RE: Auto update of rules?

["Nicholas W. Clair" <NClair () osufederal com>]

Peter,
 
  Below is a perl script that I created based on Andreas Östling's
<http://www.whitehats.com/ids/arachnids_upd-0.4.tar.gz> arachnids_upd .
It is not the best perl programming and is a little crude but works.  I
have it running by a cron.  There currently is not error checking, maybe
some day I will fix it or and more likely find a better one and use it.
Any way if you need it her it is.
 
-nic
 
Nic Clair 
Network Security Administrator 
OSU Federal Credit Union 
nclair () osufederal com 
541-714-4252 
 
#!/usr/bin/perl -w
use Getopt::Std;
use File::Copy;
use POSIX qw(strftime);
use Fcntl;
 

my $wget_bin            = "/usr/local/bin/wget";
my $read_timeout        = "900";
my $tmpfile             = "/tmp/temp.$$.tar.gz";
my $tmpfile2            = "/tmp/temp.$$.tar";
my $url                 = "
<http://www.snort.org/downloads/snortrules.tar.gz>
http://www.snort.org/downloads/snortrules.tar.gz";;
my $compress_gzip       = "/bin/gzip";
my $compress_tar        = "/bin/tar";
$SNORT_PID_FILE = "/var/run/snort_eth1.pid";
my $RULES_DIR           = "/tmp/rules";
my $RULES_PUT_DIR       = "/usr/local/snort/rules";
 
 print "Grabbing ruleset from $url...\n";
    die("File transfer failed: the wget command exited with an error
(return sta
tus was not 
0).\nExiting")
      if
(system("$wget_bin","-nv","-T","$read_timeout","-t","3","-O","$tmpfile"
,"$url"));
  
    die("Gzip integrity check failed (file transfer failed or file in
URL not in
 gzip 
format?).\nExiting")
      if (system("$compress_gzip","-t","$tmpfile"));     # (will also
die if the
re is trailing garbage)
 
 
 print "Decompressing $tmpfile...\n";
print "Decompressing $tmpfile...\n";
    system("$compress_gzip","-d","$tmpfile");
 
 print "Untaring $tmpfile2...\n";
    system("/bin/tar","-C/tmp/","-xf","$tmpfile2");
 

 opendir(RULES_DIR, "$RULES_DIR") or die "Can't open directory
$RULES_DIR
 for reading: $!\n";
 my @all_files = grep { /rules$/ } readdir RULES_DIR;
 closedir(RULES_DIR);
 
 for (@all_files) {
   move("$RULES_DIR/$_","$RULES_PUT_DIR/$_")
     or die "error $!\n";
 }
 
 open SNORT_PID_FILE or die "Caon't open $1";
 while (<SNORT_PID_FILE>)
 {
   @snort_pid = $_;
 }
 close(SNORT_PID_FILE);
  kill 1, $snort_pid[0];
 
  system("rm $tmpfile2");
exit(0);
 
 
-----Original Message-----
From: Peter Borner [mailto:snort-users-admin () lists sourceforge net]On
Behalf Of Peter Borner
Sent: Thursday, November 15, 2001 7:29 AM
To: Snort-Users (E-mail)
Subject: Auto update of rules?


Hi,
 
Does anyone have a script I can use on a crontab to periodically
download the latest snort rules file and restart snort to use them? I've
looked through the archives and can't find any obvious threads regarding
this. I'm running a small network at home and I haven't yet found the
need (or is it "built up the courage") to modify the rule set or add my
own rules so I think the process should be fairly simple.
 
I'm running snort on Linux 7.1.
 
TIA
 
Peter