Date: Tue, 15 Jan 2008 22:23:04 +0900 (JST) From: Tomoyuki Sakurai <cherry@trombik.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/119682: [NEW PORT] security/nsm-console: A framework for performing analysis on packat capture files Message-ID: <20080115132304.115153C043B@spica.trombik.org> Resent-Message-ID: <200801151340.m0FDe215076873@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 119682 >Category: ports >Synopsis: [NEW PORT] security/nsm-console: A framework for performing analysis on packat capture files >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Jan 15 13:40:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Tomoyuki Sakurai >Release: FreeBSD 6.2-STABLE i386 >Organization: >Environment: System: FreeBSD spica.trombik.org 6.2-STABLE FreeBSD 6.2-STABLE #0: Sun Jun 3 13:54:03 UTC >Description: NSM Console (Network Security Monitoring Console) is a framework for performing analysis on packat capture files. WWW: http://thnetos.wordpress.com/nsm-console/ Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- nsm-console-0.3.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # nsm-console # nsm-console/pkg-descr # nsm-console/Makefile # nsm-console/pkg-plist # nsm-console/distinfo # nsm-console/files # nsm-console/files/patch-lib-nsm_consle.rb # nsm-console/files/patch-nsm # nsm-console/pkg-message # echo c - nsm-console mkdir -p nsm-console > /dev/null 2>&1 echo x - nsm-console/pkg-descr sed 's/^X//' >nsm-console/pkg-descr << 'END-of-nsm-console/pkg-descr' XNSM Console (Network Security Monitoring Console) is a framework for performing Xanalysis on packat capture files. X XWWW: http://thnetos.wordpress.com/nsm-console/ END-of-nsm-console/pkg-descr echo x - nsm-console/Makefile sed 's/^X//' >nsm-console/Makefile << 'END-of-nsm-console/Makefile' X# New ports collection makefile for: nsm-console X# Date created: 2008-01-15 X# Whom: Tomoyuki Sakurai <cherry@trombik.org> X# X# $FreeBSD$ X# X XPORTNAME= nsm-console XPORTVERSION= 0.3 XCATEGORIES= security XMASTER_SITES= http://navi.eight7.org/~hinmanm/files/ X XMAINTAINER= cherry@trombik.org XCOMMENT= A framework for performing analysis on packat capture files X XUSE_RUBY= yes XNO_BUILD= yes XRUBY_NO_BUILD_DEPENDS= yes XWRKSRC= ${WRKDIR}/${PORTNAME} XOPTIONS= TSHARK "Install tshark" on \ X WIRESHARK "Install wireshark" off \ X TCPDSTAT "Install tcpdstat" on \ X NGREP "Install ngrep" on \ X TCPFLOW "Install tcpflow" on \ X SNORT "Install snort" on \ X TCPXTRACT "Install tcpxtract" on \ X P0F "Install p0f" on \ X PADS "Install pads" on \ X FL0P "Install fl0p" on \ X CHAOSREADER "Install chaosreader" on \ X ARGUS "Install argus" on XNSM_LIBFILES= command_manager.rb \ X command_manager.rb \ X commands.rb \ X encodelib.rb \ X history.rb \ X logging.rb \ X nsm_category.rb \ X nsm_console.rb \ X nsm_helper.rb \ X nsm_module.rb XNSM_DOC= CHANGELOG TODO X X.include <bsd.port.pre.mk> X X.if defined(WITH_TSHARK) XRUN_DEPEND+= ${LOCALBASE}/bin/tshark:${PORTSDIR}/net/tshark X.endif X.if defined(WITH_WIRESHARK) X.if defined(WITH_TSHARK) XIGNORE= you cannot enable both WIRESHARK and TSHARK X.else XRUN_DEPENDS+= ${LOCALBASE}/bin/wireshark:${PORTSDIR}/net/wireshark X.endif X.endif X.if defined(WITH_TCPDSTAT) XRUN_DEPENDS+= ${LOCALBASE}/bin/tcpdstat:${PORTSDIR}/net/tcpdstat X.endif X.if defined(WITH_NGREP) XRUN_DEPENDS+= ${LOCALBASE}/bin/ngrep:${PORTSDIR}/net/ngrep X.endif X.if defined(WITH_TCPFLOW) XRUN_DEPENDS+= ${LOCALBASE}/bin/tcpflow:${PORTSDIR}/net/tcpflow X.endif X.if defined(WITH_SNORT) XRUN_DEPENDS+= ${LOCALBASE}/bin/snort:${PORTSDIR}/security/snort X.endif X.if defined(WITH_TCPXTRACT) XRUN_DEPENDS+= ${LOCALBASE}/bin/tcpxtract:${PORTSDIR}/net/tcpxtract X.endif X.if defined(WITH_P0F) XRUN_DEPENDS+= ${LOCALBASE}/bin/p0f:${PORTSDIR}/net-mgmt/p0f X.endif X.if defined(WITH_PADS) XRUN_DEPENDS+= ${LOCALBASE}/bin/pads:${PORTSDIR}/net-mgmt/pads X.endif X.if defined(WITH_FL0P) XRUN_DEPENDS+= ${LOCALBASE}/bin/fl0p:${PORTSDIR}/security/fl0p X.endif X.if defined(WITH_CHAOSREADER) XRUN_DEPENDS+= ${LOCALBASE}/bin/chaosreader:${PORTSDIR}/security/chaosreader X.endif X.if defined(WITH_ARGUS) XRUN_DEPENDS+= ${LOCALBASE}/bin/ra:${PORTSDIR}/net-mgmt/argus-clients \ X ${LOCALBASE}/sbin/argus:${PORTSDIR}/net-mgmt/argus X.endif X Xpost-patch: X ${REINPLACE_CMD} -e 's|%%DATADIR%%|${DATADIR}|g' ${WRKSRC}/nsm X Xdo-install: X ${MKDIR} ${RUBY_SITELIBDIR}/${PORTNAME} X.for F in ${NSM_LIBFILES} X ${INSTALL_DATA} ${WRKSRC}/lib/${F} ${RUBY_SITELIBDIR}/${PORTNAME} X.endfor X.for D in modules X cd ${WRKSRC} && ${FIND} ${D} -type d -exec ${MKDIR} ${DATADIR}/{} ";" X cd ${WRKSRC} && ${FIND} ${D} -type f -exec ${INSTALL_DATA} {} ${DATADIR}/{} ";" X.endfor X ${INSTALL_SCRIPT} ${WRKSRC}/nsm ${PREFIX}/bin X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X.for F in ${NSM_DOC} X ${INSTALL_DATA} ${WRKSRC}/${F} ${DOCSDIR}/ X.endfor X.endif X X.include <bsd.port.post.mk> END-of-nsm-console/Makefile echo x - nsm-console/pkg-plist sed 's/^X//' >nsm-console/pkg-plist << 'END-of-nsm-console/pkg-plist' X@comment $FreeBSD$ Xbin/nsm X%%RUBY_SITELIBDIR%%/nsm-console/commands.rb X%%RUBY_SITELIBDIR%%/nsm-console/encodelib.rb X%%RUBY_SITELIBDIR%%/nsm-console/history.rb X%%RUBY_SITELIBDIR%%/nsm-console/logging.rb X%%RUBY_SITELIBDIR%%/nsm-console/nsm_category.rb X%%RUBY_SITELIBDIR%%/nsm-console/nsm_console.rb X%%RUBY_SITELIBDIR%%/nsm-console/nsm_helper.rb X%%RUBY_SITELIBDIR%%/nsm-console/nsm_module.rb X%%RUBY_SITELIBDIR%%/nsm-console/command_manager.rb X%%DATADIR%%/modules/aimsnarf.module/aimsnarf X%%DATADIR%%/modules/aimsnarf.module/defaults X%%DATADIR%%/modules/aimsnarf.module/description X%%DATADIR%%/modules/aimsnarf.module/info X%%DATADIR%%/modules/argus-basic.module/argus-basic X%%DATADIR%%/modules/argus-basic.module/defaults X%%DATADIR%%/modules/argus-basic.module/description X%%DATADIR%%/modules/argus-basic.module/info X%%DATADIR%%/modules/bro-ids.module/bro-ids X%%DATADIR%%/modules/bro-ids.module/bro.cfg X%%DATADIR%%/modules/bro-ids.module/defaults X%%DATADIR%%/modules/bro-ids.module/description X%%DATADIR%%/modules/bro-ids.module/info X%%DATADIR%%/modules/capinfos.module/capinfos X%%DATADIR%%/modules/capinfos.module/defaults X%%DATADIR%%/modules/capinfos.module/description X%%DATADIR%%/modules/capinfos.module/info X%%DATADIR%%/modules/categories/flow X%%DATADIR%%/modules/categories/forensics X%%DATADIR%%/modules/categories/nsm X%%DATADIR%%/modules/categories/statistics X%%DATADIR%%/modules/chaosreader.module/chaosreader X%%DATADIR%%/modules/chaosreader.module/defaults X%%DATADIR%%/modules/chaosreader.module/description X%%DATADIR%%/modules/chaosreader.module/info X%%DATADIR%%/modules/fl0p.module/defaults X%%DATADIR%%/modules/fl0p.module/description X%%DATADIR%%/modules/fl0p.module/fl0p X%%DATADIR%%/modules/fl0p.module/info X%%DATADIR%%/modules/hash.module/defaults X%%DATADIR%%/modules/hash.module/description X%%DATADIR%%/modules/hash.module/hash X%%DATADIR%%/modules/hash.module/info X%%DATADIR%%/modules/honeysnap.module/defaults X%%DATADIR%%/modules/honeysnap.module/description X%%DATADIR%%/modules/honeysnap.module/honeysnap X%%DATADIR%%/modules/honeysnap.module/honeysnap.cfg X%%DATADIR%%/modules/honeysnap.module/info X%%DATADIR%%/modules/iploc.module/defaults X%%DATADIR%%/modules/iploc.module/description X%%DATADIR%%/modules/iploc.module/info X%%DATADIR%%/modules/iploc.module/iploc X%%DATADIR%%/modules/ngrep.module/description X%%DATADIR%%/modules/ngrep.module/info X%%DATADIR%%/modules/ngrep.module/ngrep X%%DATADIR%%/modules/p0f.module/defaults X%%DATADIR%%/modules/p0f.module/description X%%DATADIR%%/modules/p0f.module/info X%%DATADIR%%/modules/p0f.module/p0f X%%DATADIR%%/modules/pads.module/defaults X%%DATADIR%%/modules/pads.module/description X%%DATADIR%%/modules/pads.module/info X%%DATADIR%%/modules/pads.module/pads X%%DATADIR%%/modules/snort.module/rules/bleeding-attack_response.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-botcc-BLOCK.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-botcc.excluded X%%DATADIR%%/modules/snort.module/rules/bleeding-botcc.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-compromised-BLOCK.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-compromised.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-dos.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-drop-BLOCK.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-drop.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-dshield-BLOCK.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-dshield.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-exploit.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-game.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-inappropriate.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-malware.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-p2p.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-policy.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-rbn-BLOCK.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-rbn.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-scan.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-sid-msg.map X%%DATADIR%%/modules/snort.module/rules/bleeding-virus.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-voip.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-web.rules X%%DATADIR%%/modules/snort.module/rules/bleeding-web_sql_injection.rules X%%DATADIR%%/modules/snort.module/rules/bleeding.conf X%%DATADIR%%/modules/snort.module/rules/bleeding.rules X%%DATADIR%%/modules/snort.module/rules/community-bot.rules X%%DATADIR%%/modules/snort.module/rules/community-deleted.rules X%%DATADIR%%/modules/snort.module/rules/community-dos.rules X%%DATADIR%%/modules/snort.module/rules/community-ftp.rules X%%DATADIR%%/modules/snort.module/rules/community-exploit.rules X%%DATADIR%%/modules/snort.module/rules/community-game.rules X%%DATADIR%%/modules/snort.module/rules/community-icmp.rules X%%DATADIR%%/modules/snort.module/rules/community-imap.rules X%%DATADIR%%/modules/snort.module/rules/community-inappropriate.rules X%%DATADIR%%/modules/snort.module/rules/community-mail-client.rules X%%DATADIR%%/modules/snort.module/rules/community-misc.rules X%%DATADIR%%/modules/snort.module/rules/community-nntp.rules X%%DATADIR%%/modules/snort.module/rules/community-oracle.rules X%%DATADIR%%/modules/snort.module/rules/community-policy.rules X%%DATADIR%%/modules/snort.module/rules/community-sip.rules X%%DATADIR%%/modules/snort.module/rules/community-smtp.rules X%%DATADIR%%/modules/snort.module/rules/community-sql-injection.rules X%%DATADIR%%/modules/snort.module/rules/community-virus.rules X%%DATADIR%%/modules/snort.module/rules/community-web-attacks.rules X%%DATADIR%%/modules/snort.module/rules/community-web-cgi.rules X%%DATADIR%%/modules/snort.module/rules/community-web-client.rules X%%DATADIR%%/modules/snort.module/rules/community-web-dos.rules X%%DATADIR%%/modules/snort.module/rules/community-web-iis.rules X%%DATADIR%%/modules/snort.module/rules/community-web-misc.rules X%%DATADIR%%/modules/snort.module/rules/community-web-php.rules X%%DATADIR%%/modules/snort.module/rules/LICENSE X%%DATADIR%%/modules/snort.module/classification.config X%%DATADIR%%/modules/snort.module/defaults X%%DATADIR%%/modules/snort.module/description X%%DATADIR%%/modules/snort.module/info X%%DATADIR%%/modules/snort.module/reference.config X%%DATADIR%%/modules/snort.module/snort X%%DATADIR%%/modules/snort.module/snort.conf X%%DATADIR%%/modules/snort.module/unicode.map X%%DATADIR%%/modules/tcpdstat.module/defaults X%%DATADIR%%/modules/tcpdstat.module/description X%%DATADIR%%/modules/tcpdstat.module/info X%%DATADIR%%/modules/tcpdstat.module/tcpdstat X%%DATADIR%%/modules/tcpflow.module/defaults X%%DATADIR%%/modules/tcpflow.module/description X%%DATADIR%%/modules/tcpflow.module/info X%%DATADIR%%/modules/tcpflow.module/tcpflow X%%DATADIR%%/modules/tcpxtract.module/defaults X%%DATADIR%%/modules/tcpxtract.module/description X%%DATADIR%%/modules/tcpxtract.module/info X%%DATADIR%%/modules/tcpxtract.module/tcpxtract X%%DATADIR%%/modules/tcpxtract.module/tcpxtract.conf X%%DATADIR%%/modules/tshark.module/defaults X%%DATADIR%%/modules/tshark.module/description X%%DATADIR%%/modules/tshark.module/info X%%DATADIR%%/modules/tshark.module/tshark X%%DATADIR%%/modules/README X%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG X%%PORTDOCS%%%%DOCSDIR%%/TODO X%%PORTDOCS%%@dirrm %%DOCSDIR%% X@dirrmtry %%DATADIR%%/modules/tshark.module X@dirrmtry %%DATADIR%%/modules/tcpxtract.module X@dirrmtry %%DATADIR%%/modules/tcpflow.module X@dirrmtry %%DATADIR%%/modules/tcpdstat.module X@dirrmtry %%DATADIR%%/modules/snort.module/rules X@dirrmtry %%DATADIR%%/modules/snort.module X@dirrmtry %%DATADIR%%/modules/pads.module X@dirrmtry %%DATADIR%%/modules/p0f.module X@dirrmtry %%DATADIR%%/modules/ngrep.module X@dirrmtry %%DATADIR%%/modules/iploc.module X@dirrmtry %%DATADIR%%/modules/honeysnap.module X@dirrmtry %%DATADIR%%/modules/hash.module X@dirrmtry %%DATADIR%%/modules/fl0p.module X@dirrmtry %%DATADIR%%/modules/chaosreader.module X@dirrmtry %%DATADIR%%/modules/categories X@dirrmtry %%DATADIR%%/modules/capinfos.module X@dirrmtry %%DATADIR%%/modules/bro-ids.module X@dirrmtry %%DATADIR%%/modules/argus-basic.module X@dirrmtry %%DATADIR%%/modules/aimsnarf.module X@dirrmtry %%DATADIR%%/modules X@dirrmtry %%DATADIR%% X@dirrmtry %%RUBY_SITELIBDIR%%/nsm-console END-of-nsm-console/pkg-plist echo x - nsm-console/distinfo sed 's/^X//' >nsm-console/distinfo << 'END-of-nsm-console/distinfo' XMD5 (nsm-console-0.3.tar.gz) = d97885eaadc51de2308acac8f5c279a4 XSHA256 (nsm-console-0.3.tar.gz) = 2e012f9eb38749edb8f1f8441ed34c1814682ae765acc0ce382e1f82d3e0455d XSIZE (nsm-console-0.3.tar.gz) = 415384 END-of-nsm-console/distinfo echo c - nsm-console/files mkdir -p nsm-console/files > /dev/null 2>&1 echo x - nsm-console/files/patch-lib-nsm_consle.rb sed 's/^X//' >nsm-console/files/patch-lib-nsm_consle.rb << 'END-of-nsm-console/files/patch-lib-nsm_consle.rb' X--- lib/nsm_console.rb.orig 2008-01-15 20:23:34.000000000 +0900 X+++ lib/nsm_console.rb 2008-01-15 20:24:32.000000000 +0900 X@@ -15,7 +15,7 @@ X load_categories($moduledir) X X ## Initialize logging X- logfilename = "logs/nsm-log." X+ logfilename = ENV["HOME"] + "/logs/nsm-log." X logfilename.concat(Time.now.year.to_s) X logfilename.concat(Time.now.month.to_s) X logfilename.concat(Time.now.day.to_s) X@@ -81,4 +81,4 @@ X X start_shell() X end X-end X\ No newline at end of file X+end END-of-nsm-console/files/patch-lib-nsm_consle.rb echo x - nsm-console/files/patch-nsm sed 's/^X//' >nsm-console/files/patch-nsm << 'END-of-nsm-console/files/patch-nsm' X--- nsm.orig 2008-01-09 07:20:10.000000000 +0900 X+++ nsm 2008-01-15 20:05:17.000000000 +0900 X@@ -12,8 +12,8 @@ X include Readline X X ## Require commands X-require 'lib/command_manager' X-require 'lib/commands' X+require 'nsm-console/command_manager' X+require 'nsm-console/commands' X X ## Required for tab completion X $tabstrings = CommandManager.get_commands_as_array() X@@ -23,16 +23,16 @@ X Readline.completion_proc = lambda{|s| $tabstrings.find_all{|elm| elm =~ /#{s}/}} X X ## Require nsm console specific files X-require 'lib/logging' X-require 'lib/history' X-require 'lib/nsm_module' X-require 'lib/nsm_category' X-require 'lib/nsm_helper' X-require 'lib/nsm_console' X-require 'lib/encodelib' X+require 'nsm-console/logging' X+require 'nsm-console/history' X+require 'nsm-console/nsm_module' X+require 'nsm-console/nsm_category' X+require 'nsm-console/nsm_helper' X+require 'nsm-console/nsm_console' X+require 'nsm-console/encodelib' X X ## Default module directory X-$moduledir = "modules" X+$moduledir = "%%DATADIR%%/modules" X ## Default output directory X $outputdir = "${PCAP_BASE}-output" X END-of-nsm-console/files/patch-nsm echo x - nsm-console/pkg-message sed 's/^X//' >nsm-console/pkg-message << 'END-of-nsm-console/pkg-message' XDefault log directory is $HOME/logs, which is NOT automatically created. X XExecute: X > mkdir $HOME/logs Xor change it from nsm console: X nsm> logfile path/to/logfile X XThis will be configurable in the future. END-of-nsm-console/pkg-message exit --- nsm-console-0.3.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080115132304.115153C043B>