https://wiki.atomicorp.com/wiki/index.php?title=OSSec%2BSMS&feed=atom&action=history
OSSec+SMS - Revision history
2024-03-29T10:13:55Z
Revision history for this page on the wiki
MediaWiki 1.20.2
https://wiki.atomicorp.com/wiki/index.php?title=OSSec%2BSMS&diff=153&oldid=prev
Npavlidis at 14:46, 28 August 2007
2007-08-28T14:46:15Z
<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 14:46, 28 August 2007</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 82:</td>
<td colspan="2" class="diff-lineno">Line 82:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div># Getting alert header</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div># Getting alert header</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>LOG=`grep -A 3 $ALERTID /var/ossec/logs/alerts/alerts.log | tail -n <del class="diffchange diffchange-inline">3</del>`</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>LOG=`grep -A 3 $ALERTID /var/ossec/logs/alerts/alerts.log | tail -n <ins class="diffchange diffchange-inline">2</ins>`</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div># Create session and save to /tmp/sessionid</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div># Create session and save to /tmp/sessionid</div></td></tr>
</table>
Npavlidis
https://wiki.atomicorp.com/wiki/index.php?title=OSSec%2BSMS&diff=152&oldid=prev
Npavlidis at 21:24, 26 August 2007
2007-08-26T21:24:28Z
<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:24, 26 August 2007</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 77:</td>
<td colspan="2" class="diff-lineno">Line 77:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>USER=$2</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>USER=$2</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>IP=$3</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>IP=$3</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">echo "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" > /tmp/alertid</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">ALERTID=`cat /tmp/alertid | awk '{print $11}' | cut -d  "." -f 1`</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"># Getting alert header</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">LOG=`grep -A 3 $ALERTID /var/ossec/logs/alerts/alerts.log | tail -n 3`</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"># Create session and save to /tmp/sessionid</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>wget "http://api.clickatell.com/http/auth?api_id=''yourapi_id''&user=''yourusername''&password=''yourpassword''" -O /tmp/sessionid -q</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>wget "http://api.clickatell.com/http/auth?api_id=''yourapi_id''&user=''yourusername''&password=''yourpassword''" -O /tmp/sessionid -q</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># Ceate session and save to /tmp/sessionid</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"># Use only the session id for the variable</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>sessionid=`cat /tmp/sessionid | awk '{print $2}'`</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>sessionid=`cat /tmp/sessionid | awk '{print $2}'`</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"># use only the session id for the variable</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>smssend clickatell.sms $sessionid ''yourusername'' ''yourpassword'' ''yourapi_id'' "ServerAlert" ''yourphoneNo'' "<del class="diffchange diffchange-inline">OSSec Notification - </del>$<del class="diffchange diffchange-inline">IP Triggered Level 10 Rule</del>"</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"># Send sms</ins></div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"># send sms</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>smssend clickatell.sms $sessionid ''yourusername'' ''yourpassword'' ''yourapi_id'' "ServerAlert" ''yourphoneNo'' "$<ins class="diffchange diffchange-inline">LOG</ins>"</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>EOF</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>EOF</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div></pre></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div></pre></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
</table>
Npavlidis
https://wiki.atomicorp.com/wiki/index.php?title=OSSec%2BSMS&diff=151&oldid=prev
Npavlidis: OSSEC SMS notification on CentOS with ASL
2007-08-25T19:22:39Z
<p>OSSEC SMS notification on CentOS with ASL</p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 19:22, 25 August 2007</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 16:</td>
<td colspan="2" class="diff-lineno">Line 16:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>4) download and install smssend</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>4) download and install smssend</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><<del class="diffchange diffchange-inline">code</del>></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><<ins class="diffchange diffchange-inline">pre</ins>></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>wget http://www.barsnick.net/sw/smssend-3.2-1.i586.rpm</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>wget http://www.barsnick.net/sw/smssend-3.2-1.i586.rpm</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>yum install smssend-3.2-1.i586.rpm</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>yum install smssend-3.2-1.i586.rpm</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div></<del class="diffchange diffchange-inline">code</del>></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div></<ins class="diffchange diffchange-inline">pre</ins>></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>5) create the .sms file you will be using</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>5) create the .sms file you will be using</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"><pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>cat > /usr/share/smssend/clickatell.sms << "EOF"</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>cat > /usr/share/smssend/clickatell.sms << "EOF"</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>NbParams 7</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>NbParams 7</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 44:</td>
<td colspan="2" class="diff-lineno">Line 45:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>GO</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>GO</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>EOF</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>EOF</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>6) add the following to your /var/ossec/etc/ossec.conf</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>6) add the following to your /var/ossec/etc/ossec.conf</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"><pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   <command></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   <command></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     <name>smsnotify</name></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     <name>smsnotify</name></div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 62:</td>
<td colspan="2" class="diff-lineno">Line 65:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     <level>10</level></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>     <level>10</level></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </active-response></div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>   </active-response></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>7) create your own smsnotify.sh</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>7) create your own smsnotify.sh</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"><pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>cat > /var/ossec/active-response/bin/smsnotify.sh << "EOF"</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>cat > /var/ossec/active-response/bin/smsnotify.sh << "EOF"</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>#!/bin/sh</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>#!/bin/sh</div></td></tr>
<tr><td colspan="2" class="diff-lineno">Line 81:</td>
<td colspan="2" class="diff-lineno">Line 86:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div># send sms</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div># send sms</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>EOF</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>EOF</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"><pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>chmod 755 /var/ossec/active-response/bin/smsnotify.sh</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>chmod 755 /var/ossec/active-response/bin/smsnotify.sh</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></pre></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>8) do an asl -f -s to restart ossec and your are good to go :)</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>8) do an asl -f -s to restart ossec and your are good to go :)</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Enjoy</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Enjoy</div></td></tr>
</table>
Npavlidis
https://wiki.atomicorp.com/wiki/index.php?title=OSSec%2BSMS&diff=150&oldid=prev
Npavlidis at 18:59, 25 August 2007
2007-08-25T18:59:11Z
<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:59, 25 August 2007</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 16:</td>
<td colspan="2" class="diff-lineno">Line 16:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>4) download and install smssend</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>4) download and install smssend</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"><code></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>wget http://www.barsnick.net/sw/smssend-3.2-1.i586.rpm</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>wget http://www.barsnick.net/sw/smssend-3.2-1.i586.rpm</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>yum install smssend-3.2-1.i586.rpm</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>yum install smssend-3.2-1.i586.rpm</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></code></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>5) create the .sms file you will be using</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>5) create the .sms file you will be using</div></td></tr>
</table>
Npavlidis
https://wiki.atomicorp.com/wiki/index.php?title=OSSec%2BSMS&diff=149&oldid=prev
Npavlidis: OSSEC SMS notification on CentOS with asl
2007-08-25T18:40:27Z
<p>OSSEC SMS notification on CentOS with asl</p>
<p><b>New page</b></p><div>'''OSSEC SMS notification on CentOS with ASL'''<br />
<br />
----<br />
<br />
This tutorial will help you use the ossec notification system provided by ASL to send alerts to your phone.<br />
<br />
<br />
----<br />
<br />
1) Create an account with [http://www.clickatell.com Clickatell] (they will be providing the sms gateway service)<br />
<br />
2) Add some credit to your account <br />
<br />
3) Create a "Connection" and note you API_ID<br />
<br />
4) download and install smssend<br />
<br />
wget http://www.barsnick.net/sw/smssend-3.2-1.i586.rpm<br />
yum install smssend-3.2-1.i586.rpm<br />
<br />
5) create the .sms file you will be using<br />
<br />
cat > /usr/share/smssend/clickatell.sms << "EOF"<br />
NbParams 7<br />
%Sessionid : Session ID<br />
%Login : Your username<br />
%Password : Your Pass<br />
%ApiID : Your API ID<br />
%Sender : API Sender Name<br />
%Tel : Phone number To Send Message To<br />
%Message Size=160 Convert : Your message<br />
<br />
PostURL https://api.clickatell.com/http/sendmsg?<br />
#GetURL https://api.clickatell.com/http/sendmsg?<br />
#Params session_id=\%Sessionid%&from=\%Sender%&user=\%Login%&password=\%Password%&api_id=\%ApiID%&to=\%Tel%&text=\%Message%<br />
PostData session_id=\%Sessionid%&from=\%Sender%&user=\%Login%&password=\%Password%&api_id=\%ApiID%&to=\%Tel%&text=\%Message%<br />
Search ID:<br />
PrintMsg message sent<br />
Else<br />
ErrorMsg 1 error sending message<br />
GO<br />
EOF<br />
<br />
6) add the following to your /var/ossec/etc/ossec.conf<br />
<br />
<command><br />
<name>smsnotify</name><br />
<executable>smsnotify.sh</executable><br />
<expect>srcip</expect><br />
</command><br />
<br />
<active-response><br />
<!-- This response will notify the admin via<br />
- sms for every event that fires a rule with<br />
- level (severity) >= 10.<br />
--><br />
<command>smsnotify</command><br />
<location>local</location><br />
<level>10</level><br />
</active-response><br />
<br />
7) create your own smsnotify.sh<br />
<br />
cat > /var/ossec/active-response/bin/smsnotify.sh << "EOF"<br />
#!/bin/sh<br />
<br />
PATH=/sbin:/bin:/usr/sbin:/usr/bin<br />
ACTION=$1<br />
USER=$2<br />
IP=$3<br />
wget "http://api.clickatell.com/http/auth?api_id=''yourapi_id''&user=''yourusername''&password=''yourpassword''" -O /tmp/sessionid -q<br />
# Ceate session and save to /tmp/sessionid<br />
<br />
sessionid=`cat /tmp/sessionid | awk '{print $2}'`<br />
# use only the session id for the variable<br />
<br />
smssend clickatell.sms $sessionid ''yourusername'' ''yourpassword'' ''yourapi_id'' "ServerAlert" ''yourphoneNo'' "OSSec Notification - $IP Triggered Level 10 Rule"<br />
# send sms<br />
EOF<br />
<br />
chmod 755 /var/ossec/active-response/bin/smsnotify.sh<br />
<br />
8) do an asl -f -s to restart ossec and your are good to go :)<br />
<br />
Enjoy</div>
Npavlidis