="search-btn" class="btn"><i class="fa fa-search"></i></button>
+    </form>
+  </div>
+  <nav id="sidebar">
+    <ul id="main-nav" class="open-active">
+      <li>
+        <a href="<%= @mount %>">
+          <i class="fa fa-dashboard"></i>
+          Dashboard
+        </a>
+      </li>
+      <li>
+        <a href="<%= @mount%>blacklist">
+          <i class="fa fa-ban"></i>
+          Blacklist
+        </a>
+      </li>
+      <li>
+        <a href="<%= @mount%>suspects">
+          <i class="fa fa-gavel"></i>
+          Suspects
+        </a>
+      </li>
+      <li>
+        <a href="<%= @mount%>whitelist">
+          <i class="fa fa-thumbs-o-up"></i>
+          Whitelist
+        </a>
+      </li>
+      <!-- <li>
+      <a href="javascript:;">
+      <i class="fa fa-bar-chart-o"></i>
+      ModSecurity Analysis
+      </a>
+      </li> -->
+      <li>
+        <a href="<%= @mount %>worldview">
+          <i class="fa fa-globe"></i>
+          World View
+        </a>
+      </li>
+    </ul>
+  </nav>
+</div>
+<div id="content">
+  <div id="content-header">
+    <h1>Not Found</h1>
+  </div>
+  <div id="content-container">
+    <div class="alert alert-danger">
+      The page you are looking for can't be found.
+    </div>
+  </div>
+</div>

data/lib/repsheet_visualizer/application/views/500.erb ADDED

@@ -0,0 +1,66 @@
+<div id="sidebar-wrapper" class="collapse sidebar-collapse">
+  <div id="search">
+    <form method="post" action="<%= @mount %>search">
+      <input name="ip" id="ip" class="form-control input-sm" type="text" name="search" placeholder="Search for an Actor" />
+      <button type="submit" id="search-btn" class="btn"><i class="fa fa-search"></i></button>
+    </form>
+  </div>
+  <nav id="sidebar">
+    <ul id="main-nav" class="open-active">
+      <li>
+        <a href="<%= @mount %>">
+          <i class="fa fa-dashboard"></i>
+          Dashboard
+        </a>
+      </li>
+      <li>
+        <a href="<%= @mount%>blacklist">
+          <i class="fa fa-ban"></i>
+          Blacklist
+        </a>
+      </li>
+      <li>
+        <a href="<%= @mount%>suspects">
+          <i class="fa fa-gavel"></i>
+          Suspects
+        </a>
+      </li>
+      <li>
+        <a href="<%= @mount%>whitelist">
+          <i class="fa fa-thumbs-o-up"></i>
+          Whitelist
+        </a>
+      </li>
+      <!-- <li>
+      <a href="javascript:;">
+      <i class="fa fa-bar-chart-o"></i>
+      ModSecurity Analysis
+      </a>
+      </li> -->
+      <li>
+        <a href="<%= @mount %>worldview">
+          <i class="fa fa-globe"></i>
+          World View
+        </a>
+      </li>
+    </ul>
+  </nav>
+</div>
+<div id="content">
+  <div id="content-header">
+    <h1>Error</h1>
+  </div>
+  <div id="content-container">
+    <div class="alert alert-danger">
+      There was an error
+    </div>
+  </div>
+</div>