Display snort info at user login

[Seth <sethsec () gmail com>]

I was recently playing around with my .bash_profile script and ended
up with a couple of pretty simple functions that produce the following
output whenever I log into one of my snort box's:

Last login: Thu May 29 16:27:36 2008 from xxxxxxxx
-------------- Snort Installation Detected -----------------
The most recent snort rules on this machine were updated on:
                    ******* May 30 *******
If the date above is more than 1 month old, run oinkmaster
manually and verify it completes without error.
------------------------------------------------------------
------------------------------------------------------------
Snort % Pkts dropped and mbits/sec for the last 20 minutes
Dropped Packets = 0.000 Mbps = 4.672
Dropped Packets = 0.000 Mbps = 4.796
Dropped Packets = 0.000 Mbps = 4.369
Dropped Packets = 0.000 Mbps = 5.071
------------------------------------------------------------

Even though the information is reactive (no alerts are sent, you just
get some additional info when you log in to the box), I have found it
to be very useful.  I searched the web for a while and haven't found
any similar examples, so I figured I would publish it and share with
the list.

The full write up is here:
http://sethsec.blogspot.com/2008/06/some-snort-login-kung-fu.html

Let me know what you think and if you have any suggestions.

-Seth

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users