Class: Aoandon::Nids

Inherits:
Object
  • Object
show all
Defined in:
lib/aoandon.rb

Constant Summary collapse

CONF_PATH = 
'config/rules.yml'

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeNids

Returns a new instance of Nids.



16
17
18
19
20
21
22
23
24
25
 
# File 'lib/aoandon.rb', line 16

def initialize
  options = Nids.parse
  options[:file] = CONF_PATH unless options[:file]
  options[:interface] = Pcap.lookupdev unless options[:interface]
  puts "Starting Aoandon NIDS on interface #{options[:interface]}..."
  log = Log.new(options[:verbose])
  @syntax = Syntax.new(log, {file: options[:file]})
  @semantic = Semantic.new(log)
  @network_interface = Pcap::Capture.open_live(options[:interface])
end

Class Method Details

.parseObject 



40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/aoandon.rb', line 40

def self.parse
  options = {}

  OptionParser.new do |opts|
    opts.banner = "Usage: #$0 [options]"
    opts.on('-f', '--file <path>', 'Load the rules contained in file <path>.') {|f| options[:file] = f }
    opts.on('-h', '--help', 'Help.') { puts opts; exit }
    opts.on('-i', '--interface <if>', 'Sniff on network interface <if>.') {|i| options[:interface] = i }
    opts.on('-v', '--verbose', 'Produce more verbose output.') { options[:verbose] = true }
    opts.on('-V', '--version', 'Show the version number and exit.') { version; exit }
  end.parse!

  options
end

.versionObject 



55
56
57
 
# File 'lib/aoandon.rb', line 55

def self.version
  puts "Aoandon #{VERSION}"
end

Instance Method Details

#runObject 



27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/aoandon.rb', line 27

def run
  puts 'You can stop Aoandon NIDS by pressing Ctrl-C.'

  @network_interface.each_packet do |packet|
    if packet.ip?
      @semantic.test(packet)
      @syntax.test(packet)
    end
  end

  @network_interface.close
end