Permalink
Browse files

Last fixes for the 1.0.9 rollout

Modified the dorothive DDL
Added the dorothive update db script for who is updating from a previous version.
Now Dorothy is able to recognize new processes in base of a previously created base-line.
New processes will be inserted in the new dorothive table.
  • Loading branch information...
m4rco- committed Aug 3, 2013
1 parent cac8e68 commit 7c1ff6a19c033a5d5352909897dbfb296bd35a3f
View
21 UPDATE
@@ -0,0 +1,21 @@
+#######################################
+#Updating from Dorothy 1.0.x to 1.1.0##
+#######################################
+
+Dorothy 1.1.0 introduces several features that improve the overall framework.
+Below, the recommended steps needed to update your Dorothy environment.
+
+a) Remove the Dorothy configuration file
+ rm ~/.dorothy.yml
+ And recreate it by restarting Dorothy. You will see that the init script will ask you more question than before.
+
+b) Since a new configuration file has been added in your Dorothy's etc/ folder (extension.yml), go and edit it
+ accordingly to your environment.
+
+c) From Dorothy home, execute the following SQL script in order to update the database schema. It will add the new table sys_procs.
+
+sudo -u postgres psql dorothive -f share/update_dorothive.sql
+
+That's all! You are ready to go!
+
+
View
@@ -6,9 +6,9 @@
require 'rubygems'
require 'trollop'
-#require 'dorothy2' #comment for testing/developmnet
+require 'dorothy2' #comment for testing/developmnet
-load '../lib/dorothy2.rb' #uncomment for testing/developmnet
+#load '../lib/dorothy2.rb' #uncomment for testing/developmnet
include Dorothy
@@ -31,7 +31,7 @@ opts = Trollop.options do
where [options] are:
EOS
-
+ opt :Version, "Print the current version."
opt :verbose, "Enable verbose mode"
opt :infoflow, "Print the analysis flow"
opt :baseline, "Create a new process baseline"
@@ -64,6 +64,11 @@ if opts[:infoflow]
exit(0)
end
+if opts[:Version]
+ puts "Dorothy ".yellow + Dorothy::VERSION
+ exit(0)
+end
+
puts "
####################################################
View
@@ -7,9 +7,9 @@
require 'rubygems'
require 'trollop'
require 'dorothy2'
-#require 'doroParser'
+require 'doroParser'
-load '../lib/doroParser.rb'
+#load '../lib/doroParser.rb'
include Dorothy
include DoroParser
View
@@ -14,6 +14,7 @@ Gem::Specification.new do |gem|
gem.files = `git ls-files`.split($/)
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
+ gem.extra_rdoc_files = ["README.md"]
gem.require_paths = ["lib"]
gem.add_dependency(%q<net-scp>, [">= 1.0.4"])
gem.add_dependency(%q<net-ssh>, [">= 2.2.1"])
@@ -30,5 +31,6 @@ Gem::Specification.new do |gem|
gem.add_dependency(%q<net-dns>, [">= 0.8.0"])
gem.add_dependency(%q<geoip>, [">= 1.2.1"])
gem.add_dependency(%q<tmail>, [">= 1.2.7.1"])
+ gem.post_install_message = 'If you are upgrating from a previous version, read the UPDATE file!'
end
View
@@ -1072,6 +1072,32 @@ ALTER SEQUENCE whois_id_seq OWNED BY whois.id;
SELECT pg_catalog.setval('whois_id_seq', 1, false);
+
+
+
+--
+-- Name: sys_procs; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
+--
+
+CREATE TABLE dorothy.sys_procs
+(
+ analysis_id integer NOT NULL,
+ pid integer NOT NULL,
+ name character varying,
+ owner character varying,
+ "cmdLine" character varying,
+ "startTime" timestamp without time zone,
+ "endTime" timestamp without time zone,
+ "exitCode" integer,
+ CONSTRAINT "procs-pk" PRIMARY KEY (analysis_id , pid ),
+ CONSTRAINT "anal_id-fk" FOREIGN KEY (analysis_id)
+ REFERENCES dorothy.analyses (id) MATCH SIMPLE
+ ON UPDATE NO ACTION ON DELETE NO ACTION
+)
+
+
+ALTER TABLE dorothy.sys_procs OWNER TO postgres;
+
--
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
--
View
@@ -424,7 +424,6 @@ def analyze_bintraffic(pcaps)
#gets
@insertdb.set_analyzed(dump['hash'])
@insertdb.commit
- @insertdb.close
end
end
@@ -454,6 +453,7 @@ def self.start(daemon)
sleep DoroSettings.env[:dtimeout].to_i if daemon # Sleeping a while if -d wasn't set, then quit.
end
LOGGER_PARSER.info "PARSER" , "There are no more pcaps to analyze.".yellow
+ @insertdb.close
exit(0)
end
Oops, something went wrong.

0 comments on commit 7c1ff6a

Please sign in to comment.