diff options
| author | adrianp <adrianp> | 2006-01-03 21:09:44 +0000 |
|---|---|---|
| committer | adrianp <adrianp> | 2006-01-03 21:09:44 +0000 |
| commit | f27ba9cc2ef72b07991e972883504b0074f3623e (patch) | |
| tree | 6e13946fe3a0737421b541b4ba602cdbf6235bf9 /security/base | |
| parent | d2523b1c791f2a152f77b51a95e09046aed4e924 (diff) | |
| download | pkgsrc-f27ba9cc2ef72b07991e972883504b0074f3623e.tar.gz | |
The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
Diffstat (limited to 'security/base')
| -rw-r--r-- | security/base/DESCR | 20 | ||||
| -rw-r--r-- | security/base/MESSAGE | 17 | ||||
| -rw-r--r-- | security/base/Makefile | 74 | ||||
| -rw-r--r-- | security/base/PLIST | 131 | ||||
| -rw-r--r-- | security/base/distinfo | 6 | ||||
| -rw-r--r-- | security/base/files/base.conf | 28 | ||||
| -rw-r--r-- | security/base/options.mk | 24 | ||||
| -rw-r--r-- | security/base/patches/patch-aa | 31 |
8 files changed, 331 insertions, 0 deletions
diff --git a/security/base/DESCR b/security/base/DESCR new file mode 100644 index 00000000000..564e7ec8cbb --- /dev/null +++ b/security/base/DESCR @@ -0,0 +1,20 @@ +The Basic Analysis and Security Engine (BASE) is a PHP-based analysis +engine to search and process a database of security events generated by +various IDSes, firewalls, and network monitoring tools. The features currently +include: + + o Query-builder and search interface for finding alerts matching + on alert meta information (e.g. signature, detection time) as well as + the underlying network evidence (e.g. source/destination address, ports, + payload, or flags). + + o Packet viewer (decoder) will graphically display the layer-3 and + layer-4 packet information of logged alerts + + o Alert management by providing constructs to logically group alerts + to create incidents (alert groups), deleting the handled alerts or + false positives, exporting to email for collaboration, or archiving of + alerts to transfer them between alert databases. + + o Chart and statistic generation based on time, sensor, signature, protocol, + IP address, TCP/UDP ports, or classification diff --git a/security/base/MESSAGE b/security/base/MESSAGE new file mode 100644 index 00000000000..d5581dae707 --- /dev/null +++ b/security/base/MESSAGE @@ -0,0 +1,17 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ + +You will need to make BASE accessible through your HTTP server. +If you are running Apache and ap-php, then you will need to +add the following line to your httpd.conf: + + Include ${PKG_SYSCONFDIR}/base.conf + +to make BASE accessible through: + + http://localhost/base/ + +You will need to customise ${BASE_DIR}/base_conf.php before +BASE will work. This includes setting up database access. + +=========================================================================== diff --git a/security/base/Makefile b/security/base/Makefile new file mode 100644 index 00000000000..f96bdfc8486 --- /dev/null +++ b/security/base/Makefile @@ -0,0 +1,74 @@ +# $NetBSD: Makefile,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ +# + +DISTNAME= base-1.2.1 +CATEGORIES= security +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=secureideas/} + +MAINTAINER= adrianp@NetBSD.org +HOMEPAGE= http://secureideas.sourceforge.net/ +COMMENT= Analysis engine to process a database of security events + +DEPENDS+= adodb>=1.2:../../databases/adodb +DEPENDS+= ap-php>=4.0.4:../../www/ap-php +DEPENDS+= php-gd>=4.0.4:../../graphics/php-gd +DEPENDS+= php-sockets>=4.0.4:../../net/php-sockets +DEPENDS+= php-mysql>=4.0.4:../../databases/php-mysql +DEPENDS+= pear-Log-[0-9]*:../../sysutils/pear-Log +DEPENDS+= pear-Numbers_Words-[0-9]*:../../math/pear-Numbers_Words +DEPENDS+= pear-Numbers_Roman-[0-9]*:../../math/pear-Numbers_Roman +DEPENDS+= pear-Image_Color-[0-9]*:../../graphics/pear-Image_Color +DEPENDS+= pear-Image_Graph-0.3.0dev4:../../graphics/pear-Image_Graph + +NO_BUILD= YES +USE_PKGINSTALL= YES + +DOC_FILES= CHANGELOG CREDITS README README.mssql TODO UPGRADE base_faq.rtf +BASE_DIR= ${PREFIX}/share/base +EGDIR= ${PREFIX}/share/examples/base +MESSAGE_SUBST+= EGDIR=${EGDIR:Q} BASE_DIR=${BASE_DIR:Q} +PAX_DIRS= admin help images includes languages scripts setup sql styles +WWW_USER?= ${APACHE_USER} +WWW_GROUP?= ${APACHE_GROUP} +BUILD_DEFS+= WWW_USER WWW_GROUP +USE_TOOLS+= perl:run +REPLACE_PERL= scripts/base_maintenance.pl + +CONF_FILES= ${EGDIR}/base.conf ${PKG_SYSCONFDIR}/base.conf + +CONF_FILES_PERMS= ${EGDIR}/base_conf.php ${BASE_DIR}/base_conf.php \ + ${WWW_USER} ${WWW_GROUP} 0600 + +SUBST_CLASSES+= conf +SUBST_STAGE.conf= post-patch +SUBST_FILES.conf= base.conf base_conf.php.dist +SUBST_SED.conf= -e "s|@BASE_DIR@|${BASE_DIR}|g" \ + -e "s|@DBTYPE@|${DBTYPE}|g" \ + -e "s|@PREFIX@|${PREFIX}|g" +SUBST_MESSAGE.conf= "Fixing configuration files." + +.include "options.mk" + +post-extract: + @${CP} ${FILESDIR}/base.conf ${WRKSRC}/base.conf + +do-install: + ${INSTALL_DATA_DIR} ${BASE_DIR} + ${INSTALL_DATA_DIR} ${EGDIR} + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/base + + ${INSTALL_DATA} ${WRKSRC}/base.conf ${EGDIR} + ${INSTALL_DATA} ${WRKSRC}/base_conf.php.dist ${EGDIR}/base_conf.php + ${INSTALL_SCRIPT} ${WRKSRC}/*.php ${BASE_DIR} + +. for f in ${DOC_FILES} + ${INSTALL_DATA} ${WRKSRC}/docs/${f} ${PREFIX}/share/doc/base +. endfor + +. for i in ${PAX_DIRS} + cd ${WRKSRC}/${i} && ${PAX} -rw . ${BASE_DIR}/${i} +. endfor + + @${CHOWN} ${WWW_USER} ${BASE_DIR} + +.include "../../mk/bsd.pkg.mk" diff --git a/security/base/PLIST b/security/base/PLIST new file mode 100644 index 00000000000..47168d6323d --- /dev/null +++ b/security/base/PLIST @@ -0,0 +1,131 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ +share/base/admin/base_roleadmin.php +share/base/admin/base_useradmin.php +share/base/admin/index.php +share/base/base_ag_common.php +share/base/base_ag_main.php +share/base/base_common.php +share/base/base_db_common.php +share/base/base_db_setup.php +share/base/base_denied.php +share/base/base_footer.php +share/base/base_graph_common.php +share/base/base_graph_display.php +share/base/base_graph_form.php +share/base/base_graph_main.php +share/base/base_hdr1.php +share/base/base_hdr2.php +share/base/base_main.php +share/base/base_maintenance.php +share/base/base_payload.php +share/base/base_qry_alert.php +share/base/base_qry_common.php +share/base/base_qry_form.php +share/base/base_qry_main.php +share/base/base_qry_sqlcalls.php +share/base/base_stat_alerts.php +share/base/base_stat_class.php +share/base/base_stat_common.php +share/base/base_stat_ipaddr.php +share/base/base_stat_iplink.php +share/base/base_stat_ports.php +share/base/base_stat_sensor.php +share/base/base_stat_time.php +share/base/base_stat_uaddr.php +share/base/base_user.php +share/base/help/base_app_faq.php +share/base/help/base_help.php +share/base/help/base_setup_help.php +share/base/images/button_delete.png +share/base/images/button_edit.png +share/base/images/button_exclamation.png +share/base/images/greencheck.gif +share/base/images/greencheck.png +share/base/images/redcheck.gif +share/base/includes/base_action.inc.php +share/base/includes/base_auth.inc.php +share/base/includes/base_cache.inc.php +share/base/includes/base_capabilities.php +share/base/includes/base_constants.inc.php +share/base/includes/base_db.inc.php +share/base/includes/base_include.inc.php +share/base/includes/base_log_error.inc.php +share/base/includes/base_log_timing.inc.php +share/base/includes/base_net.inc.php +share/base/includes/base_output_html.inc.php +share/base/includes/base_output_query.inc.php +share/base/includes/base_setup.inc.php +share/base/includes/base_signature.inc.php +share/base/includes/base_state_citems.inc.php +share/base/includes/base_state_common.inc.php +share/base/includes/base_state_criteria.inc.php +share/base/includes/base_state_query.inc.php +share/base/includes/base_template.php +share/base/includes/base_user.inc.php +share/base/includes/class.ezpdf.php +share/base/includes/class.pdf.php +share/base/index.php +share/base/languages/chinese.lang.php +share/base/languages/czech.lang.php +share/base/languages/danish.lang.php +share/base/languages/english.lang.php +share/base/languages/finnish.lang.php +share/base/languages/french.lang.php +share/base/languages/german.lang.php +share/base/languages/index.php +share/base/languages/indonesian.lang.php +share/base/languages/italian.lang.php +share/base/languages/japanese.lang.php +share/base/languages/norwegian.lang.php +share/base/languages/polish.lang.php +share/base/languages/portuguese-PT.lang.php +share/base/languages/portuguese.lang.php +share/base/languages/russian.lang.php +share/base/languages/simplified_chinese.lang.php +share/base/languages/spanish.lang.php +share/base/languages/swedish.lang.php +share/base/scripts/base_maintenance.pl +share/base/setup/base_conf_contents.php +share/base/setup/index.php +share/base/setup/setup1.php +share/base/setup/setup2.php +share/base/setup/setup3.php +share/base/setup/setup4.php +share/base/setup/setup5.php +share/base/sql/acid2base_tbls_mssql.sql +share/base/sql/acid2base_tbls_mysql.sql +share/base/sql/acid2base_tbls_pgsql.sql +share/base/sql/create_base_tbls_mssql.sql +share/base/sql/create_base_tbls_mssql_extra.sql +share/base/sql/create_base_tbls_mysql.sql +share/base/sql/create_base_tbls_oracle.sql +share/base/sql/create_base_tbls_pgsql.sql +share/base/sql/create_base_tbls_pgsql_extra.sql +share/base/sql/upgrade_0.9.x_to_1.0-mysql.sql +share/base/styles/acid_style.css +share/base/styles/base_black_style.css +share/base/styles/base_red_style.css +share/base/styles/base_style.css +share/doc/base/CHANGELOG +share/doc/base/CREDITS +share/doc/base/README +share/doc/base/README.mssql +share/doc/base/TODO +share/doc/base/UPGRADE +share/doc/base/base_faq.rtf +share/examples/base/base.conf +share/examples/base/base_conf.php +@dirrm share/examples/base +@dirrm share/doc/base +@dirrm share/base/styles +@dirrm share/base/sql +@dirrm share/base/setup +@dirrm share/base/scripts +@dirrm share/base/languages +@unexec ${RMDIR} %D/share/base/includes/templates/default 2>/dev/null || ${TRUE} +@unexec ${RMDIR} %D/share/base/includes/templates 2>/dev/null || ${TRUE} +@dirrm share/base/includes +@dirrm share/base/images +@dirrm share/base/help +@dirrm share/base/admin +@unexec ${RMDIR} %D/share/base 2>/dev/null || ${TRUE} diff --git a/security/base/distinfo b/security/base/distinfo new file mode 100644 index 00000000000..c878ab99c40 --- /dev/null +++ b/security/base/distinfo @@ -0,0 +1,6 @@ +$NetBSD: distinfo,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ + +SHA1 (base-1.2.1.tar.gz) = fa556587b8dbdf8c7bc5496ad17098d23964e6bd +RMD160 (base-1.2.1.tar.gz) = 3adeebc85dbcd60c6bdbf3be4e8eb9527528f75b +Size (base-1.2.1.tar.gz) = 344440 bytes +SHA1 (patch-aa) = 643f22ba268bf712bfc969b6e3e5d086106f466f diff --git a/security/base/files/base.conf b/security/base/files/base.conf new file mode 100644 index 00000000000..58792f45d6a --- /dev/null +++ b/security/base/files/base.conf @@ -0,0 +1,28 @@ +# $NetBSD: base.conf,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ +# +# BASE configuration file fragment for Apache + +<IfModule mod_alias.c> + Alias /base/ "@BASE_DIR@/" +</IfModule> + +<Directory "@BASE_DIR@"> + Options Indexes + AllowOverride None + Order allow,deny + Allow from all +</Directory> + +# +# For security, dont serve pages from certain directories +# + +<Directory "@BASE_DIR@/scripts"> + Order deny,allow + Deny from all +</Directory> + +<Directory "@BASE_DIR@/sql"> + Order deny,allow + Deny from all +</Directory> diff --git a/security/base/options.mk b/security/base/options.mk new file mode 100644 index 00000000000..62d3135ef8e --- /dev/null +++ b/security/base/options.mk @@ -0,0 +1,24 @@ +# $NetBSD: options.mk,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ + +PKG_OPTIONS_VAR= PKG_OPTIONS.base + +PKG_OPTIONS_REQUIRED_GROUPS= db +PKG_OPTIONS_GROUP.db= mysql pgsql + +PKG_SUGGESTED_OPTIONS= mysql + +.include "../../mk/bsd.options.mk" + +### +### Use PostgreSQL for storing BASE raw data +### +.if !empty(PKG_OPTIONS:Mpgsql) +. include "../../mk/pgsql.buildlink3.mk" +DBTYPE= postgres +.elif !empty(PKG_OPTIONS:Mmysql) +### +### Use MySQL for storing BASE raw data +### +. include "../../mk/mysql.buildlink3.mk" +DBTYPE= mysql +.endif diff --git a/security/base/patches/patch-aa b/security/base/patches/patch-aa new file mode 100644 index 00000000000..fe5c81387ad --- /dev/null +++ b/security/base/patches/patch-aa @@ -0,0 +1,31 @@ +$NetBSD: patch-aa,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ + +--- base_conf.php.dist.orig 2005-10-31 11:33:27.000000000 +1100 ++++ base_conf.php.dist +@@ -39,7 +39,7 @@ $Use_Auth_System = 0; + But also put the preceding slash. e.g. Your URL is http://127.0.0.1/base + set this to /base + */ +-$BASE_urlpath = ""; ++$BASE_urlpath = "/base"; + + /* Unique BASE ID. The below variable, if set, will append its value to the + * title bar of the browser. This is for people who manage multiple installs +@@ -61,7 +61,7 @@ $base_custom_footer = ""; + * $foo = "c:\tmp" [OK] + * $foo = "c:\tmp\" [WRONG] + */ +-$DBlib_path = ""; ++$DBlib_path = "@PREFIX@/share/adodb"; + + /* The type of underlying alert database + * +@@ -70,7 +70,7 @@ $DBlib_path = ""; + * MS SQL Server : "mssql" + * Oracle : "oci8" + */ +-$DBtype = "mysql"; ++$DBtype = "@DBTYPE@"; + + /* Alert DB connection parameters + * - $alert_dbname : MySQL database name of Snort alert DB |