snort/snort-update.sh@c10fb90893b9 (annotated)
snort/snort-update.sh
Thu, 04 Oct 2012 20:30:05 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 04 Oct 2012 20:30:05 +0200
- changeset 715
- c10fb90893b9
- permissions
- -rw-r--r--
Correct out of date build configuration, porting to Solaris 11 network
link infrastructure and new libpcap logic. This additionally allows for
device drivers in subdirectories of /dev. Correct packaged nmap
personalities and signatures to work out of the box. Finally, hack
arpd logic to properly close sockets and quit on TERM by repeating
signaling in the run command script. Sadly, all this fails to correct
the run time behaviour of honeyd which fails to bind to the IP layer.
| michael@549 | 1 | #!/bin/sh |
| michael@549 | 2 | ## |
| michael@549 | 3 | ## snort-update.sh -- Snort Rule Updating Utility |
| michael@549 | 4 | ## Copyright (c) 2005-2007 Ralf S. Engelschall <rse@engelschall.com> |
| michael@549 | 5 | ## |
| michael@549 | 6 | |
| michael@549 | 7 | # command line parameters |
| michael@549 | 8 | url="$1" |
| michael@549 | 9 | if [ ".$url" = . ]; then |
| michael@549 | 10 | echo "USAGE: $0 <url>" 1>&2 |
| michael@549 | 11 | exit 1 |
| michael@549 | 12 | fi |
| michael@549 | 13 | |
| michael@549 | 14 | # configuration |
| michael@549 | 15 | rulesdir="@l_prefix@/var/snort/rules" |
| michael@549 | 16 | tmpdir="@l_prefix@/var/snort/tmp" |
| michael@549 | 17 | oinkmaster="@l_prefix@/sbin/oinkmaster" |
| michael@549 | 18 | logfile="@l_prefix@/var/snort/oinkmaster.log" |
| michael@549 | 19 | statsfile="@l_prefix@/var/snort/snort.stats" |
| michael@549 | 20 | |
| michael@549 | 21 | # parameter post-processing |
| michael@549 | 22 | url=`echo "$url" |\ |
| michael@549 | 23 | sed -e 's;^oinkcode:\(.*\)$;http://www.snort.org/pub-bin/oinkmaster.cgi/\1/snortrules-snapshot-@V_rules@.tar.gz;' \ |
| michael@549 | 24 | -e 's;^\(/.*\)$;file://\1;'` |
| michael@549 | 25 | |
| michael@549 | 26 | # ruleset updating |
| michael@549 | 27 | ( echo "++ SNORT-UPDATE START (`date`)" |
| michael@549 | 28 | echo "++ Update URL: \"$url\"" |
| michael@549 | 29 | $oinkmaster -q -o $rulesdir -u $url |
| michael@549 | 30 | if [ ! -f $rulesdir/local.rules ]; then |
| michael@549 | 31 | touch $rulesdir/local.rules |
| michael@549 | 32 | fi |
| michael@549 | 33 | @l_prefix@/lib/openpkg/shtool subst \ |
| michael@549 | 34 | -e 's;\(var HOME_NET\) any;\1 $(HOME_NET:-any);' \ |
| michael@549 | 35 | -e 's;\(var EXTERNAL_NET\) any;\1 $(EXTERNAL_NET:-any);' \ |
| michael@549 | 36 | -e 's; \([^ /]*\.map\); $(RULE_PATH)/\1;' \ |
| michael@549 | 37 | -e 's; \([^ /]*\.config\); $(RULE_PATH)/\1;' \ |
| michael@549 | 38 | -e "s;\\(var RULE_PATH\\).*;\\1 \$(RULE_PATH:-$rulesdir);" \ |
| michael@549 | 39 | -e "s;/var/snort/snort\.stats;$statsfile;" \ |
| michael@549 | 40 | $rulesdir/snort.conf |
| michael@549 | 41 | echo "++ SNORT-UPDATE END (`date`)" |
| michael@549 | 42 | ) >>$logfile 2>&1 |
| michael@549 | 43 |
