This is a sample script demonstrating how you could submit firewall log data from OPNsense to csirtg.io.
- A csirtg.io account
- An account token; within csirtg.io:
- Select your username
- Select "tokens"
- Select "Generate Token
- A csirtg.io feed
- Select (the plus sign)
- Select Feed
- Choose a feed name (e.g. port scanners)
- Choose a feed description (hosts blocked in firewall logs)
- A router/firewall with OPNsense installed
- Pfsense would likely work but it is untested
- You must have root + shell access
- To demonstrate how you interact with csirtg.io without using the SDK
- To not use any python libraries that were not already installed with OPNsense
- SSH into the OPNsense router (become root)
- change to root directory
$ cd /root- Download the wf-opnsense.py script using curl
$ curl -O https://raw.githubusercontent.com/giovino/wf-opnsense/master/wf-opnsense.py- edit wf-opnsense.py to fill in (CSIRTG_USER, CSIRTG_FEED, CSIRTG_TOKEN)
vi wf-opnsense.py- Edit the root crontab
$ crontab -eAdd the following
*/5 * * * * /usr/local/bin/python2.7 /root/wf-opnsense.py 2>&1 | /usr/bin/logger -t csirtg.io