This repository has been archived by the owner on Jan 18, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 190
/
create_oracle.sql
290 lines (258 loc) · 9 KB
/
create_oracle.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
-- Copyright (C) 2000-2002 Carnegie Mellon University
-- Portions Copyright (C) 2000 Mike Andersen <mike@src.no>
-- Portions Copyright (C) 2001 Andrew Stubbs <andrews@stusoft.com>
-- Portions Copyright (C) 2001 Jed Pickel <jed@pickel.net>
--
-- Author(s): Mike Andersen <mike@src.no>
-- Thomas Stenhaug <thomas@src.no>
--
-- Maintainer: Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
--
-- This program is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation. You may not use, modify or distribute
-- this program under any other version of the GNU General Public License.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program; if not, write to the Free Software
-- Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-- MA 02111-1307, USA.
--
--
-- This file was recently updated by Andrew Stubbs to fix some bugs
-- and make the script more user friendly.
--
-- Comments from Andrew <andrews@stusoft.com> on his update:
--
-- There's a trigger in place of the AUTO_INCREMENT-option for the
-- sensor.sid. I don't fully understand how the NUMBER-type conversion
-- works at this point.
--
-- Oracles DATE seems "bit" more picky on the format than MySQL.
--
-- Rename it to : create_oracle.sql
-- to run type : sqlplus user/password@db_instance @ create_oracle.sql
--
-- The drop tables / sequences are a personal preference - remove if
-- you wish the prompt merely echos the stuff after it - useful for
-- figuring out where you are when its running
prompt schema;
drop table schema;
CREATE TABLE schema ( vseq INT NOT NULL,
ctime VARCHAR2(24) NOT NULL,
PRIMARY KEY (vseq));
INSERT INTO schema (vseq, ctime) VALUES ('107', sysdate);
prompt event;
drop table event;
CREATE TABLE event ( sid INT NOT NULL,
cid INT NOT NULL,
signature INT NOT NULL,
timestamp DATE NOT NULL,
PRIMARY KEY (sid,cid));
prompt signature;
drop table signature;
CREATE TABLE signature ( sig_id INT NOT NULL,
sig_name VARCHAR2(255),
sig_class_id INT,
sig_priority INT,
sig_rev INT,
sig_sid INT,
sig_gid INT,
PRIMARY KEY (sig_id));
--
-- auto-increment the signature.sig_id
--
drop sequence seq_snort_signature_id ;
CREATE SEQUENCE seq_snort_signature_id START WITH 1 INCREMENT BY 1;
CREATE or replace TRIGGER tr_snort_signature_id
BEFORE INSERT ON signature
FOR EACH ROW
BEGIN
SELECT seq_snort_signature_id.nextval INTO :new.SIG_ID FROM
dual;
END;
/
prompt sig_reference;
drop table sig_reference;
CREATE TABLE sig_reference (sig_id INT NOT NULL,
ref_seq INT NOT NULL,
ref_id INT NOT NULL,
PRIMARY KEY(sig_id, ref_seq));
prompt reference;
drop table reference;
CREATE TABLE reference ( ref_id INT NOT NULL,
ref_system_id INT NOT NULL,
ref_tag VARCHAR2(100) NOT NULL,
PRIMARY KEY (ref_id));
--
-- auto-increment the reference.ref_id
--
drop sequence seq_snort_reference_id;
CREATE SEQUENCE seq_snort_reference_id START WITH 1 INCREMENT BY 1;
CREATE or replace TRIGGER tr_snort_reference_id
BEFORE INSERT ON reference
FOR EACH ROW
BEGIN
SELECT seq_snort_reference_id.nextval INTO :new.REF_ID FROM
dual;
END;
/
prompt reference_system;
drop table reference_system ;
CREATE TABLE reference_system ( ref_system_id INT NOT NULL,
ref_system_name VARCHAR2(20),
PRIMARY KEY (ref_system_id));
drop sequence seq_snort_ref_system_id ;
CREATE SEQUENCE seq_snort_ref_system_id START WITH 1 INCREMENT BY 1;
CREATE or replace TRIGGER tr_snort_ref_system_id
BEFORE INSERT ON reference_system
FOR EACH ROW
BEGIN
SELECT seq_snort_ref_system_id.nextval INTO
:new.REF_SYSTEM_ID FROM dual;
END;
/
prompt sig_class;
drop table sig_class;
CREATE TABLE sig_class ( sig_class_id INT NOT NULL,
sig_class_name VARCHAR(60) NOT NULL,
PRIMARY KEY (sig_class_id));
drop sequence seq_snort_sig_class_id ;
CREATE SEQUENCE seq_snort_sig_class_id START WITH 1 INCREMENT BY 1;
CREATE or REPLACE TRIGGER tr_snort_sig_class_id
BEFORE INSERT ON sig_class
FOR EACH ROW
BEGIN
select seq_snort_sig_class_id.nextval into :new.sig_class_id from
dual;
END;
/
--
-- store info about the sensor supplying data
--
prompt sensor;
drop table sensor;
CREATE TABLE sensor (
sid INT NOT NULL,
hostname VARCHAR2(100),
interface VARCHAR2(100),
filter VARCHAR2(100),
detail INT,
encoding INT,
last_cid INT NOT NULL,
PRIMARY KEY (sid));
--
-- auto-increment the sensor.sid
--
drop sequence seq_snort_sensor_id ;
CREATE SEQUENCE seq_snort_sensor_id START WITH 1 INCREMENT BY 1;
CREATE OR REPLACE TRIGGER tr_snort_sensor_id
BEFORE INSERT ON sensor
FOR EACH ROW
BEGIN
SELECT seq_snort_sensor_id.nextval INTO :new.SID FROM dual;
END;
/
-- All of the fields of an ip header
prompt iphdr;
drop table iphdr;
CREATE TABLE iphdr (
sid INT NOT NULL,
cid INT NOT NULL,
ip_src INT NOT NULL,
ip_dst INT NOT NULL,
ip_ver INT,
ip_hlen INT,
ip_tos INT,
ip_len INT,
ip_id INT,
ip_flags INT,
ip_off INT,
ip_ttl INT,
ip_proto INT NOT NULL,
ip_csum INT,
PRIMARY KEY (sid,cid));
-- All of the fields of a tcp header
prompt tcphdr;
drop table tcphdr;
CREATE TABLE tcphdr (
sid INT NOT NULL,
cid INT NOT NULL,
tcp_sport INT NOT NULL,
tcp_dport INT NOT NULL,
tcp_seq INT,
tcp_ack INT,
tcp_off INT,
tcp_res INT,
tcp_flags INT NOT NULL,
tcp_win INT,
tcp_csum INT,
tcp_urp INT,
PRIMARY KEY (sid,cid));
-- All of the fields of a udp header
prompt udphdr;
drop table udphdr;
CREATE TABLE udphdr (
sid INT NOT NULL,
cid INT NOT NULL,
udp_sport INT NOT NULL,
udp_dport INT NOT NULL,
udp_len INT,
udp_csum INT,
PRIMARY KEY (sid,cid));
-- All of the fields of an icmp header
prompt icmphdr;
drop table icmphdr;
CREATE TABLE icmphdr(
sid INT NOT NULL,
cid INT NOT NULL,
icmp_type INT NOT NULL,
icmp_code INT NOT NULL,
icmp_csum INT,
icmp_id INT,
icmp_seq INT,
PRIMARY KEY (sid,cid));
-- Protocol options
prompt opt;
drop table opt;
CREATE TABLE opt (
sid INT NOT NULL,
cid INT NOT NULL,
optid INT NOT NULL,
opt_proto INT NOT NULL,
opt_code INT NOT NULL,
opt_len INT,
opt_data BLOB,
PRIMARY KEY (sid,cid,optid));
-- Packet payload
prompt data;
drop table data;
CREATE TABLE data (
sid INT NOT NULL,
cid INT NOT NULL,
data_payload BLOB,
PRIMARY KEY (sid,cid));
-- encoding is a lookup table for storing encoding types
prompt encoding
drop table encoding;
CREATE TABLE encoding (
encoding_type INT NOT NULL,
encoding_text VARCHAR2(50) NOT NULL,
PRIMARY KEY (encoding_type));
INSERT INTO encoding (encoding_type, encoding_text) VALUES (0, 'hex');
INSERT INTO encoding (encoding_type, encoding_text) VALUES (1, 'base64');
INSERT INTO encoding (encoding_type, encoding_text) VALUES (2, 'ascii');
-- detail is a lookup table for storing different detail levels
prompt detail;
drop table detail;
CREATE TABLE detail (
detail_type INT NOT NULL,
detail_text VARCHAR2(50) NOT NULL,
PRIMARY KEY (detail_type));
INSERT INTO detail (detail_type, detail_text) VALUES (0, 'fast');
INSERT INTO detail (detail_type, detail_text) VALUES (1, 'full');