From 29e39cb9552d4d6ad67e48444247a562abc4829d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Edward=20Fjellsk=C3=A5l?= <edward.fjellskaal@gmail.com>
Date: Thu, 28 Oct 2010 22:36:49 +0200
Subject: [PATCH] Added a --skip switch on request from Andy Berryman

---
 src/Makefile      | 2 +-
 tools/prads2snort | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/Makefile b/src/Makefile
index 3bb8001..a84e52f 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -2,7 +2,7 @@
 #CC=gcc
 LDFLAGS=-lpcap -lpcre
 CONFDIR=../etc
-CFLAGS=-O3 -DCONFDIR='"${CONFDIR}/"'
+CFLAGS=-static -O3 -DCONFDIR='"${CONFDIR}/"'
 DCFLAGS=-g
 PCFLAGS=-g -pg
 ifneq (${DEBUG},)
diff --git a/tools/prads2snort b/tools/prads2snort
index 06b30ae..44c8453 100755
--- a/tools/prads2snort
+++ b/tools/prads2snort
@@ -45,6 +45,7 @@ use Switch;
  -i|--infile     : file to feed prads2snort.pl
  -o|--outfile    : file to write host_attribute data to (host_attribute.xml)
  -d|--default    : set Default OS if unknown (linux,bsd,macos,windows)
+ -s|--skip       : Skip OSes that has a match less than XX %
  -v|--verbose    : prints out OS, frag, stream and confidence of asset
  -h|--help       : this help message
  --version       : show prads2snort.pl version
@@ -54,6 +55,7 @@ use Switch;
 our $VERSION                = 0.11;
 our $DEBUG                  = 0;
 our $VERBOSE                = 0;
+our $SKIPOS                 = 0;
 our $FORCE                  = 0;
 our $VERS                   = 0;
 our $INFILE                 = qq(/var/log/prads-asset.log);
@@ -66,6 +68,7 @@ Getopt::Long::GetOptions(
     'infile|i=s'            => \$INFILE,
     'outfile|o=s'           => \$OUTFILE,
     'default|d=s'           => \$DEFAULTOS,
+    'skip|s=s'              => \$SKIPOS,
     'verbose|v'             => \$VERBOSE,
     'force|f'               => \$FORCE,
     'version'               => \$VERS,
@@ -219,12 +222,15 @@ sub make_attribute_table {
         my ($frag3, $stream5) = get_policy($os, $desc);
         $STATS{'OS'}{"$os"}{'count'} ++;
         $STATS{'OS'}{"$os"}{'confidence'} += $confidence;
+        if ($confidence < $SKIPOS) {
+            print "$asset OS:Unknown - Skipping, confidence:$confidence\n" if $VERBOSE;
+            next;
+        }
         if ($os =~ /unknown/) {
             $unknowns++;
             if ($VERBOSE) {
                 print "$asset OS:Unknown - Applying frag3=$frag3, stream5=$stream5 and confidence:$confidence\n";
             }
-            #next if $skippunknownsorsomething;
         } else {
             $knowns++;
             $aconfedence += $confidence;
-- 
2.11.4.GIT