--- prelude-manager-1.0.1.orig/debian/README.Debian +++ prelude-manager-1.0.1/debian/README.Debian @@ -0,0 +1,23 @@ + + README.Debian for prelude-manager + ================================= + + * MySQL, PgSQL and XML plugin are all built and installed with + libpreludedb package + * Documentation is not generated. + * Database creation is not automated. + you should create the database by hand + You can use /usr/share/libpreludedb/classic/mysql.sql + to create mysql table + Or /usr/share/libpreludedb/classic/pgsql.sql to create postresql table + See https://trac.prelude-ids.org/wiki/InstallingLibpreludedb for details + * Use manager-adduser to add a sensor + + + TODO + ==== + + * Have different packages for MySQL, PostgreSQL and XML + output plugins, and prelude-manager recommend one of them. + * Debconf interface to create database, and to register sensors + --- prelude-manager-1.0.1.orig/debian/changelog +++ prelude-manager-1.0.1/debian/changelog @@ -0,0 +1,415 @@ +prelude-manager (1.0.1-5.2) unstable; urgency=medium + + * Non-maintainer upload. + * Call dh_update_autotools_config to update config.{sub,guess} for new archs. + * Remove Mickael Profeta from the uploaders. + Closes: #838926 + * Stop using hardening-wrapper, make use of dpkg-buildflags with + DEB_BUILD_MAINT_OPTIONS=hardening=+all + instead. Closes: #836648 + + -- Mattia Rizzolo Tue, 27 Sep 2016 13:13:39 +0000 + +prelude-manager (1.0.1-5.1) unstable; urgency=medium + + * Non-maintainer upload. + * Rebuild against GnuTLS 3. Drop build-dependency on libgnutls-dev, instead + rely on libprelude-dev pulling in GnuTLS and gcrypt development packages. + + -- Andreas Metzler Fri, 15 Aug 2014 08:00:29 +0200 + +prelude-manager (1.0.1-5) unstable; urgency=low + + * Fix FTBFS with eglibc 2.17 (Closes: #701412) + * Add missingok option to logrotate script (Closes: #543447) + * Remove profile when purging package (Closes: #704543) + + -- Pierre Chifflier Tue, 02 Jul 2013 15:36:16 +0200 + +prelude-manager (1.0.1-4) unstable; urgency=low + + * Replace TYPE=InnoDB with ENGINE=InnoDB in SQL script (Closes: #702703) + * Apply patch from Andreas Beckmann: + prelude-manager.postrm: Fix debconf usage. Source confmodule at the very + beginning (if available). Drop extra db_purge call as that is already + added by dh_installdebconf. (Closes: #660455) + * Acknowledge NMU + + -- Pierre Chifflier Mon, 18 Mar 2013 00:03:20 +0100 + +prelude-manager (1.0.1-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix "modifies conffiles (policy 10.7.3): /etc/prelude- + manager/prelude-manager.conf": + - install configuration file below /usr/share + - copy it to /etc in postinst if necessary + (Closes: #689683) + + -- gregor herrmann Fri, 19 Oct 2012 23:10:39 +0200 + +prelude-manager (1.0.1-3) unstable; urgency=low + + * Acknowledge NMU (thanks Luk) + * This version builds fine with gcc/g++ 4.6.1 (Closes: #625429) + * Enable hardening wrapper + * Bump Standards Version to 3.9.2 + + -- Pierre Chifflier Sat, 23 Jul 2011 19:04:25 +0200 + +prelude-manager (1.0.1-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Remove references to other libraries from dependency_libs field + (Closes: #622129) + + -- Luk Claes Mon, 06 Jun 2011 07:38:00 +0200 + +prelude-manager (1.0.1-2) unstable; urgency=low + + * Fix FTBFS with error 'lt__PROGRAM__LTX_preloaded_symbols' undeclared + (Closes: #622026) + + -- Pierre Chifflier Sun, 10 Apr 2011 19:22:53 +0200 + +prelude-manager (1.0.1-1) unstable; urgency=low + + * Imported Upstream version 1.0.1 + * Bump Standards Version to 3.9.1 + + -- Pierre Chifflier Wed, 03 Nov 2010 16:41:08 +0100 + +prelude-manager (1.0.0-1) unstable; urgency=low + + * Imported Upstream version 1.0.0 + + -- Pierre Chifflier Fri, 19 Mar 2010 13:07:48 +0100 + +prelude-manager (1.0.0~rc1-2) unstable; urgency=low + + * Rebuild for newer version of libltdl + + -- Pierre Chifflier Fri, 26 Feb 2010 17:44:53 +0100 + +prelude-manager (1.0.0~rc1-1) unstable; urgency=low + + * New upstream release + * Bump Standards Version to 3.8.4 + * Update description + + -- Pierre Chifflier Wed, 03 Feb 2010 21:16:46 +0100 + +prelude-manager (0.9.15-4) unstable; urgency=low + + * Add missing build-dep on pkg-config + + -- Pierre Chifflier Thu, 20 Aug 2009 22:19:45 +0200 + +prelude-manager (0.9.15-3) unstable; urgency=high + + * Use pkg-config to check for GnuTLS (Closes: #529844) + * This required to run autogen and re-generate Makefiles + * Urgency high, RC bug + * Bump Standards Version to 3.8.3 (no changes) + + -- Pierre Chifflier Thu, 20 Aug 2009 21:38:44 +0200 + +prelude-manager (0.9.15-2) unstable; urgency=low + + * Fix postinst script trying to change owner of a removed directory + (Closes: #536749) + + -- Pierre Chifflier Mon, 13 Jul 2009 10:40:48 +0200 + +prelude-manager (0.9.15-1) unstable; urgency=low + + * New Upstream Version + * Bump standards version to 3.8.2 (no changes) + * Set debhelper compat number to 5 + + -- Pierre Chifflier Sat, 11 Jul 2009 11:34:43 +0200 + +prelude-manager (0.9.14.2-2) unstable; urgency=low + + * Upload to unstable + + -- Pierre Chifflier Fri, 27 Feb 2009 10:54:20 +0100 + +prelude-manager (0.9.14.2-1) experimental; urgency=low + + * New upstream release + * Do not use absolute paths for standard commands + + -- Pierre Chifflier Mon, 25 Aug 2008 16:09:22 +0200 + +prelude-manager (0.9.14.1-1) unstable; urgency=low + + * New upstream bugfix release + + -- Pierre Chifflier Tue, 29 Jul 2008 11:51:32 +0200 + +prelude-manager (0.9.14-2) unstable; urgency=low + + * Rewrite init script: + - RC script handles pid file correctly (Closes: #314658) + - Detect if prelude-manager failed to start (Closes: #463414) + - Daemon will *NOT* start automatically after install, since + configuration is needed. + * Add default file + + -- Pierre Chifflier Thu, 24 Jul 2008 10:32:21 +0200 + +prelude-manager (0.9.14-1) unstable; urgency=low + + * New upstream release + + -- Pierre Chifflier Fri, 18 Jul 2008 10:41:19 +0200 + +prelude-manager (0.9.13-1) unstable; urgency=low + + * New upstream release + * Update watch file + * Bump standards version (no changes) + + -- Pierre Chifflier Mon, 30 Jun 2008 14:18:41 +0200 + +prelude-manager (0.9.12.1-1) unstable; urgency=low + + * New upstream release + + -- Pierre Chifflier Mon, 28 Apr 2008 15:27:39 +0200 + +prelude-manager (0.9.12-1) unstable; urgency=low + + * New upstream release + * Add dependency on libevent + * Enable dh_strip + + -- Pierre Chifflier Mon, 07 Apr 2008 18:12:00 +0200 + +prelude-manager (0.9.11.2-1) unstable; urgency=low + + * New upstream release + + -- Pierre Chifflier Wed, 13 Feb 2008 08:48:47 +0100 + +prelude-manager (0.9.11-1) unstable; urgency=low + + * New upstream release + * Reword description + * Add Homepage pseudo-header + + -- Pierre Chifflier Tue, 05 Feb 2008 21:11:24 +0100 + +prelude-manager (0.9.10-4) unstable; urgency=low + + * Fix initial schema for MySQL and PostgreSQL on new installation + + -- Pierre Chifflier Mon, 07 Jan 2008 23:28:56 +0100 + +prelude-manager (0.9.10-3) unstable; urgency=low + + * Fix PostgreSQL schema upgrade + + -- Pierre Chifflier Wed, 02 Jan 2008 11:58:36 +0100 + +prelude-manager (0.9.10-2) unstable; urgency=low + + * Rebuild with new libpreludedb (>= 0.14) + * Upgrade database schema + * Bump standards version (no changes) + + -- Pierre Chifflier Wed, 19 Dec 2007 17:07:45 +0100 + +prelude-manager (0.9.10-1) unstable; urgency=low + + * New upstream release + + -- Pierre Chifflier Wed, 03 Oct 2007 20:29:06 +0200 + +prelude-manager (0.9.9.1-1) unstable; urgency=low + + * New upstream release + * Update my email address + * Set strict dependency on libpreludedb >= 0.9.13 (for schema version) + * Upgrade database schema + + -- Pierre Chifflier Fri, 24 Aug 2007 15:36:00 +0200 + +prelude-manager (0.9.9-1) unstable; urgency=low + + * New upstream release + + -- Pierre Chifflier Sat, 04 Aug 2007 12:01:06 +0200 + +prelude-manager (0.9.8-3) unstable; urgency=low + + * Use dbconfig-common to create initial database + * Use quilt to manage patches + * Use ucf to manage configuration file + + -- Pierre Chifflier Thu, 14 Jun 2007 11:31:02 +0200 + +prelude-manager (0.9.8-2) unstable; urgency=medium + + * Change configuration to use non-privileged user instead of root + * Create profile prelude-manager during installation (Closes: #421244) + * Urgency medium because of the above bug + + -- Pierre Chifflier Sun, 06 May 2007 18:51:22 +0200 + +prelude-manager (0.9.8-1) unstable; urgency=low + + * New upstream release + + -- Pierre Chifflier Wed, 02 May 2007 14:26:14 +0200 + +prelude-manager (0.9.7.2-2) unstable; urgency=low + + * Fix permissions on configuration file (make sure it is not world-readable) + * Update my email address + + -- Pierre Chifflier Thu, 22 Mar 2007 18:09:27 +0100 + +prelude-manager (0.9.7.2-1) unstable; urgency=low + + * New upstream release (bug fixes) + * Add watch file + + -- Pierre Chifflier Fri, 16 Mar 2007 15:51:04 +0100 + +prelude-manager (0.9.7.1-1) unstable; urgency=low + + * New upstream release + * Add myself to Uploaders + + -- Pierre Chifflier Mon, 29 Jan 2007 22:42:47 +0100 + +prelude-manager (0.9.6.1-1) unstable; urgency=low + + * New upstream release + * database is now part of libpreludedb and is not automated (closes: + #364771) + * prelude-manager-db-create.sh has been remove upstream (closes: #225196) + * Remove duplicate dir files (closes: #374880) + + -- Mickael Profeta Fri, 27 Oct 2006 10:38:19 +0200 + +prelude-manager (0.9.4.1-1) unstable; urgency=low + + * New upstream release + * remove mysql, pgsql dependency (closes: #357955, #357069) + * update libprelude version dependency (closes: #362961) + * modify copyright to add libmissing under LGPL + + -- Mickael Profeta Wed, 26 Apr 2006 13:30:08 +0200 + +prelude-manager (0.9.2-2) unstable; urgency=low + + * add dependency on libprelude (>= 0.9.4) (closes: #351568) + + -- Mickael Profeta Sun, 5 Feb 2006 20:37:33 +0100 + +prelude-manager (0.9.2-1) unstable; urgency=low + + * New upstream release + + -- Mickael Profeta Sat, 4 Feb 2006 17:09:38 +0100 + +prelude-manager (0.9.0-2) unstable; urgency=low + + * update dependency to libgnutls instead of libssl + + -- Mickael Profeta Thu, 15 Dec 2005 22:02:58 +0000 + +prelude-manager (0.9.0-1) unstable; urgency=low + + * New upstream release + * new version of config.guess and config.sub (closes: #333651) + + -- Mickael Profeta Wed, 5 Oct 2005 13:06:25 +0000 + +prelude-manager (0.8.10-6) unstable; urgency=medium + + * Urgency medium to push the changes in sarge + * recompile against libmysqlclient-dev (not libmysqlclient10) + * Recommends mysql-client or postgresql-client (closes: #270749) + * update TODO list in README.Debian + + -- Mickael Profeta Mon, 27 Sep 2004 15:36:14 +0200 + +prelude-manager (0.8.10-5) unstable; urgency=low + + * recompilation to have postgresql plugins (postgresql-client bug) + + -- Mickael Profeta Wed, 7 Apr 2004 16:36:24 +0200 + +prelude-manager (0.8.10-4) unstable; urgency=low + + * logfile was not correctly set in prelude-manager.conf (closes: #229951) + + -- Mickael Profeta Thu, 29 Jan 2004 13:23:21 +0100 + +prelude-manager (0.8.10-3) unstable; urgency=low + + * Correct Build dependancies to libprelude (closes: #227881) + + -- Mickael Profeta Thu, 15 Jan 2004 13:01:24 +0100 + +prelude-manager (0.8.10-2) unstable; urgency=low + + * move logfiles to /var/log/prelude-manager/ + * change permission of prelude-manager.conf (closes: #225197) + + -- Mickael Profeta Thu, 1 Jan 2004 21:34:50 +0100 + +prelude-manager (0.8.10-1) unstable; urgency=low + + * New upstream release + + -- Mickael Profeta Sun, 21 Dec 2003 20:24:03 +0100 + +prelude-manager (0.8.9-4) unstable; urgency=low + + * add logrotate file + + -- Mickael Profeta Wed, 26 Nov 2003 20:50:41 +0100 + +prelude-manager (0.8.9-3) unstable; urgency=low + + * add postgresql-dev to compile with pgsql support + + -- Mickael Profeta Wed, 12 Nov 2003 16:21:36 +0100 + +prelude-manager (0.8.9-2) unstable; urgency=low + + * change == operator to -eq in init file + + -- Mickael Profeta Wed, 12 Nov 2003 11:45:05 +0100 + +prelude-manager (0.8.9-1) unstable; urgency=low + + * New upstream release + * Add in copyright exception to GPL in order to link with OpenSSL + * upload to unstable (closes: #111462) + + -- Mickael Profeta Tue, 4 Nov 2003 10:26:36 +0100 + +prelude-manager (0.8.7-1) unstable; urgency=low + + * New upstream release + + -- Mickael Profeta Sun, 12 Oct 2003 22:08:36 +0200 + +prelude-manager (0.8.6-1) unstable; urgency=low + + * New upstream release + + -- PROFETA Mickael Sun, 5 Jan 2003 21:18:09 +0100 + +prelude-manager (0.8.5-1) unstable; urgency=low + + * Initial Release. + + -- Thomas Seyrat Thu, 11 Apr 2002 01:06:23 +0200 + --- prelude-manager-1.0.1.orig/debian/compat +++ prelude-manager-1.0.1/debian/compat @@ -0,0 +1 @@ +5 --- prelude-manager-1.0.1.orig/debian/control +++ prelude-manager-1.0.1/debian/control @@ -0,0 +1,35 @@ +Source: prelude-manager +Section: admin +Priority: extra +Maintainer: Pierre Chifflier +Build-Depends: debhelper (>= 9.20160115), + libprelude-dev (>=0.9.6), + zlib1g-dev, + libxml2-dev, + libpreludedb-dev (>=0.9.14), + libevent-dev, + pkg-config, + quilt, +Standards-Version: 3.9.2 +Homepage: http://www.prelude-ids.org/ + +Package: prelude-manager +Architecture: any +Pre-Depends: adduser +Depends: ${shlibs:Depends}, ${misc:Depends}, ucf, dbconfig-common, libpreludedb0 (>= 0.9.14) +Recommends: mysql-client | postgresql-client +Description: Security Information Management System [ Manager ] + Prelude is a Universal "Security Information Management" (SIM) system. + Its goals are performance and modularity. It is divided in two main + parts : + - the Prelude sensors, responsible for generating alerts, such as + snort sensor, featuring a signature engine, plugins for + protocol analysis, and intrusion detection plugins, and the Prelude + log monitoring lackey. + - the Prelude report server, collecting data from Prelude sensors, + and generating user-readable reports. + . + This package provides the Prelude Manager, which is a high availability + server that accepts secured connections from distributed sensors or + other managers and saves received events to a media specified by the + user (database, log files, mail, etc). --- prelude-manager-1.0.1.orig/debian/copyright +++ prelude-manager-1.0.1/debian/copyright @@ -0,0 +1,58 @@ +This package was debianized by Thomas Seyrat on +Thu, 11 Apr 2002 01:06:23 +0200. + +The current Debian Maintainer is Mickael Profeta + +It was downloaded from + +Upstream Author: Yoann Vandoorselaere + +Copyright (C) 2001-2006 Yoann Vandoorselaere + +The README file specifies : + +This library is released under the GPL with the additional exemption +that compiling, linking, and/or using OpenSSL is allowed. + +Please see http://www.openssl.org/support/faq.html#LEGAL2 for more +informations. + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + 02110-1301, USA. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +The Files in libmissing/ are distributed under the GNU Lesser General +Public License + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU Lesser General Public +License, can be found in /usr/share/common-licenses/LGPL. + +The Debian packaging is (C) 2006, Mickael Profeta +is licensed under the GPL, see above. --- prelude-manager-1.0.1.orig/debian/patches/conf_db.patch +++ prelude-manager-1.0.1/debian/patches/conf_db.patch @@ -0,0 +1,40 @@ +Index: prelude-manager/prelude-manager.conf.in +=================================================================== +--- prelude-manager.orig/prelude-manager.conf.in 2009-05-11 23:50:33.000000000 +0200 ++++ prelude-manager/prelude-manager.conf.in 2010-02-03 21:20:32.000000000 +0100 +@@ -178,28 +178,28 @@ + # locally). + + +-# [db] ++[db] + + # The type of database: mysql, pgsql or sqlite3. +-# type = mysql ++type = @DBC_TYPE@ + + # Only if you use sqlite3. + # file = /your/path/to/your/db/idmef-db.sql + + # Host the database is listening on. +-# host = localhost ++host = @DBC_HOST@ + + # Port the database is listening on. +-# port = 3306 ++port = @DBC_PORT@ + + # Name of the database. +-# name = prelude ++name = @DBC_NAME@ + + # Username to be used to connect the database. +-# user = prelude ++user = @DBC_USER@ + + # Password used to connect the database. +-# pass = xxxxxx ++pass = @DBC_PASS@ + + + --- prelude-manager-1.0.1.orig/debian/patches/fix_ftbfs_with_eglibc217_gets.patch +++ prelude-manager-1.0.1/debian/patches/fix_ftbfs_with_eglibc217_gets.patch @@ -0,0 +1,18 @@ +Index: prelude-manager/libmissing/stdio.in.h +=================================================================== +--- prelude-manager.orig/libmissing/stdio.in.h 2011-11-21 18:40:43.000000000 +0100 ++++ prelude-manager/libmissing/stdio.in.h 2013-07-02 15:27:39.119992495 +0200 +@@ -138,11 +138,13 @@ + "use gnulib module fflush for portable POSIX compliance"); + #endif + ++#if 0 + /* It is very rare that the developer ever has full control of stdin, + so any use of gets warrants an unconditional warning. Assume it is + always declared, since it is required by C89. */ + #undef gets + _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); ++#endif + + #if @GNULIB_FOPEN@ + # if @REPLACE_FOPEN@ --- prelude-manager-1.0.1.orig/debian/patches/fix_ftbfs_with_ldtl.patch +++ prelude-manager-1.0.1/debian/patches/fix_ftbfs_with_ldtl.patch @@ -0,0 +1,13 @@ +Index: prelude-manager/src/prelude-manager.c +=================================================================== +--- prelude-manager.orig/src/prelude-manager.c 2011-04-10 19:17:04.000000000 +0200 ++++ prelude-manager/src/prelude-manager.c 2011-04-10 19:17:17.000000000 +0200 +@@ -31,6 +31,8 @@ + #include + #include + ++#include ++ + #include + #include + --- prelude-manager-1.0.1.orig/debian/patches/series +++ prelude-manager-1.0.1/debian/patches/series @@ -0,0 +1,3 @@ +conf_db.patch +fix_ftbfs_with_ldtl.patch +fix_ftbfs_with_eglibc217_gets.patch --- prelude-manager-1.0.1.orig/debian/prelude-manager.config +++ prelude-manager-1.0.1/debian/prelude-manager.config @@ -0,0 +1,24 @@ +#!/bin/bash + +set -e + +action=$1 +version=$2 + +# Source debconf library. +. /usr/share/debconf/confmodule +db_version 2.0 || [ 0 -lt 30 ] + +if [ -f /usr/share/dbconfig-common/dpkg/config.mysql ]; then + dbc_first_version="0.9.8-3" + # hints for dbconfig + dbc_dbtypes="mysql, pgsql" + dbc_authmethod_user="password" + dbc_dbname="prelude" + dbc_dbuser="prelude" + + . /usr/share/dbconfig-common/dpkg/config + dbc_go prelude-manager $@ +fi + + --- prelude-manager-1.0.1.orig/debian/prelude-manager.default +++ prelude-manager-1.0.1/debian/prelude-manager.default @@ -0,0 +1,6 @@ +DAEMONUSER=prelude # Users to run the daemons as. + +RUN=no # set to yes to start the server in the init.d script. + # you need to register the "prelude-manager" profile + # before being able to start the manager automatically + --- prelude-manager-1.0.1.orig/debian/prelude-manager.dirs +++ prelude-manager-1.0.1/debian/prelude-manager.dirs @@ -0,0 +1,8 @@ +etc/prelude-manager +etc/logrotate.d +usr/sbin +usr/share/dbconfig-common/data/prelude-manager/install +usr/share/doc +var/spool/prelude-manager +var/log/prelude-manager +var/spool/prelude/prelude-manager --- prelude-manager-1.0.1.orig/debian/prelude-manager.docs +++ prelude-manager-1.0.1/debian/prelude-manager.docs @@ -0,0 +1,4 @@ +README +AUTHORS +NEWS + --- prelude-manager-1.0.1.orig/debian/prelude-manager.init +++ prelude-manager-1.0.1/debian/prelude-manager.init @@ -0,0 +1,296 @@ +#!/bin/sh +# +# init.d script for prelude-manager with LSB support. +# +# Copyright (c) 2008 Pierre Chifflier +# +# This is free software; you may redistribute it and/or modify +# it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2, +# or (at your option) any later version. +# +# This is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License with +# the Debian operating system, in /usr/share/common-licenses/GPL; if +# not, write to the Free Software Foundation, Inc., 59 Temple Place, +# Suite 330, Boston, MA 02111-1307 USA +# +### BEGIN INIT INFO +# Provides: prelude-manager +# Required-Start: $network $local_fs $remote_fs $syslog +# Required-Stop: $remote_fs +# Should-Start: $named +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Collect, store and report events from Prelude agents +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +DAEMON=/usr/sbin/prelude-manager # Introduce the server's location here +NAME=prelude-manager # Introduce the short server's name here +DESC=prelude-manager # Introduce a short description here +LOGDIR=/var/log/prelude-manager # Log directory to use + +PIDFILE=/var/run/$NAME.pid + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +# Default options, these can be overriden by the information +# at /etc/default/$NAME +DAEMON_OPTS="-d -P $PIDFILE" # Additional options given to the server + +DIETIME=3 # Time to wait for the server to die, in seconds + # If this value is set too low you might not + # let some servers to die gracefully and + # 'restart' will not work + +#STARTTIME=2 # Time to wait for the server to start, in seconds + # If this value is set each time the server is + # started (on start or restart) the script will + # stall to try to determine if it is running + # If it is not set and the server takes time + # to setup a pid file the log message might + # be a false positive (says it did not start + # when it actually did) + +LOGFILE=$LOGDIR/$NAME.log # Server logfile +#DAEMONUSER=prelude # Users to run the daemons as. If this value + # is set start-stop-daemon will chuid the server + +# Include defaults if available +if [ -f /etc/default/$NAME ] ; then + . /etc/default/$NAME +fi + +# Use this if you want the user to explicitly set 'RUN' in +# /etc/default/ +if [ "x$RUN" != "xyes" ] ; then + log_failure_msg "$NAME disabled, please adjust the configuration to your needs " + log_failure_msg "and then set RUN to 'yes' in /etc/default/$NAME to enable it." + exit 0 +fi + +# Check that the user exists (if we set a user) +# Does the user exist? +if [ -n "$DAEMONUSER" ] ; then + if getent passwd | grep -q "^$DAEMONUSER:"; then + # Obtain the uid and gid + DAEMONUID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $3}'` + DAEMONGID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print $4}'` + else + log_failure_msg "The user $DAEMONUSER, required to run $NAME does not exist." + exit 1 + fi +fi + + +set -e + +running_pid() { +# Check if a given process pid's cmdline matches a given name + pid=$1 + name=$2 + [ -z "$pid" ] && return 1 + [ ! -d /proc/$pid ] && return 1 + cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` + # Is this the expected server + [ "$cmd" != "$name" ] && return 1 + return 0 +} + +running() { +# Check if the process is running looking at /proc +# (works for all users) + + # No pidfile, probably no daemon present + [ ! -f "$PIDFILE" ] && return 1 + pid=`cat $PIDFILE` + running_pid $pid $DAEMON || return 1 + return 0 +} + +start_server() { + if [ ! -d "/var/run/prelude-manager" ] ; then + mkdir /var/run/prelude-manager + fi +# Start the process using the wrapper + if [ -z "$DAEMONUSER" ] ; then + start_daemon -p $PIDFILE $DAEMON $DAEMON_OPTS + errcode=$? + else +# if we are using a daemonuser then change the user id + touch $PIDFILE + chown $DAEMONUSER $PIDFILE + chown $DAEMONUSER /var/run/prelude-manager + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --chuid $DAEMONUSER \ + --exec $DAEMON -- $DAEMON_OPTS + errcode=$? + fi + return $errcode +} + +stop_server() { +# Stop the process using the wrapper + if [ -z "$DAEMONUSER" ] ; then + killproc -p $PIDFILE $DAEMON + errcode=$? + else +# if we are using a daemonuser then look for process that match + start-stop-daemon --stop --quiet --pidfile $PIDFILE \ + --user $DAEMONUSER \ + --exec $DAEMON + errcode=$? + fi + + return $errcode +} + +reload_server() { + [ ! -f "$PIDFILE" ] && return 1 + pid=pidofproc $PIDFILE # This is the daemon's pid + # Send a SIGHUP + kill -1 $pid + return $? +} + +force_stop() { +# Force the process to die killing it manually + [ ! -e "$PIDFILE" ] && return + if running ; then + kill -15 $pid + # Is it really dead? + sleep "$DIETIME"s + if running ; then + kill -9 $pid + sleep "$DIETIME"s + if running ; then + echo "Cannot kill $NAME (pid=$pid)!" + exit 1 + fi + fi + fi + rm -f $PIDFILE +} + + +case "$1" in + start) + log_daemon_msg "Starting $DESC " "$NAME" + # Check if it's running first + if running ; then + log_progress_msg "apparently already running" + log_end_msg 0 + exit 0 + fi + if start_server ; then + # NOTE: Some servers might die some time after they start, + # this code will detect this issue if STARTTIME is set + # to a reasonable value + [ -n "$STARTTIME" ] && sleep $STARTTIME # Wait some time + if running ; then + # It's ok, the server started and is running + log_end_msg 0 + else + # It is not running after we did start + log_end_msg 1 + fi + else + # Either we could not start it + log_end_msg 1 + fi + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + if running ; then + # Only stop the server if we see it running + errcode=0 + stop_server || errcode=$? + log_end_msg $errcode + else + # If it's not running don't do anything + log_progress_msg "apparently not running" + log_end_msg 0 + exit 0 + fi + ;; + force-stop) + # First try to stop gracefully the program + $0 stop + if running; then + # If it's still running try to kill it more forcefully + log_daemon_msg "Stopping (force) $DESC" "$NAME" + errcode=0 + force_stop || errcode=$? + log_end_msg $errcode + fi + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + errcode=0 + stop_server || errcode=$? + # Wait some sensible amount, some server need this + [ -n "$DIETIME" ] && sleep $DIETIME + start_server || errcode=$? + [ -n "$STARTTIME" ] && sleep $STARTTIME + running || errcode=$? + log_end_msg $errcode + ;; + status) + + log_daemon_msg "Checking status of $DESC" "$NAME" + if running ; then + log_progress_msg "running" + log_end_msg 0 + else + log_progress_msg "apparently not running" + log_end_msg 1 + exit 1 + fi + ;; + # Use this if the daemon cannot reload + #reload) + # log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon" + # log_warning_msg "cannot re-read the config file (use restart)." + # ;; + # And this if it cann + reload) + # + # If the daemon can reload its config files on the fly + # for example by sending it SIGHUP, do it here. + # + # If the daemon responds to changes in its config file + # directly anyway, make this a do-nothing entry. + # + log_daemon_msg "Reloading $DESC configuration files" "$NAME" + if running ; then + reload_server + if ! running ; then + # Process died after we tried to reload + log_progress_msg "died on reload" + log_end_msg 1 + exit 1 + fi + else + log_progress_msg "server is not running" + log_end_msg 1 + exit 1 + fi + ;; + + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 --- prelude-manager-1.0.1.orig/debian/prelude-manager.logrotate +++ prelude-manager-1.0.1/debian/prelude-manager.logrotate @@ -0,0 +1,20 @@ +/var/log/prelude-manager/prelude.log { + daily + rotate 10 + copytruncate + delaycompress + compress + notifempty + missingok +} + +/var/log/prelude-manager/prelude-xml.log { + daily + rotate 10 + copytruncate + delaycompress + compress + notifempty + missingok +} + --- prelude-manager-1.0.1.orig/debian/prelude-manager.postinst +++ prelude-manager-1.0.1/debian/prelude-manager.postinst @@ -0,0 +1,88 @@ +#!/bin/sh + +set -e + +add_sysuser() +{ + if ! getent passwd prelude >/dev/null; then + adduser --system --disabled-login --no-create-home --group prelude 2>&1 > /dev/null + fi +} + +add_sysuser + +if [ "$1" = "configure" ]; then + confpath="/etc/prelude-manager" + conffile="${confpath}/prelude-manager.conf" + confnew="${conffile}-new" + pkgpath="/usr/share/prelude-manager" + + . /usr/share/debconf/confmodule + . /usr/share/dbconfig-common/dpkg/postinst + dbc_first_version="0.9.8-3" + + dbc_go prelude-manager $@ + + if [ ! -e $conffile ]; then + cp ${pkgpath}/prelude-manager.conf $conffile + fi + + cp $conffile $confnew + + if [ -z "$dbc_dbserver" ]; then + dbc_dbserver=localhost + fi + if [ -z "$dbc_dbport" ]; then + if [ "$dbc_dbtype" = "mysql" ]; then + dbc_dbport=3306 + else + if [ "$dbc_dbtype" = "pgsql" ]; then + dbc_dbport=5432 + fi + fi + fi + + if [ -n "$dbc_dbtype" ]; then + sed -i -e "s/@DBC_TYPE@/$dbc_dbtype/" \ + -e "s/@DBC_HOST@/$dbc_dbserver/" \ + -e "s/@DBC_PORT@/$dbc_dbport/" \ + -e "s/@DBC_NAME@/$dbc_dbname/" \ + -e "s/@DBC_USER@/$dbc_dbuser/" \ + -e "s/@DBC_PASS@/$dbc_dbpass/" \ + $confnew + + # Installing the config + if diff -q /usr/share/doc/prelude-manager/examples/prelude-manager.conf $conffile >/dev/null 2>&1; then + # configure file has not been changed .. overwrite it + cp $confnew $conffile + else + ucf --three-way --debconf-ok $confnew $conffile + fi + fi + + # make sure conf file has the correct permissions and owner/group + chmod 640 /etc/prelude-manager/prelude-manager.conf + chown prelude /etc/prelude-manager/prelude-manager.conf + + rm -f $confnew + + db_stop + + # run this command before starting initscripts + + chown -R prelude:prelude /var/spool/prelude-manager/ >/dev/null + + PROFILE_NAME="prelude-manager" + if [ -x "/usr/bin/prelude-admin" ]; then + if [ ! -d "/etc/prelude/profile/$PROFILE_NAME" ]; then + prelude-admin add prelude-manager --uid prelude --gid prelude + prelude-admin chown prelude-manager --uid prelude --gid prelude + fi + fi + +fi + + +#DEBHELPER# + +exit 0 --- prelude-manager-1.0.1.orig/debian/prelude-manager.postrm +++ prelude-manager-1.0.1/debian/prelude-manager.postrm @@ -0,0 +1,35 @@ +#!/bin/sh +set -e + +if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule +fi + +if [ -f /usr/share/dbconfig-common/dpkg/postrm ]; then + . /usr/share/dbconfig-common/dpkg/postrm + dbc_go prelude-manager $@ +fi + + +if [ "$1" = "purge" ] +then + rm -f /var/run/prelude-manager/tls-parameters.data >/dev/null + deluser prelude || true + rm -rf /var/spool/prelude-manager/ >/dev/null + + for FILE in /etc/prelude-manager/prelude-manager.conf; do + # Taken from the ucf example postrm + for ext in '~' '%' .bak .dpkg-tmp .dpkg-new .dpkg-old .dpkg-dist .ucf-dist .ucf-old '-new'; do + rm -f $FILE$ext + done + rm -f $FILE + if which ucf >/dev/null 2>&1; then + ucf --purge $FILE + fi + done + if [ -d "/etc/prelude/profile/prelude-manager" ]; then + rm -rf /etc/prelude/profile/prelude-manager >/dev/null + fi +fi + +#DEBHELPER# --- prelude-manager-1.0.1.orig/debian/prelude-manager.prerm +++ prelude-manager-1.0.1/debian/prelude-manager.prerm @@ -0,0 +1,16 @@ +#!/bin/sh +# prerm script for ocsinventory-server +# +# see: dh_installdeb(1) + +set -e + +# source debconf stuff +. /usr/share/debconf/confmodule +# source dbconfig-common stuff +. /usr/share/dbconfig-common/dpkg/prerm.mysql +dbc_go prelude-manager $@ + +#DEBHELPER# + +exit 0 --- prelude-manager-1.0.1.orig/debian/rules +++ prelude-manager-1.0.1/debian/rules @@ -0,0 +1,101 @@ +#!/usr/bin/make -f +#export DH_VERBOSE=1 + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + + +include /usr/share/quilt/quilt.make + +configure: configure-stamp +configure-stamp: patch + dh_testdir + dh_update_autotools_config + + ./configure --prefix=/usr \ + --mandir=\$${prefix}/share/man \ + --sysconfdir=/etc \ + --bindir=\$${prefix}/sbin \ + --enable-gtk-doc=no \ + --enable-mysql=yes \ + --enable-pgsql=yes \ + --with-html-dir=\$${prefix}/share/doc/prelude-manager/html \ + --localstatedir=/var + touch configure-stamp + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + $(MAKE) + touch build-stamp + +clean: clean-patched unpatch + +clean-patched: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + [ ! -f Makefile ] || $(MAKE) distclean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) install DESTDIR=$(CURDIR)/debian/prelude-manager + + sed -i "/dependency_libs/ s/'.*'/''/" `find . -name '*.la'` + mv $(CURDIR)/debian/prelude-manager/etc/prelude-manager/prelude-manager.conf $(CURDIR)/debian/prelude-manager/usr/share/prelude-manager/ + install -m 644 debian/sql/mysql.sql debian/prelude-manager/usr/share/dbconfig-common/data/prelude-manager/install/mysql + install -m 644 debian/sql/pgsql.sql debian/prelude-manager/usr/share/dbconfig-common/data/prelude-manager/install/pgsql + sed -i 's/^DROP TABLE/-- DROP TABLE/' debian/prelude-manager/usr/share/dbconfig-common/data/prelude-manager/install/pgsql + + install -D -m 644 debian/sql/mysql-update-14-6.sql debian/prelude-manager/usr/share/dbconfig-common/data/prelude-manager/upgrade/mysql/0.9.9.1-1 + install -D -m 644 debian/sql/pgsql-update-14-6.sql debian/prelude-manager/usr/share/dbconfig-common/data/prelude-manager/upgrade/pgsql/0.9.9.1-1 + + install -D -m 644 debian/sql/mysql-update-14-7.sql debian/prelude-manager/usr/share/dbconfig-common/data/prelude-manager/upgrade/mysql/0.9.10-2 + install -D -m 644 debian/sql/pgsql-update-14-7.sql debian/prelude-manager/usr/share/dbconfig-common/data/prelude-manager/upgrade/pgsql/0.9.10-2 + + rmdir $(CURDIR)/debian/prelude-manager/var/run/prelude-manager ||: + +binary-indep: build install + +binary-arch: build install + dh_testdir + dh_testroot + dh_installdebconf + dh_installdocs + dh_installexamples prelude-manager.conf +# dh_installmenu + dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime + dh_installinit +# dh_installcron + dh_installman +# dh_installinfo +# dh_undocumented manager-adduser.8 \ +# prelude-manager.8 \ +# prelude-manager-db-create.sh.8 + + dh_installchangelogs ChangeLog +# dh_link + dh_strip + dh_compress -Xprelude-manager.conf + dh_fixperms +# dh_makeshlibs + dh_installdeb +# dh_perl + # libpreludedb dependency is versioned, so specified in debian/control + dh_shlibdeps -Xlibpreludedb0 + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- prelude-manager-1.0.1.orig/debian/sql/mysql-update-14-6.sql +++ prelude-manager-1.0.1/debian/sql/mysql-update-14-6.sql @@ -0,0 +1,29 @@ +BEGIN; + +UPDATE _format SET version="14.6"; + +ALTER TABLE Prelude_Alertident CHANGE _index _index INTEGER NOT NULL; +ALTER TABLE Prelude_Source CHANGE _index _index SMALLINT NOT NULL; +ALTER TABLE Prelude_Target CHANGE _index _index SMALLINT NOT NULL; +ALTER TABLE Prelude_File CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_FileAccess CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_FileAccess_Permission CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_Linkage CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_Inode CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_Checksum CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_Node CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_Address CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_User CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_UserId CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_Process CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_ProcessArg CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_ProcessEnv CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_Service CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_WebService CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_WebServiceArg CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; +ALTER TABLE Prelude_SnmpService CHANGE _parent0_index _parent0_index SMALLINT NOT NULL; + + +ALTER TABLE Prelude_Checksum CHANGE algorithm algorithm ENUM("MD4", "MD5", "SHA1", "SHA2-256", "SHA2-384", "SHA2-512", "CRC-32", "Haval", "Tiger", "Gost") NOT NULL; + +COMMIT; --- prelude-manager-1.0.1.orig/debian/sql/mysql-update-14-7.sql +++ prelude-manager-1.0.1/debian/sql/mysql-update-14-7.sql @@ -0,0 +1,6 @@ +BEGIN; + +UPDATE _format SET version="14.7"; +ALTER TABLE Prelude_Impact CHANGE description description TEXT NULL; + +COMMIT; --- prelude-manager-1.0.1.orig/debian/sql/mysql.sql +++ prelude-manager-1.0.1/debian/sql/mysql.sql @@ -0,0 +1,522 @@ +DROP TABLE IF EXISTS _format; + +CREATE TABLE _format ( + name VARCHAR(255) NOT NULL, + version VARCHAR(255) NOT NULL +); +INSERT INTO _format (name, version) VALUES('classic', '14.7'); + +DROP TABLE IF EXISTS Prelude_Alert; + +CREATE TABLE Prelude_Alert ( + _ident BIGINT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, + messageid VARCHAR(255) NULL +) ENGINE=InnoDB; + +CREATE INDEX prelude_alert_messageid ON Prelude_Alert (messageid); + + +DROP TABLE IF EXISTS Prelude_Alertident; + +CREATE TABLE Prelude_Alertident ( + _message_ident BIGINT UNSIGNED NOT NULL, + _index INTEGER NOT NULL, + _parent_type ENUM('T','C') NOT NULL, # T=ToolAlert C=CorrelationAlert + alertident VARCHAR(255) NOT NULL, + analyzerid VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_ToolAlert; + +CREATE TABLE Prelude_ToolAlert ( + _message_ident BIGINT UNSIGNED NOT NULL PRIMARY KEY, + name VARCHAR(255) NOT NULL, + command VARCHAR(255) NULL +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_CorrelationAlert; + +CREATE TABLE Prelude_CorrelationAlert ( + _message_ident BIGINT UNSIGNED NOT NULL PRIMARY KEY, + name VARCHAR(255) NOT NULL +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_OverflowAlert; + +CREATE TABLE Prelude_OverflowAlert ( + _message_ident BIGINT UNSIGNED NOT NULL PRIMARY KEY, + program VARCHAR(255) NOT NULL, + size INTEGER UNSIGNED NULL, + buffer BLOB NULL +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_Heartbeat; + +CREATE TABLE Prelude_Heartbeat ( + _ident BIGINT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, + messageid VARCHAR(255) NULL, + heartbeat_interval INTEGER NULL +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_Analyzer; + +CREATE TABLE Prelude_Analyzer ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('A','H') NOT NULL, # A=Alert H=Hearbeat + _index TINYINT NOT NULL, + analyzerid VARCHAR(255) NULL, + name VARCHAR(255) NULL, + manufacturer VARCHAR(255) NULL, + model VARCHAR(255) NULL, + version VARCHAR(255) NULL, + class VARCHAR(255) NULL, + ostype VARCHAR(255) NULL, + osversion VARCHAR(255) NULL, + PRIMARY KEY (_parent_type,_message_ident,_index) +) ENGINE=InnoDB; + +CREATE INDEX prelude_analyzer_analyzerid ON Prelude_Analyzer (_parent_type,_index,analyzerid); +CREATE INDEX prelude_analyzer_index_model ON Prelude_Analyzer (_parent_type,_index,model); + + + +DROP TABLE IF EXISTS Prelude_Classification; + +CREATE TABLE Prelude_Classification ( + _message_ident BIGINT UNSIGNED NOT NULL PRIMARY KEY, + ident VARCHAR(255) NULL, + text VARCHAR(255) NOT NULL +) ENGINE=InnoDB; + +CREATE INDEX prelude_classification_index_text ON Prelude_Classification (text(40)); + + + +DROP TABLE IF EXISTS Prelude_Reference; + +CREATE TABLE Prelude_Reference ( + _message_ident BIGINT UNSIGNED NOT NULL, + _index TINYINT NOT NULL, + origin ENUM("unknown","vendor-specific","user-specific","bugtraqid","cve","osvdb") NOT NULL, + name VARCHAR(255) NOT NULL, + url VARCHAR(255) NOT NULL, + meaning VARCHAR(255) NULL, + PRIMARY KEY (_message_ident, _index) +) ENGINE=InnoDB; + +CREATE INDEX prelude_reference_index_name ON Prelude_Reference (name(40)); + + + +DROP TABLE IF EXISTS Prelude_Source; + +CREATE TABLE Prelude_Source ( + _message_ident BIGINT UNSIGNED NOT NULL, + _index SMALLINT NOT NULL, + ident VARCHAR(255) NULL, + spoofed ENUM("unknown","yes","no") NOT NULL, + interface VARCHAR(255) NULL, + PRIMARY KEY (_message_ident, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_Target; + +CREATE TABLE Prelude_Target ( + _message_ident BIGINT UNSIGNED NOT NULL, + _index SMALLINT NOT NULL, + ident VARCHAR(255) NULL, + decoy ENUM("unknown","yes","no") NOT NULL, + interface VARCHAR(255) NULL, + PRIMARY KEY (_message_ident, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_File; + +CREATE TABLE Prelude_File ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent0_index SMALLINT NOT NULL, + _index TINYINT NOT NULL, + ident VARCHAR(255) NULL, + path VARCHAR(255) NOT NULL, + name VARCHAR(255) NOT NULL, + category ENUM("current", "original") NULL, + create_time DATETIME NULL, + create_time_gmtoff INTEGER NULL, + modify_time DATETIME NULL, + modify_time_gmtoff INTEGER NULL, + access_time DATETIME NULL, + access_time_gmtoff INTEGER NULL, + data_size INT UNSIGNED NULL, + disk_size INT UNSIGNED NULL, + fstype ENUM("ufs", "efs", "nfs", "afs", "ntfs", "fat16", "fat32", "pcfs", "joliet", "iso9660") NULL, + file_type VARCHAR(255) NULL, + PRIMARY KEY (_message_ident, _parent0_index, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_FileAccess; + +CREATE TABLE Prelude_FileAccess ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent0_index SMALLINT NOT NULL, + _parent1_index TINYINT NOT NULL, + _index TINYINT NOT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_FileAccess_Permission; + +CREATE TABLE Prelude_FileAccess_Permission ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent0_index SMALLINT NOT NULL, + _parent1_index TINYINT NOT NULL, + _parent2_index TINYINT NOT NULL, + _index TINYINT NOT NULL, + permission VARCHAR(255) NOT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _parent2_index, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_Linkage; + +CREATE TABLE Prelude_Linkage ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent0_index SMALLINT NOT NULL, + _parent1_index TINYINT NOT NULL, + _index TINYINT NOT NULL, + category ENUM("hard-link","mount-point","reparse-point","shortcut","stream","symbolic-link") NOT NULL, + name VARCHAR(255) NOT NULL, + path VARCHAR(255) NOT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_Inode; + +CREATE TABLE Prelude_Inode ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent0_index SMALLINT NOT NULL, + _parent1_index TINYINT NOT NULL, + change_time DATETIME NULL, + change_time_gmtoff INTEGER NULL, + number INT UNSIGNED NULL, + major_device INT UNSIGNED NULL, + minor_device INT UNSIGNED NULL, + c_major_device INT UNSIGNED NULL, + c_minor_device INT UNSIGNED NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_Checksum; + +CREATE TABLE Prelude_Checksum ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent0_index SMALLINT NOT NULL, + _parent1_index TINYINT NOT NULL, + _index TINYINT NOT NULL, + algorithm ENUM("MD4", "MD5", "SHA1", "SHA2-256", "SHA2-384", "SHA2-512", "CRC-32", "Haval", "Tiger", "Gost") NOT NULL, + value VARCHAR(255) NOT NULL, + checksum_key VARCHAR(255) NULL, # key is a reserved word + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _index) +) ENGINE=InnoDB; + + +DROP TABLE IF EXISTS Prelude_Impact; + +CREATE TABLE Prelude_Impact ( + _message_ident BIGINT UNSIGNED NOT NULL PRIMARY KEY, + description TEXT NULL, + severity ENUM("info", "low","medium","high") NULL, + completion ENUM("failed", "succeeded") NULL, + type ENUM("admin", "dos", "file", "recon", "user", "other") NOT NULL +) ENGINE=InnoDB; + +CREATE INDEX prelude_impact_index_severity ON Prelude_Impact (severity); +CREATE INDEX prelude_impact_index_completion ON Prelude_Impact (completion); +CREATE INDEX prelude_impact_index_type ON Prelude_Impact (type); + + + +DROP TABLE IF EXISTS Prelude_Action; + +CREATE TABLE Prelude_Action ( + _message_ident BIGINT UNSIGNED NOT NULL, + _index TINYINT NOT NULL, + description VARCHAR(255) NULL, + category ENUM("block-installed", "notification-sent", "taken-offline", "other") NOT NULL, + PRIMARY KEY (_message_ident, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_Confidence; + +CREATE TABLE Prelude_Confidence ( + _message_ident BIGINT UNSIGNED NOT NULL PRIMARY KEY, + confidence FLOAT NULL, + rating ENUM("low", "medium", "high", "numeric") NOT NULL +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_Assessment; + +CREATE TABLE Prelude_Assessment ( + _message_ident BIGINT UNSIGNED NOT NULL PRIMARY KEY +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_AdditionalData; + +CREATE TABLE Prelude_AdditionalData ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('A', 'H') NOT NULL, + _index TINYINT NOT NULL, + type ENUM("boolean","byte","character","date-time","integer","ntpstamp","portlist","real","string","byte-string","xml") NOT NULL, + meaning VARCHAR(255) NULL, + data BLOB NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_CreateTime; + +CREATE TABLE Prelude_CreateTime ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('A','H') NOT NULL, # A=Alert H=Hearbeat + time DATETIME NOT NULL, + usec INTEGER UNSIGNED NOT NULL, + gmtoff INTEGER NOT NULL, + PRIMARY KEY (_parent_type,_message_ident) +) ENGINE=InnoDB; + +CREATE INDEX prelude_createtime_index ON Prelude_CreateTime (_parent_type,time); + + +DROP TABLE IF EXISTS Prelude_DetectTime; + +CREATE TABLE Prelude_DetectTime ( + _message_ident BIGINT UNSIGNED NOT NULL PRIMARY KEY, + time DATETIME NOT NULL, + usec INTEGER UNSIGNED NOT NULL, + gmtoff INTEGER NOT NULL +) ENGINE=InnoDB; + +CREATE INDEX prelude_detecttime_index ON Prelude_DetectTime (time); + + +DROP TABLE IF EXISTS Prelude_AnalyzerTime; + +CREATE TABLE Prelude_AnalyzerTime ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('A','H') NOT NULL, # A=Alert H=Hearbeat + time DATETIME NOT NULL, + usec INTEGER UNSIGNED NOT NULL, + gmtoff INTEGER NOT NULL, + PRIMARY KEY (_parent_type, _message_ident) +) ENGINE=InnoDB; + +CREATE INDEX prelude_analyzertime_index ON Prelude_AnalyzerTime (_parent_type,time); + + + +DROP TABLE IF EXISTS Prelude_Node; + +CREATE TABLE Prelude_Node ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('A','H','S','T') NOT NULL, # A=Analyzer T=Target S=Source H=Heartbeat + _parent0_index SMALLINT NOT NULL, + ident VARCHAR(255) NULL, + category ENUM("unknown","ads","afs","coda","dfs","dns","hosts","kerberos","nds","nis","nisplus","nt","wfw") NULL, + location VARCHAR(255) NULL, + name VARCHAR(255) NULL, + PRIMARY KEY(_parent_type, _message_ident, _parent0_index) +) ENGINE=InnoDB; + +CREATE INDEX prelude_node_index_location ON Prelude_Node (_parent_type,_parent0_index,location(20)); +CREATE INDEX prelude_node_index_name ON Prelude_Node (_parent_type,_parent0_index,name(20)); + + + +DROP TABLE IF EXISTS Prelude_Address; + +CREATE TABLE Prelude_Address ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('A','H','S','T') NOT NULL, # A=Analyser T=Target S=Source H=Heartbeat + _parent0_index SMALLINT NOT NULL, + _index TINYINT NOT NULL, + ident VARCHAR(255) NULL, + category ENUM("unknown","atm","e-mail","lotus-notes","mac","sna","vm","ipv4-addr","ipv4-addr-hex","ipv4-net","ipv4-net-mask","ipv6-addr","ipv6-addr-hex","ipv6-net","ipv6-net-mask") NOT NULL, + vlan_name VARCHAR(255) NULL, + vlan_num INTEGER UNSIGNED NULL, + address VARCHAR(255) NOT NULL, + netmask VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ENGINE=InnoDB; + +CREATE INDEX prelude_address_index_address ON Prelude_Address (_parent_type,_parent0_index,_index,address(10)); + + + +DROP TABLE IF EXISTS Prelude_User; + +CREATE TABLE Prelude_User ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('S','T') NOT NULL, # T=Target S=Source + _parent0_index SMALLINT NOT NULL, + ident VARCHAR(255) NULL, + category ENUM("unknown","application","os-device") NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_UserId; + +CREATE TABLE Prelude_UserId ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('S','T', 'F') NOT NULL, # T=Target User S=Source User F=File Access + _parent0_index SMALLINT NOT NULL, + _parent1_index TINYINT NOT NULL, + _parent2_index TINYINT NOT NULL, + _index TINYINT NOT NULL, + ident VARCHAR(255) NULL, + type ENUM("current-user","original-user","target-user","user-privs","current-group","group-privs","other-privs") NOT NULL, + name VARCHAR(255) NULL, + tty VARCHAR(255) NULL, + number INTEGER UNSIGNED NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _parent1_index, _parent2_index, _index) # _parent_index1 and _parent2_index will always be zero if parent_type = 'F' +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_Process; + +CREATE TABLE Prelude_Process ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('A','H','S','T') NOT NULL, # A=Analyzer T=Target S=Source H=Heartbeat + _parent0_index SMALLINT NOT NULL, + ident VARCHAR(255) NULL, + name VARCHAR(255) NOT NULL, + pid INTEGER UNSIGNED NULL, + path VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_ProcessArg; + +CREATE TABLE Prelude_ProcessArg ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('A','H','S','T') NOT NULL DEFAULT 'A', # A=Analyser T=Target S=Source + _parent0_index SMALLINT NOT NULL, + _index TINYINT NOT NULL, + arg VARCHAR(255) NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_ProcessEnv; + +CREATE TABLE Prelude_ProcessEnv ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('A','H','S','T') NOT NULL, # A=Analyser T=Target S=Source + _parent0_index SMALLINT NOT NULL, + _index TINYINT NOT NULL, + env VARCHAR(255) NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_Service; + +CREATE TABLE Prelude_Service ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('S','T') NOT NULL, # T=Target S=Source + _parent0_index SMALLINT NOT NULL, + ident VARCHAR(255) NULL, + ip_version TINYINT UNSIGNED NULL, + name VARCHAR(255) NULL, + port SMALLINT UNSIGNED NULL, + iana_protocol_number TINYINT UNSIGNED NULL, + iana_protocol_name VARCHAR(255) NULL, + portlist VARCHAR (255) NULL, + protocol VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ENGINE=InnoDB; + +CREATE INDEX prelude_service_index_protocol_port ON Prelude_Service (_parent_type,_parent0_index,protocol(10),port); +CREATE INDEX prelude_service_index_protocol_name ON Prelude_Service (_parent_type,_parent0_index,protocol(10),name(10)); + + + +DROP TABLE IF EXISTS Prelude_WebService; + +CREATE TABLE Prelude_WebService ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('S','T') NOT NULL, # T=Target S=Source + _parent0_index SMALLINT NOT NULL, + url VARCHAR(255) NOT NULL, + cgi VARCHAR(255) NULL, + http_method VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_WebServiceArg; + +CREATE TABLE Prelude_WebServiceArg ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('S','T') NOT NULL, # T=Target S=Source + _parent0_index SMALLINT NOT NULL, + _index TINYINT NOT NULL, + arg VARCHAR(255) NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ENGINE=InnoDB; + + + +DROP TABLE IF EXISTS Prelude_SnmpService; + +CREATE TABLE Prelude_SnmpService ( + _message_ident BIGINT UNSIGNED NOT NULL, + _parent_type ENUM('S','T') NOT NULL, # T=Target S=Source + _parent0_index SMALLINT NOT NULL, + snmp_oid VARCHAR(255) NULL, # oid is a reserved word in PostgreSQL + message_processing_model INTEGER UNSIGNED NULL, + security_model INTEGER UNSIGNED NULL, + security_name VARCHAR(255) NULL, + security_level INTEGER UNSIGNED NULL, + context_name VARCHAR(255) NULL, + context_engine_id VARCHAR(255) NULL, + command VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ENGINE=InnoDB; --- prelude-manager-1.0.1.orig/debian/sql/pgsql-update-14-6.sql +++ prelude-manager-1.0.1/debian/sql/pgsql-update-14-6.sql @@ -0,0 +1,51 @@ +-- you can safely ignore error if the following action fails: +ALTER TABLE Prelude_Checksum DROP CONSTRAINT prelude_checksum_algorithm_check; + +BEGIN; +UPDATE _format SET version='14.6'; + +ALTER TABLE Prelude_Alertident ALTER COLUMN _index TYPE INT4; +ALTER TABLE Prelude_Service ALTER COLUMN _parent0_index TYPE INT2; +ALTER TABLE Prelude_Service ALTER COLUMN ip_version TYPE INT2; +ALTER TABLE Prelude_Service ALTER COLUMN iana_protocol_number TYPE INT2; +ALTER TABLE Prelude_Service ALTER COLUMN port TYPE INT4; + + +ALTER TABLE Prelude_Checksum ADD CHECK ( algorithm IN ('MD4', 'MD5', 'SHA1', 'SHA2-256', 'SHA2-384', 'SHA2-512', 'CRC-32', 'Haval', 'Tiger', 'Gost')); + +ALTER TABLE Prelude_Alertident ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_ToolAlert ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_CorrelationAlert ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_OverflowAlert ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Analyzer ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Classification ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Reference ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Source ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Target ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_File ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_FileAccess ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_FileAccess_Permission ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Linkage ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Inode ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Checksum ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Impact ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Action ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Confidence ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Assessment ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_AdditionalData ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_CreateTime ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_DetectTime ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_AnalyzerTime ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Node ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Address ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_User ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_UserId ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Process ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_ProcessArg ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_ProcessEnv ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_Service ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_WebService ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_WebServiceArg ALTER COLUMN _message_ident TYPE INT8; +ALTER TABLE Prelude_SnmpService ALTER COLUMN _message_ident TYPE INT8; + +COMMIT; --- prelude-manager-1.0.1.orig/debian/sql/pgsql-update-14-7.sql +++ prelude-manager-1.0.1/debian/sql/pgsql-update-14-7.sql @@ -0,0 +1,7 @@ +BEGIN; + +UPDATE _format SET version='14.7'; +ALTER TABLE Prelude_Impact ALTER COLUMN description TYPE TEXT; +ALTER TABLE Prelude_Impact ALTER COLUMN description DROP NOT NULL; + +COMMIT; --- prelude-manager-1.0.1.orig/debian/sql/pgsql.sql +++ prelude-manager-1.0.1/debian/sql/pgsql.sql @@ -0,0 +1,522 @@ +DROP TABLE _format; + +CREATE TABLE _format ( + name VARCHAR(255) NOT NULL, + version VARCHAR(255) NOT NULL +); +INSERT INTO _format (name, version) VALUES('classic', '14.7'); + +DROP TABLE Prelude_Alert; + +CREATE TABLE Prelude_Alert ( + _ident BIGSERIAL PRIMARY KEY, + messageid VARCHAR(255) NULL +) ; + +CREATE INDEX prelude_alert_messageid ON Prelude_Alert (messageid); + + +DROP TABLE Prelude_Alertident; + +CREATE TABLE Prelude_Alertident ( + _message_ident INT8 NOT NULL, + _index INT4 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('T','C')) NOT NULL, + alertident VARCHAR(255) NOT NULL, + analyzerid VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _index) +) ; + + + +DROP TABLE Prelude_ToolAlert; + +CREATE TABLE Prelude_ToolAlert ( + _message_ident INT8 NOT NULL PRIMARY KEY, + name VARCHAR(255) NOT NULL, + command VARCHAR(255) NULL +) ; + + + +DROP TABLE Prelude_CorrelationAlert; + +CREATE TABLE Prelude_CorrelationAlert ( + _message_ident INT8 NOT NULL PRIMARY KEY, + name VARCHAR(255) NOT NULL +) ; + + + +DROP TABLE Prelude_OverflowAlert; + +CREATE TABLE Prelude_OverflowAlert ( + _message_ident INT8 NOT NULL PRIMARY KEY, + program VARCHAR(255) NOT NULL, + size INT8 NULL, + buffer BYTEA NULL +) ; + + + +DROP TABLE Prelude_Heartbeat; + +CREATE TABLE Prelude_Heartbeat ( + _ident BIGSERIAL PRIMARY KEY, + messageid VARCHAR(255) NULL, + heartbeat_interval INT4 NULL +) ; + + + +DROP TABLE Prelude_Analyzer; + +CREATE TABLE Prelude_Analyzer ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('A','H')) NOT NULL, + _index INT2 NOT NULL, + analyzerid VARCHAR(255) NULL, + name VARCHAR(255) NULL, + manufacturer VARCHAR(255) NULL, + model VARCHAR(255) NULL, + version VARCHAR(255) NULL, + class VARCHAR(255) NULL, + ostype VARCHAR(255) NULL, + osversion VARCHAR(255) NULL, + PRIMARY KEY (_parent_type,_message_ident,_index) +) ; + +CREATE INDEX prelude_analyzer_analyzerid ON Prelude_Analyzer (_parent_type,_index,analyzerid); +CREATE INDEX prelude_analyzer_index_model ON Prelude_Analyzer (_parent_type,_index,model); + + + +DROP TABLE Prelude_Classification; + +CREATE TABLE Prelude_Classification ( + _message_ident INT8 NOT NULL PRIMARY KEY, + ident VARCHAR(255) NULL, + text VARCHAR(255) NOT NULL +) ; + +CREATE INDEX prelude_classification_index_text ON Prelude_Classification (text); + + + +DROP TABLE Prelude_Reference; + +CREATE TABLE Prelude_Reference ( + _message_ident INT8 NOT NULL, + _index INT2 NOT NULL, + origin VARCHAR(32) CHECK ( origin IN ('unknown','vendor-specific','user-specific','bugtraqid','cve','osvdb')) NOT NULL, + name VARCHAR(255) NOT NULL, + url VARCHAR(255) NOT NULL, + meaning VARCHAR(255) NULL, + PRIMARY KEY (_message_ident, _index) +) ; + +CREATE INDEX prelude_reference_index_name ON Prelude_Reference (name); + + + +DROP TABLE Prelude_Source; + +CREATE TABLE Prelude_Source ( + _message_ident INT8 NOT NULL, + _index INT2 NOT NULL, + ident VARCHAR(255) NULL, + spoofed VARCHAR(32) CHECK ( spoofed IN ('unknown','yes','no')) NOT NULL, + interface VARCHAR(255) NULL, + PRIMARY KEY (_message_ident, _index) +) ; + + + +DROP TABLE Prelude_Target; + +CREATE TABLE Prelude_Target ( + _message_ident INT8 NOT NULL, + _index INT2 NOT NULL, + ident VARCHAR(255) NULL, + decoy VARCHAR(32) CHECK ( decoy IN ('unknown','yes','no')) NOT NULL, + interface VARCHAR(255) NULL, + PRIMARY KEY (_message_ident, _index) +) ; + + + +DROP TABLE Prelude_File; + +CREATE TABLE Prelude_File ( + _message_ident INT8 NOT NULL, + _parent0_index INT2 NOT NULL, + _index INT2 NOT NULL, + ident VARCHAR(255) NULL, + path VARCHAR(255) NOT NULL, + name VARCHAR(255) NOT NULL, + category VARCHAR(32) CHECK ( category IN ('current', 'original')) NULL, + create_time TIMESTAMP NULL, + create_time_gmtoff INT4 NULL, + modify_time TIMESTAMP NULL, + modify_time_gmtoff INT4 NULL, + access_time TIMESTAMP NULL, + access_time_gmtoff INT4 NULL, + data_size INT8 NULL, + disk_size INT8 NULL, + fstype VARCHAR(32) CHECK ( fstype IN ('ufs', 'efs', 'nfs', 'afs', 'ntfs', 'fat16', 'fat32', 'pcfs', 'joliet', 'iso9660')) NULL, + file_type VARCHAR(255) NULL, + PRIMARY KEY (_message_ident, _parent0_index, _index) +) ; + + + +DROP TABLE Prelude_FileAccess; + +CREATE TABLE Prelude_FileAccess ( + _message_ident INT8 NOT NULL, + _parent0_index INT2 NOT NULL, + _parent1_index INT2 NOT NULL, + _index INT2 NOT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _index) +) ; + + + +DROP TABLE Prelude_FileAccess_Permission; + +CREATE TABLE Prelude_FileAccess_Permission ( + _message_ident INT8 NOT NULL, + _parent0_index INT2 NOT NULL, + _parent1_index INT2 NOT NULL, + _parent2_index INT2 NOT NULL, + _index INT2 NOT NULL, + permission VARCHAR(255) NOT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _parent2_index, _index) +) ; + + + +DROP TABLE Prelude_Linkage; + +CREATE TABLE Prelude_Linkage ( + _message_ident INT8 NOT NULL, + _parent0_index INT2 NOT NULL, + _parent1_index INT2 NOT NULL, + _index INT2 NOT NULL, + category VARCHAR(32) CHECK ( category IN ('hard-link','mount-point','reparse-point','shortcut','stream','symbolic-link')) NOT NULL, + name VARCHAR(255) NOT NULL, + path VARCHAR(255) NOT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _index) +) ; + + + +DROP TABLE Prelude_Inode; + +CREATE TABLE Prelude_Inode ( + _message_ident INT8 NOT NULL, + _parent0_index INT2 NOT NULL, + _parent1_index INT2 NOT NULL, + change_time TIMESTAMP NULL, + change_time_gmtoff INT4 NULL, + number INT8 NULL, + major_device INT8 NULL, + minor_device INT8 NULL, + c_major_device INT8 NULL, + c_minor_device INT8 NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index) +) ; + + + +DROP TABLE Prelude_Checksum; + +CREATE TABLE Prelude_Checksum ( + _message_ident INT8 NOT NULL, + _parent0_index INT2 NOT NULL, + _parent1_index INT2 NOT NULL, + _index INT2 NOT NULL, + algorithm VARCHAR(32) CHECK ( algorithm IN ('MD4', 'MD5', 'SHA1', 'SHA2-256', 'SHA2-384', 'SHA2-512', 'CRC-32', 'Haval', 'Tiger', 'Gost')) NOT NULL, + value VARCHAR(255) NOT NULL, + checksum_key VARCHAR(255) NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _index) +) ; + + +DROP TABLE Prelude_Impact; + +CREATE TABLE Prelude_Impact ( + _message_ident INT8 NOT NULL PRIMARY KEY, + description TEXT NULL, + severity VARCHAR(32) CHECK ( severity IN ('info', 'low','medium','high')) NULL, + completion VARCHAR(32) CHECK ( completion IN ('failed', 'succeeded')) NULL, + type VARCHAR(32) CHECK ( type IN ('admin', 'dos', 'file', 'recon', 'user', 'other')) NOT NULL +) ; + +CREATE INDEX prelude_impact_index_severity ON Prelude_Impact (severity); +CREATE INDEX prelude_impact_index_completion ON Prelude_Impact (completion); +CREATE INDEX prelude_impact_index_type ON Prelude_Impact (type); + + + +DROP TABLE Prelude_Action; + +CREATE TABLE Prelude_Action ( + _message_ident INT8 NOT NULL, + _index INT2 NOT NULL, + description VARCHAR(255) NULL, + category VARCHAR(32) CHECK ( category IN ('block-installed', 'notification-sent', 'taken-offline', 'other')) NOT NULL, + PRIMARY KEY (_message_ident, _index) +) ; + + + +DROP TABLE Prelude_Confidence; + +CREATE TABLE Prelude_Confidence ( + _message_ident INT8 NOT NULL PRIMARY KEY, + confidence FLOAT NULL, + rating VARCHAR(32) CHECK ( rating IN ('low', 'medium', 'high', 'numeric')) NOT NULL +) ; + + + +DROP TABLE Prelude_Assessment; + +CREATE TABLE Prelude_Assessment ( + _message_ident INT8 NOT NULL PRIMARY KEY +) ; + + + +DROP TABLE Prelude_AdditionalData; + +CREATE TABLE Prelude_AdditionalData ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('A', 'H')) NOT NULL, + _index INT2 NOT NULL, + type VARCHAR(32) CHECK ( type IN ('boolean','byte','character','date-time','integer','ntpstamp','portlist','real','string','byte-string','xml')) NOT NULL, + meaning VARCHAR(255) NULL, + data BYTEA NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _index) +) ; + + + +DROP TABLE Prelude_CreateTime; + +CREATE TABLE Prelude_CreateTime ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('A','H')) NOT NULL, + time TIMESTAMP NOT NULL, + usec INT8 NOT NULL, + gmtoff INT4 NOT NULL, + PRIMARY KEY (_parent_type,_message_ident) +) ; + +CREATE INDEX prelude_createtime_index ON Prelude_CreateTime (_parent_type,time); + + +DROP TABLE Prelude_DetectTime; + +CREATE TABLE Prelude_DetectTime ( + _message_ident INT8 NOT NULL PRIMARY KEY, + time TIMESTAMP NOT NULL, + usec INT8 NOT NULL, + gmtoff INT4 NOT NULL +) ; + +CREATE INDEX prelude_detecttime_index ON Prelude_DetectTime (time); + + +DROP TABLE Prelude_AnalyzerTime; + +CREATE TABLE Prelude_AnalyzerTime ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('A','H')) NOT NULL, + time TIMESTAMP NOT NULL, + usec INT8 NOT NULL, + gmtoff INT4 NOT NULL, + PRIMARY KEY (_parent_type, _message_ident) +) ; + +CREATE INDEX prelude_analyzertime_index ON Prelude_AnalyzerTime (_parent_type,time); + + + +DROP TABLE Prelude_Node; + +CREATE TABLE Prelude_Node ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('A','H','S','T')) NOT NULL, + _parent0_index INT2 NOT NULL, + ident VARCHAR(255) NULL, + category VARCHAR(32) CHECK ( category IN ('unknown','ads','afs','coda','dfs','dns','hosts','kerberos','nds','nis','nisplus','nt','wfw')) NULL, + location VARCHAR(255) NULL, + name VARCHAR(255) NULL, + PRIMARY KEY(_parent_type, _message_ident, _parent0_index) +) ; + +CREATE INDEX prelude_node_index_location ON Prelude_Node (_parent_type,_parent0_index,location); +CREATE INDEX prelude_node_index_name ON Prelude_Node (_parent_type,_parent0_index,name); + + + +DROP TABLE Prelude_Address; + +CREATE TABLE Prelude_Address ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('A','H','S','T')) NOT NULL, + _parent0_index INT2 NOT NULL, + _index INT2 NOT NULL, + ident VARCHAR(255) NULL, + category VARCHAR(32) CHECK ( category IN ('unknown','atm','e-mail','lotus-notes','mac','sna','vm','ipv4-addr','ipv4-addr-hex','ipv4-net','ipv4-net-mask','ipv6-addr','ipv6-addr-hex','ipv6-net','ipv6-net-mask')) NOT NULL, + vlan_name VARCHAR(255) NULL, + vlan_num INT8 NULL, + address VARCHAR(255) NOT NULL, + netmask VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ; + +CREATE INDEX prelude_address_index_address ON Prelude_Address (_parent_type,_parent0_index,_index,address); + + + +DROP TABLE Prelude_User; + +CREATE TABLE Prelude_User ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('S','T')) NOT NULL, + _parent0_index INT2 NOT NULL, + ident VARCHAR(255) NULL, + category VARCHAR(32) CHECK ( category IN ('unknown','application','os-device')) NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ; + + + +DROP TABLE Prelude_UserId; + +CREATE TABLE Prelude_UserId ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('S','T', 'F')) NOT NULL, + _parent0_index INT2 NOT NULL, + _parent1_index INT2 NOT NULL, + _parent2_index INT2 NOT NULL, + _index INT2 NOT NULL, + ident VARCHAR(255) NULL, + type VARCHAR(32) CHECK ( type IN ('current-user','original-user','target-user','user-privs','current-group','group-privs','other-privs')) NOT NULL, + name VARCHAR(255) NULL, + tty VARCHAR(255) NULL, + number INT8 NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _parent1_index, _parent2_index, _index) +) ; + + + +DROP TABLE Prelude_Process; + +CREATE TABLE Prelude_Process ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('A','H','S','T')) NOT NULL, + _parent0_index INT2 NOT NULL, + ident VARCHAR(255) NULL, + name VARCHAR(255) NOT NULL, + pid INT8 NULL, + path VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ; + + + +DROP TABLE Prelude_ProcessArg; + +CREATE TABLE Prelude_ProcessArg ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('A','H','S','T')) NOT NULL DEFAULT 'A', + _parent0_index INT2 NOT NULL, + _index INT2 NOT NULL, + arg VARCHAR(255) NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ; + + + +DROP TABLE Prelude_ProcessEnv; + +CREATE TABLE Prelude_ProcessEnv ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('A','H','S','T')) NOT NULL, + _parent0_index INT2 NOT NULL, + _index INT2 NOT NULL, + env VARCHAR(255) NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ; + + + +DROP TABLE Prelude_Service; + +CREATE TABLE Prelude_Service ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('S','T')) NOT NULL, + _parent0_index INT2 NOT NULL, + ident VARCHAR(255) NULL, + ip_version INT2 NULL, + name VARCHAR(255) NULL, + port INT4 NULL, + iana_protocol_number INT2 NULL, + iana_protocol_name VARCHAR(255) NULL, + portlist VARCHAR (255) NULL, + protocol VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ; + +CREATE INDEX prelude_service_index_protocol_port ON Prelude_Service (_parent_type,_parent0_index,protocol,port); +CREATE INDEX prelude_service_index_protocol_name ON Prelude_Service (_parent_type,_parent0_index,protocol,name); + + + +DROP TABLE Prelude_WebService; + +CREATE TABLE Prelude_WebService ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('S','T')) NOT NULL, + _parent0_index INT2 NOT NULL, + url VARCHAR(255) NOT NULL, + cgi VARCHAR(255) NULL, + http_method VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ; + + + +DROP TABLE Prelude_WebServiceArg; + +CREATE TABLE Prelude_WebServiceArg ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('S','T')) NOT NULL, + _parent0_index INT2 NOT NULL, + _index INT2 NOT NULL, + arg VARCHAR(255) NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ; + + + +DROP TABLE Prelude_SnmpService; + +CREATE TABLE Prelude_SnmpService ( + _message_ident INT8 NOT NULL, + _parent_type VARCHAR(1) CHECK (_parent_type IN ('S','T')) NOT NULL, + _parent0_index INT2 NOT NULL, + snmp_oid VARCHAR(255) NULL, + message_processing_model INT8 NULL, + security_model INT8 NULL, + security_name VARCHAR(255) NULL, + security_level INT8 NULL, + context_name VARCHAR(255) NULL, + context_engine_id VARCHAR(255) NULL, + command VARCHAR(255) NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ; --- prelude-manager-1.0.1.orig/debian/sql/sqlite.sql +++ prelude-manager-1.0.1/debian/sql/sqlite.sql @@ -0,0 +1,485 @@ + +CREATE TABLE _format ( + name TEXT NOT NULL, + version TEXT NOT NULL +); +INSERT INTO _format (name, version) VALUES('classic', '14.6'); + + +CREATE TABLE Prelude_Alert ( + _ident INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + messageid TEXT NULL +) ; + +CREATE INDEX prelude_alert_messageid ON Prelude_Alert (messageid); + + + +CREATE TABLE Prelude_Alertident ( + _message_ident INTEGER NOT NULL, + _index INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + alertident TEXT NOT NULL, + analyzerid TEXT NULL, + PRIMARY KEY (_parent_type, _message_ident, _index) +) ; + + + + +CREATE TABLE Prelude_ToolAlert ( + _message_ident INTEGER NOT NULL PRIMARY KEY, + name TEXT NOT NULL, + command TEXT NULL +) ; + + + + +CREATE TABLE Prelude_CorrelationAlert ( + _message_ident INTEGER NOT NULL PRIMARY KEY, + name TEXT NOT NULL +) ; + + + + +CREATE TABLE Prelude_OverflowAlert ( + _message_ident INTEGER NOT NULL PRIMARY KEY, + program TEXT NOT NULL, + size INTEGER NULL, + buffer BLOB NULL +) ; + + + + +CREATE TABLE Prelude_Heartbeat ( + _ident INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + messageid TEXT NULL, + heartbeat_interval INTEGER NULL +) ; + + + + +CREATE TABLE Prelude_Analyzer ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _index INTEGER NOT NULL, + analyzerid TEXT NULL, + name TEXT NULL, + manufacturer TEXT NULL, + model TEXT NULL, + version TEXT NULL, + class TEXT NULL, + ostype TEXT NULL, + osversion TEXT NULL, + PRIMARY KEY (_parent_type,_message_ident,_index) +) ; + +CREATE INDEX prelude_analyzer_analyzerid ON Prelude_Analyzer (_parent_type,_index,analyzerid); +CREATE INDEX prelude_analyzer_index_model ON Prelude_Analyzer (_parent_type,_index,model); + + + + +CREATE TABLE Prelude_Classification ( + _message_ident INTEGER NOT NULL PRIMARY KEY, + ident TEXT NULL, + text TEXT NOT NULL +) ; + +CREATE INDEX prelude_classification_index_text ON Prelude_Classification (text); + + + + +CREATE TABLE Prelude_Reference ( + _message_ident INTEGER NOT NULL, + _index INTEGER NOT NULL, + origin TEXT NOT NULL, + name TEXT NOT NULL, + url TEXT NOT NULL, + meaning TEXT NULL, + PRIMARY KEY (_message_ident, _index) +) ; + +CREATE INDEX prelude_reference_index_name ON Prelude_Reference (name); + + + + +CREATE TABLE Prelude_Source ( + _message_ident INTEGER NOT NULL, + _index INTEGER NOT NULL, + ident TEXT NULL, + spoofed TEXT NOT NULL, + interface TEXT NULL, + PRIMARY KEY (_message_ident, _index) +) ; + + + + +CREATE TABLE Prelude_Target ( + _message_ident INTEGER NOT NULL, + _index INTEGER NOT NULL, + ident TEXT NULL, + decoy TEXT NOT NULL, + interface TEXT NULL, + PRIMARY KEY (_message_ident, _index) +) ; + + + + +CREATE TABLE Prelude_File ( + _message_ident INTEGER NOT NULL, + _parent0_index INTEGER NOT NULL, + _index INTEGER NOT NULL, + ident TEXT NULL, + path TEXT NOT NULL, + name TEXT NOT NULL, + category TEXT NULL, + create_time DATETIME NULL, + create_time_gmtoff INTEGER NULL, + modify_time DATETIME NULL, + modify_time_gmtoff INTEGER NULL, + access_time DATETIME NULL, + access_time_gmtoff INTEGER NULL, + data_size INTEGER NULL, + disk_size INTEGER NULL, + fstype TEXT NULL, + file_type TEXT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _index) +) ; + + + + +CREATE TABLE Prelude_FileAccess ( + _message_ident INTEGER NOT NULL, + _parent0_index INTEGER NOT NULL, + _parent1_index INTEGER NOT NULL, + _index INTEGER NOT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _index) +) ; + + + + +CREATE TABLE Prelude_FileAccess_Permission ( + _message_ident INTEGER NOT NULL, + _parent0_index INTEGER NOT NULL, + _parent1_index INTEGER NOT NULL, + _parent2_index INTEGER NOT NULL, + _index INTEGER NOT NULL, + permission TEXT NOT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _parent2_index, _index) +) ; + + + + +CREATE TABLE Prelude_Linkage ( + _message_ident INTEGER NOT NULL, + _parent0_index INTEGER NOT NULL, + _parent1_index INTEGER NOT NULL, + _index INTEGER NOT NULL, + category TEXT NOT NULL, + name TEXT NOT NULL, + path TEXT NOT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _index) +) ; + + + + +CREATE TABLE Prelude_Inode ( + _message_ident INTEGER NOT NULL, + _parent0_index INTEGER NOT NULL, + _parent1_index INTEGER NOT NULL, + change_time DATETIME NULL, + change_time_gmtoff INTEGER NULL, + number INTEGER NULL, + major_device INTEGER NULL, + minor_device INTEGER NULL, + c_major_device INTEGER NULL, + c_minor_device INTEGER NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index) +) ; + + + + +CREATE TABLE Prelude_Checksum ( + _message_ident INTEGER NOT NULL, + _parent0_index INTEGER NOT NULL, + _parent1_index INTEGER NOT NULL, + _index INTEGER NOT NULL, + algorithm TEXT NOT NULL, + value TEXT NOT NULL, + checksum_key TEXT NULL, + PRIMARY KEY (_message_ident, _parent0_index, _parent1_index, _index) +) ; + + + +CREATE TABLE Prelude_Impact ( + _message_ident INTEGER NOT NULL PRIMARY KEY, + description TEXT NULL, + severity TEXT NULL, + completion TEXT NULL, + type TEXT NOT NULL +) ; + +CREATE INDEX prelude_impact_index_severity ON Prelude_Impact (severity); +CREATE INDEX prelude_impact_index_completion ON Prelude_Impact (completion); +CREATE INDEX prelude_impact_index_type ON Prelude_Impact (type); + + + + +CREATE TABLE Prelude_Action ( + _message_ident INTEGER NOT NULL, + _index INTEGER NOT NULL, + description TEXT NULL, + category TEXT NOT NULL, + PRIMARY KEY (_message_ident, _index) +) ; + + + + +CREATE TABLE Prelude_Confidence ( + _message_ident INTEGER NOT NULL PRIMARY KEY, + confidence FLOAT NULL, + rating TEXT NOT NULL +) ; + + + + +CREATE TABLE Prelude_Assessment ( + _message_ident INTEGER NOT NULL PRIMARY KEY +) ; + + + + +CREATE TABLE Prelude_AdditionalData ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _index INTEGER NOT NULL, + type TEXT NOT NULL, + meaning TEXT NULL, + data BLOB NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _index) +) ; + + + + +CREATE TABLE Prelude_CreateTime ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + time DATETIME NOT NULL, + usec INTEGER NOT NULL, + gmtoff INTEGER NOT NULL, + PRIMARY KEY (_parent_type,_message_ident) +) ; + +CREATE INDEX prelude_createtime_index ON Prelude_CreateTime (_parent_type,time); + + + +CREATE TABLE Prelude_DetectTime ( + _message_ident INTEGER NOT NULL PRIMARY KEY, + time DATETIME NOT NULL, + usec INTEGER NOT NULL, + gmtoff INTEGER NOT NULL +) ; + +CREATE INDEX prelude_detecttime_index ON Prelude_DetectTime (time); + + + +CREATE TABLE Prelude_AnalyzerTime ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + time DATETIME NOT NULL, + usec INTEGER NOT NULL, + gmtoff INTEGER NOT NULL, + PRIMARY KEY (_parent_type, _message_ident) +) ; + +CREATE INDEX prelude_analyzertime_index ON Prelude_AnalyzerTime (_parent_type,time); + + + + +CREATE TABLE Prelude_Node ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _parent0_index INTEGER NOT NULL, + ident TEXT NULL, + category TEXT NULL, + location TEXT NULL, + name TEXT NULL, + PRIMARY KEY(_parent_type, _message_ident, _parent0_index) +) ; + +CREATE INDEX prelude_node_index_location ON Prelude_Node (_parent_type,_parent0_index,location); +CREATE INDEX prelude_node_index_name ON Prelude_Node (_parent_type,_parent0_index,name); + + + + +CREATE TABLE Prelude_Address ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _parent0_index INTEGER NOT NULL, + _index INTEGER NOT NULL, + ident TEXT NULL, + category TEXT NOT NULL, + vlan_name TEXT NULL, + vlan_num INTEGER NULL, + address TEXT NOT NULL, + netmask TEXT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ; + +CREATE INDEX prelude_address_index_address ON Prelude_Address (_parent_type,_parent0_index,_index,address); + + + + +CREATE TABLE Prelude_User ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _parent0_index INTEGER NOT NULL, + ident TEXT NULL, + category TEXT NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ; + + + + +CREATE TABLE Prelude_UserId ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _parent0_index INTEGER NOT NULL, + _parent1_index INTEGER NOT NULL, + _parent2_index INTEGER NOT NULL, + _index INTEGER NOT NULL, + ident TEXT NULL, + type TEXT NOT NULL, + name TEXT NULL, + tty TEXT NULL, + number INTEGER NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _parent1_index, _parent2_index, _index) +) ; + + + + +CREATE TABLE Prelude_Process ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _parent0_index INTEGER NOT NULL, + ident TEXT NULL, + name TEXT NOT NULL, + pid INTEGER NULL, + path TEXT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ; + + + + +CREATE TABLE Prelude_ProcessArg ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL DEFAULT 'A', + _parent0_index INTEGER NOT NULL, + _index INTEGER NOT NULL, + arg TEXT NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ; + + + + +CREATE TABLE Prelude_ProcessEnv ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _parent0_index INTEGER NOT NULL, + _index INTEGER NOT NULL, + env TEXT NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ; + + + + +CREATE TABLE Prelude_Service ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _parent0_index INTEGER NOT NULL, + ident TEXT NULL, + ip_version INTEGER NULL, + name TEXT NULL, + port INTEGER NULL, + iana_protocol_number INTEGER NULL, + iana_protocol_name TEXT NULL, + portlist VARCHAR NULL, + protocol TEXT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ; + +CREATE INDEX prelude_service_index_protocol_port ON Prelude_Service (_parent_type,_parent0_index,protocol,port); +CREATE INDEX prelude_service_index_protocol_name ON Prelude_Service (_parent_type,_parent0_index,protocol,name); + + + + +CREATE TABLE Prelude_WebService ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _parent0_index INTEGER NOT NULL, + url TEXT NOT NULL, + cgi TEXT NULL, + http_method TEXT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ; + + + + +CREATE TABLE Prelude_WebServiceArg ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _parent0_index INTEGER NOT NULL, + _index INTEGER NOT NULL, + arg TEXT NOT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index, _index) +) ; + + + + +CREATE TABLE Prelude_SnmpService ( + _message_ident INTEGER NOT NULL, + _parent_type TEXT NOT NULL, + _parent0_index INTEGER NOT NULL, + snmp_oid TEXT NULL, + message_processing_model INTEGER NULL, + security_model INTEGER NULL, + security_name TEXT NULL, + security_level INTEGER NULL, + context_name TEXT NULL, + context_engine_id TEXT NULL, + command TEXT NULL, + PRIMARY KEY (_parent_type, _message_ident, _parent0_index) +) ; --- prelude-manager-1.0.1.orig/debian/watch +++ prelude-manager-1.0.1/debian/watch @@ -0,0 +1,10 @@ +# debian watch file +# You can run the "uscan" command +# to check for upstream updates and more. +# See uscan(1) for format + +# Compulsory line, this is a version 3 file +version=3 + +http://www.prelude-ids.com/en/development/download/index.html \ + /download/releases/prelude-manager/prelude-manager-([\d\.]*)\.tar\.gz