From 29dda93497bdf79de30c8a5c7d51cbcae8e26adc Mon Sep 17 00:00:00 2001 From: Baptiste MOINE Date: Thu, 17 Mar 2016 14:00:46 +0100 Subject: [PATCH 1/8] Update Ruby version requirement --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f7347533f..46be0e7d9 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Snorby is a ruby on rails web application for network security monitoring that i ## Requirements * Snort -* Ruby >= 1.9.2 +* Ruby >= 1.9.2, <2.x.x * Rails >= 3.0.0 ## Install @@ -42,7 +42,7 @@ Snorby is a ruby on rails web application for network security monitoring that i * Run The Snorby Setup `rake snorby:setup` - + * NOTE: If you get warning such as "already initialized constant PDF", you can fix it by running these commands : ``` From 0a2370c783b40d4ae50c375deb835b73c4e85e09 Mon Sep 17 00:00:00 2001 From: Baptiste MOINE Date: Thu, 17 Mar 2016 14:04:40 +0100 Subject: [PATCH 2/8] Fixing uninitialized constant Rake::DSL issue --- Rakefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Rakefile b/Rakefile index 5dee5b011..73d106f6c 100644 --- a/Rakefile +++ b/Rakefile @@ -2,6 +2,7 @@ # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. require File.expand_path('../config/application', __FILE__) +require 'rake/dsl_definition' require 'rake' include Rake::DSL if defined?(Rake::DSL) From b3fc0e3731c02ce7b623ac4112b670dda743a130 Mon Sep 17 00:00:00 2001 From: Baptiste MOINE Date: Thu, 17 Mar 2016 16:15:34 +0100 Subject: [PATCH 3/8] changed Worker.reset_cache to Jobs.reset_cache in snorby.rake --- lib/tasks/snorby.rake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tasks/snorby.rake b/lib/tasks/snorby.rake index 0074efd68..cf2296af7 100644 --- a/lib/tasks/snorby.rake +++ b/lib/tasks/snorby.rake @@ -137,7 +137,7 @@ namespace :snorby do Signature.update!(:events_count => 0) puts 'This could take awhile. Please wait while the Snorby cache is rebuilt.' - Snorby::Worker.reset_cache(:all, true) + Snorby::Jobs.reset_cache(:all, true) end desc 'Hard Reset - Rebuild Snorby Database' From 85c354f3b05228c667211f3e523a26c5de08065a Mon Sep 17 00:00:00 2001 From: Baptiste MOINE Date: Thu, 17 Mar 2016 16:18:26 +0100 Subject: [PATCH 4/8] Create option for user defined report settings --- app/models/user.rb | 4 ++++ app/views/settings/index.html.erb | 4 ++-- app/views/users/registrations/edit.html.erb | 19 +++++++++++++++++++ lib/snorby/jobs/sensor_cache_job.rb | 6 +++--- 4 files changed, 28 insertions(+), 5 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 5c7bf61dd..0783723a5 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -89,6 +89,10 @@ class User property :last_email_report_at, ZonedTime property :email_reports, Boolean, :default => false + property :daily_reports, Boolean, :default => false + property :weekly_reports, Boolean, :default => false + property :monthly_reports, Boolean, :default => false + has n, :notifications, :constraint => :destroy has n, :favorites, :child_key => :user_id, :constraint => :destroy diff --git a/app/views/settings/index.html.erb b/app/views/settings/index.html.erb index c8bf17a38..c0074dd1e 100644 --- a/app/views/settings/index.html.erb +++ b/app/views/settings/index.html.erb @@ -40,7 +40,7 @@
- + <% if not Snorby::CONFIG[:user_reports_control] %>

<%= check_box_tag '[settings][daily]', 1, (Setting.daily ? Setting.find(:daily) : nil) %> <%= label_tag 'Daily Reports' %>
(Send a report summarizing the captured traffic daily.)
@@ -55,7 +55,7 @@ <%= check_box_tag '[settings][monthly]', 1, (Setting.monthly ? Setting.find(:monthly) : nil) %> <%= label_tag 'Monthly Reports' %>
(Send a report summarizing the captured traffic monthly)

- + <% end %>

<%= check_box_tag '[settings][lookups]', 1, (Setting.lookups ? Setting.find(:lookups) : nil) %> <%= label_tag 'Address Lookups' %>
(This option enables the analyst to perform basic queries on source & destination addresses using external sources.)
diff --git a/app/views/users/registrations/edit.html.erb b/app/views/users/registrations/edit.html.erb index 05417f679..ed4278d73 100644 --- a/app/views/users/registrations/edit.html.erb +++ b/app/views/users/registrations/edit.html.erb @@ -86,8 +86,27 @@

<%= f.check_box :admin %> <%= f.label "Administrator" %> +
(should this user have administrative rights?)

+ <% end %> + + <% if Snorby::CONFIG[:user_reports_control] %> +

+ <%= f.check_box :daily_reports %> <%= f.label 'Daily Reports' %> +
+ (Send a report summarizing the captured traffic daily) +

+

+ <%= f.check_box :weekly_reports %> <%= f.label 'Weekly Reports' %> +
+ (Send a report summarizing the captured traffic weekly) +

+

+ <%= f.check_box :monthly_reports %> <%= f.label 'Monthly Reports' %> +
+ (Send a report summarizing the captured traffic monthly) +

<% end %> diff --git a/lib/snorby/jobs/sensor_cache_job.rb b/lib/snorby/jobs/sensor_cache_job.rb index f534bf648..ee8a6a1b4 100644 --- a/lib/snorby/jobs/sensor_cache_job.rb +++ b/lib/snorby/jobs/sensor_cache_job.rb @@ -144,7 +144,7 @@ def perform now = current_time.to_date + 0.second yesterday = current_time.yesterday.to_date + 0.second - if Setting.daily? + if (Snorby::CONFIG[:user_reports_control] and user.daily_reports) or ((not Snorby::CONFIG[:user_reports_control]) and Setting.daily?) last_report_to_date = if user.last_daily_report_at.present? user.last_daily_report_at.in_time_zone(user.timezone).to_date + 0.second else @@ -168,7 +168,7 @@ def perform # Weekly - if Setting.weekly? + if (Snorby::CONFIG[:user_reports_control] and user.weekly_reports) or ((not Snorby::CONFIG[:user_reports_control]) and Setting.weekly?) current_week = current_time.strftime('%Y%W').to_i last_weekly_to_date = if user.last_weekly_report_at.present? @@ -188,7 +188,7 @@ def perform end # Monthly - if Setting.monthly? + if (Snorby::CONFIG[:user_reports_control] and user.monthly_reports) or ((not Snorby::CONFIG[:user_reports_control]) and Setting.monthly?) current_month = current_time.strftime('%Y%m').to_i last_monthly_to_date = if user.last_monthly_report_at.present? From 1f541f89100791aa592508f9d12d135e023c1cd0 Mon Sep 17 00:00:00 2001 From: Baptiste MOINE Date: Thu, 17 Mar 2016 16:40:11 +0100 Subject: [PATCH 5/8] Fix "No time_zone specified in snorby_config.yml" --- config/snorby_config.yml.example | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/snorby_config.yml.example b/config/snorby_config.yml.example index 2849d5b3e..392a4d0e9 100644 --- a/config/snorby_config.yml.example +++ b/config/snorby_config.yml.example @@ -22,7 +22,7 @@ production: # searching will use local time. timezone_search: true # uncomment to set time zone to time zone of box from /usr/share/zoneinfo, e.g. "America/Cancun" - # time_zone: 'UTC' + time_zone: 'Europe/Paris' # # Only Use For Development @@ -39,7 +39,7 @@ development: - "/Users/mephux/.snort/so_rules" authentication_mode: database # uncomment to set time zone to time zone of box from /usr/share/zoneinfo, e.g. "America/Cancun" - # time_zone: 'UTC' + time_zone: 'Europe/Paris' # authentication_mode: cas # cas_config: # base_url: https://auth.server.com.br/ From fdd0a00f009b8825abfe7a6146c470b72d606cb0 Mon Sep 17 00:00:00 2001 From: Baptiste MOINE Date: Thu, 17 Mar 2016 16:48:09 +0100 Subject: [PATCH 6/8] Add net-ssh --- Gemfile | 1 + Gemfile.lock | 1 + 2 files changed, 2 insertions(+) diff --git a/Gemfile b/Gemfile index e19b9859f..856207322 100644 --- a/Gemfile +++ b/Gemfile @@ -63,6 +63,7 @@ gem 'chronic', '~> 0.3.0' gem 'pdfkit', '~> 0.4.6' gem 'ezprint', :git => 'https://github.com/mephux/ezprint.git', :branch => 'rails3', :require => 'ezprint' gem 'daemons', '~> 1.1.0' +gem 'net-ssh', '~>2.9.2' gem 'delayed_job', '~> 2.1.4' gem 'delayed_job_data_mapper', '~> 1.0.0.rc', :git => 'https://github.com/Snorby/delayed_job_data_mapper.git' diff --git a/Gemfile.lock b/Gemfile.lock index 838f4457b..42552de67 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -331,6 +331,7 @@ DEPENDENCIES mail (~> 2.3) minitest net-dns (~> 0.6.1) + net-ssh (~> 2.9.2) netaddr (~> 1.5.0) pdfkit (~> 0.4.6) rails (= 3.2.22) From ffd1d4b721a92c26a3f060a6a03515dc96276130 Mon Sep 17 00:00:00 2001 From: Baptiste MOINE Date: Thu, 17 Mar 2016 16:57:13 +0100 Subject: [PATCH 7/8] Replace byebug w/ pry-byebug To fix "byebug requires Ruby version >= 2.0.0" issue, you simply need to update to "pry-byebug" by replacing this line: ``` gem 'byebug' ``` with: ``` gem 'pry-byebug', platform: [:ruby_20] ``` --- Gemfile | 2 +- Gemfile.lock | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 856207322..3de4251f5 100644 --- a/Gemfile +++ b/Gemfile @@ -87,7 +87,7 @@ gem 'timezone_local', '~> 0.1.5' group(:development) do gem "letter_opener" gem 'thin' - gem 'byebug' + gem 'pry-byebug', platform: [:ruby_20] end group(:test) do diff --git a/Gemfile.lock b/Gemfile.lock index 42552de67..65c29d59a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -61,7 +61,7 @@ GEM bcrypt-ruby (3.1.5) bcrypt (>= 3.1.3) builder (3.0.4) - byebug (6.0.0) + byebug (8.2.1) cancan (1.6.10) capistrano (2.14.1) highline @@ -204,6 +204,13 @@ GEM pdfkit (0.4.6) polyglot (0.3.5) power_assert (0.2.4) + pry (0.10.3) + coderay (~> 1.1.0) + method_source (~> 0.8.1) + slop (~> 3.4) + pry-byebug (3.3.0) + byebug (~> 8.0) + pry (~> 0.10) rack (1.4.7) rack-cache (1.2) rack (>= 0.4) @@ -287,7 +294,6 @@ DEPENDENCIES activesupport (= 3.2.22) ansi bundler (>= 1.0.0) - byebug cancan (~> 1.6) capistrano (= 2.14.1) capybara @@ -334,6 +340,7 @@ DEPENDENCIES net-ssh (~> 2.9.2) netaddr (~> 1.5.0) pdfkit (~> 0.4.6) + pry-byebug rails (= 3.2.22) railties (= 3.2.22) rake (= 0.9.2) From f8b0794525e1f50d9cb9d6fb78cc52845a13fe42 Mon Sep 17 00:00:00 2001 From: Baptiste MOINE Date: Thu, 17 Mar 2016 16:57:27 +0100 Subject: [PATCH 8/8] Update Gemfile.lock --- Gemfile.lock | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 65c29d59a..1c7ebf0ac 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,4 @@ + GIT remote: https://github.com/Snorby/delayed_job_data_mapper.git revision: 6f1c4a8c3ad62e4ef6baafec9a2a9914d0643085 @@ -54,7 +55,7 @@ GEM activesupport (3.2.22) i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) - addressable (2.3.8) + addressable (2.4.0) ansi (1.5.0) arel (3.0.3) bcrypt (3.1.10) @@ -69,7 +70,7 @@ GEM net-sftp (>= 2.0.0) net-ssh (>= 2.0.14) net-ssh-gateway (>= 1.1.0) - capybara (2.4.4) + capybara (2.5.0) mime-types (>= 1.16) nokogiri (>= 1.3.3) rack (>= 1.0.0) @@ -77,6 +78,7 @@ GEM xpath (~> 2.0) chronic (0.3.0) closure-compiler (1.1.11) + coderay (1.1.0) daemons (1.1.9) data_objects (0.10.16) addressable (~> 2.1) @@ -87,7 +89,7 @@ GEM bcrypt-ruby (~> 3.0) orm_adapter (~> 0.0.3) warden (~> 1.1) - devise_cas_authenticatable (1.5.0) + devise_cas_authenticatable (1.7.0) devise (>= 1.2.0) rubycas-client (>= 2.2.1) diff-lcs (1.2.5) @@ -165,7 +167,7 @@ GEM eventmachine (1.0.8) fastercsv (1.5.5) geoip (1.1.2) - highline (1.7.3) + highline (1.7.8) hike (1.2.3) home_run (1.0.9) i18n (0.7.0) @@ -173,11 +175,11 @@ GEM closure-compiler (>= 0.1.0) yui-compressor (>= 0.9.1) journey (1.0.4) - jquery-rails (3.1.3) + jquery-rails (3.1.4) railties (>= 3.0, < 5.0) thor (>= 0.14, < 2.0) json (1.8.3) - json_pure (1.8.2) + json_pure (1.8.3) launchy (2.4.3) addressable (~> 2.3) letter_opener (1.4.1) @@ -185,8 +187,9 @@ GEM mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) + method_source (0.8.2) mime-types (1.25.1) - mini_portile (0.6.2) + mini_portile2 (2.0.0) minitest (4.7.5) multi_json (1.11.2) net-dns (0.6.1) @@ -198,12 +201,12 @@ GEM net-ssh-gateway (1.2.0) net-ssh (>= 2.6.5) netaddr (1.5.0) - nokogiri (1.6.6.2) - mini_portile (~> 0.6.0) + nokogiri (1.6.7.1) + mini_portile2 (~> 2.0.0.rc2) orm_adapter (0.0.7) pdfkit (0.4.6) polyglot (0.3.5) - power_assert (0.2.4) + power_assert (0.2.6) pry (0.10.3) coderay (~> 1.1.0) method_source (~> 0.8.1) @@ -212,7 +215,7 @@ GEM byebug (~> 8.0) pry (~> 0.10) rack (1.4.7) - rack-cache (1.2) + rack-cache (1.5.1) rack (>= 0.4) rack-ssl (1.3.4) rack @@ -253,17 +256,18 @@ GEM rubycas-client (2.3.9) activesupport simple_form (1.2.2) + slop (3.6.0) sprockets (2.2.3) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) stringex (1.5.1) - test-unit (3.1.3) + test-unit (3.1.5) power_assert - thin (1.6.3) + thin (1.6.4) daemons (~> 1.0, >= 1.0.9) - eventmachine (~> 1.0) + eventmachine (~> 1.0, >= 1.0.4) rack (~> 1.0) thor (0.19.1) tilt (1.4.1) @@ -275,9 +279,9 @@ GEM turn (0.9.7) ansi minitest (~> 4) - tzinfo (0.3.44) + tzinfo (0.3.46) uuidtools (2.1.5) - warden (1.2.3) + warden (1.2.4) rack (>= 1.0) whois (2.3.0) xpath (2.0.0) @@ -359,4 +363,4 @@ DEPENDENCIES whois (~> 2.3.0) BUNDLED WITH - 1.10.6 + 1.11.2 \ No newline at end of file