The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis

engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools. ACID has the ability to analyze a wide variety of events which are post-processed into its database. Tools exist for the following formats: - Snort - logsnorter
2003-07-08 11:46:21 +00:00 · 2003-07-08 11:46:21 +00:00 · 59893b70b1
commit 59893b70b1
parent 00211bf457
8 changed files with 207 additions and 0 deletions
--- a/acid/DESCR
+++ b/acid/DESCR
@ -0,0 +1,9 @@
+The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis 
+engine to search and process a database of security events generated by 
+various IDSes, firewalls, and network monitoring tools.
+
+ACID has the ability to analyze a wide variety of events which are 
+post-processed into its database. Tools exist for the following formats: 
+
+- Snort
+- logsnorter
--- a/acid/MESSAGE
+++ b/acid/MESSAGE
@ -0,0 +1,23 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1.1.1 2003/07/08 11:46:21 adrian_p Exp $
+
+You will need to make ACID accessible through your HTTP server.
+If you are running Apache and ap-php, then you may copy:
+       
+	${EXDIR}/acid.conf
+
+to ${PKG_SYSCONFDIR}/httpd and add the following line to httpd.conf:
+
+	Include ${PKG_SYSCONFDIR}/httpd/acid.conf
+
+to make ACID accessible through:
+				
+	http://www.domain.com/acid/
+
+You will need to customise ${ACID_DIR}/acid_conf.php before 
+ACID will work.  This includes setting up mySQL database access. 
+For detailed instructions see:
+
+	http://www.andrew.cmu.edu/~rdanyliw/snort/acid_config.html
+
+===========================================================================
--- a/acid/Makefile
+++ b/acid/Makefile
@ -0,0 +1,53 @@
+# $NetBSD: Makefile,v 1.1.1.1 2003/07/08 11:46:21 adrian_p Exp $
+#
+
+DISTNAME=	acid-0.9.6b23
+WRKSRC=		${WRKDIR}/acid
+CATEGORIES=	databases www
+MASTER_SITES=	http://www.andrew.cmu.edu/~rdanyliw/snort/
+
+MAINTAINER=	adrianp@stindustries.net
+HOMEPAGE= 	http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html
+COMMENT=	Database class library for PHP4
+
+DEPENDS+=       php>=4.0.4:../../www/php4
+DEPENDS+=	apache>=1.3:../../www/apache
+DEPENDS+=	adodb>=1.2:../../wip/adodb
+DEPENDS+=	php-jpgraph>=1.8:../../wip/php-jpgraph
+DEPENDS+=	php-mysql>=4.0.4:../../databases/php4-mysql
+DEPENDS+=	php-gd>=4.0.4:../../graphics/php4-gd
+DEPENDS+=	php-sockets>=4.0.4:../../net/php4-sockets
+
+USE_BUILDLINK2=	YES
+
+DOC_FILES=	CHANGELOG CREDITS README README.mssql TODO
+ACID_DIR=	${PREFIX}/share/acid
+EXDIR=		${PREFIX}/share/examples/acid
+MESSAGE_SUBST+= EXDIR=${EXDIR} ACID_DIR=${ACID_DIR}
+
+do-build:
+	@${SED} -e 's#@ACID_DIR@#${ACID_DIR}#g' ${FILESDIR}/acid.conf \
+		>${WRKDIR}/acid.conf
+
+	@${CP} ${WRKSRC}/acid_conf.php ${WRKSRC}/acid_conf.php.orig
+
+	@${SED} -e 's#@PREFIX@#${PREFIX}#g' ${WRKSRC}/acid_conf.php.orig \
+		>${WRKSRC}/acid_conf.php
+
+do-install:
+	${INSTALL_DATA_DIR} ${ACID_DIR}
+	${INSTALL_DATA_DIR} ${EXDIR}
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/acid
+	${INSTALL_SCRIPT} ${WRKSRC}/*.php ${ACID_DIR}
+	${INSTALL_DATA} ${WRKSRC}/*.inc ${ACID_DIR}
+	${INSTALL_DATA} ${WRKSRC}/*.html ${ACID_DIR}
+	${INSTALL_DATA} ${WRKSRC}/*.sql ${ACID_DIR}
+	${INSTALL_DATA} ${WRKSRC}/*.css ${ACID_DIR}
+
+	for FILE in ${DOC_FILES}; do \
+		${INSTALL_DATA} ${WRKSRC}/$$FILE ${PREFIX}/share/doc/acid; \
+	done
+
+	${INSTALL_DATA} ${WRKDIR}/acid.conf ${EXDIR}
+
+.include "../../mk/bsd.pkg.mk"
--- a/acid/PLIST
+++ b/acid/PLIST
@ -0,0 +1,61 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2003/07/08 11:46:21 adrian_p Exp $
+share/acid/acid_action.inc
+share/acid/acid_ag_common.php
+share/acid/acid_ag_main.php
+share/acid/acid_app_faq.php
+share/acid/acid_cache.inc
+share/acid/acid_common.php
+share/acid/acid_conf.php
+share/acid/acid_constants.inc
+share/acid/acid_db.inc
+share/acid/acid_db_common.php
+share/acid/acid_db_setup.php
+share/acid/acid_footer.html
+share/acid/acid_graph_common.php
+share/acid/acid_graph_display.php
+share/acid/acid_graph_form.php
+share/acid/acid_graph_main.php
+share/acid/acid_hdr1.html
+share/acid/acid_hdr2.html
+share/acid/acid_include.inc
+share/acid/acid_log_error.inc
+share/acid/acid_log_timing.inc
+share/acid/acid_main.php
+share/acid/acid_maintenance.php
+share/acid/acid_net.inc
+share/acid/acid_output_html.inc
+share/acid/acid_output_query.inc
+share/acid/acid_qry_alert.php
+share/acid/acid_qry_common.php
+share/acid/acid_qry_form.php
+share/acid/acid_qry_main.php
+share/acid/acid_qry_sqlcalls.php
+share/acid/acid_signature.inc
+share/acid/acid_stat_alerts.php
+share/acid/acid_stat_class.php
+share/acid/acid_stat_common.php
+share/acid/acid_stat_ipaddr.php
+share/acid/acid_stat_iplink.php
+share/acid/acid_stat_ports.php
+share/acid/acid_stat_sensor.php
+share/acid/acid_stat_time.php
+share/acid/acid_stat_uaddr.php
+share/acid/acid_state_citems.inc
+share/acid/acid_state_common.inc
+share/acid/acid_state_criteria.inc
+share/acid/acid_state_query.inc
+share/acid/acid_style.css
+share/acid/create_acid_tbls_mssql.sql
+share/acid/create_acid_tbls_mssql_extra.sql
+share/acid/create_acid_tbls_mysql.sql
+share/acid/create_acid_tbls_pgsql.sql
+share/acid/create_acid_tbls_pgsql_extra.sql
+share/acid/index.html
+share/doc/acid/CHANGELOG
+share/doc/acid/CREDITS
+share/doc/acid/README
+share/doc/acid/README.mssql
+share/doc/acid/TODO
+share/examples/acid/acid.conf
+@dirrm share/doc/acid
+@dirrm share/acid
--- a/acid/TODO
+++ b/acid/TODO
@ -0,0 +1,16 @@
+$NetBSD: TODO,v 1.1.1.1 2003/07/08 11:46:21 adrian_p Exp $
+
+This is ACID which is basically a PHP-based analysis engine to search and 
+process a database of security events generated by various IDSes, firewalls, 
+and network monitoring tools.  It's mainly used for snort when logging to mySQL
+databases.
+
+This requires a few packages which are not in the main pkgsrc tree but are in
+pkgsrc/wip.  Specifically adodb and jpgraph will be pulled in when you install
+this package.
+
+Tested on NetBSD 1.6 i386.
+
+Ta,
+
+Adrian.
--- a/acid/distinfo
+++ b/acid/distinfo
@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1.1.1 2003/07/08 11:46:21 adrian_p Exp $
+
+SHA1 (acid-0.9.6b23.tar.gz) = 2ca04ea4482507ac924318bb1d086021388ef9a6
+Size (acid-0.9.6b23.tar.gz) = 116728 bytes
+SHA1 (patch-aa) = 363fa31a25a877e48689e35f0a759b80f513578b
--- a/acid/files/acid.conf
+++ b/acid/files/acid.conf
@ -0,0 +1,14 @@
+# $NetBSD: acid.conf,v 1.1.1.1 2003/07/08 11:46:21 adrian_p Exp $
+#
+# ACID configuration file fragment for Apache
+
+<IfModule mod_alias.c>
+    Alias /acid/ "@ACID_DIR@/"
+</IfModule>
+
+<Directory "@ACID_DIR@">
+    Options Indexes
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+</Directory>
--- a/acid/patches/patch-aa
+++ b/acid/patches/patch-aa
@ -0,0 +1,26 @@
+$NetBSD: patch-aa,v 1.1.1.1 2003/07/08 11:46:21 adrian_p Exp $
+
+--- acid_conf.php.orig	Tue Jul  8 12:04:32 2003
+++ acid_conf.php	Tue Jul  8 12:06:50 2003
+@@ -9,7 +9,7 @@
+  *        $foo = "c:\tmp"    [OK]
+  *        $foo = "c:\tmp\"   [WRONG]
+  */
+-$DBlib_path = "";
+$DBlib_path = "@PREFIX@/share/adodb";
+ 
+ /* The type of underlying alert database
+  * 
+@@ -66,10 +66,10 @@
+ /* Path to the graphing library 
+  *  (Note: DO NOT include a trailing backslash after the directory)
+  */
+-$ChartLib_path = "";
+$ChartLib_path = "@PREFIX@/share/php-jpgraph";
+ 
+ /* File format of charts ('png', 'jpeg', 'gif') */
+-$chart_file_format = "png";
+$chart_file_format = "jpeg";
+ 
+ /* Chart default colors - (red, green, blue)
+  *    - $chart_bg_color_default    : background color of chart