Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
basic ossec broker server
import SocketServer
import subprocess
class TCPHandler(SocketServer.BaseRequestHandler):
def handle(self):
# self.request is the TCP socket connected to the client
self.data = self.request.recv(1024).strip()
# for logging purposes, write connection information to screen
print "Connection from: %s : %s" % (self.client_address[0], self.data)
# we should receive a simple ping, if it's anything else, it's probably not for us...
if self.data == "ping":
# check if the ossec-remoted process still is alive...
proc = subprocess.Popen(['ps', '-elf'], stdout=subprocess.PIPE)
processes_list=proc.communicate()[0]
# if we find the process named "ossec-remoted" in the list, it should be all fine, so in that
# case we send back a pong, otherwise not...
if "ossec-remoted" in processes_list:
# just send back pong
self.request.sendall("pong")
else:
self.request.sendall("ossec_not_found")
if __name__ == "__main__":
# main program loop, simply server the threaded TCP server forever...
HOST, PORT = "0.0.0.0", 1514
# Create the server, binding to localhost on port 1514
server = SocketServer.TCPServer((HOST, PORT), TCPHandler)
# Activate the server; this will keep running until you
# interrupt the program with Ctrl-C
server.serve_forever()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment