The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools. Reproducible: Always Steps to Reproduce: 1. 2. 3. I'm working on docs for gentoo as an IDS/Stealth logger and this package would be helpful to that end and the gentoo hardening project.
ok, me and coredumb are working on ebuilds for ACID and its deps.
Coredumb: please handle this as it seems you are doing some of it already.
Pending the webapp eclass.
Created attachment 17315 [details] ebuild
Created attachment 17316 [details] Changelog
Created attachment 17317 [details] files/perms.sql SQL file to set permissions on acid tables in snort database. Only tested on postgresql so far
I've tested this on postgresql. Database abstraction is done through adodb (bug 28238). Any problems I'm more than willing to refine and further test this. If I get time I'll check the use of phplot rather than jpgraph. I think GD is the main dependancy though. This uses Robin's fantastic webapp eclass.
Created attachment 18734 [details] instructions that I prepared for someone else - may be of use these are some general instructions I made for the installation. Its a bit surperflous in places but hopefully of use. If I get time I'll refine it into a propper gentoo document. time...alas where is all the time? ;-).
Had a post submission thought about the database dependancies - they shouldn't be there as the databases can exist on a different machine. Database abstraction is done through the adodb so there realy isn't a dependancy.
Coredumb - this bug's been open so long now ... are you still working on this? Thanks, Stu
sorting bugs
ACID is already in portage: net-analyzer/acid