ports/119682: [NEW PORT] security/nsm-console: A framework for performing analysis on packat capture files
Tomoyuki Sakurai
cherry at trombik.org
Tue Jan 15 13:40:02 UTC 2008
>Number: 119682
>Category: ports
>Synopsis: [NEW PORT] security/nsm-console: A framework for performing analysis on packat capture files
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 15 13:40:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Tomoyuki Sakurai
>Release: FreeBSD 6.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD spica.trombik.org 6.2-STABLE FreeBSD 6.2-STABLE #0: Sun Jun 3 13:54:03 UTC
>Description:
NSM Console (Network Security Monitoring Console) is a framework for performing
analysis on packat capture files.
WWW: http://thnetos.wordpress.com/nsm-console/
Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:
--- nsm-console-0.3.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# nsm-console
# nsm-console/pkg-descr
# nsm-console/Makefile
# nsm-console/pkg-plist
# nsm-console/distinfo
# nsm-console/files
# nsm-console/files/patch-lib-nsm_consle.rb
# nsm-console/files/patch-nsm
# nsm-console/pkg-message
#
echo c - nsm-console
mkdir -p nsm-console > /dev/null 2>&1
echo x - nsm-console/pkg-descr
sed 's/^X//' >nsm-console/pkg-descr << 'END-of-nsm-console/pkg-descr'
XNSM Console (Network Security Monitoring Console) is a framework for performing
Xanalysis on packat capture files.
X
XWWW: http://thnetos.wordpress.com/nsm-console/
END-of-nsm-console/pkg-descr
echo x - nsm-console/Makefile
sed 's/^X//' >nsm-console/Makefile << 'END-of-nsm-console/Makefile'
X# New ports collection makefile for: nsm-console
X# Date created: 2008-01-15
X# Whom: Tomoyuki Sakurai <cherry at trombik.org>
X#
X# $FreeBSD$
X#
X
XPORTNAME= nsm-console
XPORTVERSION= 0.3
XCATEGORIES= security
XMASTER_SITES= http://navi.eight7.org/~hinmanm/files/
X
XMAINTAINER= cherry at trombik.org
XCOMMENT= A framework for performing analysis on packat capture files
X
XUSE_RUBY= yes
XNO_BUILD= yes
XRUBY_NO_BUILD_DEPENDS= yes
XWRKSRC= ${WRKDIR}/${PORTNAME}
XOPTIONS= TSHARK "Install tshark" on \
X WIRESHARK "Install wireshark" off \
X TCPDSTAT "Install tcpdstat" on \
X NGREP "Install ngrep" on \
X TCPFLOW "Install tcpflow" on \
X SNORT "Install snort" on \
X TCPXTRACT "Install tcpxtract" on \
X P0F "Install p0f" on \
X PADS "Install pads" on \
X FL0P "Install fl0p" on \
X CHAOSREADER "Install chaosreader" on \
X ARGUS "Install argus" on
XNSM_LIBFILES= command_manager.rb \
X command_manager.rb \
X commands.rb \
X encodelib.rb \
X history.rb \
X logging.rb \
X nsm_category.rb \
X nsm_console.rb \
X nsm_helper.rb \
X nsm_module.rb
XNSM_DOC= CHANGELOG TODO
X
X.include <bsd.port.pre.mk>
X
X.if defined(WITH_TSHARK)
XRUN_DEPEND+= ${LOCALBASE}/bin/tshark:${PORTSDIR}/net/tshark
X.endif
X.if defined(WITH_WIRESHARK)
X.if defined(WITH_TSHARK)
XIGNORE= you cannot enable both WIRESHARK and TSHARK
X.else
XRUN_DEPENDS+= ${LOCALBASE}/bin/wireshark:${PORTSDIR}/net/wireshark
X.endif
X.endif
X.if defined(WITH_TCPDSTAT)
XRUN_DEPENDS+= ${LOCALBASE}/bin/tcpdstat:${PORTSDIR}/net/tcpdstat
X.endif
X.if defined(WITH_NGREP)
XRUN_DEPENDS+= ${LOCALBASE}/bin/ngrep:${PORTSDIR}/net/ngrep
X.endif
X.if defined(WITH_TCPFLOW)
XRUN_DEPENDS+= ${LOCALBASE}/bin/tcpflow:${PORTSDIR}/net/tcpflow
X.endif
X.if defined(WITH_SNORT)
XRUN_DEPENDS+= ${LOCALBASE}/bin/snort:${PORTSDIR}/security/snort
X.endif
X.if defined(WITH_TCPXTRACT)
XRUN_DEPENDS+= ${LOCALBASE}/bin/tcpxtract:${PORTSDIR}/net/tcpxtract
X.endif
X.if defined(WITH_P0F)
XRUN_DEPENDS+= ${LOCALBASE}/bin/p0f:${PORTSDIR}/net-mgmt/p0f
X.endif
X.if defined(WITH_PADS)
XRUN_DEPENDS+= ${LOCALBASE}/bin/pads:${PORTSDIR}/net-mgmt/pads
X.endif
X.if defined(WITH_FL0P)
XRUN_DEPENDS+= ${LOCALBASE}/bin/fl0p:${PORTSDIR}/security/fl0p
X.endif
X.if defined(WITH_CHAOSREADER)
XRUN_DEPENDS+= ${LOCALBASE}/bin/chaosreader:${PORTSDIR}/security/chaosreader
X.endif
X.if defined(WITH_ARGUS)
XRUN_DEPENDS+= ${LOCALBASE}/bin/ra:${PORTSDIR}/net-mgmt/argus-clients \
X ${LOCALBASE}/sbin/argus:${PORTSDIR}/net-mgmt/argus
X.endif
X
Xpost-patch:
X ${REINPLACE_CMD} -e 's|%%DATADIR%%|${DATADIR}|g' ${WRKSRC}/nsm
X
Xdo-install:
X ${MKDIR} ${RUBY_SITELIBDIR}/${PORTNAME}
X.for F in ${NSM_LIBFILES}
X ${INSTALL_DATA} ${WRKSRC}/lib/${F} ${RUBY_SITELIBDIR}/${PORTNAME}
X.endfor
X.for D in modules
X cd ${WRKSRC} && ${FIND} ${D} -type d -exec ${MKDIR} ${DATADIR}/{} ";"
X cd ${WRKSRC} && ${FIND} ${D} -type f -exec ${INSTALL_DATA} {} ${DATADIR}/{} ";"
X.endfor
X ${INSTALL_SCRIPT} ${WRKSRC}/nsm ${PREFIX}/bin
X.if !defined(NOPORTDOCS)
X ${MKDIR} ${DOCSDIR}
X.for F in ${NSM_DOC}
X ${INSTALL_DATA} ${WRKSRC}/${F} ${DOCSDIR}/
X.endfor
X.endif
X
X.include <bsd.port.post.mk>
END-of-nsm-console/Makefile
echo x - nsm-console/pkg-plist
sed 's/^X//' >nsm-console/pkg-plist << 'END-of-nsm-console/pkg-plist'
X at comment $FreeBSD$
Xbin/nsm
X%%RUBY_SITELIBDIR%%/nsm-console/commands.rb
X%%RUBY_SITELIBDIR%%/nsm-console/encodelib.rb
X%%RUBY_SITELIBDIR%%/nsm-console/history.rb
X%%RUBY_SITELIBDIR%%/nsm-console/logging.rb
X%%RUBY_SITELIBDIR%%/nsm-console/nsm_category.rb
X%%RUBY_SITELIBDIR%%/nsm-console/nsm_console.rb
X%%RUBY_SITELIBDIR%%/nsm-console/nsm_helper.rb
X%%RUBY_SITELIBDIR%%/nsm-console/nsm_module.rb
X%%RUBY_SITELIBDIR%%/nsm-console/command_manager.rb
X%%DATADIR%%/modules/aimsnarf.module/aimsnarf
X%%DATADIR%%/modules/aimsnarf.module/defaults
X%%DATADIR%%/modules/aimsnarf.module/description
X%%DATADIR%%/modules/aimsnarf.module/info
X%%DATADIR%%/modules/argus-basic.module/argus-basic
X%%DATADIR%%/modules/argus-basic.module/defaults
X%%DATADIR%%/modules/argus-basic.module/description
X%%DATADIR%%/modules/argus-basic.module/info
X%%DATADIR%%/modules/bro-ids.module/bro-ids
X%%DATADIR%%/modules/bro-ids.module/bro.cfg
X%%DATADIR%%/modules/bro-ids.module/defaults
X%%DATADIR%%/modules/bro-ids.module/description
X%%DATADIR%%/modules/bro-ids.module/info
X%%DATADIR%%/modules/capinfos.module/capinfos
X%%DATADIR%%/modules/capinfos.module/defaults
X%%DATADIR%%/modules/capinfos.module/description
X%%DATADIR%%/modules/capinfos.module/info
X%%DATADIR%%/modules/categories/flow
X%%DATADIR%%/modules/categories/forensics
X%%DATADIR%%/modules/categories/nsm
X%%DATADIR%%/modules/categories/statistics
X%%DATADIR%%/modules/chaosreader.module/chaosreader
X%%DATADIR%%/modules/chaosreader.module/defaults
X%%DATADIR%%/modules/chaosreader.module/description
X%%DATADIR%%/modules/chaosreader.module/info
X%%DATADIR%%/modules/fl0p.module/defaults
X%%DATADIR%%/modules/fl0p.module/description
X%%DATADIR%%/modules/fl0p.module/fl0p
X%%DATADIR%%/modules/fl0p.module/info
X%%DATADIR%%/modules/hash.module/defaults
X%%DATADIR%%/modules/hash.module/description
X%%DATADIR%%/modules/hash.module/hash
X%%DATADIR%%/modules/hash.module/info
X%%DATADIR%%/modules/honeysnap.module/defaults
X%%DATADIR%%/modules/honeysnap.module/description
X%%DATADIR%%/modules/honeysnap.module/honeysnap
X%%DATADIR%%/modules/honeysnap.module/honeysnap.cfg
X%%DATADIR%%/modules/honeysnap.module/info
X%%DATADIR%%/modules/iploc.module/defaults
X%%DATADIR%%/modules/iploc.module/description
X%%DATADIR%%/modules/iploc.module/info
X%%DATADIR%%/modules/iploc.module/iploc
X%%DATADIR%%/modules/ngrep.module/description
X%%DATADIR%%/modules/ngrep.module/info
X%%DATADIR%%/modules/ngrep.module/ngrep
X%%DATADIR%%/modules/p0f.module/defaults
X%%DATADIR%%/modules/p0f.module/description
X%%DATADIR%%/modules/p0f.module/info
X%%DATADIR%%/modules/p0f.module/p0f
X%%DATADIR%%/modules/pads.module/defaults
X%%DATADIR%%/modules/pads.module/description
X%%DATADIR%%/modules/pads.module/info
X%%DATADIR%%/modules/pads.module/pads
X%%DATADIR%%/modules/snort.module/rules/bleeding-attack_response.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-botcc-BLOCK.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-botcc.excluded
X%%DATADIR%%/modules/snort.module/rules/bleeding-botcc.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-compromised-BLOCK.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-compromised.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-dos.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-drop-BLOCK.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-drop.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-dshield-BLOCK.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-dshield.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-exploit.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-game.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-inappropriate.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-malware.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-p2p.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-policy.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-rbn-BLOCK.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-rbn.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-scan.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-sid-msg.map
X%%DATADIR%%/modules/snort.module/rules/bleeding-virus.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-voip.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-web.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding-web_sql_injection.rules
X%%DATADIR%%/modules/snort.module/rules/bleeding.conf
X%%DATADIR%%/modules/snort.module/rules/bleeding.rules
X%%DATADIR%%/modules/snort.module/rules/community-bot.rules
X%%DATADIR%%/modules/snort.module/rules/community-deleted.rules
X%%DATADIR%%/modules/snort.module/rules/community-dos.rules
X%%DATADIR%%/modules/snort.module/rules/community-ftp.rules
X%%DATADIR%%/modules/snort.module/rules/community-exploit.rules
X%%DATADIR%%/modules/snort.module/rules/community-game.rules
X%%DATADIR%%/modules/snort.module/rules/community-icmp.rules
X%%DATADIR%%/modules/snort.module/rules/community-imap.rules
X%%DATADIR%%/modules/snort.module/rules/community-inappropriate.rules
X%%DATADIR%%/modules/snort.module/rules/community-mail-client.rules
X%%DATADIR%%/modules/snort.module/rules/community-misc.rules
X%%DATADIR%%/modules/snort.module/rules/community-nntp.rules
X%%DATADIR%%/modules/snort.module/rules/community-oracle.rules
X%%DATADIR%%/modules/snort.module/rules/community-policy.rules
X%%DATADIR%%/modules/snort.module/rules/community-sip.rules
X%%DATADIR%%/modules/snort.module/rules/community-smtp.rules
X%%DATADIR%%/modules/snort.module/rules/community-sql-injection.rules
X%%DATADIR%%/modules/snort.module/rules/community-virus.rules
X%%DATADIR%%/modules/snort.module/rules/community-web-attacks.rules
X%%DATADIR%%/modules/snort.module/rules/community-web-cgi.rules
X%%DATADIR%%/modules/snort.module/rules/community-web-client.rules
X%%DATADIR%%/modules/snort.module/rules/community-web-dos.rules
X%%DATADIR%%/modules/snort.module/rules/community-web-iis.rules
X%%DATADIR%%/modules/snort.module/rules/community-web-misc.rules
X%%DATADIR%%/modules/snort.module/rules/community-web-php.rules
X%%DATADIR%%/modules/snort.module/rules/LICENSE
X%%DATADIR%%/modules/snort.module/classification.config
X%%DATADIR%%/modules/snort.module/defaults
X%%DATADIR%%/modules/snort.module/description
X%%DATADIR%%/modules/snort.module/info
X%%DATADIR%%/modules/snort.module/reference.config
X%%DATADIR%%/modules/snort.module/snort
X%%DATADIR%%/modules/snort.module/snort.conf
X%%DATADIR%%/modules/snort.module/unicode.map
X%%DATADIR%%/modules/tcpdstat.module/defaults
X%%DATADIR%%/modules/tcpdstat.module/description
X%%DATADIR%%/modules/tcpdstat.module/info
X%%DATADIR%%/modules/tcpdstat.module/tcpdstat
X%%DATADIR%%/modules/tcpflow.module/defaults
X%%DATADIR%%/modules/tcpflow.module/description
X%%DATADIR%%/modules/tcpflow.module/info
X%%DATADIR%%/modules/tcpflow.module/tcpflow
X%%DATADIR%%/modules/tcpxtract.module/defaults
X%%DATADIR%%/modules/tcpxtract.module/description
X%%DATADIR%%/modules/tcpxtract.module/info
X%%DATADIR%%/modules/tcpxtract.module/tcpxtract
X%%DATADIR%%/modules/tcpxtract.module/tcpxtract.conf
X%%DATADIR%%/modules/tshark.module/defaults
X%%DATADIR%%/modules/tshark.module/description
X%%DATADIR%%/modules/tshark.module/info
X%%DATADIR%%/modules/tshark.module/tshark
X%%DATADIR%%/modules/README
X%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
X%%PORTDOCS%%%%DOCSDIR%%/TODO
X%%PORTDOCS%%@dirrm %%DOCSDIR%%
X at dirrmtry %%DATADIR%%/modules/tshark.module
X at dirrmtry %%DATADIR%%/modules/tcpxtract.module
X at dirrmtry %%DATADIR%%/modules/tcpflow.module
X at dirrmtry %%DATADIR%%/modules/tcpdstat.module
X at dirrmtry %%DATADIR%%/modules/snort.module/rules
X at dirrmtry %%DATADIR%%/modules/snort.module
X at dirrmtry %%DATADIR%%/modules/pads.module
X at dirrmtry %%DATADIR%%/modules/p0f.module
X at dirrmtry %%DATADIR%%/modules/ngrep.module
X at dirrmtry %%DATADIR%%/modules/iploc.module
X at dirrmtry %%DATADIR%%/modules/honeysnap.module
X at dirrmtry %%DATADIR%%/modules/hash.module
X at dirrmtry %%DATADIR%%/modules/fl0p.module
X at dirrmtry %%DATADIR%%/modules/chaosreader.module
X at dirrmtry %%DATADIR%%/modules/categories
X at dirrmtry %%DATADIR%%/modules/capinfos.module
X at dirrmtry %%DATADIR%%/modules/bro-ids.module
X at dirrmtry %%DATADIR%%/modules/argus-basic.module
X at dirrmtry %%DATADIR%%/modules/aimsnarf.module
X at dirrmtry %%DATADIR%%/modules
X at dirrmtry %%DATADIR%%
X at dirrmtry %%RUBY_SITELIBDIR%%/nsm-console
END-of-nsm-console/pkg-plist
echo x - nsm-console/distinfo
sed 's/^X//' >nsm-console/distinfo << 'END-of-nsm-console/distinfo'
XMD5 (nsm-console-0.3.tar.gz) = d97885eaadc51de2308acac8f5c279a4
XSHA256 (nsm-console-0.3.tar.gz) = 2e012f9eb38749edb8f1f8441ed34c1814682ae765acc0ce382e1f82d3e0455d
XSIZE (nsm-console-0.3.tar.gz) = 415384
END-of-nsm-console/distinfo
echo c - nsm-console/files
mkdir -p nsm-console/files > /dev/null 2>&1
echo x - nsm-console/files/patch-lib-nsm_consle.rb
sed 's/^X//' >nsm-console/files/patch-lib-nsm_consle.rb << 'END-of-nsm-console/files/patch-lib-nsm_consle.rb'
X--- lib/nsm_console.rb.orig 2008-01-15 20:23:34.000000000 +0900
X+++ lib/nsm_console.rb 2008-01-15 20:24:32.000000000 +0900
X@@ -15,7 +15,7 @@
X load_categories($moduledir)
X
X ## Initialize logging
X- logfilename = "logs/nsm-log."
X+ logfilename = ENV["HOME"] + "/logs/nsm-log."
X logfilename.concat(Time.now.year.to_s)
X logfilename.concat(Time.now.month.to_s)
X logfilename.concat(Time.now.day.to_s)
X@@ -81,4 +81,4 @@
X
X start_shell()
X end
X-end
X\ No newline at end of file
X+end
END-of-nsm-console/files/patch-lib-nsm_consle.rb
echo x - nsm-console/files/patch-nsm
sed 's/^X//' >nsm-console/files/patch-nsm << 'END-of-nsm-console/files/patch-nsm'
X--- nsm.orig 2008-01-09 07:20:10.000000000 +0900
X+++ nsm 2008-01-15 20:05:17.000000000 +0900
X@@ -12,8 +12,8 @@
X include Readline
X
X ## Require commands
X-require 'lib/command_manager'
X-require 'lib/commands'
X+require 'nsm-console/command_manager'
X+require 'nsm-console/commands'
X
X ## Required for tab completion
X $tabstrings = CommandManager.get_commands_as_array()
X@@ -23,16 +23,16 @@
X Readline.completion_proc = lambda{|s| $tabstrings.find_all{|elm| elm =~ /#{s}/}}
X
X ## Require nsm console specific files
X-require 'lib/logging'
X-require 'lib/history'
X-require 'lib/nsm_module'
X-require 'lib/nsm_category'
X-require 'lib/nsm_helper'
X-require 'lib/nsm_console'
X-require 'lib/encodelib'
X+require 'nsm-console/logging'
X+require 'nsm-console/history'
X+require 'nsm-console/nsm_module'
X+require 'nsm-console/nsm_category'
X+require 'nsm-console/nsm_helper'
X+require 'nsm-console/nsm_console'
X+require 'nsm-console/encodelib'
X
X ## Default module directory
X-$moduledir = "modules"
X+$moduledir = "%%DATADIR%%/modules"
X ## Default output directory
X $outputdir = "${PCAP_BASE}-output"
X
END-of-nsm-console/files/patch-nsm
echo x - nsm-console/pkg-message
sed 's/^X//' >nsm-console/pkg-message << 'END-of-nsm-console/pkg-message'
XDefault log directory is $HOME/logs, which is NOT automatically created.
X
XExecute:
X > mkdir $HOME/logs
Xor change it from nsm console:
X nsm> logfile path/to/logfile
X
XThis will be configurable in the future.
END-of-nsm-console/pkg-message
exit
--- nsm-console-0.3.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list