util.sh¶
The util.sh
shell script can add a file to be monitored by ossec-logcollector
.
It can also add a full_command to check for changes to a website, or for changes to the name server of a domain.
A blogpost from Daniel Cid (for 3WoO) introduced this utility.
util.sh argument options¶
-
addfile
<filename> [<format>]
¶ Add a file to be monitored by
ossec-logtest
. Alocalfile
will be added to the ossec.conf.
-
addsite
<domain>
¶ Monitor a website for changes. A
full_command
will be added to theossec.conf
using lynx to dump the initial page. A rule can be written to monitor this output for changes.Note
Requires lynx.
Warning
This may not be useful on pages with dynamic content.
-
adddns
<domain>
¶ Monitor the name server of a domain for changes. A
full_command
will be added to the ossec.conf using hostNote
Requites the
host
command.
util.sh example usage¶
Example: Running util.sh¶
Running the following command:
# /var/ossec/bin/util.sh adddns ossec.net
will add the following to that system’s ossec.conf
:
<ossec_config>
<localfile>
<log_format>full_command</log_format>
<command>host -W 5 -t NS ossec.net; host -W 5 -t A ossec.net | sort</command>
</localfile>
</ossec_config>