RubyGems - unified2 - Versions diffs - 0.5.0 → 0.5.3 - Mend

unified2 0.5.0 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

data/{ChangeLog.rdoc → ChangeLog.md} +5 -0
data/README.md +2 -1
data/example/example.rb +10 -5
data/lib/unified2.rb +12 -6
data/lib/unified2/constructor/event_ip4.rb +1 -1
data/lib/unified2/event.rb +11 -32
data/lib/unified2/payload.rb +11 -0
data/lib/unified2/protocol.rb +2 -3
data/lib/unified2/version.rb +1 -1
metadata +5 -6
data/lib/unified2/constructor/primitive.rb +0 -1

data/{ChangeLog.rdoc → ChangeLog.md} RENAMED Viewed

@@ -1,3 +1,8 @@
+=== 0.5.1 / 2011-03-21
+* fixed exception when watching an empty unified2 log file
+* renamed a few Event#ip_header hash keys
 === 0.5.0 / 2011-03-18
 * major refactoring

data/README.md CHANGED Viewed

@@ -60,12 +60,13 @@ A ruby interface for unified2 output. rUnified2 allows you to manipulate unified
  * bindata ~> 1.3.1
  * hexdump: ~> 0.1.0
  * packetfu: ~> 1.0.0
+ * pcaprub: ~> 0.9.2
 ## Install
 	`$ gem install unified2`
-== Copyright
+## Copyright
 Copyright (c) 2011 Dustin Willis Webber

data/example/example.rb CHANGED Viewed

@@ -5,24 +5,29 @@ require 'unified2'
 Unified2.configuration do
   # Sensor Configurations
-  sensor :interface => 'en1', :name => 'Example Sensor'
+  sensor :interface => 'en1',
+  :name => 'Example Sensor', :id => 3
   # Load signatures, generators & classifications into memory
   load :signatures, 'seeds/sid-msg.map'
   load :generators, 'seeds/gen-msg.map'
   load :classifications, 'seeds/classification.config'
 end
+#
 # Monitor the unfied2 log and process the data.
+#
 # The second argument is the last event processed by
 # the sensor. If the last_event_id column is blank in the
 # sensor table it will begin at the first available event.
+#
 Unified2.watch('seeds/unified2.log', :first) do |event|
   next if event.signature.blank?
   puts event
-end
+  puts "\n"
+end

data/lib/unified2.rb CHANGED Viewed

@@ -142,12 +142,18 @@ module Unified2
           event_id = false
         when :first
-          first_open = File.open(path)
-          first_event = Unified2::Constructor::Construct.read(first_open)
-          first_open.close
-          event_id = first_event.data.event_id
-          @event = Event.new(event_id)
+          begin
+            first_open = File.open(path)
+            first_event = Unified2::Constructor::Construct.read(first_open)
+            first_open.close
+            event_id = first_event.data.event_id
+            @event = Event.new(event_id)
+          rescue EOFError
+            sleep 5
+            retry
+          end
         end
       end

data/lib/unified2/constructor/event_ip4.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'unified2/primitive/ipv4'
+require 'unified2/constructor/primitive/ipv4'
 module Unified2

data/lib/unified2/event.rb CHANGED Viewed

@@ -266,29 +266,6 @@ module Unified2
       to_h.to_json
     end
-    #
-    # Ethernet Header
-    #
-    # @return [Hash] Ethernet header
-    #
-    def eth_header
-      if ((packet.is_eth?) && packet.has_data?)
-        @ip_header = {
-          :v => payload.packet.ip_header.ip_v,
-          :hl => payload.packet.ip_header.ip_hl,
-          :tos => payload.packet.ip_header.ip_tos,
-          :len => payload.packet.ip_header.ip_len,
-          :id => payload.packet.ip_header.ip_id,
-          :frag => payload.packet.ip_header.ip_frag,
-          :ttl => payload.packet.ip_header.ip_ttl,
-          :proto => payload.packet.ip_header.ip_proto,
-          :sum => payload.packet.ip_header.ip_sum
-        }
-      else
-        @ip_header = {}
-      end
-    end
     #
     # IP Header
     #
@@ -297,15 +274,15 @@ module Unified2
     def ip_header
       if ((packet.is_ip?) && packet.has_data?)
         @ip_header = {
-          :v => packet.ip_header.ip_v,
-          :hl => packet.ip_header.ip_hl,
-          :tos => packet.ip_header.ip_tos,
-          :len => packet.ip_header.ip_len,
-          :id => packet.ip_header.ip_id,
-          :frag => packet.ip_header.ip_frag,
-          :ttl => packet.ip_header.ip_ttl,
-          :proto => packet.ip_header.ip_proto,
-          :sum => packet.ip_header.ip_sum
+          :ip_ver => packet.ip_header.ip_v,
+          :ip_hlen => packet.ip_header.ip_hl,
+          :ip_tos => packet.ip_header.ip_tos,
+          :ip_len => packet.ip_header.ip_len,
+          :ip_id => packet.ip_header.ip_id,
+          :ip_frag => packet.ip_header.ip_frag,
+          :ip_ttl => packet.ip_header.ip_ttl,
+          :ip_proto => packet.ip_header.ip_proto,
+          :ip_csum => packet.ip_header.ip_sum
         }
       else
         @ip_header = {}
@@ -328,8 +305,10 @@ module Unified2
         Destination IP: #{destination_ip}:#{destination_port}
         Signature: #{signature.name}
         Classification: #{classification.name}
+        Event Checksum: #{checksum}
       }
       unless payload.blank?
+        data += "Payload Checksum: #{payload.checksum}\n"
         data += "Payload:\n"
         payload.dump(:width => 30, :output => data)
       end

data/lib/unified2/payload.rb CHANGED Viewed

@@ -98,6 +98,17 @@ module Unified2
     def dump(options={})
       Hexdump.dump(@packet, options)
     end
+    #
+    # Checksum
+    #
+    # Create a unique payload checksum
+    #
+    # @return [String] Payload checksum
+    #
+    def checksum
+      Digest::MD5.hexdigest(@packet)
+    end
   end
 end

data/lib/unified2/protocol.rb CHANGED Viewed

@@ -107,7 +107,7 @@ module Unified2
       def udp(include_body=false)
         @udp = {
           :length => header.len,
-          :sum => header.udp_sum,
+          :csum => header.udp_sum,
         }
         @udp[:body] = header.body if include_body
@@ -121,12 +121,11 @@ module Unified2
           :seq => header.tcp_seq,
           :ack => header.tcp_ack,
           :win => header.tcp_win,
-          :sum => header.tcp_sum,
+          :csum => header.tcp_sum,
           :urg => header.tcp_urg,
           :hlen => header.tcp_hlen,
           :reserved => header.tcp_reserved,
           :ecn => header.tcp_ecn,
-          :opts => header.tcp_opts,
           :opts_len => header.tcp_opts_len,
           :rand_port => header.rand_port,
           :options => header.tcp_options

data/lib/unified2/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Unified2
   # Unified2 version
-  VERSION = "0.5.0"
+  VERSION = "0.5.3"
 end

metadata CHANGED Viewed

@@ -2,7 +2,7 @@
 name: unified2
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 0.5.0
+  version: 0.5.3
 platform: ruby
 authors:
 - Dustin Willis Webber
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-03-18 00:00:00 -04:00
+date: 2011-03-24 00:00:00 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -99,13 +99,13 @@ extensions: []
 extra_rdoc_files:
 - README.md
-- ChangeLog.rdoc
+- ChangeLog.md
 - LICENSE.txt
 files:
 - .document
 - .rspec
 - .yardopts
-- ChangeLog.rdoc
+- ChangeLog.md
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -123,7 +123,6 @@ files:
 - lib/unified2/constructor/event_ip4.rb
 - lib/unified2/constructor/event_ip6.rb
 - lib/unified2/constructor/packet.rb
-- lib/unified2/constructor/primitive.rb
 - lib/unified2/constructor/primitive/ipv4.rb
 - lib/unified2/constructor/record_header.rb
 - lib/unified2/core_ext.rb
@@ -166,7 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project: unified2
-rubygems_version: 1.6.1
+rubygems_version: 1.5.0
 signing_key:
 specification_version: 3
 summary: A ruby interface for unified2 output.

data/lib/unified2/constructor/primitive.rb DELETED Viewed

	@@ -1 +0,0 @@
1	- require 'primitive/ipv4'