Snort mailing list archives
Display snort info at user login
From: Seth <sethsec () gmail com>
Date: Fri, 6 Jun 2008 14:09:43 -0400
I was recently playing around with my .bash_profile script and ended up with a couple of pretty simple functions that produce the following output whenever I log into one of my snort box's: Last login: Thu May 29 16:27:36 2008 from xxxxxxxx -------------- Snort Installation Detected ----------------- The most recent snort rules on this machine were updated on: ******* May 30 ******* If the date above is more than 1 month old, run oinkmaster manually and verify it completes without error. ------------------------------------------------------------ ------------------------------------------------------------ Snort % Pkts dropped and mbits/sec for the last 20 minutes Dropped Packets = 0.000 Mbps = 4.672 Dropped Packets = 0.000 Mbps = 4.796 Dropped Packets = 0.000 Mbps = 4.369 Dropped Packets = 0.000 Mbps = 5.071 ------------------------------------------------------------ Even though the information is reactive (no alerts are sent, you just get some additional info when you log in to the box), I have found it to be very useful. I searched the web for a while and haven't found any similar examples, so I figured I would publish it and share with the list. The full write up is here: http://sethsec.blogspot.com/2008/06/some-snort-login-kung-fu.html Let me know what you think and if you have any suggestions. -Seth ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Display snort info at user login Seth (Jun 06)