RubyGems - unified2 - Versions diffs - 0.3.0 → 0.3.1 - Mend

unified2 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

data/ChangeLog.rdoc CHANGED Viewed

@@ -1,3 +1,7 @@
+=== 0.3.1 / 2011-03-15
+* Removed gibbler in favor of custom Event#checksum method due to datamapper issues.
 === 0.3.0 / 2011-03-14
 * Added checksum support for event objects

data/Rakefile.compiled.rbc ADDED Viewed

@@ -0,0 +1,775 @@
+!RBIX
+0
+x
+M
+1
+n
+n
+x
+10
+__script__
+i
+402
+5
+7
+0
+64
+47
+49
+1
+1
+15
+5
+7
+2
+64
+47
+49
+1
+1
+15
+26
+93
+0
+15
+29
+75
+0
+5
+7
+3
+64
+7
+4
+64
+47
+49
+5
+2
+15
+5
+7
+6
+64
+47
+49
+1
+1
+15
+45
+7
+8
+43
+9
+13
+71
+10
+47
+9
+69
+47
+49
+11
+0
+13
+47
+49
+12
+0
+15
+8
+72
+49
+10
+0
+30
+8
+126
+26
+93
+1
+15
+24
+13
+45
+13
+14
+12
+49
+15
+1
+10
+92
+8
+121
+15
+24
+19
+0
+15
+45
+16
+17
+20
+0
+49
+18
+0
+49
+19
+1
+15
+45
+16
+20
+7
+21
+64
+49
+19
+1
+25
+8
+126
+15
+92
+1
+27
+34
+92
+0
+27
+15
+26
+93
+2
+15
+29
+189
+0
+5
+7
+22
+64
+7
+23
+64
+47
+49
+5
+2
+15
+5
+7
+24
+64
+47
+49
+1
+1
+15
+45
+25
+26
+43
+27
+43
+28
+13
+71
+10
+47
+9
+183
+47
+49
+11
+0
+13
+47
+49
+12
+0
+15
+8
+186
+49
+10
+0
+30
+8
+228
+26
+93
+3
+15
+24
+13
+45
+13
+29
+12
+49
+15
+1
+10
+206
+8
+223
+15
+24
+19
+0
+15
+5
+7
+30
+56
+31
+47
+50
+32
+1
+25
+8
+228
+15
+92
+3
+27
+34
+92
+2
+27
+15
+5
+44
+43
+33
+79
+49
+34
+1
+13
+7
+35
+7
+30
+49
+36
+2
+15
+47
+49
+32
+1
+15
+5
+44
+43
+33
+79
+49
+34
+1
+13
+7
+37
+7
+30
+49
+36
+2
+15
+47
+49
+32
+1
+15
+26
+93
+4
+15
+29
+335
+0
+5
+7
+38
+64
+7
+39
+64
+47
+49
+5
+2
+15
+5
+7
+38
+64
+47
+49
+1
+1
+15
+45
+40
+41
+43
+42
+43
+43
+13
+71
+10
+47
+9
+329
+47
+49
+11
+0
+13
+47
+49
+12
+0
+15
+8
+332
+49
+10
+0
+30
+8
+374
+26
+93
+5
+15
+24
+13
+45
+13
+44
+12
+49
+15
+1
+10
+352
+8
+369
+15
+24
+19
+0
+15
+5
+7
+45
+56
+46
+47
+50
+32
+1
+25
+8
+374
+15
+92
+5
+27
+34
+92
+4
+27
+15
+5
+44
+43
+33
+79
+49
+34
+1
+13
+7
+47
+7
+45
+49
+36
+2
+15
+47
+49
+32
+1
+15
+2
+11
+I
+c
+I
+1
+I
+0
+I
+0
+n
+p
+48
+s
+8
+rubygems
+x
+7
+require
+s
+4
+rake
+s
+9
+ore-tasks
+s
+8
+~> 0.5.0
+x
+3
+gem
+s
+9
+ore/tasks
+x
+3
+Ore
+n
+x
+5
+Tasks
+x
+3
+new
+x
+8
+allocate
+x
+10
+initialize
+x
+9
+LoadError
+n
+x
+3
+===
+x
+6
+STDERR
+n
+x
+7
+message
+x
+4
+puts
+n
+s
+51
+Run `gem install ore-tasks` to install 'ore/tasks'.
+s
+5
+rspec
+s
+6
+~> 2.4
+s
+20
+rspec/core/rake_task
+x
+5
+RSpec
+n
+x
+4
+Core
+x
+8
+RakeTask
+n
+x
+4
+spec
+M
+1
+p
+2
+x
+9
+for_block
+t
+n
+x
+9
+__block__
+i
+9
+5
+7
+0
+64
+47
+49
+1
+1
+11
+I
+3
+I
+0
+I
+0
+I
+0
+I
+-2
+p
+2
+s
+48
+Please run `gem install rspec` to install RSpec.
+x
+5
+abort
+p
+3
+I
+0
+I
+15
+I
+9
+x
+49
+/Users/dustinwebber/source/ruby/unified2/Rakefile
+p
+0
+x
+4
+task
+x
+4
+Hash
+x
+16
+new_from_literal
+x
+4
+test
+x
+3
+[]=
+x
+7
+default
+s
+4
+yard
+s
+8
+~> 0.6.0
+x
+4
+YARD
+n
+x
+4
+Rake
+x
+10
+YardocTask
+n
+x
+4
+yard
+M
+1
+p
+2
+x
+9
+for_block
+t
+n
+x
+9
+__block__
+i
+9
+5
+7
+0
+64
+47
+49
+1
+1
+11
+I
+3
+I
+0
+I
+0
+I
+0
+I
+-2
+p
+2
+s
+46
+Please run `gem install yard` to install YARD.
+x
+5
+abort
+p
+3
+I
+0
+I
+23
+I
+9
+x
+49
+/Users/dustinwebber/source/ruby/unified2/Rakefile
+p
+0
+x
+3
+doc
+p
+55
+I
+0
+I
+1
+I
+9
+I
+2
+I
+12
+I
+5
+I
+25
+I
+6
+I
+2e
+I
+8
+I
+50
+I
+9
+I
+5d
+I
+c
+I
+5e
+I
+9
+I
+61
+I
+a
+I
+6d
+I
+b
+I
+82
+I
+f
+I
+95
+I
+10
+I
+9e
+I
+12
+I
+c2
+I
+13
+I
+cf
+I
+17
+I
+d0
+I
+13
+I
+d3
+I
+14
+I
+e8
+I
+19
+I
+fe
+I
+1a
+I
+114
+I
+1d
+I
+127
+I
+1e
+I
+130
+I
+20
+I
+154
+I
+21
+I
+161
+I
+25
+I
+162
+I
+21
+I
+165
+I
+22
+I
+17a
+I
+27
+I
+192
+x
+49
+/Users/dustinwebber/source/ruby/unified2/Rakefile
+p
+1
+x
+1
+e

data/example/basic-example.rb CHANGED Viewed

@@ -19,7 +19,7 @@ end
 # The second argument is the last event processed by
 # the sensor. If the last_event_id column is blank in the
 # sensor table it will begin at the first available event.
-Unified2.watch('/var/log/snort/merged.log', :first) do |event|
+Unified2.watch('seeds/unified2', :first) do |event|
   next if event.signature.blank?
   puts event.checksum # => 66302273aa2f181d0310aa789027bac3ce1efb4f

data/example/connect.rb CHANGED Viewed

@@ -13,8 +13,8 @@ class Connect
       :username => "rUnified2",
       :password => "password"
     })
-    DataMapper.finalize
-    DataMapper.auto_upgrade!
+    #DataMapper.finalize
+    #DataMapper.auto_upgrade!
   end
 end

data/example/models.rb CHANGED Viewed

@@ -6,8 +6,6 @@ class Event
   property :id, Serial, :index => true
-  property :uid, String, :index => true
   property :event_id, Integer, :index => true
   property :sensor_id, Integer, :index => true

data/example/mysql-example.rb CHANGED Viewed

@@ -18,7 +18,6 @@ Unified2.configuration do
   load :signatures, 'seeds/sid-msg.map'
   load :generators, 'seeds/gen-msg.map'
   load :classifications, 'seeds/classification.config'
 end
 # Locate the sensor in the database using
@@ -49,7 +48,7 @@ Unified2.watch('/var/log/snort/merged.log', sensor.last_event_id + 1 || :first)
   insert_event = Event.new({
                        :event_id => event.id,
-                       :uid => event.uid,
+                       :checksum => event.checksum,
                        :created_at => event.timestamp,
                        :sensor_id => event.sensor.id,
                        :source_ip => event.source_ip,

data/gemspec.yml CHANGED Viewed

@@ -7,7 +7,6 @@ email: dustin.webber@gmail.com
 homepage: https://github.com/mephux/unified2
 dependencies:
-  gibbler: ~> 0.8.9
   bindata: ~> 1.3.1
   hexdump: ~> 0.1.0

data/lib/unified2/event.rb CHANGED Viewed

@@ -1,15 +1,14 @@
-require 'gibbler'
-require 'ipaddr'
-require 'json'
 require 'unified2/classification'
 require 'unified2/payload'
 require 'unified2/sensor'
 require 'unified2/signature'
+require 'ipaddr'
+require 'json'
 module Unified2
   class Event
-    include Gibbler::Complex
     attr_accessor :id, :metadata, :packet
@@ -23,9 +22,10 @@ module Unified2
         @timestamp = Time.at(@packet[:packet_second].to_i)
       end
     end
     def checksum
-      gibbler
+      checkdum = [ip_source, ip_destination, signature.id, signature.generator, sensor.id, severity, classification.id]
+      Digest::MD5.hexdigest(checkdum.join(''))
     end
     def uid
@@ -237,7 +237,7 @@ data = %{
       def build_generator(event)
         if Unified2.generators.data
           if Unified2.generators.data.has_key?("#{event.data.generator_id}.#{event.data.signature_id}")
-            sig = Unified2.generators["#{event.data.generator_id}.#{event.data.signature_id}"]
+            sig = Unified2.generators.data["#{event.data.generator_id}.#{event.data.signature_id}"]
             @event_hash[:signature] = {
               :signature_id => event.data.signature_id,

data/lib/unified2/sensor.rb CHANGED Viewed

@@ -1,8 +1,7 @@
 module Unified2
   class Sensor
-    attr_accessor :id, :hostname,
-    :interface, :name
+    attr_accessor :id, :hostname, :interface, :name
     def initialize(options={})
       @id = options[:id] || 0

data/lib/unified2/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Unified2
   # unified2 version
-  VERSION = "0.3.0"
+  VERSION = "0.3.1"
 end

data/lib/unified2.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require 'bindata'
+require 'digest'
 require 'socket'
 # http://cvs.snort.org/viewcvs.cgi/snort/src/output-plugins/spo_unified2.c?rev=1.3&content-type=text/vnd.viewcvs-markup

metadata CHANGED Viewed

@@ -2,7 +2,7 @@
 name: unified2
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Dustin Willis Webber
@@ -13,72 +13,61 @@ cert_chain: []
 date: 2011-03-14 00:00:00 -04:00
 default_executable:
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: gibbler
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 0.8.9
-  type: :runtime
-  version_requirements: *id001
 - !ruby/object:Gem::Dependency
   name: bindata
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
+  requirement: &id001 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 1.3.1
   type: :runtime
-  version_requirements: *id002
+  version_requirements: *id001
 - !ruby/object:Gem::Dependency
   name: hexdump
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
+  requirement: &id002 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 0.1.0
   type: :runtime
-  version_requirements: *id003
+  version_requirements: *id002
 - !ruby/object:Gem::Dependency
   name: ore-tasks
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
+  requirement: &id003 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: "0.4"
   type: :development
-  version_requirements: *id004
+  version_requirements: *id003
 - !ruby/object:Gem::Dependency
   name: rspec
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
+  requirement: &id004 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: "2.4"
   type: :development
-  version_requirements: *id005
+  version_requirements: *id004
 - !ruby/object:Gem::Dependency
   name: yard
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement
+  requirement: &id005 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 0.6.0
   type: :development
-  version_requirements: *id006
+  version_requirements: *id005
 description: A ruby interface for unified2 output. rUnified2 allows you to manipulate unified2 output for custom storage and/or analysis.
 email:
 - dustin.webber@gmail.com
@@ -98,6 +87,7 @@ files:
 - LICENSE.txt
 - README.rdoc
 - Rakefile
+- Rakefile.compiled.rbc
 - example/basic-example.rb
 - example/connect.rb
 - example/models.rb
@@ -133,7 +123,7 @@ files:
 - spec/spec_helper.rb
 - spec/unified2_spec.rb
 - unified2.gemspec
-has_rdoc: yard
+has_rdoc: true
 homepage: https://github.com/mephux/unified2
 licenses:
 - MIT
@@ -157,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project: unified2
-rubygems_version: 1.6.1
+rubygems_version: 1.5.0
 signing_key:
 specification_version: 3
 summary: A ruby interface for unified2 output.