sagan_crafter 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (24) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +9 -0
  3. data/.rspec +2 -0
  4. data/.travis.yml +4 -0
  5. data/CODE_OF_CONDUCT.md +49 -0
  6. data/Gemfile +4 -0
  7. data/LICENSE.txt +21 -0
  8. data/README.md +67 -0
  9. data/Rakefile +7 -0
  10. data/bin/console +14 -0
  11. data/bin/setup +8 -0
  12. data/exe/sagan-craft +12 -0
  13. data/lib/sagan_crafter/backends/sqlite.rb +65 -0
  14. data/lib/sagan_crafter/cli.rb +99 -0
  15. data/lib/sagan_crafter/factorize.rb +25 -0
  16. data/lib/sagan_crafter/factory/fqdnlogger.rb +43 -0
  17. data/lib/sagan_crafter/factory/iplogger.rb +43 -0
  18. data/lib/sagan_crafter/main.rb +7 -0
  19. data/lib/sagan_crafter/ruleset.rb +38 -0
  20. data/lib/sagan_crafter/settings.rb +86 -0
  21. data/lib/sagan_crafter/version.rb +3 -0
  22. data/lib/sagan_crafter.rb +20 -0
  23. data/sagan_crafter.gemspec +31 -0
  24. metadata +179 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 0a1b504c92f2ab3809f4b21923a1320f9d2e6dc3
4
+ data.tar.gz: 2d72d3a051d6a190a4b4470e6196b75ad7733d84
5
+ SHA512:
6
+ metadata.gz: bbf70fe464fcbfc296c4936411e5632486b1aaa29222fe8fe9122b9b0f9cf6f9af6892144d9f971a062feeacc8794c9b12e75330ae6819cc5061cb3ad30966a1
7
+ data.tar.gz: 39e7666c657d3d417e8ebf44fa33e5a4aea9f589008dde47f11d1c3cb713c75e7954e08b68c880ce68d3a7f15b792587208bbae814571837abea82d7a09b379e
data/.gitignore ADDED
@@ -0,0 +1,9 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,4 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.2.3
4
+ before_install: gem install bundler -v 1.11.2
data/CODE_OF_CONDUCT.md ADDED
@@ -0,0 +1,49 @@
1
+ # Contributor Code of Conduct
2
+
3
+ As contributors and maintainers of this project, and in the interest of
4
+ fostering an open and welcoming community, we pledge to respect all people who
5
+ contribute through reporting issues, posting feature requests, updating
6
+ documentation, submitting pull requests or patches, and other activities.
7
+
8
+ We are committed to making participation in this project a harassment-free
9
+ experience for everyone, regardless of level of experience, gender, gender
10
+ identity and expression, sexual orientation, disability, personal appearance,
11
+ body size, race, ethnicity, age, religion, or nationality.
12
+
13
+ Examples of unacceptable behavior by participants include:
14
+
15
+ * The use of sexualized language or imagery
16
+ * Personal attacks
17
+ * Trolling or insulting/derogatory comments
18
+ * Public or private harassment
19
+ * Publishing other's private information, such as physical or electronic
20
+ addresses, without explicit permission
21
+ * Other unethical or unprofessional conduct
22
+
23
+ Project maintainers have the right and responsibility to remove, edit, or
24
+ reject comments, commits, code, wiki edits, issues, and other contributions
25
+ that are not aligned to this Code of Conduct, or to ban temporarily or
26
+ permanently any contributor for other behaviors that they deem inappropriate,
27
+ threatening, offensive, or harmful.
28
+
29
+ By adopting this Code of Conduct, project maintainers commit themselves to
30
+ fairly and consistently applying these principles to every aspect of managing
31
+ this project. Project maintainers who do not follow or enforce the Code of
32
+ Conduct may be permanently removed from the project team.
33
+
34
+ This code of conduct applies both within project spaces and in public spaces
35
+ when an individual is representing the project or its community.
36
+
37
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
38
+ reported by contacting a project maintainer at shadowbq@gmail.com. All
39
+ complaints will be reviewed and investigated and will result in a response that
40
+ is deemed necessary and appropriate to the circumstances. Maintainers are
41
+ obligated to maintain confidentiality with regard to the reporter of an
42
+ incident.
43
+
44
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage],
45
+ version 1.3.0, available at
46
+ [http://contributor-covenant.org/version/1/3/0/][version]
47
+
48
+ [homepage]: http://contributor-covenant.org
49
+ [version]: http://contributor-covenant.org/version/1/3/0/
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in sagan_crafter.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2016 shadowbq
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,67 @@
1
+ # SaganCrafter
2
+
3
+ Sagan Crafter is designed to help build SAGAN rules from simple backends.
4
+
5
+ ```
6
+ alert tcp $HOME_NET any <> any any (msg:"[PASSIVEDNS] vxvault url_reputation - tscl.com.bd"; content:"tscl.com.bd"; normalize:tightstack; sid:1635309608; program:tightstack; rev:2;)
7
+ alert tcp $HOME_NET any <> any any (msg:"[PASSIVEDNS] vxvault url_reputation - uclmfocus.com"; content:"uclmfocus.com"; normalize:tightstack; sid:1042387290; program:tightstack; rev:2;)
8
+ alert tcp $HOME_NET any <> any any (msg:"[PASSIVEDNS] vxvault url_reputation - upstreams.info"; content:"upstreams.info"; normalize:tightstack; sid:1757176352; program:tightstack; rev:1;)
9
+ alert tcp $HOME_NET any <> any any (msg:"[PASSIVEDNS] vxvault url_reputation - vibaavaacademy.com"; content:"vibaavaacademy.com"; normalize:tightstack; sid:1270011767; program:tightstack; rev:1;)
10
+ alert tcp $HOME_NET any <> any any (msg:"[PASSIVEDNS] vxvault url_reputation - www.cpteducation.it"; content:"www.cpteducation.it"; normalize:tightstack; sid:1499466929; program:tightstack; rev:1;)
11
+ alert tcp $HOME_NET any <> any any (msg:"[PASSIVEDNS] vxvault url_reputation - www.itidea.it"; content:"www.itidea.it"; normalize:tightstack; sid:1352812295; program:tightstack; rev:2;)
12
+ ```
13
+
14
+ ## Simple Backends:
15
+
16
+ SQLITE3 -
17
+
18
+ ```sql
19
+ CREATE TABLE fqdns ( id INTEGER PRIMARY KEY, feed_provider varchar(255), feed_name varchar(255), import_time timestamp default (strftime('%s', 'now')), name varchar(255), CONSTRAINT name_unique UNIQUE (import_time, name) )
20
+ ```
21
+
22
+ * Threatinator - https://github.com/shadowbq/threatinator
23
+ * Threatinator AMQP Client - https://github.com/shadowbq/threatinator-amqp-rcvr
24
+
25
+ ## Note:
26
+
27
+ * Sagan - https://github.com/beave/sagan
28
+
29
+ ## Installation
30
+
31
+ Install it as:
32
+
33
+ $ gem install sagan_crafter
34
+
35
+ ## Usage
36
+
37
+ ```
38
+ $ sagan_crafter --help
39
+ Usage: sagan-crafter
40
+
41
+ -c, --cxtracker Create CXTracker rules
42
+ -p, --passivedns Create Passivedns rules
43
+
44
+ Backend
45
+
46
+ -s, --sqlite= Sqlite3 backend file location
47
+ Default: /tmp/threat.db
48
+ Options::
49
+ -v, --verbose Run verbosely
50
+ -h, --help Display this screen
51
+
52
+ ```
53
+
54
+ ## Development
55
+
56
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
57
+
58
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
59
+
60
+ ## Contributing
61
+
62
+ Bug reports and pull requests are welcome on GitHub at https://github.com/shadowbq/sagan_crafter. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
63
+
64
+
65
+ ## License
66
+
67
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,7 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+ require "bump/tasks"
4
+
5
+ RSpec::Core::RakeTask.new(:spec)
6
+
7
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "sagan_crafter"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/exe/sagan-craft ADDED
@@ -0,0 +1,12 @@
1
+ #!/usr/bin/env ruby
2
+ begin
3
+ require 'rubygems'
4
+ require 'bundler'
5
+ Bundler.setup(:default)
6
+ rescue ::Exception => e
7
+ end
8
+
9
+ # Executable with absolute path to lib for hacking and development
10
+ require File.join(File.dirname(__FILE__), '..', 'lib', 'sagan_crafter', 'cli')
11
+
12
+ SaganCrafter::CLI.invoke
data/lib/sagan_crafter/backends/sqlite.rb ADDED
@@ -0,0 +1,65 @@
1
+ module SaganCrafter
2
+ module Backends
3
+ # :: Source of rule data
4
+ # select DISTINCT count(*), max(import_time), name from fqdns group by name;
5
+
6
+ # :: Rule output
7
+ # alert tcp $HOME_NET any -> any any (msg: "[PASSIVEDNS] BH1 Hit bighealthtree.com."; content: bighealthtree.com."; normalize: tightstack; classtype: suspicious-traffic; program: tightstack; sid:5100002; rev:2;)
8
+
9
+ # CREATE TABLE fqdns ( id INTEGER PRIMARY KEY, feed_provider varchar(255), feed_name varchar(255), import_time timestamp default (strftime('%s', 'now')), name varchar(255), CONSTRAINT name_unique UNIQUE (import_time, name) )
10
+
11
+ # ATTACH DATABASE '/tmp/oph_threat.db' As 'O';
12
+
13
+ # create temp view merge_fqdns as select * from F.fqdns union select * from M.fqdns union select * from O.fqdns;
14
+ # select DISTINCT count(*) as cnt, max(sub1.import_time) as max_import_time, sub1.name, sub1.feed_name, sub1.feed_provider from (select * from F.fqdns union select * from M.fqdns union select * from O.fqdns) sub1 group by sub1.name;
15
+
16
+ class SQLite
17
+
18
+ attr_reader :rule_collection
19
+
20
+ def initialize(factory)
21
+ @db = connect(SaganCrafter::Settings.sql_file_location)
22
+ @factory = factory
23
+ @db.results_as_hash = true
24
+ @rule_collection = []
25
+ end
26
+
27
+ def size
28
+ count = db.get_first_value("select count(DISTINCT name) from #{SaganCrafter::Settings.sql_table_name}")
29
+ puts "#{}count(*): #{count}"
30
+ end
31
+
32
+ def validate!
33
+ @db.execute("PRAGMA table_info(#{SaganCrafter::Settings.sql_table_name});") do |row|
34
+ raise UnknownDBSchemaError, "Unknown Schema" unless ["id","feed_provider","feed_name", "import_time","name"].include? row["name"]
35
+ end
36
+ puts "#[sagan-crafter] schema validated" if SaganCrafter::Settings.verbose
37
+ end
38
+
39
+ def build
40
+ @db.execute("select DISTINCT count(*) as cnt, max(import_time) as max_import_time, name, feed_name, feed_provider from #{SaganCrafter::Settings.sql_table_name} group by name") do |row|
41
+ @rule_collection << @factory.rule(row["name"], row["feed_provider"], row["feed_name"], row["cnt"], row["max_import_time"])
42
+ end
43
+ @rule_collection
44
+ end
45
+
46
+ def to_s
47
+ @rule_collection.to_s
48
+ end
49
+
50
+ private
51
+
52
+ def connect(file)
53
+ begin
54
+ db = SQLite3::Database.open(file)
55
+ return db
56
+ rescue ::SQLite3::Exception => e
57
+ puts "Exception occurred"
58
+ puts e
59
+ db.close if db
60
+ end
61
+ end
62
+
63
+ end
64
+ end
65
+ end
data/lib/sagan_crafter/cli.rb ADDED
@@ -0,0 +1,99 @@
1
+ require 'optparse'
2
+ require 'sagan_crafter'
3
+
4
+ module SaganCrafter
5
+
6
+ class CLI
7
+
8
+ def self.invoke
9
+ self.new
10
+ end
11
+
12
+ def initialize
13
+ options = {}
14
+
15
+ options[:cxtracker] = false
16
+ options[:passivedns] = false
17
+
18
+ options[:sqlite] = false
19
+ options[:sqlite_location] = SaganCrafter::Settings.sql_file_location
20
+
21
+ opt_parser = OptionParser.new do |opt|
22
+ opt.banner = "Usage: sagan-crafter"
23
+ opt.separator ""
24
+
25
+ opt.on("-c", "--cxtracker", "Create CXTracker rules") do
26
+ options[:cxtracker] = true
27
+ SaganCrafter::Settings.sql_table_name = "ipv4"
28
+ end
29
+
30
+ opt.on("-p", "--passivedns", "Create Passivedns rules") do
31
+ options[:passivedns] = true
32
+ SaganCrafter::Settings.sql_table_name = "fqdns"
33
+ end
34
+
35
+ opt.separator ""
36
+
37
+ opt.separator "Backend"
38
+ opt.separator ""
39
+
40
+ opt.on("-s", "--sqlite=", "Sqlite3 backend file location"," Default: #{options[:sqlite_location]}") do |value|
41
+ options[:sqlite] = true
42
+ options[:sqlite_location] = value
43
+ end
44
+
45
+ opt.separator "Options::"
46
+
47
+ opt.on("-v", "--verbose", "Run verbosely") do
48
+ options[:verbose] = true
49
+ end
50
+
51
+ opt.on_tail("-h","--help","Display this screen") do
52
+ puts opt_parser
53
+ exit 0
54
+ end
55
+
56
+ end
57
+
58
+ #Verify the options
59
+ begin
60
+ raise unless ARGV.size > 0
61
+ opt_parser.parse!
62
+
63
+ #If options fail display help
64
+ #rescue Exception => e
65
+ # puts e.message
66
+ # puts e.backtrace.inspect
67
+ rescue
68
+ puts opt_parser
69
+ exit
70
+ end
71
+
72
+ # Boolean switch
73
+ SaganCrafter::Settings.verbose = options[:verbose]
74
+ SaganCrafter::Settings.sql_file_location = options[:sqlite_location]
75
+
76
+ if SaganCrafter::Settings.verbose
77
+ puts "++++++++++++++++++++++++++++++++++++++++++++++"
78
+ puts "Sagan-Crafter!"
79
+ SaganCrafter::Settings.print
80
+ puts "++++++++++++++++++++++++++++++++++++++++++++++\n"
81
+ end
82
+
83
+ if options[:passivedns]
84
+ ruleset = FQDNRuleset.new(['sqlite3'])
85
+ end
86
+
87
+ if options[:cxtracker]
88
+ ruleset = IPRuleset.new(['sqlite3'])
89
+ end
90
+
91
+ puts ruleset.rules
92
+
93
+
94
+ end
95
+
96
+ end #Class
97
+
98
+
99
+ end #module
data/lib/sagan_crafter/factorize.rb ADDED
@@ -0,0 +1,25 @@
1
+ module SaganCrafter
2
+ class Factorize
3
+
4
+ def self.register(factory_type)
5
+ case factory_type.downcase
6
+ when /fqdnlogger/
7
+ return SaganCrafter::Factory::FQDNlogger.new
8
+ when /iplogger/
9
+ return SaganCrafter::Factory::IPlogger.new
10
+ else
11
+ raise UnknownFactoryError, "Missing Class for generator invocation: (#{type})"
12
+ end
13
+ end
14
+
15
+ end
16
+ end
17
+
18
+ $:.unshift(File.dirname(__FILE__))
19
+ %w( fqdnlogger iplogger ).each do |lib|
20
+ begin
21
+ require "factory/#{lib}"
22
+ rescue LoadError
23
+ require File.expand_path(File.join(File.dirname(__FILE__), "factory", lib))
24
+ end
25
+ end
data/lib/sagan_crafter/factory/fqdnlogger.rb ADDED
@@ -0,0 +1,43 @@
1
+ module SaganCrafter
2
+ module Factory
3
+ # :: Source of rule data
4
+ # select DISTINCT count(*), max(import_time), name from fqdns group by name;
5
+
6
+ # :: Rule output
7
+ # alert tcp $HOME_NET any -> any any (msg: "[PASSIVEDNS] BH1 Hit bighealthtree.com."; content: bighealthtree.com."; normalize: tightstack; classtype: suspicious-traffic; program: tightstack; sid:5100002; rev:2;)
8
+ class FQDNlogger
9
+
10
+ def initialize
11
+ end
12
+
13
+ def rule(ioc, feed_provider, feed_name, count, last_time)
14
+ @rule = Snort::Rule.new(
15
+ {
16
+ :enabled => true,
17
+ :action => 'alert',
18
+ :proto => 'tcp',
19
+ :src => '$HOME_NET',
20
+ :sport => 'any',
21
+ :dir => '<>',
22
+ :dst => 'any',
23
+ :dport => 'any',
24
+ :options => {
25
+ 'msg' => "\"[#{SaganCrafter::Settings.fqdnlogger}] #{feed_provider} #{feed_name} - #{ioc}\"",
26
+ 'content' => "\"#{ioc}\"",
27
+ 'sid' => XXhash.xxh32(ioc) % 1000000000 + 1000000000,
28
+ 'normalize' => SaganCrafter::Settings.normalizer,
29
+ 'program' => SaganCrafter::Settings.program,
30
+ 'rev' => count,
31
+ 'metadata' => "time #{last_time}, xxhash #{XXhash.xxh64(ioc)}"
32
+ }
33
+ }
34
+ )
35
+ end
36
+
37
+ def to_s
38
+ @rule.to_s
39
+ end
40
+
41
+ end
42
+ end
43
+ end
data/lib/sagan_crafter/factory/iplogger.rb ADDED
@@ -0,0 +1,43 @@
1
+ module SaganCrafter
2
+ module Factory
3
+ # :: Source of rule data
4
+ # select DISTINCT count(*), max(import_time), name from fqdns group by name;
5
+
6
+ # :: Rule output
7
+ # alert tcp $HOME_NET any -> any any (msg: "[PASSIVEDNS] BH1 Hit bighealthtree.com."; content: bighealthtree.com."; normalize: tightstack; classtype: suspicious-traffic; program: tightstack; sid:5100002; rev:2;)
8
+ class IPlogger
9
+
10
+ def initialize
11
+ end
12
+
13
+ def rule(ioc, feed_provider, feed_name, count, last_time)
14
+ @rule = Snort::Rule.new(
15
+ {
16
+ :enabled => true,
17
+ :action => 'alert',
18
+ :proto => 'tcp',
19
+ :src => '$HOME_NET',
20
+ :sport => 'any',
21
+ :dir => '<>',
22
+ :dst => 'any',
23
+ :dport => 'any',
24
+ :options => {
25
+ 'msg' => "\"[#{SaganCrafter::Settings.iplogger}] #{feed_provider} #{feed_name} - #{ioc}\"",
26
+ 'content' => "\"#{ioc}\"",
27
+ 'sid' => XXhash.xxh32(ioc) % 1000000000 + 1000000000,
28
+ 'normalize' => SaganCrafter::Settings.normalizer,
29
+ 'program' => SaganCrafter::Settings.program,
30
+ 'rev' => count,
31
+ 'metadata' => "time #{last_time}, xxhash #{XXhash.xxh64(ioc)}"
32
+ }
33
+ }
34
+ )
35
+ end
36
+
37
+ def to_s
38
+ @rule.to_s
39
+ end
40
+
41
+ end
42
+ end
43
+ end
data/lib/sagan_crafter/main.rb ADDED
@@ -0,0 +1,7 @@
1
+ module SaganCrafter
2
+
3
+ class CustomError < StandardError; end
4
+ class UnknownDBSchemaError < StandardError; end
5
+ class UnknownFactoryError < StandardError; end
6
+
7
+ end
data/lib/sagan_crafter/ruleset.rb ADDED
@@ -0,0 +1,38 @@
1
+ module SaganCrafter
2
+ class Ruleset
3
+ attr_reader :rules
4
+
5
+ def initialize(rule_sources)
6
+ @rules_builders = []
7
+ @rules = []
8
+ rule_sources.each do |source|
9
+ @rules << new_rule_source(source)
10
+ end
11
+ @rules
12
+ end
13
+
14
+ def to_s
15
+ @rules.to_s
16
+ end
17
+
18
+ end
19
+
20
+ class FQDNRuleset < Ruleset
21
+ def new_rule_source(source)
22
+ puts "#[sagan-crafter] #{self.class} - #{source}" if SaganCrafter::Settings.verbose
23
+ printer = SaganCrafter::Backends::SQLite.new(SaganCrafter::Factory::FQDNlogger.new )
24
+ printer.validate!
25
+ return printer.build
26
+ end
27
+ end
28
+
29
+ class IPRuleset < Ruleset
30
+ def new_rule_source(source)
31
+ puts "#[sagan-crafter] #{self.class} - #{source}" if SaganCrafter::Settings.verbose
32
+ printer = SaganCrafter::Backends::SQLite.new(SaganCrafter::Factory::IPlogger.new )
33
+ printer.validate!
34
+ return printer.build
35
+ end
36
+ end
37
+
38
+ end
data/lib/sagan_crafter/settings.rb ADDED
@@ -0,0 +1,86 @@
1
+ module SaganCrafter
2
+ module Settings
3
+ extend self
4
+
5
+ @@registered_settings = []
6
+
7
+ # SaganCrafter provides a basic single-method DSL with .parameter method
8
+ # being used to define a set of available settings.
9
+ # This method takes one or more symbols, with each one being
10
+ # a name of the configuration option.
11
+ def parameter(*names)
12
+ names.each do |name|
13
+ attr_accessor name
14
+
15
+ @@registered_settings.push(name)
16
+
17
+ # For each given symbol we generate accessor method that sets option's
18
+ # value being called with an argument, or returns option's current value
19
+ # when called without arguments
20
+ undef_method name if method_defined? name
21
+
22
+ define_method name do |*values|
23
+ value = values.first
24
+ if value
25
+ send("#{name}=", value)
26
+ else
27
+ instance_variable_defined?("@#{name}") ? instance_variable_get("@#{name}") : nil
28
+ end
29
+ end
30
+ end
31
+ end
32
+
33
+ # And we define a wrapper for the configuration block, that we'll use to set up
34
+ # our set of options
35
+ def config &block
36
+ instance_eval(&block)
37
+ end
38
+
39
+ # list available settings
40
+ def self.list
41
+ @@registered_settings
42
+ end
43
+
44
+ def self.reset!
45
+ self.config do
46
+ verbose false
47
+ fqdnlogger "PASSIVEDNS"
48
+ iplogger "CXTRACKER"
49
+ normalizer "tightstack"
50
+ program "tightstack"
51
+ sql_table_name "fqdns"
52
+ sql_file_location "/tmp/threat.db"
53
+ end
54
+ end
55
+
56
+ def self.to_h
57
+ c = {}
58
+ SaganCrafter::Settings.list.each do |toggle|
59
+ c[toggle.to_sym] = SaganCrafter::Settings.send(toggle)
60
+ end
61
+ return c
62
+ end
63
+
64
+ def self.print
65
+ SaganCrafter::Settings.list.each do |toggle|
66
+ puts "#{toggle} => #{SaganCrafter::Settings.send(toggle)}"
67
+ end
68
+ end
69
+
70
+ end
71
+
72
+ # [1] pry(#<SaganCrafter::CLI>)> Settings.list
73
+ # => [:verbose]
74
+
75
+ Settings.config do
76
+ parameter :verbose
77
+ parameter :fqdnlogger
78
+ parameter :iplogger
79
+ parameter :normalizer
80
+ parameter :program
81
+ parameter :sql_table_name
82
+ parameter :sql_file_location
83
+ end
84
+
85
+ Settings.reset!
86
+ end
data/lib/sagan_crafter/version.rb ADDED
@@ -0,0 +1,3 @@
1
+ module SaganCrafter
2
+ VERSION = "0.3.0"
3
+ end
data/lib/sagan_crafter.rb ADDED
@@ -0,0 +1,20 @@
1
+ require 'rubygems'
2
+ require "sagan_crafter/version"
3
+ require 'snort/rule'
4
+ require 'sqlite3'
5
+ require 'xxhash'
6
+ require 'pry'
7
+
8
+ module SaganCrafter
9
+ $:.unshift(File.dirname(__FILE__))
10
+ XX="myconstant"
11
+
12
+ require "sagan_crafter/main"
13
+ require "sagan_crafter/settings"
14
+ require "sagan_crafter/version"
15
+ require "sagan_crafter/ruleset"
16
+ require "sagan_crafter/backends/sqlite"
17
+ require "sagan_crafter/factorize"
18
+ #require "sagan_crafter/factory/fqdnlogger"
19
+ #require "sagan_crafter/factory/iplogger"
20
+ end
data/sagan_crafter.gemspec ADDED
@@ -0,0 +1,31 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'sagan_crafter/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "sagan_crafter"
8
+ spec.version = SaganCrafter::VERSION
9
+ spec.authors = ["shadowbq"]
10
+ spec.email = ["shadowbq@gmail.com"]
11
+
12
+ spec.summary = %q{Write a short summary, because Rubygems requires one.}
13
+ spec.description = %q{Write a longer description or delete this line.}
14
+ spec.homepage = "https://github.com/shadowbq/sagan_crafter"
15
+ spec.license = "MIT"
16
+
17
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
18
+ spec.bindir = "exe"
19
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
+ spec.require_paths = ["lib"]
21
+
22
+ spec.add_development_dependency "bundler", "~> 1.11"
23
+ spec.add_development_dependency "rake", "~> 10.0"
24
+ spec.add_development_dependency "rspec", "~> 3.0"
25
+ spec.add_development_dependency "bump"
26
+
27
+ spec.add_dependency "snort-rule", "~> 1.5"
28
+ spec.add_dependency "sqlite3"
29
+ spec.add_dependency "xxhash"
30
+ spec.add_dependency "pry"
31
+ end
metadata ADDED
@@ -0,0 +1,179 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sagan_crafter
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.3.0
5
+ platform: ruby
6
+ authors:
7
+ - shadowbq
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2016-10-31 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.11'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.11'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: bump
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: snort-rule
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.5'
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '1.5'
83
+ - !ruby/object:Gem::Dependency
84
+ name: sqlite3
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: xxhash
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :runtime
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: pry
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :runtime
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
125
+ description: Write a longer description or delete this line.
126
+ email:
127
+ - shadowbq@gmail.com
128
+ executables:
129
+ - sagan-craft
130
+ extensions: []
131
+ extra_rdoc_files: []
132
+ files:
133
+ - ".gitignore"
134
+ - ".rspec"
135
+ - ".travis.yml"
136
+ - CODE_OF_CONDUCT.md
137
+ - Gemfile
138
+ - LICENSE.txt
139
+ - README.md
140
+ - Rakefile
141
+ - bin/console
142
+ - bin/setup
143
+ - exe/sagan-craft
144
+ - lib/sagan_crafter.rb
145
+ - lib/sagan_crafter/backends/sqlite.rb
146
+ - lib/sagan_crafter/cli.rb
147
+ - lib/sagan_crafter/factorize.rb
148
+ - lib/sagan_crafter/factory/fqdnlogger.rb
149
+ - lib/sagan_crafter/factory/iplogger.rb
150
+ - lib/sagan_crafter/main.rb
151
+ - lib/sagan_crafter/ruleset.rb
152
+ - lib/sagan_crafter/settings.rb
153
+ - lib/sagan_crafter/version.rb
154
+ - sagan_crafter.gemspec
155
+ homepage: https://github.com/shadowbq/sagan_crafter
156
+ licenses:
157
+ - MIT
158
+ metadata: {}
159
+ post_install_message:
160
+ rdoc_options: []
161
+ require_paths:
162
+ - lib
163
+ required_ruby_version: !ruby/object:Gem::Requirement
164
+ requirements:
165
+ - - ">="
166
+ - !ruby/object:Gem::Version
167
+ version: '0'
168
+ required_rubygems_version: !ruby/object:Gem::Requirement
169
+ requirements:
170
+ - - ">="
171
+ - !ruby/object:Gem::Version
172
+ version: '0'
173
+ requirements: []
174
+ rubyforge_project:
175
+ rubygems_version: 2.4.8
176
+ signing_key:
177
+ specification_version: 4
178
+ summary: Write a short summary, because Rubygems requires one.
179
+ test_files: []