Opened 11 years ago

Last modified 10 years ago

#43011 new submission

[NEW] cif / collective-intelligence-framework

Reported by: jul_bsd@… Owned by: macports-tickets@…
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: mojca (Mojca Miklavec), pixilla (Bradley Giesbrecht)
Port: cif

Description

Cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). The most common types of threat intelligence warehoused in CIF are IP addresses, domains and urls that are observed to be related to malicious activity.

  • compile/run
  • multiple variant depending on perl release or postgresql
  • subort devel, server
  • for now can't fully test it as I can't set up server because of a bug on libapreq2 (#42927)

Attachments (10)

apache-cif.conf (794 bytes) - added by jul_bsd@… 11 years ago.
nginx-cif.conf (789 bytes) - added by jul_bsd@… 11 years ago.
org.macports.cif-feed.plist (690 bytes) - added by jul_bsd@… 11 years ago.
org.macports.cif-daily.plist (856 bytes) - added by jul_bsd@… 11 years ago.
org.macports.cif-hourly.plist (856 bytes) - added by jul_bsd@… 11 years ago.
cif-client (145 bytes) - added by jul_bsd@… 11 years ago.
cif-server (1.8 KB) - added by jul_bsd@… 11 years ago.
named-cif.conf (1015 bytes) - added by jul_bsd@… 11 years ago.
Portfile-perl-PortGroup.diff (9.2 KB) - added by pixilla (Bradley Giesbrecht) 10 years ago.
Example use or perl5 port group to ease variant creation.
Portfile (20.1 KB) - added by jul_bsd@… 10 years ago.

Download all attachments as: .zip

Change History (25)

Changed 11 years ago by jul_bsd@…

Attachment: apache-cif.conf added

Changed 11 years ago by jul_bsd@…

Attachment: nginx-cif.conf added

Changed 11 years ago by jul_bsd@…

Attachment: org.macports.cif-feed.plist added

Changed 11 years ago by jul_bsd@…

Changed 11 years ago by jul_bsd@…

Changed 11 years ago by jul_bsd@…

Attachment: cif-client added

Changed 11 years ago by jul_bsd@…

Attachment: cif-server added

Changed 11 years ago by jul_bsd@…

Attachment: named-cif.conf added

comment:1 Changed 11 years ago by jul_bsd@…

new dependencies: p5-apache2-rest (#43014), p5-compress-snappy (#43016), p5-datetime-format-dateparse (#43018), p5-google-protocolbuffers (#43022), p5-iodef-pb-simple (#43024), p5-linux-cpuinfo (#43025), p5-lwpx-paranoidagent (#43027), p5-net-abuse-utils (#43030), p5-net-abuse-utils-spamhaus(#43031), p5-net-dns-match (#43032), p5-net-patricia (#43034), p5-net-whois-ip (#43035), p5-regexp-common-net-cidr (#43039), p5-regexp-ipv6 (#43040), p5-text-aligner (#43046), p5-text-table (#43047), p5-uri (#43048)

comment:2 Changed 11 years ago by jul_bsd@…

dependency: perl bindings for ossp-uuid (#43010)

comment:3 Changed 11 years ago by jul_bsd@…

  • port lint --nitpick
  • livecheck
  • /tab/spacex4/

comment:4 Changed 10 years ago by jul_bsd@…

little update

  • current trunk seems have a problem so just put commented
  • refine detection of pgsql env for subport server
  • correct form of add_users

comment:5 Changed 10 years ago by mojca (Mojca Miklavec)

Cc: mojca@… added

Cc Me!

comment:6 Changed 10 years ago by mojca (Mojca Miklavec)

Keywords: maintainer added

comment:7 Changed 10 years ago by jul_bsd@…

Latest Portfile

  • cif-server installed and libapreq2 too

But test operations failed currently

$ sudo -H -u cif cif -d -q example.com
[DEBUG][2014-08-31T04:02:43Z]: generating query
[DEBUG][2014-08-31T04:02:43Z]: query: example.com
[DEBUG][2014-08-31T04:02:43Z]: query sha1: 0caaf24ab1a0c33440c06afe99df986365b0781f
[DEBUG][2014-08-31T04:02:43Z]: sending query
[DEBUG][2014-08-31T04:02:43Z]: posting data...
ERROR: 500 Internal Server Error

$ tail -20 /opt/local/apache2/logs/error_log 
[...]
[Sat Aug 30 23:56:14 2014] [error] [client 127.0.0.1] Cannot find AppAuth class CIF::WebAPI::AppAuth (from conf Apache2RESTAppAuth)\n
Loaded writer class Apache2::REST::Writer::bin
Cannot load CIF::WebAPI::Writer::table: Can't locate CIF/WebAPI/Writer/table.pm in @INC (@INC contains: /opt/local/bin/../../libcif-dbi/lib /opt/local/bin/../../libcif/lib /opt/local/bin/../local/lib /opt/local/bin/../lib /opt/local/lib/perl5/vendor_perl/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/vendor_perl/5.16.3 /opt/local/lib/perl5/site_perl/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/site_perl/5.16.3 /opt/local/lib/perl5/vendor_perl/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/vendor_perl/5.16.3 /opt/local/lib/perl5/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/5.16.3 /opt/local/lib/perl5/site_perl /opt/local/lib/perl5/vendor_perl/5.16.1/darwin-thread-multi-2level /opt/local/lib/perl5/vendor_perl/5.16.1 /opt/local/lib/perl5/vendor_perl . /opt/local/apache2) at (eval 14) line 1.

Loaded writer class Apache2::REST::Writer::json
Loaded writer class Apache2::REST::Writer::perl
Loaded writer class Apache2::REST::Writer::yaml
Loaded writer class Apache2::REST::Writer::yaml_multipart
Loaded writer class Apache2::REST::Writer::xml
Loaded writer class Apache2::REST::Writer::xml_stream
Loaded writer class Apache2::REST::Writer::yaml_stream
[Sun Aug 31 00:02:44 2014] [error] [client 127.0.0.1] Cannot find AppAuth class CIF::WebAPI::AppAuth (from conf Apache2RESTAppAuth)\n

As a sidenote, this file doesn't exist on a macports install or a linux one, so maybe some old stuff...

Else

  • clean some parts depending on perl release used
  • some files conditionned if subport server
  • fix repository for v2: different model, need elasticsearch
  • some extra notes

comment:8 Changed 10 years ago by mf2k (Frank Schima)

Keywords: maintainer haspatch removed

Those keywords are not applicable to a submission ticket.

comment:9 Changed 10 years ago by jul_bsd@…

  • switch to v2 as main and subport for v1 and v1-client
  • update v2 to latest 20140920
  • for v1; add variant perl5_20
  • all destroot ok, but not fully functional still
  • elasticsearch dep #30834 and kibana #44822

Changed 10 years ago by pixilla (Bradley Giesbrecht)

Example use or perl5 port group to ease variant creation.

comment:10 Changed 10 years ago by pixilla (Bradley Giesbrecht)

Cc: pixilla@… added

Cc Me!

comment:11 Changed 10 years ago by neverpanic (Clemens Lang)

Pixilla, are you going to handle this? I'll go and deal with one of the other tickets then :)

comment:12 Changed 10 years ago by jul_bsd@…

  • switch main port to cif v2 server
  • subport cif1 and cif1-client
  • latest releases
  • upstream bug with tar.gz. autogen/configure requires a git repository
  • perl chain of dependencies is probably still incomplete...

comment:13 Changed 10 years ago by jul_bsd@…

oops, miss perl5 port group example... for next time

comment:14 Changed 10 years ago by jul_bsd@…

  • update 2.00.00-alpha.9
  • use perl5 group + major

comment:15 Changed 10 years ago by jul_bsd@…

at configure

fatal: Not a git repository (or any of the parent directories): .git

Changed 10 years ago by jul_bsd@…

Attachment: Portfile added
Note: See TracTickets for help on using tickets.