[Snort-users] Display snort info at user login

Seth sethsec at ...11827...
Fri Jun 6 14:09:43 EDT 2008


I was recently playing around with my .bash_profile script and ended
up with a couple of pretty simple functions that produce the following
output whenever I log into one of my snort box's:

Last login: Thu May 29 16:27:36 2008 from xxxxxxxx
-------------- Snort Installation Detected -----------------
The most recent snort rules on this machine were updated on:
                    ******* May 30 *******
If the date above is more than 1 month old, run oinkmaster
manually and verify it completes without error.
------------------------------------------------------------
------------------------------------------------------------
Snort % Pkts dropped and mbits/sec for the last 20 minutes
Dropped Packets = 0.000 Mbps = 4.672
Dropped Packets = 0.000 Mbps = 4.796
Dropped Packets = 0.000 Mbps = 4.369
Dropped Packets = 0.000 Mbps = 5.071
------------------------------------------------------------

Even though the information is reactive (no alerts are sent, you just
get some additional info when you log in to the box), I have found it
to be very useful.  I searched the web for a while and haven't found
any similar examples, so I figured I would publish it and share with
the list.

The full write up is here:
http://sethsec.blogspot.com/2008/06/some-snort-login-kung-fu.html

Let me know what you think and if you have any suggestions.

-Seth




More information about the Snort-users mailing list