RubyGems - unified2 - Versions diffs - 0.3.0 → 0.3.1 - Mend

unified2 0.3.0 → 0.3.1

Files changed (12) hide show

data/ChangeLog.rdoc CHANGED Viewed

@@ -1,3 +1,7 @@
+=== 0.3.1 / 2011-03-15
+* Removed gibbler in favor of custom Event#checksum method due to datamapper issues.
 === 0.3.0 / 2011-03-14
 * Added checksum support for event objects

data/Rakefile.compiled.rbc ADDED Viewed

@@ -0,0 +1,775 @@
+!RBIX
+0
+x
+M
+1
+n
+n
+x
+10
+__script__
+i
+402
+5
+7
+0
+64
+47
+49
+1
+1
+15
+5
+7
+2
+64
+47
+49
+1
+1
+15
+26
+93
+0
+15
+29
+75
+0
+5
+7
+3
+64
+7
+4
+64
+47
+49
+5
+2
+15
+5
+7
+6
+64
+47
+49
+1
+1
+15
+45
+7
+8
+43
+9
+13
+71
+10
+47
+9
+69
+47
+49
+11
+0
+13
+47
+49
+12
+0
+15
+8
+72
+49
+10
+0
+30
+8
+126
+26
+93
+1
+15
+24
+13
+45
+13
+14
+12
+49
+15
+1
+10
+92
+8
+121
+15
+24
+19
+0
+15
+45
+16
+17
+20
+0
+49
+18
+0
+49
+19
+1
+15
+45
+16
+20
+7
+21
+64
+49
+19
+1
+25
+8
+126
+15
+92
+1
+27
+34
+92
+0
+27
+15
+26
+93
+2
+15
+29
+189
+0
+5
+7
+22
+64
+7
+23
+64
+47
+49
+5
+2
+15
+5
+7
+24
+64
+47
+49
+1
+1
+15
+45
+25
+26
+43
+27
+43
+28
+13
+71
+10
+47
+9
+183
+47
+49
+11
+0
+13
+47
+49
+12
+0
+15
+8
+186
+49
+10
+0
+30
+8
+228
+26
+93
+3
+15
+24
+13
+45
+13
+29
+12
+49
+15
+1
+10
+206
+8
+223
+15
+24
+19
+0
+15
+5
+7
+30
+56
+31
+47
+50
+32
+1
+25
+8
+228
+15
+92
+3
+27
+34
+92
+2
+27
+15
+5
+44
+43
+33
+79
+49
+34
+1
+13
+7
+35
+7
+30
+49
+36
+2
+15
+47
+49
+32
+1
+15
+5
+44
+43
+33
+79
+49
+34
+1
+13
+7
+37
+7
+30
+49
+36
+2
+15
+47
+49
+32
+1
+15
+26
+93
+4
+15
+29
+335
+0
+5
+7
+38
+64
+7
+39
+64
+47
+49
+5
+2
+15
+5
+7
+38
+64
+47
+49
+1
+1
+15
+45
+40
+41
+43
+42
+43
+43
+13
+71
+10
+47
+9
+329
+47
+49
+11
+0
+13
+47
+49
+12
+0
+15
+8
+332
+49
+10
+0
+30
+8
+374
+26
+93
+5
+15
+24
+13
+45
+13
+44
+12
+49
+15
+1
+10
+352
+8
+369
+15
+24
+19
+0
+15
+5
+7
+45
+56
+46
+47
+50
+32
+1
+25
+8
+374
+15
+92
+5
+27
+34
+92
+4
+27
+15
+5
+44
+43
+33
+79
+49
+34
+1
+13
+7
+47
+7
+45
+49
+36
+2
+15
+47
+49
+32
+1
+15
+2
+11
+I
+c
+I
+1
+I
+0
+I
+0
+n
+p
+48
+s
+8
+rubygems
+x
+7
+require
+s
+4
+rake
+s
+9
+ore-tasks
+s
+8
+~> 0.5.0
+x
+3
+gem
+s
+9
+ore/tasks
+x
+3
+Ore
+n
+x
+5
+Tasks
+x
+3
+new
+x
+8
+allocate
+x
+10
+initialize
+x
+9
+LoadError
+n
+x
+3
+===
+x
+6
+STDERR
+n
+x
+7
+message
+x
+4
+puts
+n
+s
+51
+Run `gem install ore-tasks` to install 'ore/tasks'.
+s
+5
+rspec
+s
+6
+~> 2.4
+s
+20
+rspec/core/rake_task
+x
+5
+RSpec
+n
+x
+4
+Core
+x
+8
+RakeTask
+n
+x
+4
+spec
+M
+1
+p
+2
+x
+9
+for_block
+t
+n
+x
+9
+__block__
+i
+9
+5
+7
+0
+64
+47
+49
+1
+1
+11
+I
+3
+I
+0
+I
+0
+I
+0
+I
+-2
+p
+2
+s
+48
+Please run `gem install rspec` to install RSpec.
+x
+5
+abort
+p
+3
+I
+0
+I
+15
+I
+9
+x
+49
+/Users/dustinwebber/source/ruby/unified2/Rakefile
+p
+0
+x
+4
+task
+x
+4
+Hash
+x
+16
+new_from_literal
+x
+4
+test
+x
+3
+[]=
+x
+7
+default
+s
+4
+yard
+s
+8
+~> 0.6.0
+x
+4
+YARD
+n
+x
+4
+Rake
+x
+10
+YardocTask
+n
+x
+4
+yard
+M
+1
+p
+2
+x
+9
+for_block
+t
+n
+x
+9
+__block__
+i
+9
+5
+7
+0
+64
+47
+49
+1
+1
+11
+I
+3
+I
+0
+I
+0
+I
+0
+I
+-2
+p
+2
+s
+46
+Please run `gem install yard` to install YARD.
+x
+5
+abort
+p
+3
+I
+0
+I
+23
+I
+9
+x
+49
+/Users/dustinwebber/source/ruby/unified2/Rakefile
+p
+0
+x
+3
+doc
+p
+55
+I
+0
+I
+1
+I
+9
+I
+2
+I
+12
+I
+5
+I
+25
+I
+6
+I
+2e
+I
+8
+I
+50
+I
+9
+I
+5d
+I
+c
+I
+5e
+I
+9
+I
+61
+I
+a
+I
+6d
+I
+b
+I
+82
+I
+f
+I
+95
+I
+10
+I
+9e
+I
+12
+I
+c2
+I
+13
+I
+cf
+I
+17
+I
+d0
+I
+13
+I
+d3
+I
+14
+I
+e8
+I
+19
+I
+fe
+I
+1a
+I
+114
+I
+1d
+I
+127
+I
+1e
+I
+130
+I
+20
+I
+154
+I
+21
+I
+161
+I
+25
+I
+162
+I
+21
+I
+165
+I
+22
+I
+17a
+I
+27
+I
+192
+x
+49
+/Users/dustinwebber/source/ruby/unified2/Rakefile
+p
+1
+x
+1
+e

data/example/basic-example.rb CHANGED Viewed

@@ -19,7 +19,7 @@ end
 # The second argument is the last event processed by
 # the sensor. If the last_event_id column is blank in the
 # sensor table it will begin at the first available event.
-Unified2.watch('/var/log/snort/merged.log', :first) do |event|
+Unified2.watch('seeds/unified2', :first) do |event|
   next if event.signature.blank?
   puts event.checksum # => 66302273aa2f181d0310aa789027bac3ce1efb4f

data/example/connect.rb CHANGED Viewed

@@ -13,8 +13,8 @@ class Connect
       :username => "rUnified2",
       :password => "password"
     })
-    DataMapper.finalize
-    DataMapper.auto_upgrade!
+    #DataMapper.finalize
+    #DataMapper.auto_upgrade!
   end
 end

data/example/models.rb CHANGED Viewed

@@ -6,8 +6,6 @@ class Event
   property :id, Serial, :index => true
-  property :uid, String, :index => true
   property :event_id, Integer, :index => true
   property :sensor_id, Integer, :index => true

data/example/mysql-example.rb CHANGED Viewed

@@ -18,7 +18,6 @@ Unified2.configuration do
   load :signatures, 'seeds/sid-msg.map'
   load :generators, 'seeds/gen-msg.map'
   load :classifications, 'seeds/classification.config'
 end
 # Locate the sensor in the database using
@@ -49,7 +48,7 @@ Unified2.watch('/var/log/snort/merged.log', sensor.last_event_id + 1 || :first)
   insert_event = Event.new({
                        :event_id => event.id,
-                       :uid => event.uid,
+                       :checksum => event.checksum,
                        :created_at => event.timestamp,
                        :sensor_id => event.sensor.id,
                        :source_ip => event.source_ip,

data/gemspec.yml CHANGED Viewed

@@ -7,7 +7,6 @@ email: dustin.webber@gmail.com
 homepage: https://github.com/mephux/unified2
 dependencies:
-  gibbler: ~> 0.8.9
   bindata: ~> 1.3.1
   hexdump: ~> 0.1.0

data/lib/unified2/event.rb CHANGED Viewed

@@ -1,15 +1,14 @@
-require 'gibbler'
-require 'ipaddr'
-require 'json'
 require 'unified2/classification'
 require 'unified2/payload'
 require 'unified2/sensor'
 require 'unified2/signature'
+require 'ipaddr'
+require 'json'
 module Unified2
   class Event
-    include Gibbler::Complex
     attr_accessor :id, :metadata, :packet
@@ -23,9 +22,10 @@ module Unified2
         @timestamp = Time.at(@packet[:packet_second].to_i)
       end
     end
     def checksum
-      gibbler
+      checkdum = [ip_source, ip_destination, signature.id, signature.generator, sensor.id, severity, classification.id]
+      Digest::MD5.hexdigest(checkdum.join(''))
     end
     def uid
@@ -237,7 +237,7 @@ data = %{
       def build_generator(event)
         if Unified2.generators.data
           if Unified2.generators.data.has_key?("#{event.data.generator_id}.#{event.data.signature_id}")
-            sig = Unified2.generators["#{event.data.generator_id}.#{event.data.signature_id}"]
+            sig = Unified2.generators.data["#{event.data.generator_id}.#{event.data.signature_id}"]
             @event_hash[:signature] = {
               :signature_id => event.data.signature_id,

data/lib/unified2/sensor.rb CHANGED Viewed

@@ -1,8 +1,7 @@
 module Unified2
   class Sensor
-    attr_accessor :id, :hostname,
-    :interface, :name
+    attr_accessor :id, :hostname, :interface, :name
     def initialize(options={})
       @id = options[:id] || 0

data/lib/unified2/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module Unified2
   # unified2 version
-  VERSION = "0.3.0"
+  VERSION = "0.3.1"
 end

data/lib/unified2.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require 'bindata'
+require 'digest'
 require 'socket'
 # http://cvs.snort.org/viewcvs.cgi/snort/src/output-plugins/spo_unified2.c?rev=1.3&content-type=text/vnd.viewcvs-markup

metadata CHANGED Viewed

@@ -2,7 +2,7 @@
 name: unified2
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Dustin Willis Webber
@@ -13,72 +13,61 @@ cert_chain: []
 date: 2011-03-14 00:00:00 -04:00
 default_executable:
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: gibbler
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 0.8.9
-  type: :runtime
-  version_requirements: *id001
 - !ruby/object:Gem::Dependency
   name: bindata
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement
+  requirement: &id001 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 1.3.1
   type: :runtime
-  version_requirements: *id002
+  version_requirements: *id001
 - !ruby/object:Gem::Dependency
   name: hexdump
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement
+  requirement: &id002 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 0.1.0
   type: :runtime
-  version_requirements: *id003
+  version_requirements: *id002
 - !ruby/object:Gem::Dependency
   name: ore-tasks
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement
+  requirement: &id003 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: "0.4"
   type: :development
-  version_requirements: *id004
+  version_requirements: *id003
 - !ruby/object:Gem::Dependency
   name: rspec
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement
+  requirement: &id004 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: "2.4"
   type: :development
-  version_requirements: *id005
+  version_requirements: *id004
 - !ruby/object:Gem::Dependency
   name: yard
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement
+  requirement: &id005 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 0.6.0
   type: :development
-  version_requirements: *id006
+  version_requirements: *id005
 description: A ruby interface for unified2 output. rUnified2 allows you to manipulate unified2 output for custom storage and/or analysis.
 email:
 - dustin.webber@gmail.com
@@ -98,6 +87,7 @@ files:
 - LICENSE.txt
 - README.rdoc
 - Rakefile
+- Rakefile.compiled.rbc
 - example/basic-example.rb
 - example/connect.rb
 - example/models.rb
@@ -133,7 +123,7 @@ files:
 - spec/spec_helper.rb
 - spec/unified2_spec.rb
 - unified2.gemspec
-has_rdoc: yard
+has_rdoc: true
 homepage: https://github.com/mephux/unified2
 licenses:
 - MIT
@@ -157,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project: unified2
-rubygems_version: 1.6.1
+rubygems_version: 1.5.0
 signing_key:
 specification_version: 3
 summary: A ruby interface for unified2 output.