Tuesday, November 09, 2010

Using Git with FreeBSD Sguil Scripts

Before today I never committed anything using Git. Previously I used CVS, but never got around to trying something more modern like SVN. However, I know several developers at work use Git, so I figured I would try committing my FreeBSD Sguil scripts (lame as they are) to Git at Sourceforge. This would allow me to keep track of changes and get the code out of my own repository for sharing and safekeeping.

I started by cleaning up the directory where I kept the scripts.

After following the instructions to enable Git, I took these actions.


richard@macmini:~/taosecurity_freebsd_sguil$ git init
Initialized empty Git repository in /home/richard/taosecurity_freebsd_sguil/.git/

richard@macmini:~/taosecurity_freebsd_sguil$ git config user.name "Richard Bejtlich"

richard@macmini:~/taosecurity_freebsd_sguil$ git config user.email \
"taosecurity@users.sourceforge.net"

richard@macmini:~/taosecurity_freebsd_sguil$ git remote add origin \
ssh://taosecurity@taosecurity.git.sourceforge.net/gitroot/taosecurity/taosecurity

richard@macmini:~/taosecurity_freebsd_sguil$ git config branch.master.remote origin

richard@macmini:~/taosecurity_freebsd_sguil$ git config branch.master.merge refs/head/master

richard@macmini:~/taosecurity_freebsd_sguil$ git push origin master

taosecurity@taosecurity.git.sourceforge.net's password:
error: src refspec master does not match any.
fatal: The remote end hung up unexpectedly
error: failed to push some refs to 'ssh://taosecurity@taosecurity.git.sourceforge.net/gitroot \
/taosecurity/taosecurity'

That was unfortunate. I didn't see that error in the Sourceforge guide, but after checking here I found that trying to add all the files might be the right step.


richard@macmini:~/taosecurity_freebsd_sguil$ git add *

richard@macmini:~/taosecurity_freebsd_sguil$ git commit -am "Message"

Created initial commit bd18669: Message
28 files changed, 1400 insertions(+), 0 deletions(-)
create mode 100755 README
create mode 100644 SguildLoaderd.tcl.patch
create mode 100644 SguildMysqlMerge.tcl.patch
create mode 100755 barnyard2
create mode 100644 barnyard2.conf
create mode 100644 barnyard2.conf.patch
create mode 100644 log_packets.sh.crontab
create mode 100644 log_packets.sh.patch
create mode 100644 pcap_agent.conf.patch
create mode 100755 prep_platform.sh
create mode 100644 rc-adds.txt
create mode 100755 rc-conf.sh
create mode 100755 sancp
create mode 100644 sancp.conf.patch
create mode 100644 sancp_agent.conf.patch
create mode 100644 sensor_agent.conf.patch
create mode 100755 sguil_database_install_pt1.sh
create mode 100755 sguil_database_install_pt2.sh
create mode 100755 sguil_sensor_install.sh
create mode 100755 sguil_sensor_install_patch.sh
create mode 100644 sguil_sensor_users.txt
create mode 100755 sguil_server_install.sh
create mode 100644 sguild.conf.patch
create mode 100755 sguild_adduser.sh
create mode 100755 snort
create mode 100644 snort.conf.patch
create mode 100644 snort_agent.conf.patch
create mode 100755 snort_src_install.sh

richard@macmini:~/taosecurity_freebsd_sguil$ git push origin master
taosecurity@taosecurity.git.sourceforge.net's password:

Counting objects: 30, done.
Compressing objects: 100% (29/29), done.
Writing objects: 100% (30/30), 17.31 KiB, done.
Total 30 (delta 4), reused 0 (delta 0)
To ssh://taosecurity@taosecurity.git.sourceforge.net/gitroot/taosecurity/taosecurity
* [new branch] master -> master

That did it. I found that if I didn't make a change but tried to note one, nothing happened (as expected).


richard@macmini:~/taosecurity_freebsd_sguil$ git commit -am "Commit scripts using Git"
# On branch master
nothing to commit (working directory clean)

richard@macmini:~/taosecurity_freebsd_sguil$ git push origin
mastertaosecurity@taosecurity.git.sourceforge.net's password:
Everything up-to-date

Next I made some fixes and committed those.

richard@macmini:~/taosecurity_freebsd_sguil$ vi README
richard@macmini:~/taosecurity_freebsd_sguil$ git commit -am "Modify README to reflect changing ExtNet."
Created commit 2ef21f3: Modify README to reflect changing ExtNet.
1 files changed, 3 insertions(+), 1 deletions(-)

richard@macmini:~/taosecurity_freebsd_sguil$ git push origin mastertaosecurity@taosecurity.git.sourceforge.net's password:
Counting objects: 5, done.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 413 bytes, done.
Total 3 (delta 2), reused 0 (delta 0)
To ssh://taosecurity@taosecurity.git.sourceforge.net/gitroot/taosecurity/taosecurity
bd18669..2ef21f3 master -> master

Checking out files is pretty easy, assuming Git is installed.

richard@neely:~$ mkdir gittest

richard@neely:~$ cd gittest

richard@neely:~/gittest$ git clone git://taosecurity.git.sourceforge.net/gitroot/taosecurity/taosecurity

Initialized empty Git repository in /home/richard/gittest/taosecurity/.git/
remote: Counting objects: 30, done.
remote: Compressing objects: 100% (29/29), done.
remote: Total 30 (delta 4), reused 0 (delta 0)
Receiving objects: 100% (30/30), 17.25 KiB, done.
Resolving deltas: 100% (4/4), done.

richard@neely:~/gittest$ cd taosecurity

richard@neely:~/gittest/taosecurity$ ls

barnyard2 sguild_adduser.sh
barnyard2.conf sguil_database_install_pt1.sh
barnyard2.conf.patch sguil_database_install_pt2.sh
log_packets.sh.crontab sguild.conf.patch
log_packets.sh.patch SguildLoaderd.tcl.patch
pcap_agent.conf.patch SguildMysqlMerge.tcl.patch
prep_platform.sh sguil_sensor_install_patch.sh
rc-adds.txt sguil_sensor_install.sh
rc-conf.sh sguil_sensor_users.txt
README sguil_server_install.sh
sancp snort
sancp_agent.conf.patch snort_agent.conf.patch
sancp.conf.patch snort.conf.patch
sensor_agent.conf.patch snort_src_install.sh

So, now my scripts are available for me to add changes and for anyone who might be interested to retrieve them.

1 comment:

Michaelok said...

Nice! Who knows, you might get some suggestions and enhancements now that the scripts are available on sourceforge. There's also "github", a web site like sourceforge with some clever features and a nice interface. Most impressive are their excellent instructions. Here's a link to a blog post where they talk about implementing SSL:
https://github.com/blog/738-sidejack-prevention-phase-2-ssl-everywhere