mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
update logrotating, cleanup.sh, add Suricata ET Pro support, tweaking
This commit is contained in:
31
docker/suricata/dist/update.sh
vendored
Normal file → Executable file
31
docker/suricata/dist/update.sh
vendored
Normal file → Executable file
@ -6,8 +6,31 @@ function fuCLEANUP {
|
||||
}
|
||||
trap fuCLEANUP EXIT
|
||||
|
||||
# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
|
||||
cd /tmp
|
||||
wget --tries=2 --timeout=2 https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz
|
||||
tar xvfz emerging.rules.tar.gz -C /etc/suricata/
|
||||
### Vars
|
||||
myOINKCODE="$1"
|
||||
|
||||
function fuDLRULES {
|
||||
### Check if args are present then download rules, if not throw error
|
||||
|
||||
if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" == "OPEN" ];
|
||||
then
|
||||
echo "Downloading ET open ruleset."
|
||||
wget --tries=2 --timeout=2 https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz -O /tmp/rules.tar.gz
|
||||
else
|
||||
if [ "$myOINKCODE" != "" ];
|
||||
then
|
||||
echo "Downloading ET pro ruleset with Oinkcode $myOINKCODE."
|
||||
wget --tries=2 --timeout=2 https://rules.emergingthreatspro.com/$myOINKCODE/suricata-4.0/etpro.rules.tar.gz -O /tmp/rules.tar.gz
|
||||
else
|
||||
echo "Usage: update.sh <[OPEN, OINKCODE]>"
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# Download rules
|
||||
fuDLRULES
|
||||
|
||||
# Extract and enable all rules
|
||||
tar xvfz /tmp/rules.tar.gz -C /etc/suricata/
|
||||
sed -i s/^#alert/alert/ /etc/suricata/rules/*.rules
|
||||
|
Reference in New Issue
Block a user