I’m almost done with an initial feature set that extends cthulhu-manip fully to Snow Leopard. You need DBD::mysql and Parse::Syslog. If you install Parse::Syslog via CPAN, you’ll likely get a lot of warning messages about the way syslog reports multiple events. To silence them:

sudo find /Library/Perl -type f -name "Syslog.pm" \
-exec sed -i e 's@warn \"WARNING: line@#warn \"WARNING: line@g'

The other significant difference between RHEL and OSX for this project is that RHEL uses iptables while OSX uses ipfw, and instead of having a stable crontab to use OSX uses launchd. Neither are better or worse than the other, but they are different, and makes coding things up a little interesting. The script in bin/installer does it’s best at the moment to set things up properly.

I’m still planning on merging the block_ipfw and block_iptables commands in cthulhu.pm, as the detection code also runs inside the perl module, and there’s no reason to make the end user have to figure it out and code up separate blocks when we already know what we have to do.