Jeremy Rossi jrossi
jrossi
/ gist:601652
Created
September 28, 2010 19:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [hg|bson-json-libs|os_message]% ./ossec-kvd (..ssec-hids-brawndo/) | |
| - starting tokyo cabinet: syscheck.tch | |
| - starting zmq | |
| - starting threads | |
| - starting thread 0 | |
| - starting thread 1 | |
| - starting thread 2 | |
| - starting thread 3 | |
| - starting thread 4 | |
| - starting thread 5 |
jrossi
/ gist:594235
Created
September 23, 2010 19:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff -r 1910b3d5555b src/analysisd/rules.c | |
| --- a/src/analysisd/rules.c Thu Sep 09 11:04:40 2010 -0400 | |
| +++ b/src/analysisd/rules.c Thu Sep 23 15:54:08 2010 -0400 | |
| @@ -1031,6 +1031,13 @@ | |
| config_ruleinfo->alert_opts &=0xfff-DO_LOGALERT; | |
| } | |
| } | |
| + else if(strcmp("no_ar", rule_opt[k]->content) == 0) | |
| + { | |
| + if(!(config_ruleinfo->alert_opts & NO_AR)) |
jrossi
/ gist:589691
Created
September 21, 2010 13:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "msg":['syscheck',2,5,1], // Message type and version | |
| "agent":{ // Agent details | |
| "id":"00001", | |
| "host":[{"ipv4":"192.168.1.1","name":"tester.example.com"}], // array of host details | |
| } | |
| "payload":[ | |
| { | |
| "filepath":"/etc/passwd", | |
| "size":89404, |
jrossi
/ gist:572955
Created
September 10, 2010 02:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hg diff (..r~/src/ossec-hids/) | |
| diff -r d0e52520ac8a src/shared/file_op.c | |
| --- a/src/shared/file_op.c Sat Sep 04 12:59:40 2010 -0400 | |
| +++ b/src/shared/file_op.c Thu Sep 09 22:20:42 2010 -0400 | |
| @@ -253,12 +253,12 @@ | |
| if(isChroot()) | |
| { | |
| - snprintf(file,255,"%s/%s-%d.pid",OS_PIDFILE,name,pid); | |
| + snprintf(file,255,"%s/%s.pid",OS_PIDFILE,name); |
jrossi
/ gist:567282
Created
September 6, 2010 17:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // standard message | |
| [ | |
| "header":{ | |
| "msg":[ //All are required | |
| 0, // major msg version | |
| 0, // minor msg version | |
| 0, //message type |
jrossi
/ gist:557395
Created
August 30, 2010 13:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| M src/analysisd/Makefile | |
| M src/analysisd/analysisd.c | |
| M src/analysisd/stats.c | |
| A src/headers/analysisd.h | |
| A src/headers/eventinfo.h | |
| A src/os_rules/Makefile | |
| A src/os_rules/active-response.c | |
| A src/os_rules/active-response.h | |
| A src/os_rules/alerts/Makefile | |
| A src/os_rules/alerts/alerts.h |
jrossi
/ gist:553962
Created
August 27, 2010 18:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ossec = { | |
| rules = ( | |
| { | |
| comment = "This is just some data about this section"; | |
| type = "rule_file"; | |
| path = "rules/rules/00_ossec_rules.xml"; | |
| }, | |
| { | |
| type = "rule_dir"; | |
| path = "rules/rules/"; |
jrossi
/ gist:521038
Created
August 12, 2010 14:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <ossec_config> | |
| <rules> | |
| <rule>rules/00_rules_config.xml</rule> | |
| <rule_dir>rules/</rule_dir> | |
| <rule_dir>rules/silent/</rule_dir> | |
| <rules> | |
| </ossec_config> |
jrossi
/ gist:509083
Created
August 5, 2010 01:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| #from waflib.Configure import conf | |
| def build(ctx): | |
| for i in ctx.path.ant_glob("*.c"): |
jrossi
/ gist:508555
Created
August 4, 2010 18:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| >>> import cdb | |
| >>> f = open("rfc1918-privateaddresses.cdb", "r") | |
| >>> db = cdb.init(f.fileno()) | |
| >>> db.keys() | |
| ['192.179.', '10.', '172.16.', '172.17.', '172.18.', '172.19.', '172.20.', '172.21.', '172.22.', '172.23.', '172.24.', '172.25.', '172.26.', '172.27.', '172.28.', '172.29.', '172.30.', '172.31.', '172.32.'] |