X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=contrib%2Futil.sh;fp=contrib%2Futil.sh;h=f4d10309843e85414da334359272568fd6dd89b4;hp=0000000000000000000000000000000000000000;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554 diff --git a/contrib/util.sh b/contrib/util.sh new file mode 100755 index 0000000..f4d1030 --- /dev/null +++ b/contrib/util.sh @@ -0,0 +1,182 @@ +#!/bin/sh +# Simple utilities +# Add a new file +# Add a new remote host to be monitored via lynx +# Add a new remote host to be monitored (DNS) +# Add a new command to be monitored +# by Daniel B. Cid - dcid ( at ) ossec.net + +ACTION=$1 +FILE=$2 +FORMAT=$3 + +if [ "X$FILE" = "X" ]; then + echo "$0: addfile []" + echo "$0: addsite " + echo "$0: adddns " + #echo "$0: addcommand " + echo "" + #echo "Example: $0 addcommand 'netstat -tan |grep LISTEN| grep -v 127.0.0.1'" + echo "Example: $0 adddns ossec.net" + echo "Example: $0 addsite dcid.me" + exit 1; +fi + +if [ "X$FORMAT" = "X" ]; then + FORMAT="syslog" +fi + +# Adding a new file +if [ $ACTION = "addfile" ]; then + # Checking if file is already configured + grep "$FILE" /var/ossec/etc/ossec.conf > /dev/null 2>&1 + if [ $? = 0 ]; then + echo "$0: File $FILE already configured at ossec." + exit 1; + fi + + # Checking if file exist + ls -la $FILE > /dev/null 2>&1 + if [ ! $? = 0 ]; then + echo "$0: File $FILE does not exist." + exit 1; + fi + + echo " + + + $FORMAT + $FILE + + + " >> /var/ossec/etc/ossec.conf + + echo "$0: File $FILE added."; + exit 0; +fi + + +# Adding a new DNS check +if [ $ACTION = "adddns" ]; then + COMMAND="host -W 5 -t NS $FILE; host -W 5 -t A $FILE | sort" + echo $FILE | grep -E '^[a-z0-9A-Z.-]+$' >/dev/null 2>&1 + if [ $? = 1 ]; then + echo "$0: Invalid domain: $FILE" + exit 1; + fi + + grep "host -W 5 -t NS $FILE" /var/ossec/etc/ossec.conf >/dev/null 2>&1 + if [ $? = 0 ]; then + echo "$0: Already configured for $FILE" + exit 1; + fi + + MYERR=0 + echo " + + + full_command + $COMMAND + + + " >> /var/ossec/etc/ossec.conf || MYERR=1; + + if [ $MYERR = 1 ]; then + echo "$0: Unable to modify the configuration file."; + exit 1; + fi + + FIRSTRULE="150010" + while [ 1 ]; do + grep "\"$FIRSTRULE\"" /var/ossec/rules/local_rules.xml > /dev/null 2>&1 + if [ $? = 0 ]; then + FIRSTRULE=`expr $FIRSTRULE + 1` + else + break; + fi + done + + + echo " + + + 530 + + ^ossec: output: 'host -W 5 -t NS $FILE + DNS Changed for $FILE + + + " >> /var/ossec/rules/local_rules.xml || MYERR=1; + + if [ $MYERR = 1 ]; then + echo "$0: Unable to modify the local rules file."; + exit 1; + fi + + echo "Domain $FILE added to be monitored." + exit 0; +fi + + +# Adding a new lynx check +if [ $ACTION = "addsite" ]; then + COMMAND="lynx --connect_timeout 10 --dump $FILE | head -n 10" + echo $FILE | grep -E '^[a-z0-9A-Z.-]+$' >/dev/null 2>&1 + if [ $? = 1 ]; then + echo "$0: Invalid domain: $FILE" + exit 1; + fi + + grep "lynx --connect_timeout 10 --dump $FILE" /var/ossec/etc/ossec.conf >/dev/null 2>&1 + if [ $? = 0 ]; then + echo "$0: Already configured for $FILE" + exit 1; + fi + + MYERR=0 + echo " + + + full_command + $COMMAND + + + " >> /var/ossec/etc/ossec.conf || MYERR=1; + + if [ $MYERR = 1 ]; then + echo "$0: Unable to modify the configuration file."; + exit 1; + fi + + FIRSTRULE="150010" + while [ 1 ]; do + grep "\"$FIRSTRULE\"" /var/ossec/rules/local_rules.xml > /dev/null 2>&1 + if [ $? = 0 ]; then + FIRSTRULE=`expr $FIRSTRULE + 1` + else + break; + fi + done + + + echo " + + + 530 + + ^ossec: output: 'lynx --connect_timeout 10 --dump $FILE + DNS Changed for $FILE + + + " >> /var/ossec/rules/local_rules.xml || MYERR=1; + + if [ $MYERR = 1 ]; then + echo "$0: Unable to modify the local rules file."; + exit 1; + fi + + echo "Domain $FILE added to be monitored." + exit 0; +fi + +