Instalando e Integrando o SWATCH com SNORT

Publicado por Marcos Pitanga 19/05/2005

[ Hits: 7.024 ]

Homepage: hpc.edools.com

Download swatch.sh




Este script automatiza a instalacao do Simple WATCH para respostas em tempo real no NIDS Snort.

  



Esconder código-fonte

#!/bin/sh

#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2, or (at your option)
#   any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   This script installed Simple Log WATCH (SWATCH) with Network Intrusion Detect System Snort
#
# by: Marcos Pitanga <mpitanga@gplus.com.br>
# Wed Sep  1 21:00:19 BRT 2004


inicial()
{
clear
echo -e "****************************************************************************"
echo -e "** Este script facilita o procedimento de instalacao do Simple Log WATCH  **"
echo -e "**          Snort Network Intrusion Detection System                      **"
echo -e "**                         By Marcos Pitanga                              **"
echo -e "****************************************************************************"
sleep 5
}

declare_vars()
{
SWATCH_DIR="/usr/local/swatch_fontes"
MAKE="`which make`"
MKDIR="`which mkdir`"
SED="`which sed`"
TAR="`which tar`"
COPY="`which cp`"
WGET="`which wget`"
PERL="`which perl`"
CONFIG="./configure"

# Crio o diretorio para os fontes 
if [ ! -d $SWATCH_DIR ]; then
        mkdir -p $SWATCH_DIR
fi
}

downloads()
{
echo "Baixando os pacotes. Espere um pouquinho."
echo "[ Baixando os pacotes para a instalacao ]" >> /var/log/downloads_sources

cd $SWATCH_DIR

if [ ! -e swatch-3.1.1.tar.gz ]; then
$WGET http://voxel.dl.sourceforge.net/sourceforge/swatch/swatch-3.1.1.tar.gz >> /var/log/downloads_sources 2>&1
fi

cd $SWATCH_DIR
echo "[ Fim do download dos pacotes ]" >> /var/log/downloads_sources
}

instala_modulos_perl()
{
$PERL -e 'use CPAN; install Date::Calc'
$PERL -e 'use CPAN; install Date::Parse'
$PERL -e 'use CPAN; install File::Tail' 
$PERL -e 'use CPAN; install Time::HiRes'
$PERL -e 'use CPAN; install Date::Manip'
}

instala_swatch()
{
echo "Instalando o SWATCH."
echo "[ Instalando $package_name ]" >> /var/log/swatch_source
swatch_source=$package_name
swatch_dir=`echo $swatch_source | sed s/\.tar\.gz//`
$TAR -xzf $swatch_source >> /var/log/swatxh_source 2>&1
cd $swatch_dir >> /var/log/swatch_source 2>&1
$PERL Makefile.PL
$MAKE >> /var/log/swatch_source 2>&1
$MAKE test >> /var/log/swatch_source 2>&1
$MAKE install >> /var/log/swatch_source 2>&1
$MAKE realclean >> /var/log/swatch_source 2>&1
cd $SWATCH_DIR >> /var/log/swatch_source 2>&1
echo "[ Fim da instalacao do SWATCH ]" >> /var/log/swatch_source
}


cria_arquivo()
{

echo -e "
watchfor /.*/
bell
echo bold
mail address=pitanga,subject= - NIDS Snort Alerta!!! - -
throttle 00:00:10" >> /var/log/.swatchrc

echo -e "swatch -c /var/log/.swatchrc -t /var/log/snort/alert" >>/etc/rc.d/rc.local

}

fim_instalacao()
{
echo "Pacotes instalados."
}

inicial
declare_vars
downloads
package_name=`ls swatch-3.1.1.tar.gz`
instala_modulos_perl
instala_swatch
cria_arquivo
fim_instalacao

Scripts recomendados

Projetinho de firewall

Cluster beowulf

Fazer backup de todas base de dados no PostgreSQL

Testa se há conexão com a internet (Funciona)

Script Nagios


  

Comentários

Nenhum comentário foi encontrado.


Contribuir com comentário




Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts