Sguil Development Issues
Lots has been happening in the Sguil world this past week. Bamm released Sguil 0.5.0 last week. The major development was the merging of xscriptd functionality into sguild. That's one less component to worry about.
I also made some changes to the instructions for building IncrTcl in my Sguil installation guide, thanks to Mark Bergstrom. My guide still applies to Sguil 0.5.0, although the advice on xscriptd now belongs in the sguild configuration section. I'll produce a new guide for Sguil 0.5.1 when it arrives, as I hope to incorporate Snort 2.2.0 as well.
After nearly four years of asking Bamm for feature requests in various apps he's written, I finally committed my own change to Sguil. I committed a change to sguil.tk and qrylib.tcl to support querying for events by source or destination port. Unfortunately I made a mistake merging my changes into the version I checked into CVS, and Bamm made a correction to sguil.tk shortly after my commit! I duplicated a line by mistake.
Nevertheless, I thought it might be interesting to share the commands I used to check out and then check in the Sguil code for those who don't use CVS.
First I checked out the latest Sguil distro. I made a directory to separate that code from my home directory, and then set an environment variable telling CVS to use SSH for transport:
Next I checked out the Sguil code:
Next I made the changes I needed to the Sguil code, and committed them. Note I did this from the 'sguil' directory:
After entering my password, I was dropped into a vi session. There I was asked to create my log entry for the changes I made. When done CVS checked in the files I modified:
In the #snort-gui IRC channel on irc.freenode.net, this message appeared:
CIA-7 is a reference to the CIA Open Source Notification System, an IRC bot. You can see that message saved here. We also use Infobot and Pastebot to keep track of various pieces of information in the #snort-gui channel.
I also made some changes to the instructions for building IncrTcl in my Sguil installation guide, thanks to Mark Bergstrom. My guide still applies to Sguil 0.5.0, although the advice on xscriptd now belongs in the sguild configuration section. I'll produce a new guide for Sguil 0.5.1 when it arrives, as I hope to incorporate Snort 2.2.0 as well.
After nearly four years of asking Bamm for feature requests in various apps he's written, I finally committed my own change to Sguil. I committed a change to sguil.tk and qrylib.tcl to support querying for events by source or destination port. Unfortunately I made a mistake merging my changes into the version I checked into CVS, and Bamm made a correction to sguil.tk shortly after my commit! I duplicated a line by mistake.
Nevertheless, I thought it might be interesting to share the commands I used to check out and then check in the Sguil code for those who don't use CVS.
First I checked out the latest Sguil distro. I made a directory to separate that code from my home directory, and then set an environment variable telling CVS to use SSH for transport:
drury:/home/analyst$ cd sguil_devel
drury:/home/analyst/sguil_devel$ export CVS_RSH=ssh
Next I checked out the Sguil code:
drury:/home/analyst/sguil_devel$ cvs -d:ext:taosecurity@cvs.sf.net:/cvsroot/sguil
checkout sguil
taosecurity@cvs.sf.net's password:
cvs checkout: Updating sguil
U sguil/README
cvs checkout: Updating sguil/client
U sguil/client/sguil.conf
U sguil/client/sguil.tk
cvs checkout: Updating sguil/client/lib
U sguil/client/lib/dkffont.tcl
U sguil/client/lib/email17.tcl
...truncated...
Next I made the changes I needed to the Sguil code, and committed them. Note I did this from the 'sguil' directory:
drury:/home/analyst/sguil_devel/sguil$ cvs commit
cvs commit: Examining .
cvs commit: Examining client
cvs commit: Examining client/lib
...edited...
cvs commit: Examining web/data
cvs commit: Examining web/lib
taosecurity@cvs.sf.net's password:
After entering my password, I was dropped into a vi session. There I was asked to create my log entry for the changes I made. When done CVS checked in the files I modified:
Checking in client/sguil.tk;
/cvsroot/sguil/sguil/client/sguil.tk,v <-- sguil.tk
new revision: 1.121; previous revision: 1.120
done
Mailing sguil-cvs@lists.sf.net...
Generating notification message...
Generating notification message... done.
Checking in client/lib/qrylib.tcl;
/cvsroot/sguil/sguil/client/lib/qrylib.tcl,v <-- qrylib.tcl
new revision: 1.19; previous revision: 1.18
done
Mailing sguil-cvs@lists.sf.net...
Generating notification message...
Generating notification message... done.
In the #snort-gui IRC channel on irc.freenode.net, this message appeared:
taosecurity * sguil/client (2 files in 2 dirs):
Added ability to query events for source or destination ports.
CIA-7 is a reference to the CIA Open Source Notification System, an IRC bot. You can see that message saved here. We also use Infobot and Pastebot to keep track of various pieces of information in the #snort-gui channel.
Comments