Skip to content

Instantly share code, notes, and snippets.

View jrossi's full-sized avatar

Jeremy Rossi jrossi

94 followers · 20 following
View GitHub Profile
@jrossi
jrossi / gist:557395
Created August 30, 2010 13:32
M src/analysisd/Makefile
M src/analysisd/analysisd.c
M src/analysisd/stats.c
A src/headers/analysisd.h
A src/headers/eventinfo.h
A src/os_rules/Makefile
A src/os_rules/active-response.c
A src/os_rules/active-response.h
A src/os_rules/alerts/Makefile
A src/os_rules/alerts/alerts.h
@jrossi
jrossi / gist:567282
Created September 6, 2010 17:18
// standard message
[
"header":{
"msg":[ //All are required
0, // major msg version
0, // minor msg version
0, //message type
@jrossi
jrossi / gist:572955
Created September 10, 2010 02:19
hg diff (..r~/src/ossec-hids/)
diff -r d0e52520ac8a src/shared/file_op.c
--- a/src/shared/file_op.c Sat Sep 04 12:59:40 2010 -0400
+++ b/src/shared/file_op.c Thu Sep 09 22:20:42 2010 -0400
@@ -253,12 +253,12 @@
if(isChroot())
{
- snprintf(file,255,"%s/%s-%d.pid",OS_PIDFILE,name,pid);
+ snprintf(file,255,"%s/%s.pid",OS_PIDFILE,name);
@jrossi
jrossi / gist:589691
Created September 21, 2010 13:37
{
"msg":['syscheck',2,5,1], // Message type and version
"agent":{ // Agent details
"id":"00001",
"host":[{"ipv4":"192.168.1.1","name":"tester.example.com"}], // array of host details
}
"payload":[
{
"filepath":"/etc/passwd",
"size":89404,
@jrossi
jrossi / gist:594235
Created September 23, 2010 19:52
diff -r 1910b3d5555b src/analysisd/rules.c
--- a/src/analysisd/rules.c Thu Sep 09 11:04:40 2010 -0400
+++ b/src/analysisd/rules.c Thu Sep 23 15:54:08 2010 -0400
@@ -1031,6 +1031,13 @@
config_ruleinfo->alert_opts &=0xfff-DO_LOGALERT;
}
}
+ else if(strcmp("no_ar", rule_opt[k]->content) == 0)
+ {
+ if(!(config_ruleinfo->alert_opts & NO_AR))
@jrossi
jrossi / gist:601652
Created September 28, 2010 19:45
[hg|bson-json-libs|os_message]% ./ossec-kvd (..ssec-hids-brawndo/)
- starting tokyo cabinet: syscheck.tch
- starting zmq
- starting threads
- starting thread 0
- starting thread 1
- starting thread 2
- starting thread 3
- starting thread 4
- starting thread 5
@jrossi
jrossi / gist:601734
Created September 28, 2010 20:39
def options(ctx):
ctx.add_option("--with-zmq", action="store_true", default=False,
dest="with_zmq", help="Compile ZeroMQ Support")
def configure(ctx):
ctx.check_tool("compiler_cc")
ctx.check_cfg(atleast_pkgconfig_version='0.0.0')
if ctx.options.with_zmq:
@jrossi
jrossi / txredns.py
Created January 19, 2012 04:51 — forked from fcoury/txredns.py
Python/Twisted/Redis backed DNS server.
# Python/Twisted/Redis backed DNS server - resolves from NAME to IP addrs
# fallback to google or any other DNS server to resolv domains not present on Redis
# to set a new domain on redis, just issue a SET domain.tld ip_addr
# run with twistd -ny txredns.tac
# gleicon 2011
from twisted.names import dns, server, client, cache
from twisted.application import service, internet
from twisted.internet import defer
from twisted.python import log
@jrossi
jrossi / gist:1909779
Created February 25, 2012 17:57
import splicetee
import os
import socket
s = 10000
pipe1 = os.pipe()
#pipe2 = os.pipe()
f1 = open('inf','r')
f2 = open('outf','w')
@jrossi
jrossi / XMLtoJSON.py
Created November 30, 2012 23:57 — forked from smihica/XMLtoJSON.py
Xml to JSON parser-converter in Python.
#!/usr/bin/env python -S
# -*- coding: utf-8 -*-
import sys
import re
import xml.sax
import io # for 2.6
import StringIO # for 3.0
#
# ** If your python is 2.x and xml-cording is utf-8 set follows.