add files

debian/changelog

@@ -0,0 +1,114 @@
+securityonion-web-page (20141015-0ubuntu0securityonion19) precise; urgency=low
+
+  * Move from Google Code to Github #703 
+
+ -- Doug Burks <[email protected]>  Fri, 27 Mar 2015 11:39:33 -0400
+
+securityonion-web-page (20141015-0ubuntu0securityonion18) precise; urgency=low
+
+  * Improve local.php.empty again 
+
+ -- Doug Burks <[email protected]>  Tue, 03 Mar 2015 09:16:34 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion17) precise; urgency=low
+
+  * Improve local.php.empty 
+
+ -- Doug Burks <[email protected]>  Tue, 03 Mar 2015 08:53:24 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion16) precise; urgency=low
+
+  * Issue 696: ELSA custom menu
+
+ -- Doug Burks <[email protected]>  Mon, 02 Mar 2015 16:47:53 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion15) precise; urgency=low
+
+  * Issue 685: securityonion-web-page: update links 
+
+ -- Doug Burks <[email protected]>  Fri, 30 Jan 2015 17:18:21 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion14) precise; urgency=low
+
+  * Issue 670: securityonion-web-page: add queries for updated bro_dns parser
+
+ -- Doug Burks <[email protected]>  Fri, 09 Jan 2015 15:02:18 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion13) precise; urgency=low
+
+  * improve resp_country_code query 
+
+ -- Doug Burks <[email protected]>  Tue, 30 Dec 2014 21:08:23 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion12) precise; urgency=low
+
+  * added "icmp or tcp or udp" to resp_country_code query 
+  * renamed "Top Snort Alerts" to "Top NIDS Alerts"
+
+ -- Doug Burks <[email protected]>  Tue, 30 Dec 2014 20:27:40 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion11) precise; urgency=low
+
+  * Issue 659: securityonion-web-page: add ELSA query for bro_conn groupby:resp_country_code 
+
+ -- Doug Burks <[email protected]>  Wed, 24 Dec 2014 14:50:38 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion10) precise; urgency=low
+
+  * add queries for RADIUS 
+
+ -- Doug Burks <[email protected]>  Tue, 18 Nov 2014 15:21:34 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion9) precise; urgency=low
+
+  * add queries for SNMP 
+
+ -- Doug Burks <[email protected]>  Tue, 18 Nov 2014 11:19:04 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion8) precise; urgency=low
+
+  * Issue 578: securityonion-web-page: add ELSA queries for new Bro 2.3 logs 
+
+ -- Doug Burks <[email protected]>  Mon, 17 Nov 2014 16:54:11 -0500
+
+securityonion-web-page (20141015-0ubuntu0securityonion7) precise; urgency=low
+
+  * remove sudo from preinst 
+
+ -- Doug Burks <[email protected]>  Fri, 24 Oct 2014 23:04:54 -0400
+
+securityonion-web-page (20141015-0ubuntu0securityonion6) precise; urgency=low
+
+  * fix typo in preinst 
+
+ -- Doug Burks <[email protected]>  Fri, 24 Oct 2014 23:02:14 -0400
+
+securityonion-web-page (20141015-0ubuntu0securityonion5) precise; urgency=low
+
+  * add error handling to preinst 
+
+ -- Doug Burks <[email protected]>  Fri, 24 Oct 2014 21:30:05 -0400
+
+securityonion-web-page (20141015-0ubuntu0securityonion4) precise; urgency=low
+
+  * move fix to preinst in case this package is installing at the same time as squert 
+
+ -- Doug Burks <[email protected]>  Fri, 24 Oct 2014 21:14:09 -0400
+
+securityonion-web-page (20141015-0ubuntu0securityonion3) precise; urgency=low
+
+  * Issue 640:	securityonion-web-page: previous update broke ssl symlink 
+
+ -- Doug Burks <[email protected]>  Fri, 24 Oct 2014 21:03:40 -0400
+
+securityonion-web-page (20141015-0ubuntu0securityonion2) precise; urgency=low
+
+  * Issue 634:	securityonion-web-page: add queries for ssl_version and ssl_cipher 
+
+ -- Doug Burks <[email protected]>  Thu, 16 Oct 2014 13:11:12 -0400
+
+securityonion-web-page (20141015-0ubuntu0securityonion1) precise; urgency=low
+
+  * Initial release
+
+ -- Doug Burks <[email protected]>  Wed, 15 Oct 2014 23:39:50 -0400

debian/compat

@@ -0,0 +1 @@
+8

debian/control

@@ -0,0 +1,15 @@
+Source: securityonion-web-page
+Section: net
+Priority: extra
+Maintainer: Doug Burks <[email protected]>
+Build-Depends: debhelper (>= 8.0.0)
+Standards-Version: 3.9.3
+Homepage: http://securityonion.blogspot.com
+#Vcs-Git: git://git.debian.org/collab-maint/securityonion-web-page.git
+#Vcs-Browser: http://git.debian.org/?p=collab-maint/securityonion-web-page.git;a=summary
+
+Package: securityonion-web-page
+Architecture: all
+Depends: ${misc:Depends},apache2
+Description: Security Onion web page
+ Security Onion web page

debian/copyright

@@ -0,0 +1,41 @@
+Format: http://dep.debian.net/deps/dep5
+Upstream-Name: securityonion-web-page
+Source: http://securityonion.blogspot.com
+
+Files: *
+Copyright: 2012 Doug Burks <[email protected]>
+License: GPL-2+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
+
+Files: debian/*
+Copyright: 2012 Doug Burks <[email protected]>
+License: GPL-2+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".

debian/install

@@ -0,0 +1,3 @@
+index.php var/www
+securityonion_logo.jpg var/www
+elsa var/www

debian/patches/Issue-578:-securityonion-web-page:-add-ELSA-queries-for-new-Bro-2.3-logs

@@ -0,0 +1,44 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-web-page (20141015-0ubuntu0securityonion8) precise; urgency=low
+ .
+   * Issue 578: securityonion-web-page: add ELSA queries for new Bro 2.3 logs
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-web-page-20141015.orig/elsa/menu.php
++++ securityonion-web-page-20141015/elsa/menu.php
+@@ -181,5 +181,16 @@ background-color:#A3C3E0;
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_WEIRD &quot;-&quot; groupby:dstip" target="dynamic" onclick="turnBackBold (this);">Top DST IPs</a><br>
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_WEIRD &quot;-&quot; groupby:name" target="dynamic" onclick="turnBackBold (this);">Top Weird Types</a><br>
+ </span>
++<br><a href="javascript:showhide('509','tri_509')"><img src="tri_c.gif" id="tri_509" width="14" height="10" border="0" alt=""></a><a href="javascript:showhide('509','tri_509')" class="navlnk">x509</a><br>
++<span id="509"  style="display: none">
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_X509 &quot;-&quot; groupby:cert_version" target="dynamic" onclick="turnBackBold (this);">Version</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_X509 &quot;-&quot; groupby:cert_key_length" target="dynamic" onclick="turnBackBold (this);">Key Length</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_X509 &quot;-&quot; groupby:cert_serial" target="dynamic" onclick="turnBackBold (this);">Serial</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_X509 &quot;-&quot; groupby:cert_subject" target="dynamic" onclick="turnBackBold (this);">Subject</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_X509 &quot;-&quot; groupby:cert_issuer" target="dynamic" onclick="turnBackBold (this);">Issuer</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_X509 &quot;-&quot; groupby:cert_key_alg" target="dynamic" onclick="turnBackBold (this);">Key Algorithm</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_X509 &quot;-&quot; groupby:cert_sig_alg" target="dynamic" onclick="turnBackBold (this);">Sig Algorithm</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_X509 &quot;-&quot; groupby:cert_key_type" target="dynamic" onclick="turnBackBold (this);">Key Type</a><br>
++</span>
+ </body>
+ </html>

debian/patches/Issue-634:-securityonion-web-page:-add-queries-for-ssl_version-and-ssl_cipher

@@ -0,0 +1,36 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-web-page (20141015-0ubuntu0securityonion2) precise; urgency=low
+ .
+   * Issue 634:	securityonion-web-page: add queries for ssl_version and ssl_cipher
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-web-page-20141015.orig/elsa/menu.php
++++ securityonion-web-page-20141015/elsa/menu.php
+@@ -168,6 +168,8 @@ background-color:#A3C3E0;
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_SSL &quot;sslv3&quot; groupby:srcip" target="dynamic" onclick="turnBackBold (this);">Top SSLv3 SRC IPs</a><br>
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_SSL &quot;sslv3&quot; groupby:dstip" target="dynamic" onclick="turnBackBold (this);">Top SSLv3 DST IPs</a><br>
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_SSL &quot;sslv3&quot; groupby:hostname" target="dynamic" onclick="turnBackBold (this);">Top SSLv3 Hostnames</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_SSL &quot;-&quot; groupby:ssl_version" target="dynamic" onclick="turnBackBold (this);">Top SSL Versions</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_SSL &quot;-&quot; groupby:ssl_cipher" target="dynamic" onclick="turnBackBold (this);">Top SSL Ciphers</a><br>
+ </span>
+ <br><a href="javascript:showhide('tun','tri_tun')"><img src="tri_c.gif" id="tri_tun" width="14" height="10" border="0" alt=""></a><a href="javascript:showhide('tun','tri_tun')" class="navlnk">Tunnels</a><br>
+ <span id="tun"  style="display: none">

debian/patches/Issue-659:-securityonion-web-page:-add-ELSA-query-for-bro_conn-groupby:resp_country_code

@@ -0,0 +1,35 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-web-page (20141015-0ubuntu0securityonion11) precise; urgency=low
+ .
+   * Issue 659: securityonion-web-page: add ELSA query for bro_conn groupby:resp_country_code
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-web-page-20141015.orig/elsa/menu.php
++++ securityonion-web-page-20141015/elsa/menu.php
+@@ -59,6 +59,7 @@ background-color:#A3C3E0;
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_CONN +BRO_CONN.dstport=53 groupby:service" target="dynamic" onclick="turnBackBold (this);">Port 53 groupby Service</a><br>
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_CONN +BRO_CONN.dstport=80 groupby:service" target="dynamic" onclick="turnBackBold (this);">Port 80 groupby Service</a><br>
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_CONN +BRO_CONN.dstport=443 groupby:service" target="dynamic" onclick="turnBackBold (this);">Port 443 groupby Service</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_CONN groupby:resp_country_code" target="dynamic" onclick="turnBackBold (this);">Groupby Resp Country</a><br>
+ </span>
+ <br><a href="javascript:showhide('dhcp','tri_dhcp')"><img src="tri_c.gif" id="tri_dhcp" width="14" height="10" border="0" alt=""></a><a href="javascript:showhide('dhcp','tri_dhcp')" class="navlnk">DHCP</a><br>
+ <span id="dhcp"  style="display: none">

debian/patches/Issue-670:-securityonion-web-page:-add-queries-for-updated-bro_dns-parser

@@ -0,0 +1,37 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-web-page (20141015-0ubuntu0securityonion14) precise; urgency=low
+ .
+   * Issue 670: securityonion-web-page: add queries for updated bro_dns parser
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-web-page-20141015.orig/elsa/menu.php
++++ securityonion-web-page-20141015/elsa/menu.php
+@@ -71,6 +71,9 @@ background-color:#A3C3E0;
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_DNS dstport=&quot;53&quot; groupby:dstip" target="dynamic" onclick="turnBackBold (this);">Top DST IPs</a><br>
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_DNS dstport=&quot;53&quot; groupby:hostname" target="dynamic" onclick="turnBackBold (this);">Top Requests</a><br>
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_DNS dstport=&quot;53&quot; groupby:answer" target="dynamic" onclick="turnBackBold (this);">Top Responses</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_DNS dstport=&quot;53&quot; groupby:query_class" target="dynamic" onclick="turnBackBold (this);">Top Query Class</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_DNS dstport=&quot;53&quot; groupby:query_type" target="dynamic" onclick="turnBackBold (this);">Top Query Type</a><br>
++<a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_DNS dstport=&quot;53&quot; groupby:return_code" target="dynamic" onclick="turnBackBold (this);">Top Return Code</a><br>
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_DNS nxdomain groupby:hostname" target="dynamic" onclick="turnBackBold (this);">Top nxdomain</a><br>
+ <a href="https://<?php echo $_SERVER['HTTP_HOST']; ?>:3154/?query_string=class=BRO_DNS proto=&quot;tcp&quot; &quot;axfr&quot; OR &quot;ixfr&quot; groupby:srcip" target="dynamic" onclick="turnBackBold (this);">Zone Transfers</a><br>
+ </span>