Hi,
Within Bro’s event handler, can I use bro’s script to call Linux shell script or perl script directly?
If not, I think at least, I can let bro to communicate to broccoli’s client and let it to call a shell script.
Best,
Hui
Within Bro's event handler, can I use bro's script to call Linux shell
script or perl script directly?
You can use Bro's system function to execute an arbitrary command:
system(s: string): int
Invokes a command via the system function. Returns true if the
return value of system was non-zero. Returns the return value
from the system() call. Note that this corresponds to the status
of backgrounding the given command, not to the exit status of
the command itself. A value of 127 corresponds to a failure to
execute sh, and -1 to an internal system failure. Furthermore,
the command is run in the background with stdout redirected to
stderr
It is good idea to call
str_shell_escape(source: string): string
on the argument to system.
Matthias
That function is actually much less necessary now that we have the piped_exec function. str_shell_escape is only supposed to be used for data being put between double quotes so that the input doesn't escape from the double quoting.
This is obviously super dangerous:
system(fmt("rm \"%s\"", sniffed_data));
This is better:
system(fmt("rm \"%s\"", str_shell_escape(sniffed_data)));
If you need to supply something on STDIN to the program you are executing, you should use the piped_exec function. You can provide the data supplied on STDIN as an argument to the function.
.Seth