Skip to content

Instantly share code, notes, and snippets.

@AndrewFasano
Created December 12, 2016 17:01
Show Gist options
  • Save AndrewFasano/582620995c948a9abdfd213ac1a85e71 to your computer and use it in GitHub Desktop.
Save AndrewFasano/582620995c948a9abdfd213ac1a85e71 to your computer and use it in GitHub Desktop.
Intercept messages between McAfee webserver and root service
#!/bin/bash
_restore() {
mv /var/opt/NAI/LinuxShield/dev/nails_monitor{_real,}
}
echo "Restarting nails"
/etc/init.d/nails restart 2>&1 > /dev/null
mv /var/opt/NAI/LinuxShield/dev/nails_monitor{,_real}
echo "Intercepted data:"
socat -v \
unix-listen:/var/opt/NAI/LinuxShield/dev/nails_monitor,perm=777,fork \
unix-connect:/var/opt/NAI/LinuxShield/dev/nails_monitor_real
trap _restore SIGTERM
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment