RE: script to update rules

["Moyer, Shawn" <SMoyer () rgare com>]

Here's my goofy hack for the same thing. You'll notice the restart at the
end just does a killall which is because I use daemontools (
http://cr.yp.to/daemontools.html ) - this is wrote so that local.rules and
snort.conf live in /etc/snort, with everything else living in
/etc/snort/rules - this way you can keep your localized additions without
having the update overwrite them.

#!/usr/local/bin/bash

cd /etc/snort

echo ""

echo "Beginning Snort ruleset update..."

echo ""

echo "Backing up current ruleset and deleting previous backup..."

rm -f snortrules.*

rm -frv rules.bak/*

cp -v rules/* rules.bak/

cp -v snort.conf rules.bak/

cp -v local.rules rules.bak/

cp -v local.rules .localrules.orig

cp -v snort.conf .snortconf.orig

echo ""

echo "Downloading latest ruleset from snort.org...."
echo ""

/usr/local/bin/wget http://www.snort.org/downloads/snortrules.tar.gz
tar zxvf snortrules.tar.gz

echo ""

echo "Making sure local rules are restored..."

cp -v rules.bak/local.rules local.rules

cp -v rules.bak/snort.conf snort.conf

echo ""

echo "Restarting Snort..."

# Killall because daemontools restarts it.

killall snort

echo ""

ps auxwwww | grep snort

echo ""

echo "Done."

echo ""



> -----Original Message-----
> From: Sheahan, Paul (PCLN-NW) [mailto:Paul.Sheahan () priceline com]
> Sent: Wednesday, July 31, 2002 13:23
> To: Snort List (E-mail)
> Subject: [Snort-users] script to update rules
>
>
>
> Hello,
>
> I'm running Snort 1.8.4 on Red Hat Linux 7.0 and am currently 
> updating rules
> manually. I was hoping someone out there may be willing to 
> share a script
> they use to automate this?
>
> Thanks,
>
> Paul Sheahan
> Manager of Information Security
> Priceline.com
> paul.sheahan () priceline com
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users