Opened 7 years ago

Last modified 6 years ago

#43011 new submission

[NEW] cif / collective-intelligence-framework

Reported by: jul_bsd@… Owned by: macports-tickets@…
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: mojca (Mojca Miklavec), pixilla (Bradley Giesbrecht)
Port: cif

Description

Cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). The most common types of threat intelligence warehoused in CIF are IP addresses, domains and urls that are observed to be related to malicious activity.

  • compile/run
  • multiple variant depending on perl release or postgresql
  • subort devel, server
  • for now can't fully test it as I can't set up server because of a bug on libapreq2 (#42927)

Attachments (10)

apache-cif.conf (794 bytes) - added by jul_bsd@… 7 years ago.
nginx-cif.conf (789 bytes) - added by jul_bsd@… 7 years ago.
org.macports.cif-feed.plist (690 bytes) - added by jul_bsd@… 7 years ago.
org.macports.cif-daily.plist (856 bytes) - added by jul_bsd@… 7 years ago.
org.macports.cif-hourly.plist (856 bytes) - added by jul_bsd@… 7 years ago.
cif-client (145 bytes) - added by jul_bsd@… 7 years ago.
cif-server (1.8 KB) - added by jul_bsd@… 7 years ago.
named-cif.conf (1015 bytes) - added by jul_bsd@… 7 years ago.
Portfile-perl-PortGroup.diff (9.2 KB) - added by pixilla (Bradley Giesbrecht) 6 years ago.
Example use or perl5 port group to ease variant creation.
Portfile (20.1 KB) - added by jul_bsd@… 6 years ago.

Download all attachments as: .zip

Change History (25)

Changed 7 years ago by jul_bsd@…

Attachment: apache-cif.conf added

Changed 7 years ago by jul_bsd@…

Attachment: nginx-cif.conf added

Changed 7 years ago by jul_bsd@…

Attachment: org.macports.cif-feed.plist added

Changed 7 years ago by jul_bsd@…

Changed 7 years ago by jul_bsd@…

Changed 7 years ago by jul_bsd@…

Attachment: cif-client added

Changed 7 years ago by jul_bsd@…

Attachment: cif-server added

Changed 7 years ago by jul_bsd@…

Attachment: named-cif.conf added

comment:1 Changed 7 years ago by jul_bsd@…

new dependencies: p5-apache2-rest (#43014), p5-compress-snappy (#43016), p5-datetime-format-dateparse (#43018), p5-google-protocolbuffers (#43022), p5-iodef-pb-simple (#43024), p5-linux-cpuinfo (#43025), p5-lwpx-paranoidagent (#43027), p5-net-abuse-utils (#43030), p5-net-abuse-utils-spamhaus(#43031), p5-net-dns-match (#43032), p5-net-patricia (#43034), p5-net-whois-ip (#43035), p5-regexp-common-net-cidr (#43039), p5-regexp-ipv6 (#43040), p5-text-aligner (#43046), p5-text-table (#43047), p5-uri (#43048)

comment:2 Changed 7 years ago by jul_bsd@…

dependency: perl bindings for ossp-uuid (#43010)

comment:3 Changed 7 years ago by jul_bsd@…

  • port lint --nitpick
  • livecheck
  • /tab/spacex4/

comment:4 Changed 6 years ago by jul_bsd@…

little update

  • current trunk seems have a problem so just put commented
  • refine detection of pgsql env for subport server
  • correct form of add_users

comment:5 Changed 6 years ago by mojca (Mojca Miklavec)

Cc: mojca@… added

Cc Me!

comment:6 Changed 6 years ago by mojca (Mojca Miklavec)

Keywords: maintainer added

comment:7 Changed 6 years ago by jul_bsd@…

Latest Portfile

  • cif-server installed and libapreq2 too

But test operations failed currently

$ sudo -H -u cif cif -d -q example.com
[DEBUG][2014-08-31T04:02:43Z]: generating query
[DEBUG][2014-08-31T04:02:43Z]: query: example.com
[DEBUG][2014-08-31T04:02:43Z]: query sha1: 0caaf24ab1a0c33440c06afe99df986365b0781f
[DEBUG][2014-08-31T04:02:43Z]: sending query
[DEBUG][2014-08-31T04:02:43Z]: posting data...
ERROR: 500 Internal Server Error

$ tail -20 /opt/local/apache2/logs/error_log 
[...]
[Sat Aug 30 23:56:14 2014] [error] [client 127.0.0.1] Cannot find AppAuth class CIF::WebAPI::AppAuth (from conf Apache2RESTAppAuth)\n
Loaded writer class Apache2::REST::Writer::bin
Cannot load CIF::WebAPI::Writer::table: Can't locate CIF/WebAPI/Writer/table.pm in @INC (@INC contains: /opt/local/bin/../../libcif-dbi/lib /opt/local/bin/../../libcif/lib /opt/local/bin/../local/lib /opt/local/bin/../lib /opt/local/lib/perl5/vendor_perl/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/vendor_perl/5.16.3 /opt/local/lib/perl5/site_perl/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/site_perl/5.16.3 /opt/local/lib/perl5/vendor_perl/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/vendor_perl/5.16.3 /opt/local/lib/perl5/5.16.3/darwin-thread-multi-2level /opt/local/lib/perl5/5.16.3 /opt/local/lib/perl5/site_perl /opt/local/lib/perl5/vendor_perl/5.16.1/darwin-thread-multi-2level /opt/local/lib/perl5/vendor_perl/5.16.1 /opt/local/lib/perl5/vendor_perl . /opt/local/apache2) at (eval 14) line 1.

Loaded writer class Apache2::REST::Writer::json
Loaded writer class Apache2::REST::Writer::perl
Loaded writer class Apache2::REST::Writer::yaml
Loaded writer class Apache2::REST::Writer::yaml_multipart
Loaded writer class Apache2::REST::Writer::xml
Loaded writer class Apache2::REST::Writer::xml_stream
Loaded writer class Apache2::REST::Writer::yaml_stream
[Sun Aug 31 00:02:44 2014] [error] [client 127.0.0.1] Cannot find AppAuth class CIF::WebAPI::AppAuth (from conf Apache2RESTAppAuth)\n

As a sidenote, this file doesn't exist on a macports install or a linux one, so maybe some old stuff...

Else

  • clean some parts depending on perl release used
  • some files conditionned if subport server
  • fix repository for v2: different model, need elasticsearch
  • some extra notes

comment:8 Changed 6 years ago by mf2k (Frank Schima)

Keywords: maintainer haspatch removed

Those keywords are not applicable to a submission ticket.

comment:9 Changed 6 years ago by jul_bsd@…

  • switch to v2 as main and subport for v1 and v1-client
  • update v2 to latest 20140920
  • for v1; add variant perl5_20
  • all destroot ok, but not fully functional still
  • elasticsearch dep #30834 and kibana #44822

Changed 6 years ago by pixilla (Bradley Giesbrecht)

Example use or perl5 port group to ease variant creation.

comment:10 Changed 6 years ago by pixilla (Bradley Giesbrecht)

Cc: pixilla@… added

Cc Me!

comment:11 Changed 6 years ago by neverpanic (Clemens Lang)

Pixilla, are you going to handle this? I'll go and deal with one of the other tickets then :)

comment:12 Changed 6 years ago by jul_bsd@…

  • switch main port to cif v2 server
  • subport cif1 and cif1-client
  • latest releases
  • upstream bug with tar.gz. autogen/configure requires a git repository
  • perl chain of dependencies is probably still incomplete...

comment:13 Changed 6 years ago by jul_bsd@…

oops, miss perl5 port group example... for next time

comment:14 Changed 6 years ago by jul_bsd@…

  • update 2.00.00-alpha.9
  • use perl5 group + major

comment:15 Changed 6 years ago by jul_bsd@…

at configure

fatal: Not a git repository (or any of the parent directories): .git

Changed 6 years ago by jul_bsd@…

Attachment: Portfile added
Note: See TracTickets for help on using tickets.