Created
November 27, 2012 23:21
-
-
Save altmas5/4157900 to your computer and use it in GitHub Desktop.
Active response for ossec notified by sms with gnokii
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # For including it on your OSSEC conf: | |
| # Requires gnokii | |
| # http://www.ossec.net/doc/manual/ar/ar-custom.html | |
| /usr/bin/gnokii --deletesms ME 1 25; | |
| ACTION=$1 | |
| USER=$2 | |
| IP=$3 | |
| ALERTID=$4 | |
| RULEID=$5 | |
| LOCAL=`dirname $0`; | |
| cd $LOCAL | |
| cd ../ | |
| PWD=`pwd` | |
| # Logging the call | |
| echo "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" >> ${PWD}/../logs/active-responses.log | |
| # Getting alert time | |
| ALERTTIME=`echo "$ALERTID" | cut -d "." -f 1` | |
| # Getting end of alert | |
| ALERTLAST=`echo "$ALERTID" | cut -d "." -f 2` | |
| # Getting full alert | |
| grep -A 10 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep -v ".$ALERTLAST: " -A 10 | gnokii --sendsms 88888888; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment