Thanks everyone. I talked to one of my "Perl-enabled" friends and he whipped
out the following script.
I've used it successfully with ActivePerl 5.8.
basic usage:
c:\perl\bin\perl iss-policy.pl some.policy 1 default > new.policy
perl - perl executable
iss-policy.pl - perl script below in a text file named iss-policy.pl
some.policy - is policy you'd like to change
1 - ( Is the Priority Level, 1 for High, 2 for Medium and 3 for Low)
default - is the user you'd like the alert to go to. I have two
groups and 5 individuals defined in the response file.
Note: the script output is to Standard Out, so you'll want to Pipe the
output to a new file.
> - pipe command
new.policy - New policy :)
Have fun. With a few edits, I'll be using this script to make mass changes
from now on.
Regards,
Leo Cuellar
Disclaimer: Use at your risk. There is NO error checking.
=Start Script =====================================
#!perl
#
# modify a policy file to ....
# Ex. perl\bin\perl iss-policy.pl some.policy 1 default > new.policy
#
# arguments:
#
# ARGV[0] name of the policy file
# ARGV[1] priority level
# ARGV[2] email address
#
if ($#ARGV != 2)
{
printf("incorrect number of command line arguments:\n");
printf("\texpected 3, got %d\n", ($#ARGV + 1));
printf("the arguments were:\n");
for($i = 0; $i <= $#ARGV; $i++)
{
printf("\t\"%s\"\n", $ARGV[$i]);
}
exit(-1);
}
($policy_file_name,
$priority_level,
$email_address) = @ARGV;
$search_pattern = "Priority\t=L\t$priority_level;";
open(FILE, "< " . $policy_file_name)
|| die "Can't open policy file $policy_file_name: $!";
while ($line = <FILE>)
{
if ($line =~ $search_pattern)
{
print $line;
#
# skipping the error check on reading the next line
#
$next_line = <FILE>;
#
# skipping the error check on valid pattern match
#
# add the email address in before the '\]'
#
$next_line =~ s/\\\]/\\EMAIL\\\]/;
print $next_line;
print "Enabled\t=B\t1;\n";
print "Choice =S\tDefault;\n";
}
print $line;
}
=End Script =====================================
-----Original Message-----
From: David Singer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2003 4:12 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [ISSForum] Anyone have any "helpful" scripts?
Here's a PHP script that I did to turn on Email response for all attacks and
audits in a Network Sensor policy.
I'm not a great programmer so I'm sure that someone wlse would have done a
better job but it does work and even has comments
I first created a global Email response called "Email Alert" and then used
the script to add this to each and every event as a default regardless of
whether the event was enabled.
To use the script just substitute for the name of your policy file in the
script and whatever you called the global email response.
- David
From: "CUELLAR,LEO (HP-Vancouver,ex1)" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [ISSForum] Anyone have any "helpful" scripts?
Date: Mon, 29 Sep 2003 14:51:14 -0700
Hello,
Does anyone have any scripts that would make Policy editing "easier"?
For example, I want to be paged for all High and Medium events.
Translation, go to each and every event in a policy, add the email tab and
set to my email. (repeat as necessary, hundreds of times). Second
translation, use Perl, and some creative hacking to come up with a script
that edits the policy file.
I'm wondering if others on this forum have encountered similar issues and
have come up with other scripts.
Leo Cuellar
IT Engineer
_________________________________________________________________
E-mail just got a whole lot better. New ninemsn Premium. Click here
http://ninemsn.com.au/premium/landing.asp
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
