Bsebring
Bsebring
/ restartSuricata.sh
Created
August 14, 2019 19:54
Restart Suricata conveniently in Daemon mode using this bash script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Stop parent process (does not fully stop suricata) | |
| service suricata stop | |
| # Remove the pid file if it exists | |
| FILE=/var/run/suricata.pid | |
| if test -f "$FILE"; then | |
| rm "$FILE" | |
| fi | |
| # Kill suricata by name to eliminate child processes and prevent old configurations from ran$ |
Bsebring
/ abuseipdb_report.lua
Last active
February 9, 2024 14:26
A Lua script developed to work with Suricata. This script reports malicious IPs to abuseipdb.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env lua | |
| -- Tells Suricata to only execute this script if the | |
| -- packet triggered an alert | |
| function init (args) | |
| local needs = {} | |
| needs["type"] = "packet" | |
| needs["filter"] = "alerts" | |
| return needs | |
| end |
Bsebring
/ abuseipdb_block.py
Last active
February 14, 2024 12:37
Python implementation of csf integration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import requests | |
| import json | |
| import sys | |
| # Defining the api-endpoint | |
| url = 'https://api.abuseipdb.com/api/v2/report' | |
| ports = sys.argv[2] | |
| inOut = sys.argv[4] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| # This file was written as an executable to be used in the auto report function | |
| # of csf and lfd. By replacing $YOUR_API_KEY below with your abuseipdb api key, | |
| # allows you to use this code to integrate your csf system with abuseipdb.com | |
| use strict; | |
| use warnings; | |
| use HTTP::Tiny; | |
| use JSON; | |
| # Gather the information from the commandline passed by lfd |