Difference between revisions of "OSSec+SMS"

From Atomicorp Wiki
Jump to: navigation, search
(OSSEC SMS notification on CentOS with asl)
 
Line 16: Line 16:
 
4) download and install smssend
 
4) download and install smssend
  
 +
<code>
 
wget http://www.barsnick.net/sw/smssend-3.2-1.i586.rpm
 
wget http://www.barsnick.net/sw/smssend-3.2-1.i586.rpm
 +
 
yum install smssend-3.2-1.i586.rpm
 
yum install smssend-3.2-1.i586.rpm
 +
</code>
  
 
5) create the .sms file you will be using
 
5) create the .sms file you will be using

Revision as of 14:59, 25 August 2007

OSSEC SMS notification on CentOS with ASL


This tutorial will help you use the ossec notification system provided by ASL to send alerts to your phone.



1) Create an account with Clickatell (they will be providing the sms gateway service)

2) Add some credit to your account

3) Create a "Connection" and note you API_ID

4) download and install smssend

wget http://www.barsnick.net/sw/smssend-3.2-1.i586.rpm

yum install smssend-3.2-1.i586.rpm

5) create the .sms file you will be using

cat > /usr/share/smssend/clickatell.sms << "EOF" NbParams 7 %Sessionid : Session ID %Login : Your username %Password : Your Pass %ApiID : Your API ID %Sender : API Sender Name %Tel : Phone number To Send Message To %Message Size=160 Convert : Your message

PostURL https://api.clickatell.com/http/sendmsg?

  1. GetURL https://api.clickatell.com/http/sendmsg?
  2. Params session_id=\%Sessionid%&from=\%Sender%&user=\%Login%&password=\%Password%&api_id=\%ApiID%&to=\%Tel%&text=\%Message%

PostData session_id=\%Sessionid%&from=\%Sender%&user=\%Login%&password=\%Password%&api_id=\%ApiID%&to=\%Tel%&text=\%Message% Search ID: PrintMsg message sent Else ErrorMsg 1 error sending message GO EOF

6) add the following to your /var/ossec/etc/ossec.conf

 <command>
   <name>smsnotify</name>
   <executable>smsnotify.sh</executable>
   <expect>srcip</expect>
 </command>
 <active-response>
   <command>smsnotify</command>
   <location>local</location>
   <level>10</level>
 </active-response>

7) create your own smsnotify.sh

cat > /var/ossec/active-response/bin/smsnotify.sh << "EOF"

  1. !/bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin ACTION=$1 USER=$2 IP=$3 wget "http://api.clickatell.com/http/auth?api_id=yourapi_id&user=yourusername&password=yourpassword" -O /tmp/sessionid -q

  1. Ceate session and save to /tmp/sessionid

sessionid=`cat /tmp/sessionid | awk '{print $2}'`

  1. use only the session id for the variable

smssend clickatell.sms $sessionid yourusername yourpassword yourapi_id "ServerAlert" yourphoneNo "OSSec Notification - $IP Triggered Level 10 Rule"

  1. send sms

EOF

chmod 755 /var/ossec/active-response/bin/smsnotify.sh

8) do an asl -f -s to restart ossec and your are good to go :)

Enjoy

Personal tools