Snort rules_up
newsonet
newsonet w poczta.onet.pl
Pią, 15 Kwi 2005, 19:59:19 CEST
W zwiazku z tym ze na snort.org wrocilo md5
poprawilem skrypcik i znow mozna z niego korzystac
wymagana rejestracja na snort.org
kazdy dostaje swoj: oink code
#!/bin/sh
# $Id: snort_up 2005-01-16 15:21:32 LittleB $
# set -x
# snort_up: Snort rules ugrading script
# chkconfig:
# description:
# author: LitlleB
# For PLD Linux Distribution
# Source function library.
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
# wget:
# -t4 Retries 4 times
# -N Get if never bean
PAR="-d --dns-cache=off -t4 -N" # --sslprotocol=0
LOG="-a /var/log/snort/snort_up.log"
CODE="YOUR OINK CODE" # your oink code
VER="2.3" # 2.3, 2.2, 2.0
IP="199.107.65.177" # snort.org
upgrade(){
if [ -f ./snortrules-snapshot-$VER.tar.gz ];then
mv snortrules-snapshot-$VER.tar.gz
snortrules-snapshot-$VER.tar.gz.last
fi
# rm -f snortrules-snapshot-$VER.tar.gz
echo download rules...
wget $PAR $LOG
http://$IP/pub-bin/oinkmaster.cgi/$CODE/snortrules-snapshot-$VER.tar.gz
if [ -f ./snortrules-snapshot-$VER.tar.gz ];then
echo unpacking archive...
tar zxf snortrules-snapshot-$VER.tar.gz
chmod 750 ./rules
chmod 640 ./rules/*
chown root:snort ./rules
chown root:snort ./rules/*
service snort stop
rm -f /etc/snort/rules/*
mv ./rules/* /etc/snort/rules/
service snort start
#rm -f snortrules-snapshot-$VER.tar.gz
mv snortrules-snapshot-$VER.tar.gz.md5
snortrules-snapshot-$VER.tar.gz.md5.last
rm -f snortrules-snapshot-$VER.tar.gz.md5
rm -r rules
rm -r doc
msg_done
else
msg_network_down snort_up
msg_fail
fi
}
msg_up(){
show "UPGRADING SNORT RULES"
busy
echo
}
msg_done(){
show "UPGRADING SNORT RULES"
ok
echo
}
msg_fail(){
show "UPGRADING SNORT RULES"
fail
echo
}
msg_up
if is_yes "${NETWORKING}"; then
if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" !=
status ]; then
msg_network_down snort_up
msg_fail
exit 1
fi
else
exit 0
fi
rm -f snortrules-snapshot-$VER.tar.gz.md5
echo download MD5 checksum...
wget $PAR $LOG
http://$IP/pub-bin/oinkmaster.cgi/$CODE/snortrules-snapshot-$VER.tar.gz.md5
if [ -f ./snortrules-snapshot-$VER.tar.gz ]; then
MD5_last=`cat ./snortrules-snapshot-$VER.tar.gz.md5.last`
MD5_new=`cat ./snortrules-snapshot-$VER.tar.gz.md5`
if [ "$MD5_last" = "$MD5_new" ]; then
echo $MD5_last
echo $MD5_new
echo YOUR checksum is correct. nothing to do.
msg_done
exit
else
upgrade
fi
else
upgrade
fi
exit
Więcej informacji o liście dyskusyjnej pld-users-pl