Re: [ISSForum] Anyone have any "helpful" scripts?

[Giovanni Lazzarin]

I have the same problem, in order to set SNMP responses and time ago I wrote a script (in Cygwin-bash environment !!) using GAWK to make chenges to policy file. It's an unusual solution and not "strongly tested". For example, a new policy file is created, but the policyname inside the file needs to be edited manually and Realsecure. Some actions are needed in order RealSecure Policy Editor can "see" the new policy (like: create the new policy and then copy the file created by the script over that created by realsecure). SNMP is set/reset for all events (active and inactive). I've used it for 6.5  Network Policies and then I used PolicyEditor for newer events. I don't now if it works with 7.0 or Server Sensor. I hope something better exists!! Best regards     Giovanni Lazzarin At Your own rish, here is the code: ***** set_resposnse.sh **** #!/bin/bash # #       Setta i responses per gli eventi selezionati # #       $1 = file di policy #       $2 = evento selezionato #       $3, $4, ... = SI|NO, Response # if [ -z "$3" ] ; then   echo "\n uso: $0 file-policy filtro-evento azione"   echo "        azione=SNMP NOSNMP"   exit   fi WORKDIR=/cygdrive/e appofile=$WORKDIR/tmp_file policyfile=$WORKDIR/$1 cp ${policyfile}.policy ${policyfile}_new.policy dos2unix ${policyfile}_new.policy evento=$2 shift 2 while [ ! -z "$1" ]   do   case $1 in    (EMAIL) femail=si;;    (SNMP)      gawk -F "\\" -v r=$evento -f reset_SNMP ${policyfile}_new.policy > ${appofile}.1      gawk -F "\\" -v r=$evento -f set_SNMP ${appofile}.1 > ${policyfile}_new.policy     ;;    (LOGDB) flogdb=si;;    (DISPLAY) fdisplay=si;;    (NOEMAIL) femail=no;;    (NOSNMP)      gawk -F "\\" -v r=$evento -f reset_SNMP ${policyfile}_new.policy > ${appofile}.1      cp ${appofile}.1 ${policyfile}_new.policy      ;;    (NOLOGDB) flogdb=no;;    (NODISPLAY) fdisplay=no;;   esac   shift 1   done unix2dos ${policyfile}_new.policy rm ${appofile}.1 ******* set_SNMP **** function SetAction (a,b,c) { printf "[\\template\\%s\\%s\\Response\\%s\\];\n",a,b,c                        printf "Enabled  =B      1;\n"                        printf "Choice   =S      Default;\n" }                                 { print $0 } $2 ~ /template/ && $4 ~ r && $5 ~ /Response/ {                                 if ( length($7) == 0 ) SetAction($3,$4,"SNMP") } *********************** CUELLAR,LEO (HP-Vancouver,ex1) wrote: Hello,   Does anyone have any scripts that would make Policy editing "easier"?    For example, I want to be paged for all High and Medium events.  Translation, go to each and every event in a policy, add the email tab and set to my email. (repeat as necessary, hundreds of times).  Second translation, use Perl, and some creative hacking to come up with a script that edits the policy file.   I'm wondering if others on this forum have encountered similar issues and have come up with other scripts.   Leo Cuellar IT Engineer -- ----------------------- Giovanni Lazzarin InfoCamere S.C.p.A. Area Sistemi di Sicurezza Informatica ----------------------- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo