2 # Tweeter an alert - copy at /var/ossec/active-response/bin/ossec-tweeter.sh
10 SOURCE="ossec2tweeter"
14 # Checking user arguments
15 if [ "x$1" = "xdelete" ]; then
21 ALERTTIME=`echo "$ALERTID" | cut -d "." -f 1`
22 ALERTLAST=`echo "$ALERTID" | cut -d "." -f 2`
30 echo "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" >> ${PWD}/../logs/active-responses.log
31 ALERTFULL=`grep -A 10 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep -v ".$ALERTLAST: " -A 10 | grep -v "Src IP: " | grep -v "User: " |grep "Rule: " -A 4 | cut -c -139`
35 # Checking if we are sending direct message or not.
36 if [ "x" = "x$DIRECTMSGUSER" ]; then
37 SITE="http://twitter.com/statuses/update.xml"
39 REQUESTMSG="status=$ALERTFULL"
41 SITE="http://twitter.com/direct_messages/new.xml"
42 REQUESTUSER="user=$DIRECTMSGUSER&"
43 REQUESTMSG="text=$ALERTFULL"
47 ls "`which curl`" > /dev/null 2>&1
49 ls "`which wget`" > /dev/null 2>&1
51 wget --keep-session-cookies --http-user=$TWITTERUSER --http-password=$TWITTERPASS --post-data="source=$SOURCE&$REQUESTUSER$REQUESTMSG" $SITE 2>>${PWD}/../logs/active-responses.log
55 curl -u "$TWITTERUSER:$TWITTERPASS" -d "source=$SOURCE&$REQUESTUSER$REQUESTMSG" $SITE 2>>${PWD}/../logs/active-responses.log
59 echo "`date` $0: Unable to find curl or wget." >> ${PWD}/../logs/active-responses.log