Merge branch 'master' into develop

Conflicts: app/Config/bootstrap.php
2012-10-10 08:37:12 +02:00 · 2012-10-10 08:37:12 +02:00 · 870372fb07
parent d112775251 6698e4c05e
commit 870372fb07
6 changed files with 13 additions and 16 deletions
--- a/app/Config/bootstrap.default.php
+++ b/app/Config/bootstrap.default.php
@ -110,7 +110,7 @@ Configure::write('CyDefSIG.logo', 'orgs/MIL.be.png');     // used in Events::ind

 Configure::write('CyDefSIG.showorg', 'true');             // show the name/flag of the organisation that uploaded the data
 Configure::write('CyDefSIG.showowner', 'false');           // show the email of the owner that uploaded the data
-Configure::write('CyDefSIG.sync', 'true');                 // enable features related to syncing with other CyDefSIG instances
+Configure::write('CyDefSIG.sync', 'false');                 // enable features related to syncing with other CyDefSIG instances
 Configure::write('CyDefSIG.email', 'no-reply@sig.mil.be'); // email from for all the mails

 Configure::write('GnuPG.onlyencrypted', 'true');         // only allow encrypted email, do not allow plaintext mails
@ -121,7 +121,7 @@ Configure::write('GnuPG.homedir', '/Users/chri/Documents/Work/Projects/201107-Cy
 Configure::write('SecureAuth.amount', 5);              // the maximum amount of failed logins
 Configure::write('SecureAuth.expire', 300);            // the time-window for the maximum amount of logins in seconds

-Configure::write('CyDefSIG.correlation', 'db');        // correlation between attributes of events.
+Configure::write('CyDefSIG.correlation', 'sql');        // correlation between attributes of events.
 														// possible values:
 														// - default, like it was
 														// - db, correlation in database
@ -183,11 +183,6 @@ Configure::write('CyDefSIG.correlation', 'db');        // correlation between at
 *
 */

-CakePlugin::load('AclExtras');
-
-CakePlugin::load('SysLog');
-CakePlugin::load('Assets'); // having Logable
-CakePlugin::load('SysLogLogable');

 /**
 * You can attach event listeners to the request lifecyle as Dispatcher Filter . By Default CakePHP bundles two filters:
@ -223,4 +218,4 @@ CakeLog::config('error', array(
 	'engine' => 'FileLog',
 	'types' => array('warning', 'error', 'critical', 'alert', 'emergency'),
 	'file' => 'error',
-));
+));
--- a/app/Config/core.default.php
+++ b/app/Config/core.default.php
--- a/app/Config/database.default.php
+++ b/app/Config/database.default.php
--- a/app/Console/cake
+++ b/app/Console/cake
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@ -949,7 +949,7 @@ class EventsController extends AppController {
 		$items = $this->Attribute->find('all', $params);

 		$rules = $this->NidsExport->suricataRules($items, $user['User']['nids_sid']);
-		print ("#<h1>This part is not finished and might be buggy. Please report any issues.</h1>\n");
+		print ("#<h1>This part might still contain bugs, use and your own risk and report any issues.</h1>\n");

 		print "#<pre> \n";
 		foreach ($rules as &$rule)
--- a/app/View/Events/export.ctp
+++ b/app/View/Events/export.ctp
@ -1,6 +1,8 @@
 <div class="event index">
 <h2>Export</h2>
-<p>To make exports available for automated tools an authentication key is used. This makes it easier for your tools to access the data without further form-based-authentiation.<br/>
+<p>Export functionality is designed to automatically generate signatures for intrusion detection systems. To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes.
+Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artifacts. Support for more attribute types is planned.
+To to make this functionality available for automated tools an authentication key is used. This makes it easier for your tools to access the data without further form-based-authentiation.<br/>
 <strong>Make sure you keep that key secret as it gives access to the entire database !</strong></p>
 <p>Your current key is: <code><?php echo $me['authkey'];?></code>.
 You can <?php echo $this->Html->link('reset', array('controller' => 'users', 'action' => 'resetauthkey', 'me'));?> this key.
@ -15,15 +17,15 @@ You can <?php echo $this->Html->link('reset', array('controller' => 'users', 'ac
 <p>Also check out the <?php echo $this->Html->link(__('User Guide', true), array('controller' => 'pages', 'action' => 'display', 'documentation')); ?> to read about the REST API.</p>
 <p></p>

-<h3>NIDS Export</h3>
-<p>An automatic export of all network related attributes is available under the Snort rule format. Only <em>published</em> events and attributes marked as <em>IDS Signature</em> are exported.</p>
+<h3>NIDS signatures export</h3>
+<p>Automatic export of all network related attributes is available under the Snort rule format. Only <em>published</em> events and attributes marked as <em>IDS Signature</em> are exported.</p>
 <p>You can configure your tools to automatically download the following file:</p>
 <pre><?php echo Configure::read('CyDefSIG.baseurl');?>/events/nids/<?php echo $me['authkey']; ?></pre>
 <p></p>
 <p>Administration is able to maintain a whitelist containing host, domain name and IP numbers to exclude from the NIDS export.</p>

-<h3>HIDS Export</h3>
-<p>An automatic export of all host related attributes is available, containing MD5 checksums. Only <em>published</em> events and attributes marked as <em>IDS Signature</em> are exported.</p>
+<h3>Hash datatabse export</h3>
+<p>Automatic export of MD5/SHA1 checksums contained in file-related attributes. This list can be used to feed forensic software when searching for susipicious files. Only <em>published</em> events and attributes marked as <em>IDS Signature</em> are exported.</p>
 <p>You can configure your tools to automatically download the following files:</p>
 <h4>md5</h4>
 <pre><?php echo Configure::read('CyDefSIG.baseurl');?>/events/hids_md5/<?php echo $me['authkey']; ?></pre>
@ -31,7 +33,7 @@ You can <?php echo $this->Html->link('reset', array('controller' => 'users', 'ac
 <pre><?php echo Configure::read('CyDefSIG.baseurl');?>/events/hids_sha1/<?php echo $me['authkey']; ?></pre>
 <p></p>

-<h3>Text Export</h3>
+<h3>Text export</h3>
 <p>An automatic export of all attributes of a specific type to a plain text file.</p>
 <p>You can configure your tools to automatically download the following files:</p>
 <pre>
@ -41,7 +43,7 @@ You can <?php echo $this->Html->link('reset', array('controller' => 'users', 'ac
 </pre>
 <p></p>

-<h3>Saved search XML Export</h3>
+<h3>Saved search XML export</h3>
 <p>We plan to make it possible to export data using searchpatterns.<br/>
 This would enable you to export:</p>
 <ul>