Skip to content

Commit

Permalink
oinkmaster daily cron: run oinkmaster as non-root user suricata; also…
Browse files Browse the repository at this point in the history
… disable

download of Snort community rule due to a file conflict with ET rules
(sid-msg.map): needs to be sorted out later

Signed-off-by: KheOps <kheops@ceops.eu>
  • Loading branch information
kheops2713 committed Mar 13, 2015
1 parent dfbb0bd commit cfa641c
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions roles/common/files/etc/cron.daily/oinkmaster
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/bin/sh

OINK=/usr/sbin/oinkmaster
TMPFILE=$(mktemp)
(oinkmaster -C /etc/oinkmaster/oinkmaster.conf -o /etc/snort/rules -Q; \
oinkmaster -C /etc/oinkmaster/oinkmaster-snort-community.conf -o /etc/snort/rules -Q) | tee $TMPFILE
su -s /bin/bash -c "$OINK -C /etc/oinkmaster/oinkmaster.conf -o /etc/snort/rules -Q" suricata
# Note: Snort community rules disabled due to conflict of sid-msg.map file
#su -s /bin/bash -c "$OINK -C /etc/oinkmaster/oinkmaster-snort-community.conf -o /etc/snort/rules -Q" suricata
test -s $TMPFILE && echo Suricata rules changed: restarting Suricata && service suricata restart
rm -f $TMPFILE

0 comments on commit cfa641c

Please sign in to comment.