+++ /dev/null
-#!/bin/sh
-# Tweeter an alert - copy at /var/ossec/active-response/bin/ossec-tweeter.sh
-# Author: Daniel Cid
-
-
-# Change these values!
-TWITTERUSER=""
-TWITTERPASS=''
-DIRECTMSGUSER=""
-SOURCE="ossec2tweeter"
-
-
-
-# Checking user arguments
-if [ "x$1" = "xdelete" ]; then
- exit 0;
-fi
-ALERTID=$4
-RULEID=$5
-LOCAL=`dirname $0`;
-ALERTTIME=`echo "$ALERTID" | cut -d "." -f 1`
-ALERTLAST=`echo "$ALERTID" | cut -d "." -f 2`
-
-
-
-# Logging
-cd $LOCAL
-cd ../
-PWD=`pwd`
-echo "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" >> ${PWD}/../logs/active-responses.log
-ALERTFULL=`grep -A 10 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep -v "\.$ALERTLAST: " -A 10 | grep -v "Src IP: " | grep -v "User: " |grep "Rule: " -A 4 | cut -c -139`
-
-
-
-# Checking if we are sending direct message or not.
-if [ "x" = "x$DIRECTMSGUSER" ]; then
- SITE="http://twitter.com/statuses/update.xml"
- REQUESTUSER=""
- REQUESTMSG="status=$ALERTFULL"
-else
- SITE="http://twitter.com/direct_messages/new.xml"
- REQUESTUSER="user=$DIRECTMSGUSER&"
- REQUESTMSG="text=$ALERTFULL"
-fi
-
-
-ls "`which curl`" > /dev/null 2>&1
-if [ ! $? = 0 ]; then
- ls "`which wget`" > /dev/null 2>&1
- if [ $? = 0 ]; then
- wget --keep-session-cookies --http-user=$TWITTERUSER --http-password=$TWITTERPASS --post-data="source=$SOURCE&$REQUESTUSER$REQUESTMSG" $SITE 2>>${PWD}/../logs/active-responses.log
- exit 0;
- fi
-else
- curl -u "$TWITTERUSER:$TWITTERPASS" -d "source=$SOURCE&$REQUESTUSER$REQUESTMSG" $SITE 2>>${PWD}/../logs/active-responses.log
- exit 0;
-fi
-
-echo "`date` $0: Unable to find curl or wget." >> ${PWD}/../logs/active-responses.log
-exit 1;