t53 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +7 -0
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/lib/t53.rb +59 -0
  5. metadata +92 -0
  6. metadata.gz.sig +0 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 7069975db04e1afc4eaa90b4ba736d26bd1e28fd39009fe286f73318f1c502f6
4
+ data.tar.gz: 88edcef8e72119a0826bfa5af47feb9d84dc43e0ac1570f73e074c129832316e
5
+ SHA512:
6
+ metadata.gz: 302fe63cd2f3b7d776355764964f025f47b1880786bbf90cc0d96bf027a228e2714c06fe32a0cb26d5bccf61a6710ea4283f5298384adc9ec648e61e90993836
7
+ data.tar.gz: 3f4225a4beeedc75821841d6f9b029258f43fbb00eb22942da5e2ce14b0b9f15e3930177cd3e681ce654b96c91b4830119854d11a2b5d65fecc1d868143ca25e
checksums.yaml.gz.sig ADDED
Binary file
data.tar.gz.sig ADDED
Binary file
data/lib/t53.rb ADDED
@@ -0,0 +1,59 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ # file: t53.rb
4
+
5
+ # description: Uses the command-line tool tcpdump to monitor local
6
+ # DNS requests. Publishes the requests in real-time to
7
+ # a SimplePubSub broker.
8
+
9
+ require "socket"
10
+ require 'sps-pub'
11
+
12
+
13
+ class T53
14
+
15
+ # options:
16
+ # nic: e.g. eth0, enp2s0f0
17
+ #
18
+ def initialize(nic: 'eth0', sps_host: 'spsmon', sps_port: '59053',
19
+ hostname: Socket.gethostname,
20
+ topic: 'dnslookup/' + hostname, debug: false, ignorelist: [])
21
+
22
+ @nic, @host, @port, @topic, @debug = nic, sps_host, sps_port, topic, debug
23
+ @ignorelist = ignorelist
24
+
25
+ end
26
+
27
+ def start()
28
+
29
+ command = "sudo tcpdump -nt -i #{@nic} udp port 53"
30
+ puts 'command: ' + command.inspect if @debug
31
+ sps = SPSPub.new host: @host, port: @port
32
+ ignorelist = @ignorelist
33
+ prev_domain = ''
34
+
35
+ IO.popen(command).each_line do |x|
36
+
37
+ puts 'x: ' + x.inspect
38
+
39
+ if x =~ /A\?/ then
40
+
41
+ match = ignorelist.find {|domain| x =~ /#{domain}/ }
42
+
43
+ next if match
44
+ domain = x[/(?<=A\?\s)[^\s]+(?=\.)/]
45
+ next if domain == prev_domain
46
+
47
+ sps.notice "#{@topic}: " + domain
48
+ prev_domain = domain
49
+
50
+ sleep 0.1
51
+
52
+ end
53
+
54
+ end
55
+
56
+ end
57
+
58
+ end
59
+
metadata ADDED
@@ -0,0 +1,92 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: t53
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - James Robertson
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain:
11
+ - |
12
+ -----BEGIN CERTIFICATE-----
13
+ MIIEXjCCAsagAwIBAgIBATANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDDCFnZW1t
14
+ YXN0ZXIvREM9amFtZXNyb2JlcnRzb24vREM9ZXUwHhcNMTgxMDIxMTU1NjA0WhcN
15
+ MTkxMDIxMTU1NjA0WjAsMSowKAYDVQQDDCFnZW1tYXN0ZXIvREM9amFtZXNyb2Jl
16
+ cnRzb24vREM9ZXUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDAdFNA
17
+ nHva3ueBSH+MNZ5bb3MugklZ2zOkFMp6tg2FK45ecs2vTT2NfXio7w+nmbCDf34f
18
+ 46VdizzxANrkb3WgM7rl3qi/gE9lMqyuoQULwqVcgpXpHqXPQTQSplTJL6FwspV9
19
+ xT254piIoa67rORK3AePT/nWmrlun5zOR40puWKUewX+Mb4oxr4l8tqmihNZAetL
20
+ BZTTeyzfYKnWi0zxtcMgqnu/VLqM+KFp6qrEuzv3i6L5zdiUP+fWmOUkBRjLU0j6
21
+ IIQOthTUR/IzckMO4IDHTQRxSTrHCdyNxziZq3V5Eu0FTzBjMrvIZu/usKcbvKCv
22
+ VO3R2O73q6n85Dk4s78JmKXTagJK5kxDwCApO1gw9RZ2T6YP0X4ShzGKD8CtL4NO
23
+ ynq/B11WvbIEJ2eL+87DdekO/PkUCqOZsJV/2sjdOpiuPUjLGnE/KNA1+iA7weHl
24
+ Z9dsh+DCx/dBSVJxl7q7Rv9mkL0C5TZgSvI4o+Ck+oKjiWqBqJYIhMiXJZMCAwEA
25
+ AaOBijCBhzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUQ5RKqUuN
26
+ p4oHC2+caBYmgA/1LU8wJgYDVR0RBB8wHYEbZ2VtbWFzdGVyQGphbWVzcm9iZXJ0
27
+ c29uLmV1MCYGA1UdEgQfMB2BG2dlbW1hc3RlckBqYW1lc3JvYmVydHNvbi5ldTAN
28
+ BgkqhkiG9w0BAQsFAAOCAYEAEmDFe7rd35gNqpxSLG4F55xBycv0f8R+FV7Tbp4o
29
+ gCmfwcKvDlYN8NTKxgZdGS9npizOrYzh3Xt1g8oTnnYALbteHO+3vPPGNXXXiq46
30
+ rryxL42aCJyd73iMi/RBFEZgLSnIxb+g9ylt+S6GeJ0MdDgwWwgDSuyiPoRcu/Hb
31
+ MpF/yi2cHL/VwYb/lhDB8HkyHQmcFdigKGVDAU5Kkp7/UFUJ0So4IaHw0CdC1OnU
32
+ +oXNCCtx1WtsgW9ZsVFjwHwiarxl8SVgY3YnwyeXa68d5sCCEpzRy7gmBWS/fqte
33
+ NI4jKfTLeejWhdNe9gpYwW+TboeiQn5Pt/DFYG4Pr3lck3qjN6B0rrgZ5ZFqmI8q
34
+ mbN56rzXjd/N6XIajRMVXLCEkLM24jzi69DequcRXiaDeHCq7WJMfdX+p3T7VO4Q
35
+ Z2qe5HUUZazh6IcJ9+sHuu5BkCQwJXG6HVZcvyrG6Dphlc+YFxu7EP+85YKHKW+v
36
+ JTY/G+M2ri81LCYen2nqhncW
37
+ -----END CERTIFICATE-----
38
+ date: 2018-10-21 00:00:00.000000000 Z
39
+ dependencies:
40
+ - !ruby/object:Gem::Dependency
41
+ name: sps-pub
42
+ requirement: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - "~>"
45
+ - !ruby/object:Gem::Version
46
+ version: '0.5'
47
+ - - ">="
48
+ - !ruby/object:Gem::Version
49
+ version: 0.5.5
50
+ type: :runtime
51
+ prerelease: false
52
+ version_requirements: !ruby/object:Gem::Requirement
53
+ requirements:
54
+ - - "~>"
55
+ - !ruby/object:Gem::Version
56
+ version: '0.5'
57
+ - - ">="
58
+ - !ruby/object:Gem::Version
59
+ version: 0.5.5
60
+ description:
61
+ email: james@jamesrobertson.eu
62
+ executables: []
63
+ extensions: []
64
+ extra_rdoc_files: []
65
+ files:
66
+ - lib/t53.rb
67
+ homepage: https://github.com/jrobertson/t53
68
+ licenses:
69
+ - MIT
70
+ metadata: {}
71
+ post_install_message:
72
+ rdoc_options: []
73
+ require_paths:
74
+ - lib
75
+ required_ruby_version: !ruby/object:Gem::Requirement
76
+ requirements:
77
+ - - ">="
78
+ - !ruby/object:Gem::Version
79
+ version: '0'
80
+ required_rubygems_version: !ruby/object:Gem::Requirement
81
+ requirements:
82
+ - - ">="
83
+ - !ruby/object:Gem::Version
84
+ version: '0'
85
+ requirements: []
86
+ rubyforge_project:
87
+ rubygems_version: 2.7.6
88
+ signing_key:
89
+ specification_version: 4
90
+ summary: Uses the command-line tool tcpdump to monitor local DNS requests. Publishes
91
+ the requests in real-time to a SimplePubSub broker.
92
+ test_files: []
metadata.gz.sig ADDED
Binary file