unified2 0.5.3 → 0.5.4
Sign up to get free protection for your applications and to get access to all the features.
- data/ChangeLog.md +15 -0
- data/README.md +39 -37
- data/gemspec.yml +4 -5
- data/lib/unified2/version.rb +1 -1
- metadata +82 -59
data/ChangeLog.md
CHANGED
@@ -1,3 +1,18 @@
|
|
1
|
+
=== 0.5.4 / 2011-06-27
|
2
|
+
|
3
|
+
* update packetfu ~> 1.1
|
4
|
+
* update bindata ~> 1.4
|
5
|
+
* update hexdump ~> 0.2
|
6
|
+
* remove pcaprb dep
|
7
|
+
|
8
|
+
=== 0.5.3 / 2011-03-24
|
9
|
+
|
10
|
+
* remove unnecessary file (untitled.rb)
|
11
|
+
|
12
|
+
=== 0.5.2 / 2011-03-24
|
13
|
+
|
14
|
+
* Add payload checksum support
|
15
|
+
|
1
16
|
=== 0.5.1 / 2011-03-21
|
2
17
|
|
3
18
|
* fixed exception when watching an empty unified2 log file
|
data/README.md
CHANGED
@@ -17,43 +17,45 @@ A ruby interface for unified2 output. rUnified2 allows you to manipulate unified
|
|
17
17
|
|
18
18
|
## Examples
|
19
19
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
20
|
+
``` ruby
|
21
|
+
require 'unified2'
|
22
|
+
|
23
|
+
#
|
24
|
+
# Load rules into memory
|
25
|
+
#
|
26
|
+
|
27
|
+
Unified2.configuration do
|
28
|
+
# Sensor Configurations
|
29
|
+
sensor :id => 1, :name => 'Test Sensor', :interface => 'en1'
|
30
|
+
|
31
|
+
# Load signatures, generators & classifications into memory
|
32
|
+
load :signatures, 'sid-msg.map'
|
33
|
+
load :generators, 'gen-msg.map'
|
34
|
+
load :classifications, 'classification.config'
|
35
|
+
end
|
36
|
+
|
37
|
+
#
|
38
|
+
# Unified2#watch
|
39
|
+
#
|
40
|
+
# Watch a unified2 file for changes and process the results.
|
41
|
+
#
|
42
|
+
|
43
|
+
Unified2.watch('/var/log/snort/merged.log', :last) do |event|
|
44
|
+
next if event.signature.name.blank?
|
45
|
+
puts event
|
46
|
+
end
|
47
|
+
|
48
|
+
# Unified2#read
|
49
|
+
# Parse a unified2 file and process the results.
|
50
|
+
|
51
|
+
Unified2.read('/var/log/snort/merged.log') do |event|
|
52
|
+
|
53
|
+
puts event.protocol #=> "TCP"
|
54
|
+
|
55
|
+
puts event.protocol.to_h #=> {:length=>379, :seq=>3934511163, :ack=>1584708129 ... }
|
56
|
+
|
57
|
+
end
|
58
|
+
```
|
57
59
|
|
58
60
|
## Requirements
|
59
61
|
|
data/gemspec.yml
CHANGED
@@ -7,12 +7,11 @@ email: dustin.webber@gmail.com
|
|
7
7
|
homepage: https://github.com/mephux/unified2
|
8
8
|
|
9
9
|
dependencies:
|
10
|
-
bindata: ~> 1.
|
11
|
-
|
12
|
-
|
13
|
-
pcaprub: ~> 0.9.2
|
10
|
+
bindata: ~> 1.4
|
11
|
+
packetfu: ~> 1.1
|
12
|
+
hexdump: ~> 0.2
|
14
13
|
|
15
14
|
development_dependencies:
|
16
|
-
ore-tasks: ~> 0.
|
15
|
+
ore-tasks: ~> 0.5
|
17
16
|
rspec: ~> 2.4
|
18
17
|
yard: ~> 0.6.0
|
data/lib/unified2/version.rb
CHANGED
metadata
CHANGED
@@ -1,8 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: unified2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
+
hash: 3
|
4
5
|
prerelease:
|
5
|
-
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 5
|
9
|
+
- 4
|
10
|
+
version: 0.5.4
|
6
11
|
platform: ruby
|
7
12
|
authors:
|
8
13
|
- Dustin Willis Webber
|
@@ -10,18 +15,21 @@ autorequire:
|
|
10
15
|
bindir: bin
|
11
16
|
cert_chain: []
|
12
17
|
|
13
|
-
date: 2011-
|
14
|
-
default_executable:
|
18
|
+
date: 2011-06-27 00:00:00 Z
|
15
19
|
dependencies:
|
16
20
|
- !ruby/object:Gem::Dependency
|
17
|
-
name:
|
21
|
+
name: packetfu
|
18
22
|
prerelease: false
|
19
23
|
requirement: &id001 !ruby/object:Gem::Requirement
|
20
24
|
none: false
|
21
25
|
requirements:
|
22
26
|
- - ~>
|
23
27
|
- !ruby/object:Gem::Version
|
24
|
-
|
28
|
+
hash: 13
|
29
|
+
segments:
|
30
|
+
- 1
|
31
|
+
- 1
|
32
|
+
version: "1.1"
|
25
33
|
type: :runtime
|
26
34
|
version_requirements: *id001
|
27
35
|
- !ruby/object:Gem::Dependency
|
@@ -32,40 +40,57 @@ dependencies:
|
|
32
40
|
requirements:
|
33
41
|
- - ~>
|
34
42
|
- !ruby/object:Gem::Version
|
35
|
-
|
43
|
+
hash: 15
|
44
|
+
segments:
|
45
|
+
- 0
|
46
|
+
- 2
|
47
|
+
version: "0.2"
|
36
48
|
type: :runtime
|
37
49
|
version_requirements: *id002
|
38
50
|
- !ruby/object:Gem::Dependency
|
39
|
-
name:
|
51
|
+
name: bindata
|
40
52
|
prerelease: false
|
41
53
|
requirement: &id003 !ruby/object:Gem::Requirement
|
42
54
|
none: false
|
43
55
|
requirements:
|
44
56
|
- - ~>
|
45
57
|
- !ruby/object:Gem::Version
|
46
|
-
|
58
|
+
hash: 7
|
59
|
+
segments:
|
60
|
+
- 1
|
61
|
+
- 4
|
62
|
+
version: "1.4"
|
47
63
|
type: :runtime
|
48
64
|
version_requirements: *id003
|
49
65
|
- !ruby/object:Gem::Dependency
|
50
|
-
name:
|
66
|
+
name: ore-tasks
|
51
67
|
prerelease: false
|
52
68
|
requirement: &id004 !ruby/object:Gem::Requirement
|
53
69
|
none: false
|
54
70
|
requirements:
|
55
71
|
- - ~>
|
56
72
|
- !ruby/object:Gem::Version
|
57
|
-
|
58
|
-
|
73
|
+
hash: 1
|
74
|
+
segments:
|
75
|
+
- 0
|
76
|
+
- 5
|
77
|
+
version: "0.5"
|
78
|
+
type: :development
|
59
79
|
version_requirements: *id004
|
60
80
|
- !ruby/object:Gem::Dependency
|
61
|
-
name:
|
81
|
+
name: yard
|
62
82
|
prerelease: false
|
63
83
|
requirement: &id005 !ruby/object:Gem::Requirement
|
64
84
|
none: false
|
65
85
|
requirements:
|
66
86
|
- - ~>
|
67
87
|
- !ruby/object:Gem::Version
|
68
|
-
|
88
|
+
hash: 7
|
89
|
+
segments:
|
90
|
+
- 0
|
91
|
+
- 6
|
92
|
+
- 0
|
93
|
+
version: 0.6.0
|
69
94
|
type: :development
|
70
95
|
version_requirements: *id005
|
71
96
|
- !ruby/object:Gem::Dependency
|
@@ -76,20 +101,13 @@ dependencies:
|
|
76
101
|
requirements:
|
77
102
|
- - ~>
|
78
103
|
- !ruby/object:Gem::Version
|
104
|
+
hash: 11
|
105
|
+
segments:
|
106
|
+
- 2
|
107
|
+
- 4
|
79
108
|
version: "2.4"
|
80
109
|
type: :development
|
81
110
|
version_requirements: *id006
|
82
|
-
- !ruby/object:Gem::Dependency
|
83
|
-
name: yard
|
84
|
-
prerelease: false
|
85
|
-
requirement: &id007 !ruby/object:Gem::Requirement
|
86
|
-
none: false
|
87
|
-
requirements:
|
88
|
-
- - ~>
|
89
|
-
- !ruby/object:Gem::Version
|
90
|
-
version: 0.6.0
|
91
|
-
type: :development
|
92
|
-
version_requirements: *id007
|
93
111
|
description: A ruby interface for unified2 output. rUnified2 allows you to manipulate unified2 output for custom storage and/or analysis.
|
94
112
|
email:
|
95
113
|
- dustin.webber@gmail.com
|
@@ -99,49 +117,48 @@ extensions: []
|
|
99
117
|
|
100
118
|
extra_rdoc_files:
|
101
119
|
- README.md
|
102
|
-
- ChangeLog.md
|
103
120
|
- LICENSE.txt
|
104
|
-
files:
|
105
|
-
- .document
|
106
|
-
- .rspec
|
107
|
-
- .yardopts
|
108
121
|
- ChangeLog.md
|
109
|
-
|
110
|
-
-
|
111
|
-
-
|
112
|
-
-
|
113
|
-
- example/seeds/classification.config
|
114
|
-
- example/seeds/gen-msg.map
|
115
|
-
- example/seeds/sid-msg.map
|
116
|
-
- example/seeds/unified2.log
|
117
|
-
- gemspec.yml
|
122
|
+
files:
|
123
|
+
- spec/spec_helper.rb
|
124
|
+
- lib/unified2/event.rb
|
125
|
+
- lib/unified2/constructor/record_header.rb
|
118
126
|
- lib/unified2.rb
|
119
|
-
-
|
127
|
+
- gemspec.yml
|
128
|
+
- .rspec
|
120
129
|
- lib/unified2/config_file.rb
|
130
|
+
- example/seeds/unified2.log
|
131
|
+
- example/seeds/sid-msg.map
|
132
|
+
- .yardopts
|
133
|
+
- lib/unified2/signature.rb
|
134
|
+
- lib/unified2/sensor.rb
|
121
135
|
- lib/unified2/constructor.rb
|
122
|
-
-
|
123
|
-
-
|
124
|
-
- lib/unified2/constructor/event_ip6.rb
|
125
|
-
- lib/unified2/constructor/packet.rb
|
126
|
-
- lib/unified2/constructor/primitive/ipv4.rb
|
127
|
-
- lib/unified2/constructor/record_header.rb
|
128
|
-
- lib/unified2/core_ext.rb
|
129
|
-
- lib/unified2/core_ext/string.rb
|
130
|
-
- lib/unified2/event.rb
|
131
|
-
- lib/unified2/exceptions.rb
|
132
|
-
- lib/unified2/exceptions/file_not_found.rb
|
133
|
-
- lib/unified2/exceptions/file_not_readable.rb
|
134
|
-
- lib/unified2/exceptions/unknown_load_type.rb
|
135
|
-
- lib/unified2/payload.rb
|
136
|
+
- example/seeds/classification.config
|
137
|
+
- spec/event_spec.rb
|
136
138
|
- lib/unified2/protocol.rb
|
137
|
-
- lib/unified2/
|
138
|
-
- lib/unified2/
|
139
|
+
- lib/unified2/payload.rb
|
140
|
+
- lib/unified2/constructor/primitive/ipv4.rb
|
141
|
+
- lib/unified2/constructor/event_ip6.rb
|
142
|
+
- lib/unified2/constructor/construct.rb
|
143
|
+
- example/example.rb
|
139
144
|
- lib/unified2/version.rb
|
140
|
-
-
|
141
|
-
-
|
145
|
+
- Rakefile
|
146
|
+
- README.md
|
147
|
+
- LICENSE.txt
|
142
148
|
- spec/unified2_spec.rb
|
149
|
+
- lib/unified2/exceptions/unknown_load_type.rb
|
150
|
+
- lib/unified2/core_ext/string.rb
|
151
|
+
- lib/unified2/core_ext.rb
|
152
|
+
- lib/unified2/constructor/event_ip4.rb
|
143
153
|
- unified2.gemspec
|
144
|
-
|
154
|
+
- lib/unified2/constructor/packet.rb
|
155
|
+
- lib/unified2/exceptions/file_not_readable.rb
|
156
|
+
- lib/unified2/exceptions/file_not_found.rb
|
157
|
+
- example/seeds/gen-msg.map
|
158
|
+
- .document
|
159
|
+
- lib/unified2/exceptions.rb
|
160
|
+
- lib/unified2/classification.rb
|
161
|
+
- ChangeLog.md
|
145
162
|
homepage: https://github.com/mephux/unified2
|
146
163
|
licenses:
|
147
164
|
- MIT
|
@@ -155,17 +172,23 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
155
172
|
requirements:
|
156
173
|
- - ">="
|
157
174
|
- !ruby/object:Gem::Version
|
175
|
+
hash: 3
|
176
|
+
segments:
|
177
|
+
- 0
|
158
178
|
version: "0"
|
159
179
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
160
180
|
none: false
|
161
181
|
requirements:
|
162
182
|
- - ">="
|
163
183
|
- !ruby/object:Gem::Version
|
184
|
+
hash: 3
|
185
|
+
segments:
|
186
|
+
- 0
|
164
187
|
version: "0"
|
165
188
|
requirements: []
|
166
189
|
|
167
190
|
rubyforge_project: unified2
|
168
|
-
rubygems_version: 1.
|
191
|
+
rubygems_version: 1.8.1
|
169
192
|
signing_key:
|
170
193
|
specification_version: 3
|
171
194
|
summary: A ruby interface for unified2 output.
|