Snort mailing list archives
RE: Auto update of rules?
From: "Nicholas W. Clair" <NClair () osufederal com>
Date: Thu, 15 Nov 2001 11:04:42 -0800
Peter, Below is a perl script that I created based on Andreas Östling's <http://www.whitehats.com/ids/arachnids_upd-0.4.tar.gz> arachnids_upd . It is not the best perl programming and is a little crude but works. I have it running by a cron. There currently is not error checking, maybe some day I will fix it or and more likely find a better one and use it. Any way if you need it her it is. -nic Nic Clair Network Security Administrator OSU Federal Credit Union nclair () osufederal com 541-714-4252 #!/usr/bin/perl -w use Getopt::Std; use File::Copy; use POSIX qw(strftime); use Fcntl; my $wget_bin = "/usr/local/bin/wget"; my $read_timeout = "900"; my $tmpfile = "/tmp/temp.$$.tar.gz"; my $tmpfile2 = "/tmp/temp.$$.tar"; my $url = " <http://www.snort.org/downloads/snortrules.tar.gz> http://www.snort.org/downloads/snortrules.tar.gz"; my $compress_gzip = "/bin/gzip"; my $compress_tar = "/bin/tar"; $SNORT_PID_FILE = "/var/run/snort_eth1.pid"; my $RULES_DIR = "/tmp/rules"; my $RULES_PUT_DIR = "/usr/local/snort/rules"; print "Grabbing ruleset from $url...\n"; die("File transfer failed: the wget command exited with an error (return sta tus was not 0).\nExiting") if (system("$wget_bin","-nv","-T","$read_timeout","-t","3","-O","$tmpfile" ,"$url")); die("Gzip integrity check failed (file transfer failed or file in URL not in gzip format?).\nExiting") if (system("$compress_gzip","-t","$tmpfile")); # (will also die if the re is trailing garbage) print "Decompressing $tmpfile...\n"; print "Decompressing $tmpfile...\n"; system("$compress_gzip","-d","$tmpfile"); print "Untaring $tmpfile2...\n"; system("/bin/tar","-C/tmp/","-xf","$tmpfile2"); opendir(RULES_DIR, "$RULES_DIR") or die "Can't open directory $RULES_DIR for reading: $!\n"; my @all_files = grep { /rules$/ } readdir RULES_DIR; closedir(RULES_DIR); for (@all_files) { move("$RULES_DIR/$_","$RULES_PUT_DIR/$_") or die "error $!\n"; } open SNORT_PID_FILE or die "Caon't open $1"; while (<SNORT_PID_FILE>) { @snort_pid = $_; } close(SNORT_PID_FILE); kill 1, $snort_pid[0]; system("rm $tmpfile2"); exit(0); -----Original Message----- From: Peter Borner [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Peter Borner Sent: Thursday, November 15, 2001 7:29 AM To: Snort-Users (E-mail) Subject: Auto update of rules? Hi, Does anyone have a script I can use on a crontab to periodically download the latest snort rules file and restart snort to use them? I've looked through the archives and can't find any obvious threads regarding this. I'm running a small network at home and I haven't yet found the need (or is it "built up the courage") to modify the rule set or add my own rules so I think the process should be fairly simple. I'm running snort on Linux 7.1. TIA Peter
Current thread:
- Auto update of rules? Peter Borner (Nov 15)
- <Possible follow-ups>
- RE: Auto update of rules? Nicholas W. Clair (Nov 15)