Snort rules_up

newsonet newsonet w poczta.onet.pl
Pią, 15 Kwi 2005, 19:59:19 CEST


W zwiazku z tym ze na snort.org wrocilo md5
poprawilem skrypcik i znow mozna z niego korzystac

wymagana rejestracja na snort.org
kazdy dostaje swoj: oink code



#!/bin/sh


# $Id: snort_up 2005-01-16 15:21:32 LittleB $


# set -x


# snort_up:     Snort rules ugrading script


# chkconfig:


# description:


# author:       LitlleB


#               For PLD Linux Distribution





# Source function library.


. /etc/rc.d/init.d/functions


. /etc/sysconfig/network





            # wget:


            # -t4       Retries 4 times


            # -N        Get if never bean





    PAR="-d --dns-cache=off -t4 -N"	# --sslprotocol=0

    LOG="-a /var/log/snort/snort_up.log"


    CODE="YOUR OINK CODE"		# your oink code

    VER="2.3"				# 2.3, 2.2, 2.0

    IP="199.107.65.177"			# snort.org




upgrade(){


if [ -f ./snortrules-snapshot-$VER.tar.gz ];then


    mv snortrules-snapshot-$VER.tar.gz
snortrules-snapshot-$VER.tar.gz.last

fi


#    rm -f snortrules-snapshot-$VER.tar.gz





        echo download rules...


    wget $PAR $LOG
http://$IP/pub-bin/oinkmaster.cgi/$CODE/snortrules-snapshot-$VER.tar.gz


if [ -f ./snortrules-snapshot-$VER.tar.gz ];then


        echo unpacking archive...


    tar zxf snortrules-snapshot-$VER.tar.gz


    chmod 750 ./rules


    chmod 640 ./rules/*


    chown root:snort ./rules


    chown root:snort ./rules/*


    service snort stop


    rm -f /etc/snort/rules/*


    mv ./rules/* /etc/snort/rules/


    service snort start


#rm -f snortrules-snapshot-$VER.tar.gz


    mv snortrules-snapshot-$VER.tar.gz.md5
snortrules-snapshot-$VER.tar.gz.md5.last

    rm -f snortrules-snapshot-$VER.tar.gz.md5


    rm -r rules


    rm -r doc


    msg_done


    else


    msg_network_down snort_up


    msg_fail


fi


}
msg_up(){


show "UPGRADING SNORT RULES"


    busy


    echo


}


msg_done(){


show "UPGRADING SNORT RULES"


    ok


    echo


}


msg_fail(){


show "UPGRADING SNORT RULES"


    fail


    echo


}


    msg_up


    if is_yes "${NETWORKING}"; then


        if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" !=
status ]; then

                msg_network_down snort_up


                msg_fail


                exit 1


        fi


    else


        exit 0


    fi





    rm -f snortrules-snapshot-$VER.tar.gz.md5


        echo download MD5 checksum...


    wget $PAR $LOG
http://$IP/pub-bin/oinkmaster.cgi/$CODE/snortrules-snapshot-$VER.tar.gz.md5




    if [ -f ./snortrules-snapshot-$VER.tar.gz ]; then





        MD5_last=`cat ./snortrules-snapshot-$VER.tar.gz.md5.last`


        MD5_new=`cat ./snortrules-snapshot-$VER.tar.gz.md5`





        if [ "$MD5_last" = "$MD5_new" ]; then


            echo $MD5_last


            echo $MD5_new


            echo YOUR checksum is correct. nothing to do.


            msg_done


                exit


        else


            upgrade


        fi


    else


    upgrade


    fi


exit




Więcej informacji o liście dyskusyjnej pld-users-pl