diff -Naur idabench-1.0/CHANGELOG idabench-devel-20030715/CHANGELOG --- idabench-1.0/CHANGELOG Wed Jul 2 05:37:57 2003 +++ idabench-devel-20030715/CHANGELOG Tue Jul 15 17:15:44 2003 @@ -1,5 +1,22 @@ # idabench-v1.0 CHANGELOG initialized 2003-05-13 # + +# Changes since idabench-1.0 + +2003-07-09 - As requested by Anton Chuvakin (thanks!), I added multihour +capability to fetchem.pl(.in). New commandline param "-e YYYYMMDDHH" specifys +the end of a range to be fetchem-ed. + +2003-07-10 - several spelling fixes + +2003-07-11 - Replaced several uses of tmpnam() with File::Temp(tempfile) +throughout, as race conditions are NOT a good thing in a security package. +Several other tempfile related issues cleanued up. + +2003-07-15 - Added a p0f plugin. Needed to build checkbox objects in search.cgi +to support it. Fixed spelling error in CHANGELOG. + +# Changes since shadowias-1.8-prerelease Ongoing - documentation 2003-05-13 - Fixed numerous path related isues in cgi and html pages. diff -Naur idabench-1.0/bin/fetchem.pl.in idabench-devel-20030715/bin/fetchem.pl.in --- idabench-1.0/bin/fetchem.pl.in Tue Jul 1 10:44:34 2003 +++ idabench-devel-20030715/bin/fetchem.pl.in Sun Jul 13 02:10:02 2003 @@ -9,7 +9,7 @@ # # ############################################################################## # -# fetchem.pl - idabench Version 1.0 +# fetchem.pl - idabench Version 1.0.1 # # Script to fetch tcpdump gzipped hourly logfiles from a sensor, # move them to an dated subdirectory on the analyzer, run through @@ -29,22 +29,18 @@ use POSIX qw(strftime); use Time::Local; -our ($IDABENCH_USER, $SENSOR_USER, $ANALYZER_DIR, $IDABENCH_SITE_PATH, $SENSOR, $SENSOR_DIR, $LOG_FILE, $OUTPUT_WEB_DIR, $IDABENCH_LIB_PLUGIN_PATH, $IDABENCH_LOG_PATH, $SITE, $SITE_FORM_LABEL, $Site, $TZ, $tz, $tz_diff, $debug, @snif_cmd, @snif_date, $sdlen, $snif_file, $snif_time, $snifline, $snifdate, @gmt_snif_date, $yr_format, $hour, $num_children, @out_cmd, @out_file, @out_handle, $output_dir, $subdir, $rmt_cmd, @plugin_aggregate, $plugname, @plugin_head, @plugin_color, @pluglist, @plugin_numtriggers, $sym); +our ($IDABENCH_USER, $SENSOR_USER, $ANALYZER_DIR, $IDABENCH_SITE_PATH, $SENSOR, +$SENSOR_DIR, $LOG_FILE, $OUTPUT_WEB_DIR, $IDABENCH_LIB_PLUGIN_PATH, $IDABENCH_SCRATCH_PATH, +$IDABENCH_LOG_PATH, $SITE, $SITE_FORM_LABEL, $Site, $TZ, $tz, $tz_diff, $debug, +@snif_cmd, @snif_date, $sdlen, $snif_file, $snif_time, $snifline, $snifdate, +$snifyear, $snifmon, $snifmday, $snifhour, $hour_only, +$end_time, $endhour, $endmday, $endmon, $endyear, $enddate, +@gmt_snif_date, $yr_format, $hour, $num_children, @out_cmd, @out_file, +@out_handle, $output_dir, $subdir, $rmt_cmd, @plugin_aggregate, $plugname, +@plugin_head, @plugin_color, @pluglist, @plugin_numtriggers, $sym +); # -######################################################################### -# -# Subroutine to return a method reference. (From "Programming Perl" -# Third Edition, p. 261. -# -#sub get_method_ref { -# my ($self, $methodname) = @_; -# my $methref = sub { -# return $self->$methodname(@_); -# }; -# return $methref; -#} -# # BEGIN INSTALLER SCRIPT SECTION ############################################ # END INSTALLER SCRIPT SECTION ############################################## @@ -69,29 +65,43 @@ } # -$tz = "LOC"; -$snifdate = ""; -$yr_format = "a4a2a2a2"; # sub usage { - print "Usage: fetchem -l Site {-debug} {-d YYYYMMDDHH}.\n"; + print "Usage: fetchem -l SITE {-debug} {-d YYYYMMDDHH {-e YYYYMMDDHH}}.\n" + ." -l SITE Site, as defined by a site.ph file, from which to retrieve \n" + ." hourly dumpfiles and/or perform hourly analysis.\n" + ." -debug Output debugging information to fetchem.log.\n" + ." -d YYYYMMDDHH Date/time group of file to retrieve and process. If used\n" + ." in conjunction with a \"-e\" option, this defines the\n" + ." starting date/time of a range. If unspecified, current\n" + ." hour minus one is assumed.\n" + ." -e YYYYMMDDHH Ending date/time group of a range.\n"; exit 2; } + # # Parse the parameters. # # # Initialize a few variables for testing after cmdline opts parsing -($Site, $sdlen) = (0, 0); +$tz = "LOC"; +$yr_format = "a4a2a2a2"; +($Site, $sdlen, $snifdate, $enddate) = (0, 0, 0, 0); -&GetOptions("debug", \$debug, "d:s", \$snifdate, "l=s", \$Site); +&GetOptions("debug", \$debug, "d:s", \$snifdate, "e:s", \$enddate, "l=s", \$Site); # -# Check parameter validity. +# check parameter validity. # -$sdlen = length($snifdate) if $snifdate; +$sdlen = length($snifdate) if ($snifdate != 0); usage unless (("$Site" gt 0) and (($sdlen == 0) or ($sdlen == 10))); +if ($enddate != 0){ + usage if (($enddate < $snifdate) || ! $snifdate); +} else { + $enddate = $snifdate; +} + ## # # Rid ourselves of standard output and error to prevent tons of mail messages @@ -126,8 +136,8 @@ # If we have been called with a SNIFDATE parameter, set up the $subdir variable, # else download the SNIFDATE from the sensor. # -if ($snifdate eq "") { - $snif_file="/tmp/" . $SITE . "_sensor.date"; +if ($snifdate == 0) { + $snif_file="$IDABENCH_SCRATCH_PATH/" . $SITE . "_sensor.date"; print STDOUT "SNIF file = $snif_file \n"; @@ -151,21 +161,45 @@ unlink $snif_file; } # -# Unpack the "snifdate" into its useful components. # -my ($year, $mon, $mday, $hour_only) = unpack($yr_format, $snifdate); +if ($snifdate == 0) { + $snifdate = strftime("%Y%m%d", localtime); + $snifdate .= "00"; +} +if ($enddate == 0) { + $enddate = $snifdate; +} +# +# Unpack the dates into their useful components. +# +($snifyear, $snifmon, $snifmday, $snifhour) = unpack($yr_format, $snifdate); +($endyear, $endmon, $endmday, $endhour) = unpack($yr_format, $enddate); # # Compensate for the way Perl stores months and years. -$mon -= 1; -$year -= 1900; +# +$snifmon -= 1; +$snifyear -= 1900; +$endmon -= 1; +$endyear -= 1900; # # Convert our snif date back to time format. # if ($tz eq "GMT") { - $snif_time = timegm(0, 0, $hour_only, $mday, $mon, $year); + $snif_time = timegm(0, 0, $snifhour, $snifmday, $snifmon, $snifyear); + $end_time = timegm(0, 0, $endhour, $endmday, $endmon, $endyear); } else { - $snif_time = timelocal(0, 0, $hour_only, $mday, $mon, $year); + $snif_time = timelocal(0, 0, $snifhour, $snifmday, $snifmon, $snifyear); + $end_time = timelocal(0, 0, $endhour, $endmday, $endmon, $endyear); } +$end_time += 3600; + +# Loop through the times, adjusting for TZ and retrieving & processing the sensor +# data +# +my $time; +for ($time = $snif_time; $time < $end_time; $time += 3600) { +$snif_time = $time; + # # If the snifdate was obtained from the sensor, subtract an hour - (The # sensor is working on the current hour.) @@ -259,14 +293,15 @@ my $result = ; close(REMOTE); if ($result =~ /No such file/) { - die("Unable to locate RAW data file on sensor."); + warn("Unable to locate RAW data file on sensor."); + next; } print STDOUT ("$SCP_CMD -q ${src_prefix}${src_file} $zipped_file\n"); # # It's not on the analyzer, so fetch it from the sensor. # system("$SCP_CMD -q ${src_prefix}${src_file} $zipped_file") == 0 or - die("Unable to copy zipped Data file from $SENSOR."); + warn("Unable to copy gzipped data file from $SENSOR."); chmod 0444, $zipped_file; } @@ -510,4 +545,4 @@ # printf STDOUT "%s : %s\n", strftime("%c", localtime(time)), "$0 completed."; # - +} diff -Naur idabench-1.0/bin/sort_and_resolve.pl.in idabench-devel-20030715/bin/sort_and_resolve.pl.in --- idabench-1.0/bin/sort_and_resolve.pl.in Tue Jul 1 10:44:35 2003 +++ idabench-devel-20030715/bin/sort_and_resolve.pl.in Wed Dec 31 19:00:00 1969 @@ -1,162 +0,0 @@ -#!/usr/bin/perl -############################################################################## -# # -# idabench is public domain software and may be freely used and # -# distributed with or without modification. # -# # -# See file "idabench.terms" for DISCLAIMER OF ALL WARRANTIES. # -# # -############################################################################## -# -# sort_and_resolve.pl - idabench Version 1.0 -# -# This file operates on files written by one of the scanning programs -# and orders entries by source IP, date, and time. -# -# -# sort_and_resolve.pl Arguments: -# -# filename - tcpdump output file format. -# -use Socket; -use DB_File; -use POSIX qw(tmpnam); -# -######################################################################### -# - -# Fetch a non-existant temporary file name, and make sure it disappears -# when we exit. -# -do { $db_file = tmpnam() } -# until $fh = IO::File->new($db_file, O_RDWR|O_CREAT|O_EXCL); - until (! -e $db_file); -# -END { unlink($db_file) or die ("Couldn't unlink $db_file : $!") } -# -# Tie the hash %h to the btree format of the Berkeley DB module. The hash %h -# is the tcpdump output line indexed by the source IP address concatenated -# with the time. -# -tie %h, "DB_File", $db_file, O_RDWR|O_CREAT, 0644, $DB_BTREE; - -# -# Main Program, Initialize Name/IP hash. -# -%ip_name = (); -$filein = $ARGV[0]; -$resolve_names = $ARGV[1]; -open(IN,"$filein"); -# -# Read through the entire text file. Construct a key for each record consisting -# of the source IP address of the record followed by the time tcpdump recorded -# the record. This will automatically sort the records by IP and time. -# -while () { - # Newer tcpdump format may not begin with src address. Look for the first - # appearance of a nnn.nnn.nnn.nnn construct and pray that it's the src addr. - my @fields = split(/\s+/ , $_); - foreach $field (@fields) { - if ( $field =~ /[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/){ - @addr = split(/\./ , $field); - last; - } - } - $string_ip = sprintf("%03d%03d%03d%03d", $addr[0], $addr[1], $addr[2], $addr[3]); - $key = sprintf("%s %s", $string_ip, $fields[0]); -# print "$key\n"; - $h{$key} = $_; -} -close(IN); - -$filenameout = $filein . ".sorted"; - -$oldsrcip = "0.0.0.0"; -$olddataline = "gobbledeegook"; -open(OUT,">$filenameout"); -# -# Cycle through our DB file in sorted order and resolve the IP addresses in -# each line. -# - -while (($key, $dataline) = each %h) -{ - my (@addrs, @fields); - @fields = split(/\s+/ , $dataline); - foreach $field (@fields) { - if ( $field =~ /[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/){ - push @addrs, $field; - } - } - next unless @addrs; - $src_ip = $addrs[0]; - $dst_ip = $addrs[1]; - - @src = split(/\./, $src_ip); - pop (@src) if (scalar(@src) == 5); - $srcip = join('.', @src); - $srcname = resolve($srcip) if (($resolve_names eq "yes") and ($srcip ne $oldsrcip)); - - $dst_ip =~ tr/://d; - @dst = split(/\./, $dst_ip); - pop (@dst) if (scalar(@dst) == 5); - $dstip = join('.', @dst); - $dstname = resolve($dstip) if ( $resolve_names eq "yes" ); - - if ($srcip eq $oldsrcip) - { - if ($dataline ne $olddataline) - { - $dataline =~ s/$srcip/$srcname/ if ($srcname); - $dataline =~ s/$dstip/$dstname/ if ($dstname); - print OUT $dataline; - $olddataline = $dataline; - } - } - else - { - print OUT "\n$srcip > $dstip\n"; - $dataline =~ s/$srcip/$srcname/ if ($srcname); - $dataline =~ s/$dstip/$dstname/ if ($dstname); - print OUT $dataline; - $oldsrcip = $srcip; - $olddataline = $dataline; - } -} -close(OUT); -untie(%h); - -sub resolve -{ -# -# Given an IP address: xxx.xxx.xxx.xxx, return a machine name if it exists. -# Keep found names in a hash table to prevent repetitive name lookups. -# - - my $param = shift(@_); - my @octets = (0) x 4; - @octets = split(/\./, $param); - my $ip_addr = join('.', @octets); - - - if ($ip_name{$ip_addr}) { - $name = $ip_name{$ip_addr}; - } elsif (($octets[3] == 0) or ($octets[0] == 255) or - ($octets[1] == 255) or ($octets[2] == 255) or - ($octets[3] == 255)) { - $name = $ip_addr; - $ip_name{$ip_addr} = $ip_addr; - } else { -# -# call system to fetch hostname -# - my $binip = pack "c4", @octets; - my @info = gethostbyaddr($binip, AF_INET); - $name = $info[0] ? $info[0] : ""; - - $ip_name{$ip_addr} = $name; - } - return $name; - -} - diff -Naur idabench-1.0/bin/tcp_slice_dump.pl.in idabench-devel-20030715/bin/tcp_slice_dump.pl.in --- idabench-1.0/bin/tcp_slice_dump.pl.in Tue Jul 1 10:44:35 2003 +++ idabench-devel-20030715/bin/tcp_slice_dump.pl.in Sun Jul 13 02:10:21 2003 @@ -42,33 +42,6 @@ # if path was defined with `which`, it may end with a newline chomp $$sym; } -######################################################################### -# -# Subroutine to return a method reference. (From "Programming Perl" -# Third Edition, p. 261. -# -#sub get_method_ref { -# my ($self, $methodname) = @_; -# my $methref = sub { -# return $self->$methodname(@_); -# }; -# return $methref; -#} - -######################################################################### -# -# See if the Compress::Zlib module is available: -# -#if (eval "require Compress::Zlib") { -# import Compress::Zlib; -# $open_sub = sub { -# $gz = gzopen($_[0], "rb"); -# $read_sub = get_method_ref($gz, 'gzread'); -# $close_sub = get_method_ref($gz, 'gzclose'); -# $end_of_file = get_method_ref($gz, 'gzerror'); -# return $gzerrno; -# }; -#} else { $open_sub = sub { $file_all_read = 0; my $file_name = @_[0]; @@ -82,7 +55,6 @@ return $num_bytes; }; $close_sub = sub { return(close(ZIP_DO)) }; $end_of_file = sub { return $file_all_read; }; -#} ######################################################################### # diff -Naur idabench-1.0/install_analyzer idabench-devel-20030715/install_analyzer --- idabench-1.0/install_analyzer Wed Jul 2 07:18:08 2003 +++ idabench-devel-20030715/install_analyzer Sun Jul 13 01:26:13 2003 @@ -29,8 +29,8 @@ ############################################################################## use IO::File; -use POSIX qw(tmpnam); use Getopt::Std; +use File::Temp "tempfile"; our @cgi_files = ("compose_IR.cgi", "kill_group.cgi", "lookup.cgi", "search.cgi", "tools.cgi", "whois.cgi", "indexheader.cgi"); @@ -38,7 +38,7 @@ our @pl_files = ("cleanup.pl", "find_scan.pl", "pat_search.pl", "run_daily_stats.pl", "statistics_glob.pl", "fetchem.pl", "tcp_slice_dump.pl", "obfuscate.pl", "print_stats.pl", - "sort_and_resolve.pl", "statistics.pl"); + "statistics.pl"); our @ph_files = ("findscan.ph", "ngrep.ph", "tcpdump.ph"); @@ -797,19 +797,16 @@ else { my ($tmpfile, $fh); - do { $tmpfile = tmpnam() } - until $fh = IO::File->new($tmpfile, O_RDRW|O_CREAT|O_EXCL); - - open(OUTPUT, "> $tmpfile") or die "Could not open temporary file $tmpfile\n"; + do {($fh, $tmpfile) = tempfile("XXXXXXXX") + or die "Could not open temporary file $tmpfile\n"}; - print OUTPUT $new_user_contents; - close OUTPUT; + print $fh $new_user_contents; system("crontab -u $IDABENCH_USER $tmpfile") and die "Cannot run crontab for user $IDABENCH_USER\n"; print " [ $IDABENCH_USER crontab changed ]"; - unlink $tmpfile; + close $fh; } if(length($root_cron_contents) or !$have_ntpdate or !$have_hwclock) @@ -824,21 +821,18 @@ } else { - my ($tmpfile, $fh); - do { $tmpfile = tmpnam() } - until $fh = IO::File->new($tmpfile, O_RDRW|O_CREAT|O_EXCL); - - open(OUTPUT, "> $tmpfile") or die "Could not open temporary file $tmpfile\n"; - - print OUTPUT $new_root_contents; - close OUTPUT; - system("crontab -u root $tmpfile") and - die "Installer cannot run crontab for root\n"; - - print " [ root crontab changed ]"; - - unlink $tmpfile; - } + my ($tmpfile, $fh); + do {($fh, $tmpfile) = tempfile("XXXXXXXX") + or die "Could not open temporary file $tmpfile\n"}; + + print $fh $new_root_contents; + system("crontab -u root $tmpfile") and + die "Cannot run crontab for user root.\n"; + + print " [ root crontab changed ]"; + + close $fh; + } print "\n"; push @needtos, "Add crontab lines for user $IDABENCH_USER for each additional sensor."; } diff -Naur idabench-1.0/lib/plugins/p0f.se idabench-devel-20030715/lib/plugins/p0f.se --- idabench-1.0/lib/plugins/p0f.se Wed Dec 31 19:00:00 1969 +++ idabench-devel-20030715/lib/plugins/p0f.se Tue Jul 15 16:48:00 2003 @@ -0,0 +1,141 @@ +############################################################################## +# # +# idabench is public domain software and may be freely used and # +# distributed with or without modification. # +# # +# See file "idabench.terms" for DISCLAIMER OF ALL WARRANTIES. # +# # +############################################################################## + +$heading = "Use p0f to identify operating systems"; + +sub build_form_table +{ + (&choose_site(), &choose_lines(), &choose_tcpdump(), + &choose_time(), &choose_p0f_mods() + ); +} + +sub build_search_command +{ + return &build_p0fcmd(); +} + +# No arguments. +# Perform plugin-specific data validation, and add to $aborted if errors found. +# All general validity checks will have been performed before this is called. +sub plugin_validation +{ +} + +# One argument: A line of the output from the search command. +# Transform it in place to make the output suitable for display. +sub transform_plugin_line +{ +chomp unless ( m/^\s*\+/); +} + +# No arguments. +# Returns a list of html to introduce the results. +sub answer_heading +{ + my $escpattern = escapeHTML($pattern); + ( + h1("Your answers: "), + p(" Sensor: $param_info{site}{labels}{$site} -- Host lookup: $nslookup"), + p(" Dates: $bdate - $edate ----- Pattern: $escpattern") + ); +} + +# +# No arguments. +# Build and return the string needed to run p0f. +# Die if the command won't run in syntax check mode. +# Currently this has the side effect of setting the global +# $pattern, but a way should be found to eliminate this. +# +sub build_p0fcmd +{ + our $pattern = bpf_pat_build(); + my $quotepattern = "'".$pattern."'"; + + my ($verb, $tstp, $ksigs, $usigs); + $verb="v" if ($verbose eq "yes"); + $tstp = "t" if ($timestamps eq "yes"); + foreach $val (param(known)){ + $ksigs="K" if ($val eq "known"); + $usigs="U" if ($val eq "unknown"); + } + unless ( -x "$P0F_PLGBIN"){ + $pattern_error = qq(Plugin error. p0f not found. Please install p0f to access this capability.); + return ""; + } + $pattern_error = "Pattern input error:\n\n\t$pattern\n" if ( system $P0F_PLGBIN, "-${ksigs}${usigs}${verb}${tstp}qs", $PCAPTESTF, $pattern ); + + return "$P0F_PLGBIN -${ksigs}${usigs}${verb}${tstp}qs - $quotepattern"; +} + +# +# Additional parameters to pass to tcpdump. +# + +sub choose_p0f_mods +{ + ( + verbose => { + new => "block", + param_label => "Verbose output?", + maxlen => "3", + param_type => "radio", + values => [ "no", "yes" ], + default_value => "yes", + }, + timestamps => { + spacing => "3", + param_label => "Include timestamps in output?", + maxlen => "3", + param_type => "radio", + values => [ "no", "yes" ], + default_value => "yes", + }, + known => { + new => "line", + param_label => "Hide packets whose signatures are:", + maxlen => "7", + param_type => "checkbox", + values => [ "known", "unknown" ], + } + ); +} + +sub choose_site +{ + return ( + site=> { + new => "block", + bgcolor => $topframe, + param_label => "Which Sensor: ", + maxlen => "50", + param_type => "popup", + values => \@SiteFormVals, + labels => \%SiteValueName, + default_value => $IDABENCH_SITE_DEFAULT, + } + ); +} + +sub choose_lines +{ + return ( + max_lines => { + spacing => "3", + param_label => "Max output lines: ", + maxlen => "7", + param_type => "number", + field_size => "6", + min_value => "0", + max_value => "3000000", + default_value => "10000", + } + ); +} diff -Naur idabench-1.0/lib/plugins/plugins.ph idabench-devel-20030715/lib/plugins/plugins.ph --- idabench-1.0/lib/plugins/plugins.ph Tue Jul 1 10:44:37 2003 +++ idabench-devel-20030715/lib/plugins/plugins.ph Tue Jul 15 16:48:54 2003 @@ -1,3 +1,4 @@ $TCPDUMP_PLGBIN = `which tcpdump`; $NGREP_PLGBIN = `which ngrep`; +$P0F_PLGBIN = `which p0f`; $TETHEREAL_PLGBIN = `which tethereal`; diff -Naur idabench-1.0/lib/plugins/tcpdump.ph idabench-devel-20030715/lib/plugins/tcpdump.ph --- idabench-1.0/lib/plugins/tcpdump.ph Tue Jul 1 10:44:36 2003 +++ idabench-devel-20030715/lib/plugins/tcpdump.ph Sun Jul 13 01:26:32 2003 @@ -8,8 +8,7 @@ ############################################################################## use Socket; use DB_File; -use File::Temp "tempfile"; -use POSIX qw(tmpnam); +use File::Temp qw(tempfile tempdir mktemp); $head = "tcpdump: Context (Packet Header) Pattern Matches"; $color = "#eeeeee"; @@ -83,34 +82,32 @@ close(TEXTFILE); }; -our $db_file; -END -{ - if(defined $db_file) - { - unlink($db_file) or die ("Couldn't unlink $db_file : $!") - } -} + # # First argument: name of input file # Second argument: "yes" to resolve names. Any other value will not resolve names. # sub sort_and_resolve { - - # Fetch a non-existant temporary file name. END block above makes sure it - # disappears when we exit. - # - do { $db_file = tmpnam() } - until (! -e $db_file); # + # We need to supply a filename to tie(DB_TREE), so we can't use tempfile(). + # Instead, we create a secure directory , then settle for the more hazardous + # mktemp() to specify a filename within it. + # + my $tmpdir = tempdir( + sortXXXXXXXX, + DIR => "${IDABENCH::IDABENCH_SCRATCH_PATH}", + CLEANUP => 1 + ); + my $db_file = mktemp("$tmpdir/XXXXXXXX"); # # Tie the hash %h to the btree format of the Berkeley DB module. The hash %h # is the tcpdump output line indexed by the source IP address concatenated # with the time. # my %h; - tie %h, "DB_File", $db_file, O_RDWR|O_CREAT, 0644, $DB_BTREE; + tie %h, "DB_File", $db_file, O_RDWR|O_CREAT, 0644, $DB_BTREE + or die "Couldn't create db_file $db_file: $!\n"; # # Main Program, Initialize Name/IP hash. @@ -136,10 +133,10 @@ my @fields = split(/\s+/ , $_); my @addr; foreach my $field (@fields) { - if ( $field =~ /[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/){ + if ( $field =~ /[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/){ @addr = split(/\./ , $field); last; - } + } } my $string_ip = sprintf("%03d%03d%03d%03d", $addr[0], $addr[1], $addr[2], $addr[3]); $key = sprintf("%s %s", $string_ip, $fields[0]); @@ -161,16 +158,16 @@ while (($key, $dataline) = each %h) { ++$dcount; - my (@addrs, @fields); - @fields = split(/\s+/ , $dataline); - foreach $field (@fields) { + my (@addrs, @fields); + @fields = split(/\s+/ , $dataline); + foreach $field (@fields) { if ( $field =~ /[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/){ - push @addrs, $field; + push @addrs, $field; } - } - next unless @addrs; - my $src_ip = $addrs[0]; - my $dst_ip = $addrs[1]; + } + next unless @addrs; + my $src_ip = $addrs[0]; + my $dst_ip = $addrs[1]; my @src = split(/\./, $src_ip); pop (@src) if (scalar(@src) == 5); @@ -185,27 +182,27 @@ if ($srcip eq $oldsrcip) { - if ($dataline ne $olddataline) - { - $dataline =~ s/$srcip/$srcname/ if ($srcname); + if ($dataline ne $olddataline) + { + $dataline =~ s/$srcip/$srcname/ if ($srcname); $dataline =~ s/$dstip/$dstname/ if ($dstname); print OUT $dataline; - $olddataline = $dataline; - } + $olddataline = $dataline; + } } else { - print OUT "\n$srcip > $dstip\n"; - $dataline =~ s/$srcip/$srcname/ if ($srcname); - $dataline =~ s/$dstip/$dstname/ if ($dstname); - print OUT $dataline; - $oldsrcip = $srcip; - $olddataline = $dataline; + print OUT "\n$srcip > $dstip\n"; + $dataline =~ s/$srcip/$srcname/ if ($srcname); + $dataline =~ s/$dstip/$dstname/ if ($dstname); + print OUT $dataline; + $oldsrcip = $srcip; + $olddataline = $dataline; } } close(OUT); untie(%h); - print STDOUT "Records read = $lcount, Database elements =$dcount\n"; + print STDOUT "Records read = $lcount, Database elements = $dcount\n"; } sub resolve @@ -246,7 +243,7 @@ # A routine to perform variable substitution & strip out comments in filter files { my $filterfile = shift; - ($fh, $newfilter) = tempfile("XXXXXXXX", DIR => "$IDABENCH::IDABENCH_SCRATCH_PATH"); + ($fh, $newfilter) = tempfile("mkfilterXXXXXXXX", DIR => "$IDABENCH::IDABENCH_SCRATCH_PATH", CLEANUP => 1); open(FILT, "<$filterfile"); my ($mainsection, %filtervars); diff -Naur idabench-1.0/lib/plugins/tcpdump.se idabench-devel-20030715/lib/plugins/tcpdump.se --- idabench-1.0/lib/plugins/tcpdump.se Tue Jul 1 10:44:36 2003 +++ idabench-devel-20030715/lib/plugins/tcpdump.se Sun Jul 13 01:26:18 2003 @@ -88,7 +88,7 @@ ( verbose => { new => "block", - param_label => "Chose level of detail:", + param_label => "Choose level of detail:", maxlen => "12", param_type => "radio", values => [ "quiet", "default", "verbose", "very verbose" ], diff -Naur idabench-1.0/var/www/cgi-bin/search.cgi.in idabench-devel-20030715/var/www/cgi-bin/search.cgi.in --- idabench-1.0/var/www/cgi-bin/search.cgi.in Wed Jul 2 10:34:58 2003 +++ idabench-devel-20030715/var/www/cgi-bin/search.cgi.in Tue Jul 15 16:57:23 2003 @@ -499,27 +499,6 @@ ); } -sub choose_tcpdump_mods -{ - ( - verbose => { - new => "block", - param_label => "Choose level of detail (verbosity):", - maxlen => "7", - param_type => "radio", - values => [ "default", "1", "2", "3" ], - default_value => "default", - }, - hexa => { - spacing => "3", - param_label => "Print output in hexadecimal?", - maxlen => "3", - param_type => "radio", - values => [ "Yes", "No" ], - default_value => "No", - } - ); -} # # No arguments. # Returns a list of elements defining the host choice @@ -662,6 +641,16 @@ -default=>$param_info{$name}{default_value}); } +# +# Return a checkbox field using the value of this field as text +# +sub UI_checkbox_group { + my $name = shift; + checkbox_group(-name=>$name, + -values=>$param_info{$name}{values}, + -defaults=>$param_info{$name}{default_values}); +} + # # Subroutine to create a text field from param_info table # @@ -700,6 +689,14 @@ } # One argument: field name +# Return a list of the text for a checkbox group using the possible values of this field +# If the field has a label in param_info, use it to label the group. +sub UI_label_checkbox { + my $name = shift; + (UI_label($name), UI_checkbox_group($name)); +} + +# One argument: field name # Return a list of the text for a text input field. # If the field has a label in param_info, use it to label the input box. # @@ -750,6 +747,7 @@ $param_type = "radio" if (!defined($param_type)); # will cause visible error push @linebody, UI_label_radio($fldname) if($param_type eq "radio"); + push @linebody, UI_label_checkbox($fldname) if($param_type eq "checkbox"); push @linebody, UI_label_popup($fldname) if($param_type eq "popup"); push @linebody, UI_label_textfield($fldname) if(($param_type eq "string") or ($param_type eq "number"));