unified2 0.5.3 → 0.5.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/ChangeLog.md +15 -0
  2. data/README.md +39 -37
  3. data/gemspec.yml +4 -5
  4. data/lib/unified2/version.rb +1 -1
  5. metadata +82 -59
data/ChangeLog.md CHANGED
@@ -1,3 +1,18 @@
1
+ === 0.5.4 / 2011-06-27
2
+
3
+ * update packetfu ~> 1.1
4
+ * update bindata ~> 1.4
5
+ * update hexdump ~> 0.2
6
+ * remove pcaprb dep
7
+
8
+ === 0.5.3 / 2011-03-24
9
+
10
+ * remove unnecessary file (untitled.rb)
11
+
12
+ === 0.5.2 / 2011-03-24
13
+
14
+ * Add payload checksum support
15
+
1
16
  === 0.5.1 / 2011-03-21
2
17
 
3
18
  * fixed exception when watching an empty unified2 log file
data/README.md CHANGED
@@ -17,43 +17,45 @@ A ruby interface for unified2 output. rUnified2 allows you to manipulate unified
17
17
 
18
18
  ## Examples
19
19
 
20
- require 'unified2'
21
-
22
- #
23
- # Load rules into memory
24
- #
25
-
26
- Unified2.configuration do
27
- # Sensor Configurations
28
- sensor :id => 1, :name => 'Test Sensor', :interface => 'en1'
29
-
30
- # Load signatures, generators & classifications into memory
31
- load :signatures, 'sid-msg.map'
32
- load :generators, 'gen-msg.map'
33
- load :classifications, 'classification.config'
34
- end
35
-
36
- #
37
- # Unified2#watch
38
- #
39
- # Watch a unified2 file for changes and process the results.
40
- #
41
-
42
- Unified2.watch('/var/log/snort/merged.log', :last) do |event|
43
- next if event.signature.name.blank?
44
- puts event
45
- end
46
-
47
- # Unified2#read
48
- # Parse a unified2 file and process the results.
49
-
50
- Unified2.read('/var/log/snort/merged.log') do |event|
51
-
52
- puts event.protocol #=> "TCP"
53
-
54
- puts event.protocol.to_h #=> {:length=>379, :seq=>3934511163, :ack=>1584708129 ... }
55
-
56
- end
20
+ ``` ruby
21
+ require 'unified2'
22
+
23
+ #
24
+ # Load rules into memory
25
+ #
26
+
27
+ Unified2.configuration do
28
+ # Sensor Configurations
29
+ sensor :id => 1, :name => 'Test Sensor', :interface => 'en1'
30
+
31
+ # Load signatures, generators & classifications into memory
32
+ load :signatures, 'sid-msg.map'
33
+ load :generators, 'gen-msg.map'
34
+ load :classifications, 'classification.config'
35
+ end
36
+
37
+ #
38
+ # Unified2#watch
39
+ #
40
+ # Watch a unified2 file for changes and process the results.
41
+ #
42
+
43
+ Unified2.watch('/var/log/snort/merged.log', :last) do |event|
44
+ next if event.signature.name.blank?
45
+ puts event
46
+ end
47
+
48
+ # Unified2#read
49
+ # Parse a unified2 file and process the results.
50
+
51
+ Unified2.read('/var/log/snort/merged.log') do |event|
52
+
53
+ puts event.protocol #=> "TCP"
54
+
55
+ puts event.protocol.to_h #=> {:length=>379, :seq=>3934511163, :ack=>1584708129 ... }
56
+
57
+ end
58
+ ```
57
59
 
58
60
  ## Requirements
59
61
 
data/gemspec.yml CHANGED
@@ -7,12 +7,11 @@ email: dustin.webber@gmail.com
7
7
  homepage: https://github.com/mephux/unified2
8
8
 
9
9
  dependencies:
10
- bindata: ~> 1.3.1
11
- hexdump: ~> 0.1.0
12
- packetfu: ~> 1.0.0
13
- pcaprub: ~> 0.9.2
10
+ bindata: ~> 1.4
11
+ packetfu: ~> 1.1
12
+ hexdump: ~> 0.2
14
13
 
15
14
  development_dependencies:
16
- ore-tasks: ~> 0.4
15
+ ore-tasks: ~> 0.5
17
16
  rspec: ~> 2.4
18
17
  yard: ~> 0.6.0
data/lib/unified2/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  module Unified2
2
2
  # Unified2 version
3
- VERSION = "0.5.3"
3
+ VERSION = "0.5.4"
4
4
  end
metadata CHANGED
@@ -1,8 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: unified2
3
3
  version: !ruby/object:Gem::Version
4
+ hash: 3
4
5
  prerelease:
5
- version: 0.5.3
6
+ segments:
7
+ - 0
8
+ - 5
9
+ - 4
10
+ version: 0.5.4
6
11
  platform: ruby
7
12
  authors:
8
13
  - Dustin Willis Webber
@@ -10,18 +15,21 @@ autorequire:
10
15
  bindir: bin
11
16
  cert_chain: []
12
17
 
13
- date: 2011-03-24 00:00:00 -04:00
14
- default_executable:
18
+ date: 2011-06-27 00:00:00 Z
15
19
  dependencies:
16
20
  - !ruby/object:Gem::Dependency
17
- name: bindata
21
+ name: packetfu
18
22
  prerelease: false
19
23
  requirement: &id001 !ruby/object:Gem::Requirement
20
24
  none: false
21
25
  requirements:
22
26
  - - ~>
23
27
  - !ruby/object:Gem::Version
24
- version: 1.3.1
28
+ hash: 13
29
+ segments:
30
+ - 1
31
+ - 1
32
+ version: "1.1"
25
33
  type: :runtime
26
34
  version_requirements: *id001
27
35
  - !ruby/object:Gem::Dependency
@@ -32,40 +40,57 @@ dependencies:
32
40
  requirements:
33
41
  - - ~>
34
42
  - !ruby/object:Gem::Version
35
- version: 0.1.0
43
+ hash: 15
44
+ segments:
45
+ - 0
46
+ - 2
47
+ version: "0.2"
36
48
  type: :runtime
37
49
  version_requirements: *id002
38
50
  - !ruby/object:Gem::Dependency
39
- name: packetfu
51
+ name: bindata
40
52
  prerelease: false
41
53
  requirement: &id003 !ruby/object:Gem::Requirement
42
54
  none: false
43
55
  requirements:
44
56
  - - ~>
45
57
  - !ruby/object:Gem::Version
46
- version: 1.0.0
58
+ hash: 7
59
+ segments:
60
+ - 1
61
+ - 4
62
+ version: "1.4"
47
63
  type: :runtime
48
64
  version_requirements: *id003
49
65
  - !ruby/object:Gem::Dependency
50
- name: pcaprub
66
+ name: ore-tasks
51
67
  prerelease: false
52
68
  requirement: &id004 !ruby/object:Gem::Requirement
53
69
  none: false
54
70
  requirements:
55
71
  - - ~>
56
72
  - !ruby/object:Gem::Version
57
- version: 0.9.2
58
- type: :runtime
73
+ hash: 1
74
+ segments:
75
+ - 0
76
+ - 5
77
+ version: "0.5"
78
+ type: :development
59
79
  version_requirements: *id004
60
80
  - !ruby/object:Gem::Dependency
61
- name: ore-tasks
81
+ name: yard
62
82
  prerelease: false
63
83
  requirement: &id005 !ruby/object:Gem::Requirement
64
84
  none: false
65
85
  requirements:
66
86
  - - ~>
67
87
  - !ruby/object:Gem::Version
68
- version: "0.4"
88
+ hash: 7
89
+ segments:
90
+ - 0
91
+ - 6
92
+ - 0
93
+ version: 0.6.0
69
94
  type: :development
70
95
  version_requirements: *id005
71
96
  - !ruby/object:Gem::Dependency
@@ -76,20 +101,13 @@ dependencies:
76
101
  requirements:
77
102
  - - ~>
78
103
  - !ruby/object:Gem::Version
104
+ hash: 11
105
+ segments:
106
+ - 2
107
+ - 4
79
108
  version: "2.4"
80
109
  type: :development
81
110
  version_requirements: *id006
82
- - !ruby/object:Gem::Dependency
83
- name: yard
84
- prerelease: false
85
- requirement: &id007 !ruby/object:Gem::Requirement
86
- none: false
87
- requirements:
88
- - - ~>
89
- - !ruby/object:Gem::Version
90
- version: 0.6.0
91
- type: :development
92
- version_requirements: *id007
93
111
  description: A ruby interface for unified2 output. rUnified2 allows you to manipulate unified2 output for custom storage and/or analysis.
94
112
  email:
95
113
  - dustin.webber@gmail.com
@@ -99,49 +117,48 @@ extensions: []
99
117
 
100
118
  extra_rdoc_files:
101
119
  - README.md
102
- - ChangeLog.md
103
120
  - LICENSE.txt
104
- files:
105
- - .document
106
- - .rspec
107
- - .yardopts
108
121
  - ChangeLog.md
109
- - LICENSE.txt
110
- - README.md
111
- - Rakefile
112
- - example/example.rb
113
- - example/seeds/classification.config
114
- - example/seeds/gen-msg.map
115
- - example/seeds/sid-msg.map
116
- - example/seeds/unified2.log
117
- - gemspec.yml
122
+ files:
123
+ - spec/spec_helper.rb
124
+ - lib/unified2/event.rb
125
+ - lib/unified2/constructor/record_header.rb
118
126
  - lib/unified2.rb
119
- - lib/unified2/classification.rb
127
+ - gemspec.yml
128
+ - .rspec
120
129
  - lib/unified2/config_file.rb
130
+ - example/seeds/unified2.log
131
+ - example/seeds/sid-msg.map
132
+ - .yardopts
133
+ - lib/unified2/signature.rb
134
+ - lib/unified2/sensor.rb
121
135
  - lib/unified2/constructor.rb
122
- - lib/unified2/constructor/construct.rb
123
- - lib/unified2/constructor/event_ip4.rb
124
- - lib/unified2/constructor/event_ip6.rb
125
- - lib/unified2/constructor/packet.rb
126
- - lib/unified2/constructor/primitive/ipv4.rb
127
- - lib/unified2/constructor/record_header.rb
128
- - lib/unified2/core_ext.rb
129
- - lib/unified2/core_ext/string.rb
130
- - lib/unified2/event.rb
131
- - lib/unified2/exceptions.rb
132
- - lib/unified2/exceptions/file_not_found.rb
133
- - lib/unified2/exceptions/file_not_readable.rb
134
- - lib/unified2/exceptions/unknown_load_type.rb
135
- - lib/unified2/payload.rb
136
+ - example/seeds/classification.config
137
+ - spec/event_spec.rb
136
138
  - lib/unified2/protocol.rb
137
- - lib/unified2/sensor.rb
138
- - lib/unified2/signature.rb
139
+ - lib/unified2/payload.rb
140
+ - lib/unified2/constructor/primitive/ipv4.rb
141
+ - lib/unified2/constructor/event_ip6.rb
142
+ - lib/unified2/constructor/construct.rb
143
+ - example/example.rb
139
144
  - lib/unified2/version.rb
140
- - spec/event_spec.rb
141
- - spec/spec_helper.rb
145
+ - Rakefile
146
+ - README.md
147
+ - LICENSE.txt
142
148
  - spec/unified2_spec.rb
149
+ - lib/unified2/exceptions/unknown_load_type.rb
150
+ - lib/unified2/core_ext/string.rb
151
+ - lib/unified2/core_ext.rb
152
+ - lib/unified2/constructor/event_ip4.rb
143
153
  - unified2.gemspec
144
- has_rdoc: yard
154
+ - lib/unified2/constructor/packet.rb
155
+ - lib/unified2/exceptions/file_not_readable.rb
156
+ - lib/unified2/exceptions/file_not_found.rb
157
+ - example/seeds/gen-msg.map
158
+ - .document
159
+ - lib/unified2/exceptions.rb
160
+ - lib/unified2/classification.rb
161
+ - ChangeLog.md
145
162
  homepage: https://github.com/mephux/unified2
146
163
  licenses:
147
164
  - MIT
@@ -155,17 +172,23 @@ required_ruby_version: !ruby/object:Gem::Requirement
155
172
  requirements:
156
173
  - - ">="
157
174
  - !ruby/object:Gem::Version
175
+ hash: 3
176
+ segments:
177
+ - 0
158
178
  version: "0"
159
179
  required_rubygems_version: !ruby/object:Gem::Requirement
160
180
  none: false
161
181
  requirements:
162
182
  - - ">="
163
183
  - !ruby/object:Gem::Version
184
+ hash: 3
185
+ segments:
186
+ - 0
164
187
  version: "0"
165
188
  requirements: []
166
189
 
167
190
  rubyforge_project: unified2
168
- rubygems_version: 1.5.0
191
+ rubygems_version: 1.8.1
169
192
  signing_key:
170
193
  specification_version: 3
171
194
  summary: A ruby interface for unified2 output.