Opened 11 years ago
Last modified 10 years ago
#43011 new submission
[NEW] cif / collective-intelligence-framework
Reported by: | jul_bsd@… | Owned by: | macports-tickets@… |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | |
Keywords: | Cc: | mojca (Mojca Miklavec), pixilla (Bradley Giesbrecht) | |
Port: | cif |
Description
Cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). The most common types of threat intelligence warehoused in CIF are IP addresses, domains and urls that are observed to be related to malicious activity.
- compile/run
- multiple variant depending on perl release or postgresql
- subort devel, server
- for now can't fully test it as I can't set up server because of a bug on libapreq2 (#42927)
Attachments (10)
Change History (25)
Changed 11 years ago by jul_bsd@…
Attachment: | apache-cif.conf added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | nginx-cif.conf added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | org.macports.cif-feed.plist added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | org.macports.cif-daily.plist added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | org.macports.cif-hourly.plist added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | cif-client added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | cif-server added |
---|
Changed 11 years ago by jul_bsd@…
Attachment: | named-cif.conf added |
---|
comment:1 Changed 11 years ago by jul_bsd@…
comment:4 Changed 10 years ago by jul_bsd@…
little update
- current trunk seems have a problem so just put commented
- refine detection of pgsql env for subport server
- correct form of add_users
comment:6 Changed 10 years ago by mojca (Mojca Miklavec)
Keywords: | maintainer added |
---|
comment:7 Changed 10 years ago by jul_bsd@…
Latest Portfile
- cif-server installed and libapreq2 too
But test operations failed currently
$ sudo -H -u cif cif -d -q example.com [DEBUG][2014-08-31T04:02:43Z]: generating query [DEBUG][2014-08-31T04:02:43Z]: query: example.com [DEBUG][2014-08-31T04:02:43Z]: query sha1: 0caaf24ab1a0c33440c06afe99df986365b0781f [DEBUG][2014-08-31T04:02:43Z]: sending query [DEBUG][2014-08-31T04:02:43Z]: posting data... ERROR: 500 Internal Server Error $ tail -20 /opt/local/apache2/logs/error_log [...] [Sat Aug 30 23:56:14 2014] [error] [client 127.0.0.1] Cannot find AppAuth class CIF::WebAPI::AppAuth (from conf Apache2RESTAppAuth)\n Loaded writer class Apache2::REST::Writer::bin Cannot load CIF::WebAPI::Writer::table: Can't locate CIF/WebAPI/Writer/table.pm in @INC (@INC contains: /opt/local/bin/../../libcif-dbi/lib /opt/local/bin/../../libcif/lib /opt/local/bin/../local/lib /opt/local/bin/../lib /opt/local/lib/perl5/vendor_perl/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/vendor_perl/5.16.3 /opt/local/lib/perl5/site_perl/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/site_perl/5.16.3 /opt/local/lib/perl5/vendor_perl/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/vendor_perl/5.16.3 /opt/local/lib/perl5/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/5.16.3 /opt/local/lib/perl5/site_perl /opt/local/lib/perl5/vendor_perl/5.16.1/darwin-thread-multi-2level /opt/local/lib/perl5/vendor_perl/5.16.1 /opt/local/lib/perl5/vendor_perl . /opt/local/apache2) at (eval 14) line 1. Loaded writer class Apache2::REST::Writer::json Loaded writer class Apache2::REST::Writer::perl Loaded writer class Apache2::REST::Writer::yaml Loaded writer class Apache2::REST::Writer::yaml_multipart Loaded writer class Apache2::REST::Writer::xml Loaded writer class Apache2::REST::Writer::xml_stream Loaded writer class Apache2::REST::Writer::yaml_stream [Sun Aug 31 00:02:44 2014] [error] [client 127.0.0.1] Cannot find AppAuth class CIF::WebAPI::AppAuth (from conf Apache2RESTAppAuth)\n
As a sidenote, this file doesn't exist on a macports install or a linux one, so maybe some old stuff...
Else
- clean some parts depending on perl release used
- some files conditionned if subport server
- fix repository for v2: different model, need elasticsearch
- some extra notes
comment:8 Changed 10 years ago by mf2k (Frank Schima)
Keywords: | maintainer haspatch removed |
---|
Those keywords are not applicable to a submission ticket.
comment:9 Changed 10 years ago by jul_bsd@…
Changed 10 years ago by pixilla (Bradley Giesbrecht)
Attachment: | Portfile-perl-PortGroup.diff added |
---|
Example use or perl5 port group to ease variant creation.
comment:11 Changed 10 years ago by neverpanic (Clemens Lang)
Pixilla, are you going to handle this? I'll go and deal with one of the other tickets then :)
comment:12 Changed 10 years ago by jul_bsd@…
- switch main port to cif v2 server
- subport cif1 and cif1-client
- latest releases
- upstream bug with tar.gz. autogen/configure requires a git repository
- perl chain of dependencies is probably still incomplete...
comment:15 Changed 10 years ago by jul_bsd@…
- update to 2.00.00-alpha.16
- destroot from git is ok
- fail if from archive, upstream https://github.com/csirtgadgets/massive-octo-spice/issues/169
at configure
fatal: Not a git repository (or any of the parent directories): .git
new dependencies: p5-apache2-rest (#43014), p5-compress-snappy (#43016), p5-datetime-format-dateparse (#43018), p5-google-protocolbuffers (#43022), p5-iodef-pb-simple (#43024), p5-linux-cpuinfo (#43025), p5-lwpx-paranoidagent (#43027), p5-net-abuse-utils (#43030), p5-net-abuse-utils-spamhaus(#43031), p5-net-dns-match (#43032), p5-net-patricia (#43034), p5-net-whois-ip (#43035), p5-regexp-common-net-cidr (#43039), p5-regexp-ipv6 (#43040), p5-text-aligner (#43046), p5-text-table (#43047), p5-uri (#43048)