Hi Nitefood, I am new to OSSEC. Can you show the step to test above attack script?
Thanks, Hak On Sunday, August 30, 2015 at 8:02:09 AM UTC+7, nitefood wrote: > > Hello all, > > I have created a bash script to visualize attack data from OSSEC DB on a > world map by geolocating attackers IPs (using MaxMind's GeoIP db and tools) > and calculating Top N attacking countries. > Not sure if this is a novel idea, but I couldn't find anything to do this > the way I wanted it, so I decided to quickly hack together a little script. > This is what the output html looks like: > > > > <https://lh3.googleusercontent.com/-wbPYWRLZ-94/VeJLuN6rU7I/AAAAAAAABFo/thlpjlAmiBU/s1600/Screenshot%2B2015-08-30%2B01.29.51.png> > > > By clicking the toggle button, you'll see the list of all unique, > geolocalized attackers IPs found in your OSSEC database, sorted by the > number of attaks (actually the times they appear in the DB) they ran on > you. Something like this: > > 157 attacks : 1.2.3.4 (*Russia*) > 140 attacks : 5.6.7.8 (*China*) > etc. > > If anybody is interested, the script is attached. Feel free to modify it > in any way you please. Make sure you read the notes at the beginning and > change the appropriate values in the configuration section. > > Disclaimer: I wrote this script quickly and in my spare time, just to get > some insight on the attack sources on my infrastructure. The HTML output is > probably fugly by today's standards, there's very little sanity checking, > and next to no code optimization or cleanup in here, so if you feel so > inclined, improve or rewrite it in a faster language and share it for > others to enjoy it. > > Hope you find it useful. > > Take care, > nitefood > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
