Created
January 9, 2015 11:46
-
-
Save dvas0004/dc2dbff5ede3e662ac54 to your computer and use it in GitHub Desktop.
basic ossec broker server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import SocketServer | |
import subprocess | |
class TCPHandler(SocketServer.BaseRequestHandler): | |
def handle(self): | |
# self.request is the TCP socket connected to the client | |
self.data = self.request.recv(1024).strip() | |
# for logging purposes, write connection information to screen | |
print "Connection from: %s : %s" % (self.client_address[0], self.data) | |
# we should receive a simple ping, if it's anything else, it's probably not for us... | |
if self.data == "ping": | |
# check if the ossec-remoted process still is alive... | |
proc = subprocess.Popen(['ps', '-elf'], stdout=subprocess.PIPE) | |
processes_list=proc.communicate()[0] | |
# if we find the process named "ossec-remoted" in the list, it should be all fine, so in that | |
# case we send back a pong, otherwise not... | |
if "ossec-remoted" in processes_list: | |
# just send back pong | |
self.request.sendall("pong") | |
else: | |
self.request.sendall("ossec_not_found") | |
if __name__ == "__main__": | |
# main program loop, simply server the threaded TCP server forever... | |
HOST, PORT = "0.0.0.0", 1514 | |
# Create the server, binding to localhost on port 1514 | |
server = SocketServer.TCPServer((HOST, PORT), TCPHandler) | |
# Activate the server; this will keep running until you | |
# interrupt the program with Ctrl-C | |
server.serve_forever() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment