Snort mailing list archives

Rule-Update

From: "Marc Quibell" <mquibell () fbfs com>
Date: Tue, 19 Aug 2003 08:38:19 -0500



Yes, there is a way to auto-update your rules automatically. Where would I be
without auto-updating? Here's the script I use:
p.s (There is also a way to post to the list text-only messages..hehe)

/etc/snort/rules/update-rules
#!/usr/bin/perl -w
use Getopt::Std;
use File::Copy;
use POSIX qw(strftime);
use Fcntl;



my $wget_bin = "/usr/bin/wget";
my $read_timeout = "2900";
my $tmpfile = "/tmp/temp.$$.tar.gz";
my $tmpfile2 = "/tmp/temp.$$.tar";
my $url = "
<http://www.snort.org/downloads/rules/snortrules-current.tar.gz>
http://www.snort.org/downloads/rules/snortrules-current.tar.gz";;
my $compress_gzip = "/bin/gzip";
my $compress_tar = "/bin/tar";
$SNORT_PID_FILE = "/var/run/snort_eth1.pid";
my $RULES_DIR = "/tmp/rules";
my $RULES_PUT_DIR = "/etc/snort/rules";

 print "Grabbing ruleset from $url...\n";
    die("File transfer failed: the wget command exited with an error (return
status was not 0).\nExiting") if
(system("$wget_bin","-nv","-T","$read_timeout","-t","3","-O","$tmpfile"
,"http://www.snort.org/downloads/rules/snortrules-current.tar.gz";));
    #die("File transfer failed: the wget command exited with an error (return
status was not 0).\nExiting") if
(system("$wget_bin","-nv","-v","-T","$read_timeout","-t","3","-O","$tmpfile"
,"$url"));

    die("Gzip integrity check failed (file transfer failed or file in URL not in
 gzip format?).\nExiting") if (system("$compress_gzip","-t","$tmpfile"));
# (will also die if there is trailing garbage)

 system("cp","$tmpfile","/home/mquibell/snortrules-current.tar.gz");

 print "Decompressing $tmpfile...\n";
print "Decompressing $tmpfile...\n";
    system("$compress_gzip","-d","$tmpfile");
 print "Untaring $tmpfile2...\n";
    system("/bin/tar","-C/tmp/","-xf","$tmpfile2");



 opendir(RULES_DIR, "$RULES_DIR") or die "Can't open directory $RULES_DIR for
reading: $!\n";
 my @all_files = grep { /rules$/ } readdir RULES_DIR;
 closedir(RULES_DIR);

 for (@all_files) {
move("$RULES_DIR/$_","$RULES_PUT_DIR/$_") or die "error $!\n";
 }

# open SNORT_PID_FILE or die "Can't open $1";
# while (<SNORT_PID_FILE>)
# {
#   snort_pid = $_;
# }
# close(SNORT_PID_FILE);
#  kill 1, $snort_pid[0];
#system(kill -HUP `cat /var/run/snort_eth1.pid`);
  #system("rm $tmpfile2");
  system("rm /tmp/temp*.*");
exit(0);




-------------------------------------------------------
This SF.net email is sponsored by Dice.com.
Did you know that Dice has over 25,000 tech jobs available today? From
careers in IT to Engineering to Tech Sales, Dice has tech jobs from the
best hiring companies. http://www.dice.com/index.epl?rel_code=104
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

Rule-Update Brandon Hanks (Aug 18)
- <Possible follow-ups>
- RE: Rule-Update Schmehl, Paul L (Aug 18)
- Rule-Update Marc Quibell (Aug 19)