diff --git a/network/malheur/README b/network/malheur/README new file mode 100644 index 0000000000..f6fe50b2a1 --- /dev/null +++ b/network/malheur/README @@ -0,0 +1,10 @@ +A novel tool for malware analysis + +Malheur is a tool for the automatic analysis of malware behavior +(program behavior recorded from malicious software in a sandbox environment). + +It has been designed to support the regular analysis of malicious software and +the development of detection and defense measures. + +Malheur allows for identifying novel classes of malware with similar behavior and +assigning unknown malware to discovered classes. diff --git a/network/malheur/doinst.sh b/network/malheur/doinst.sh new file mode 100644 index 0000000000..4d8216e62c --- /dev/null +++ b/network/malheur/doinst.sh @@ -0,0 +1,14 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +config etc/malheur.cfg.new diff --git a/network/malheur/malheur.SlackBuild b/network/malheur/malheur.SlackBuild new file mode 100644 index 0000000000..7f8bdde0f2 --- /dev/null +++ b/network/malheur/malheur.SlackBuild @@ -0,0 +1,105 @@ +#!/bin/sh + +# Slackware build script for malheur + +# Written by Arief JR 2015 <4ipxxx@gmail.com> +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=malheur +VERSION=${VERSION:-0.5.4} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --infodir=/usr/info \ + --docdir=/usr/doc/$PRGNAM-$VERSION \ + --build=$ARCH-slackware-linux + +make +make install DESTDIR=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mv $PKG/etc/malheur.cfg $PKG/etc/malheur.cfg.new + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a doc/* $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/malheur/malheur.info b/network/malheur/malheur.info new file mode 100644 index 0000000000..eb60c74988 --- /dev/null +++ b/network/malheur/malheur.info @@ -0,0 +1,10 @@ +PRGNAM="malheur" +VERSION="0.5.4" +HOMEPAGE="http://www.mlsec.org/malheur/" +DOWNLOAD="http://www.mlsec.org/malheur/files/malheur-0.5.4.tar.gz" +MD5SUM="4fb8acff52cb5fd2c5922bc2cfc9b2ca" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="uthash libconfig" +MAINTAINER="Arief JR" +EMAIL="4ipxxx@gmail.com" diff --git a/network/malheur/slack-desc b/network/malheur/slack-desc new file mode 100644 index 0000000000..75d0f4a302 --- /dev/null +++ b/network/malheur/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +malheur: malheur (automatic analysis of malware behaviour) +malheur: +malheur: Malheur is a tool for the automatic analysis of malware behavior +malheur: (program behavior recorded from malicious software in a sandbox +malheur: environment). +malheur: It has been designed to support the regular analysis of malicious +malheur: software and the development of detection and defense measures. +malheur: Malheur allows for identifying novel classes of malware with similar +malheur: behaviour and assigning unknown malware to discovered classes. +malheur: +malheur: Homepage: http://www.mlsec.org/malheur/