Category Archives: development

January 8, 2008 · 11:29 pm

NSM-Console version 0.3 release

Yep, I’ve just been cranking out code lately, so I am proud to present the 0.3 release of nsm-console!

You can download NSM-Console here:

http://navi.eight7.org/~hinmanm/files/nsm-console-0.3.tar.gz

This release was focused a bit more on usability, features and bugfixes rather than the addition of new modules, however, there were still a couple that were added. Since this release has some pretty big changes, let’s start by going over some of the notable ones:

Continue reading

3 Comments

Filed under argus, console, decode, development, encode, fl0p, framework, hex, iploc, lgpl, monitoring, network, nsm, nsm console, opensource, ruby, script, security

January 1, 2008 · 1:09 pm

Development version of nsm-console (0.3-DEVEL)

I just pushed out a newer development version of nsm-console out to navi.eight7.org, here are some of the new features:

  • Snort module with community rules
    •  self-contained snort module will all the community rules and configuration file, this’ll generate alerts into a file after reading the pcap file. I wasn’t sure whether to use community or bleeding edge rules, it’s still easy to point the snort module to your own snort.conf file and do it that way.
  • Exec command will do substitution now on the following variables:
    • ${PCAP_FILE}
    • ${PCAP_BASE}
    • ${MODULE_DIR}
    • ${OUTPUT_DIR}
    • This’ll let you do something like “exec tcpdump -X -n -r ${PCAP_FILE}
    • In addition, exec now logs all the commands run into the regular logfile
  • The ‘logfile’ command, real simple, just specifies a new logfile
  • Whitespace is handled much much better, there were a lot of bugs with whitespace being handled correctly for the “set” command (among others), it should be handled much better now.
  • Category loading now handles non-files much better, before, if you left a “CVS” directory in the categories folder, it would read it but when it went to do a “toggle all”, it would error out, this has been fixed.
  • Lots of bugfixes :)

You can grab the new version here:

http://navi.eight7.org/~hinmanm/files/nsm-console-0.3-DEVEL.tar.gz

It’s definitely stable enough for daily use, highly recommended over the older versions. I’m still hoping to get cvs-web interface up to be able to browse the code.

4 Comments

Filed under analysis, automation, development, hex, logfile, nsm, nsm console, programming, ruby, script, snort