update logrotating, cleanup.sh, add Suricata ET Pro support, tweaking

This commit is contained in:
Marco Ochse
2018-03-30 16:41:46 +00:00
parent 201aa85e68
commit df6e4dcd44
7 changed files with 74 additions and 16 deletions

31
docker/suricata/dist/update.sh vendored Normal file → Executable file
View File

@ -6,8 +6,31 @@ function fuCLEANUP {
}
trap fuCLEANUP EXIT
# Download the latest EmergingThreats ruleset, replace rulebase and enable all rules
cd /tmp
wget --tries=2 --timeout=2 https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz
tar xvfz emerging.rules.tar.gz -C /etc/suricata/
### Vars
myOINKCODE="$1"
function fuDLRULES {
### Check if args are present then download rules, if not throw error
if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" == "OPEN" ];
then
echo "Downloading ET open ruleset."
wget --tries=2 --timeout=2 https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz -O /tmp/rules.tar.gz
else
if [ "$myOINKCODE" != "" ];
then
echo "Downloading ET pro ruleset with Oinkcode $myOINKCODE."
wget --tries=2 --timeout=2 https://rules.emergingthreatspro.com/$myOINKCODE/suricata-4.0/etpro.rules.tar.gz -O /tmp/rules.tar.gz
else
echo "Usage: update.sh <[OPEN, OINKCODE]>"
exit
fi
fi
}
# Download rules
fuDLRULES
# Extract and enable all rules
tar xvfz /tmp/rules.tar.gz -C /etc/suricata/
sed -i s/^#alert/alert/ /etc/suricata/rules/*.rules