Inspekt and PHP-IDS
3 views
Skip to first unread message
Ronald Smith
Feb 2, 2009, 11:23:03 PM2/2/09
to inspekt
Not sure if anyone else will find this helpful. But I used a function
similar to the one below to integrate a PHP-IDS check into my Inspekt
Cage.
/**
* Will run the array or value against the PHP-IDS system.
* You can add logging to the to the isEmpty check by using the
code below.
* The code below will add a record to an intrusions table in the
defined database for
* later viewing
* <code>
* require_once('/path/to/IDS/Log/Database.php');
* require_once('/path/to/IDS/Log/Composite.php');
*
* $compositeLog = new IDS_Log_Composite( );
* $compositeLog->addLogger( IDS_Log_Database::getInstance
( $ids_init ) );
* $compositeLog->execute( $ids_result );
* </code>
* @param mixed $value
* @return boolean
*/
function testIDS($value)
{
require_once ('/path/to/Inspekt/Inspekt.php'); //moved here
for example. There are better ways to include
$ids_init = IDS_Init::init('path/to/IDS/Config/Config.ini');
if (is_array($value)) {
$ids_req = array('VALUE'=>$value);
$ids = new IDS_Monitor( $ids_req, $ids_init );
} else {
$ids_req = array('VALUE'=>array('VALUE'=>$value));
$ids = new IDS_Monitor($ids_req,$ids_init);
}
$ids_result = $ids->run();
if (! $ids_result->isEmpty()) {
return false;
}
return true;
}
similar to the one below to integrate a PHP-IDS check into my Inspekt
Cage.
/**
* Will run the array or value against the PHP-IDS system.
* You can add logging to the to the isEmpty check by using the
code below.
* The code below will add a record to an intrusions table in the
defined database for
* later viewing
* <code>
* require_once('/path/to/IDS/Log/Database.php');
* require_once('/path/to/IDS/Log/Composite.php');
*
* $compositeLog = new IDS_Log_Composite( );
* $compositeLog->addLogger( IDS_Log_Database::getInstance
( $ids_init ) );
* $compositeLog->execute( $ids_result );
* </code>
* @param mixed $value
* @return boolean
*/
function testIDS($value)
{
require_once ('/path/to/Inspekt/Inspekt.php'); //moved here
for example. There are better ways to include
$ids_init = IDS_Init::init('path/to/IDS/Config/Config.ini');
if (is_array($value)) {
$ids_req = array('VALUE'=>$value);
$ids = new IDS_Monitor( $ids_req, $ids_init );
} else {
$ids_req = array('VALUE'=>array('VALUE'=>$value));
$ids = new IDS_Monitor($ids_req,$ids_init);
}
$ids_result = $ids->run();
if (! $ids_result->isEmpty()) {
return false;
}
return true;
}
Ed Finkler
Feb 3, 2009, 11:19:40 AM2/3/09
to ins...@googlegroups.com
This is very cool Ronald. I've not been able to dedicate the time to
Inspekt that I'd like to lately, but this is encouraging 8). Would you
be willing to work up a patch for Inspekt to add this capability to
Inspekt?
--
Ed Finkler
http://funkatron.com
AIM: funka7ron
ICQ: 3922133
Skype: funka7ron
Inspekt that I'd like to lately, but this is encouraging 8). Would you
be willing to work up a patch for Inspekt to add this capability to
Inspekt?
--
Ed Finkler
http://funkatron.com
AIM: funka7ron
ICQ: 3922133
Skype: funka7ron
Reply all
Reply to author
Forward
0 new messages