Re: [Shoki-users] chroot - make db

[Stephen P. B. <sp...@me...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>Actually I did my best first, but due to little knowledge I'm having on Unix
>environment I could not even try running it manually.

Assuming you installed in the default location, all you need to do
to run the importer script by hand is to use:

	# /usr/local/shoki/bin/importer


>Actually before going for implementation I want to test whether it is
>possible to get Shoki logs with the vulnerability references: that is if an
>attack is going on, will it be possible for Shoki to log that event
>referring to some vulnerability number such as (CVE, Bugtraq etc.) without
>having the data in 'Vulnerabilities' table since Snort rules having those
>references or else will Shoki work without data in this table? This is the
>problem I am having.

The vulnerabilities table isn't necessary for any of the default behaviour
of shoki 0.3.0.  It's there so any applications you might implement
around shoki have access to the vulnerability information---i.e., to
provide a link to the detailed CVE data.  If you're not planning on
implementing anything like this, it isn't needed.

This, incidentally, is generally true of a lot of the stuff in the
shoki distribution.  It's intended to be more of a toolkit than a
turnkey IDS.

When 1.0 is finally released, it (should) have a lot more happy/friendly
features like this as part of the default install.


>Ok let me give a try, if I want to re-write the script to load cve data,
>from where should I start?

It's just a perl script.  Pretty much all it does is parse a CVE file
and import the results into the vulnerabilities table.  The main
logic of the parsing is in the read_file() subroutine.  It calls
the add_vuln() subroutine to update the database.  It's pretty
straightforward.



- -spb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (OpenBSD)

iD8DBQFHBJwhP32VcPQQS7wRAvTFAKCFqShxHFXqfy1jEUxjfCxNoQNlpwCdHv43
kgyOBw6jcjUqobNoM4/YYD8=
=a+ca
-----END PGP SIGNATURE-----