/
configure-ecrimelabs
44 lines (34 loc) · 1.36 KB
/
configure-ecrimelabs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/bin/bash
source /etc/ecrimelabs/ecrimelabscfg
ENGINE=`grep ENGINE /etc/nsm/securityonion.conf | cut -d= -f2`
# Run download script
/usr/sbin/download-ecrimelabs
echo ""
echo "Configuring Pulledpork..."
echo ""
PP_CONF="/etc/nsm/pulledpork/pulledpork.conf"
if [ "${ENGINE}" = "snort" ]; then
sed -i "s|^local_rules.*|local_rules=/etc/nsm/rules/local.rules,${RULE_PATH_FEED},${RULE_PATH_INCIDENT}|" ${PP_CONF}
elif [ "${ENGINE}" = "suricata" ];then
sed -i "s|^local_rules.*|local_rules=/etc/nsm/rules/local.rules,/etc/nsm/rules/decoder-events.rules,/etc/nsm/rules/stream-events.rules,/etc/nsm/rules/http-events.rules,/etc/nsm/rules/smtp-events.rules,${RULE_PATH_FEED},${RULE_PATH_INCIDENT}|" ${PP_CONF}
fi
if [ -f /etc/cron.d/download-ecrimelabs ]; then
:
else
touch /etc/cron.d/download-ecrimelabs
cat << EOF > /etc/cron.d/download-ecrimelabs
# /etc/cron.d/download-ecrimelabs
#
# crontab entry to update eCrimeLabs IDS rules
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
#m h dom mon dow user command
00 */2 * * * root /usr/sbin/download-ecrimelabs > /dev/null 2>&1
EOF
fi
echo "If manually running this script, ensure that /usr/sbin/rule-update is run afterwards."
echo ""
echo "Now configurate the /etc/ecrimelabs/ecrimelabscfg"
echo "run sudo /usr/sbin/download-ecrimelabs to fetch files"
echo "That's all folks!"
echo ""