recompile app v2.2 to add ostiarius parser

Author: pirate

Security Growler Light.app.zip

@@ -17,11 +17,11 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.1</string>
+	<string>2.2</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>
-	<string>2.1</string>
+	<string>2.2</string>
 	<key>LSMinimumSystemVersion</key>
 	<string>10.7.0</string>
 	<key>LSUIElement</key>

Security Growler Light.app/Contents/Info.plist

@@ -20644,7 +20644,7 @@
 	<key>Suffixes</key>
 	<array/>
 	<key>TextBackground</key>
-	<string>#ffffff</string>
+	<string>#dadada</string>
 	<key>TextEncoding</key>
 	<integer>4</integer>
 	<key>TextFont</key>

Security Growler Light.app/Contents/Resources/AppSettings.plist

@@ -1,5 +1,5 @@
-TITLE = 'PORT {0} <- {1}'
-BODY = '{0} {1} ({2}) @ {3}'
+TITLE = 'PORT {port} <- {source}'
+BODY = '{user} {process} ({pid}) @ {target}'
 
 def parse_connection(log_line, port=None):
     details = log_line.split()[:10]
@@ -25,13 +25,5 @@ def parse_connection(log_line, port=None):
 def parse(line, source=None):
     conn = parse_connection(line, source)
     if conn:
-        return ('notify',
-            TITLE.format(conn['port'], conn['source']),
-            BODY.format(
-                conn['user'],
-                conn['process'],
-                conn['pid'],
-                conn['target'],
-            ),
-        )
+        return ('notify', TITLE.format(**conn), BODY.format(**conn))
     return (None, '', '')

Security Growler Light.app/Contents/Resources/parsers/connections.py

@@ -0,0 +1,9 @@
+import re
+
+#27/04/16 09:42:38,000 kernel[0]: OSTIARIUS: /Applications/Xoib.app/Contents/MacOS/Xoib is from the internet & is unsigned -> BLOCKING!
+OSTIARIUS_EVENT_FILTER = re.compile('OSTIARIUS: .+BLOCKING')
+
+def parse(line, source=None):
+    if OSTIARIUS_EVENT_FILTER.findall(line):
+        return ('alert', 'Ostiarius', line.split('OSTIARIUS: ', 1)[-1])
+    return (None, '', '')

Security Growler Light.app/Contents/Resources/parsers/ostiarius.py

@@ -14,7 +14,7 @@
     3306: 'connections',    # MySQL
     5432: 'connections',    # PostgreSQL
     5900: 'vnc',            # VNC
-    '/var/log/system.log': ('sudo', 'ssh', 'portscan'),
+    '/var/log/system.log': ('sudo', 'ssh', 'portscan', 'ostiarius'),
 }
 
 # Enabled output/display methods

Security Growler Light.app/Contents/Resources/settings.py

@@ -8,8 +8,4 @@ def gen_lines(path):
         logfile.seek(0, 2)  # jump to end
         yield 'ready'       # otherwise it will hang until the first change appears
         while True:
-            next_line = logfile.readline().strip()
-            if next_line:
-                yield next_line
-            else:
-                yield None
+            yield logfile.readline().strip() or None

Security Growler Light.app/Contents/Resources/sources/logfile.py

@@ -17,11 +17,11 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.1</string>
+	<string>2.2</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>
-	<string>2.1</string>
+	<string>2.2</string>
 	<key>LSMinimumSystemVersion</key>
 	<string>10.7.0</string>
 	<key>LSUIElement</key>

Security Growler.app.zip

@@ -1,5 +1,5 @@
-TITLE = 'PORT {0} <- {1}'
-BODY = '{0} {1} ({2}) @ {3}'
+TITLE = 'PORT {port} <- {source}'
+BODY = '{user} {process} ({pid}) @ {target}'
 
 def parse_connection(log_line, port=None):
     details = log_line.split()[:10]
@@ -25,13 +25,5 @@ def parse_connection(log_line, port=None):
 def parse(line, source=None):
     conn = parse_connection(line, source)
     if conn:
-        return ('notify',
-            TITLE.format(conn['port'], conn['source']),
-            BODY.format(
-                conn['user'],
-                conn['process'],
-                conn['pid'],
-                conn['target'],
-            ),
-        )
+        return ('notify', TITLE.format(**conn), BODY.format(**conn))
     return (None, '', '')