RubyGems - unified2 - Versions diffs - 0.2.1 → 0.3.0 - Mend

unified2 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

data/ChangeLog.rdoc +6 -1
data/README.rdoc +4 -3
data/example/basic-example.rb +27 -0
data/example/{example.rb → mysql-example.rb} +2 -2
data/example/untitled.rb +31 -0
data/gemspec.yml +1 -0
data/lib/unified2/event.rb +8 -2
data/lib/unified2/version.rb +1 -1
metadata +26 -13

data/ChangeLog.rdoc CHANGED Viewed

@@ -1,4 +1,9 @@
-=== 0.2.1 / 2011-03-09
+=== 0.3.0 / 2011-03-14
+* Added checksum support for event objects
+* Fixed example signature filename typo
+=== 0.2.1 / 2011-03-15
 * minor bug fixes and typos

data/README.rdoc CHANGED Viewed

@@ -18,6 +18,7 @@ A ruby interface for unified2 output. rUnified2 allows you to manipulate unified
  require 'unified2'
  # load rules into memory
  Unified2.configuration do
   # Sensor Configurations
   sensor :id => 1, :name => 'Test Sensor', :interface => 'en1'
@@ -30,15 +31,15 @@ A ruby interface for unified2 output. rUnified2 allows you to manipulate unified
  # Unified2#watch
  # Watch a unified2 file for changes and process the results.
  Unified2.watch('/var/log/snort/merged.log', :last) do |event|
   next if event.signature.name.blank?
-	puts event
+  puts event
  end
  # Unified2#read
  # Parse a unified2 file and process the results.
  Unified2.read('/var/log/snort/merged.log') do |event|
   puts "#{event.id} | #{event.ip_destination} | #{event.ip_source} | #{event.signature.name}"
  end

data/example/basic-example.rb ADDED Viewed

@@ -0,0 +1,27 @@
+$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
+require 'unified2'
+require 'pp'
+# Unified2 Configuration
+Unified2.configuration do
+  # Sensor Configurations
+  sensor :interface => 'en1', :name => 'Example Sensor'
+  # Load signatures, generators & classifications into memory
+  load :signatures, 'seeds/sid-msg.map'
+  load :generators, 'seeds/gen-msg.map'
+  load :classifications, 'seeds/classification.config'
+end
+# Monitor the unfied2 log and process the data.
+# The second argument is the last event processed by
+# the sensor. If the last_event_id column is blank in the
+# sensor table it will begin at the first available event.
+Unified2.watch('/var/log/snort/merged.log', :first) do |event|
+  next if event.signature.blank?
+  puts event.checksum # => 66302273aa2f181d0310aa789027bac3ce1efb4f
+end

data/example/{example.rb → mysql-example.rb} RENAMED Viewed

@@ -15,7 +15,7 @@ Unified2.configuration do
   sensor :interface => 'en1', :name => 'Example Sensor'
   # Load signatures, generators & classifications into memory
-  load :signatures, 'seeds/d'
+  load :signatures, 'seeds/sid-msg.map'
   load :generators, 'seeds/gen-msg.map'
   load :classifications, 'seeds/classification.config'
@@ -45,7 +45,7 @@ end
 Unified2.watch('/var/log/snort/merged.log', sensor.last_event_id + 1 || :first) do |event|
   next if event.signature.blank?
-  #puts event
+  puts event
   insert_event = Event.new({
                        :event_id => event.id,

data/example/untitled.rb ADDED Viewed

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+#
+# http://192.168.1.254/xslt?PAGE=A06&THISPAGE=&NEXTPAGE=A06
+@file = File.open('/Users/mephux/Source/passwords/wpa.txt')
+require 'rubygems'
+require 'mechanize'
+a = Mechanize.new
+a.get('http://192.168.1.254/xslt?PAGE=A06&THISPAGE=&NEXTPAGE=A06') do |page|
+  @file.each_line do |password|
+    next unless password[/^e/]
+    puts password
+    login_form = page.form_with(:action => '/xslt', :method => 'POST')
+    login_form['PASSWORD'] = password
+    page = a.submit login_form
+    if page.body =~ /The password is incorrect./
+      puts 'FAIL'
+    else
+      puts 'W0ots'
+      puts password
+      exit -1
+    end
+  end
+end

data/gemspec.yml CHANGED Viewed

@@ -7,6 +7,7 @@ email: dustin.webber@gmail.com
 homepage: https://github.com/mephux/unified2
 dependencies:
+  gibbler: ~> 0.8.9
   bindata: ~> 1.3.1
   hexdump: ~> 0.1.0

data/lib/unified2/event.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+require 'gibbler'
 require 'ipaddr'
 require 'json'
 require 'unified2/classification'
@@ -6,9 +7,10 @@ require 'unified2/sensor'
 require 'unified2/signature'
 module Unified2
   class Event
+    include Gibbler::Complex
     attr_accessor :id, :metadata, :packet
     def initialize(id)
@@ -22,6 +24,10 @@ module Unified2
       end
     end
+    def checksum
+      gibbler
+    end
     def uid
       "#{sensor.id}.#{@id}"
     end

data/lib/unified2/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Unified2
   # unified2 version
-  VERSION = "0.2.1"
+  VERSION = "0.3.0"
 end

metadata CHANGED Viewed

@@ -2,7 +2,7 @@
 name: unified2
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Dustin Willis Webber
@@ -10,64 +10,75 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-03-13 00:00:00 -05:00
+date: 2011-03-14 00:00:00 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bindata
+  name: gibbler
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 0.8.9
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency
-  name: hexdump
+  name: bindata
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.1.0
+        version: 1.3.1
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency
-  name: ore-tasks
+  name: hexdump
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency
+  name: ore-tasks
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: "0.4"
   type: :development
-  version_requirements: *id003
+  version_requirements: *id004
 - !ruby/object:Gem::Dependency
   name: rspec
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
+  requirement: &id005 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: "2.4"
   type: :development
-  version_requirements: *id004
+  version_requirements: *id005
 - !ruby/object:Gem::Dependency
   name: yard
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
+  requirement: &id006 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 0.6.0
   type: :development
-  version_requirements: *id005
+  version_requirements: *id006
 description: A ruby interface for unified2 output. rUnified2 allows you to manipulate unified2 output for custom storage and/or analysis.
 email:
 - dustin.webber@gmail.com
@@ -87,14 +98,16 @@ files:
 - LICENSE.txt
 - README.rdoc
 - Rakefile
+- example/basic-example.rb
 - example/connect.rb
-- example/example.rb
 - example/models.rb
+- example/mysql-example.rb
 - example/search.rb
 - example/seeds/classification.config
 - example/seeds/gen-msg.map
 - example/seeds/sid-msg.map
 - example/seeds/unified2
+- example/untitled.rb
 - gemspec.yml
 - lib/unified2.rb
 - lib/unified2/classification.rb