Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Track pulledpork download status #154

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 4 comments

Comments

@GoogleCodeExporter
Copy link

commented Mar 24, 2015

Perhaps have OSSEC monitor the pulledpork log for errors?

Original issue reported on code.google.com by doug.bu...@gmail.com on 28 Nov 2011 at 12:39

@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

commented Mar 24, 2015

Created /etc/cron.d/pulledpork with the following:


# /etc/cron.d/pulledpork
#
# crontab entry to update IDS rules via PulledPork

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

01 7    * * *   root    date >> /var/log/nsm/pulledpork.log ; 
/usr/local/bin/pulledpork_update.sh >> /var/log/nsm/pulledpork.log

Original comment by doug.bu...@gmail.com on 20 Jan 2012 at 6:30

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

commented Mar 24, 2015

Packaged:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-pulledpork -v 20120119 /usr/local/bin/pulledpork.pl 
/etc/pulledpork/pulledpork.conf.master /etc/cron.d/pulledpork 
/usr/local/bin/pulledpork_update.sh

Original comment by doug.bu...@gmail.com on 20 Jan 2012 at 6:32

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

commented Mar 24, 2015

Added the following to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120116" ]; then
        NEW="20120119"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

    echo "* Disabling Snorby DB fix cronjob due to performance issues with large/busy DBs" | $LOG
GER
    FILE=securityonion-snorby-db-fix_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing new Setup script"            | $LOGGER
    FILE=securityonion-setup_"$NEW"_i386.deb
    wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
    dpkg -i $FILE                       | $LOGGER

    echo "* Installing new Suricata"                        | $LOGGER
        FILE=securityonion-suricata_"$NEW"-1_i386.deb
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        dpkg -i $FILE                                           | $LOGGER

        echo "* Installing new Suricata config"                 | $LOGGER
        FILE=securityonion-suricata-config_"$NEW"_i386.deb
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        dpkg -i $FILE                                           | $LOGGER

        echo "* Installing new Suricata-specific rules"         | $LOGGER
        FILE=securityonion-suricata-rules_"$NEW"_i386.deb
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        dpkg -i $FILE                                           | $LOGGER

    apt-get -y remove securityonion-pulledpork-update
        echo "* Installing new PulledPork config"            | $LOGGER
        FILE=securityonion-pulledpork_"$NEW"_i386.deb
        wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
        dpkg -i $FILE                                           | $LOGGER

    cp /etc/crontab .
    sed -i '/pulledpork_update.sh/d' /etc/crontab
    service cron restart                    | $LOGGER

        echo "* Copying suricata.yaml to sensor directories"    | $LOGGER
        grep -v "^#" /etc/nsm/sensortab |awk '{print $1}' |while read SENSOR
        do
                mkdir -p $DIR/"$SENSOR"/
                cp /etc/nsm/"$SENSOR"/suricata.yaml $DIR/"$SENSOR"/
                cp /etc/suricata/suricata.yaml /etc/nsm/"$SENSOR"/
        sed -i "s|threshold-file: threshold.conf|threshold-file: /etc/nsm/$SENSOR/threshold.c
onf|g" /etc/nsm/"$SENSOR"/suricata.yaml
        done

    FILE=/etc/pulledpork/pulledpork.conf
    if [ -f $FILE ]
    then
        sed -i 's|local_rules=/etc/nsm/rules/local.rules,/etc/nsm/rules/decoder-events.rules,
/etc/nsm/rules/stream-events.rules|local_rules=/etc/nsm/rules/local.rules,/etc/n
sm/rules/decoder-even
ts.rules,/etc/nsm/rules/stream-events.rules,/etc/nsm/rules/http-events.rules,/et
c/nsm/rules/smtp-even
ts.rules|g' $FILE
        sed -i 's|rule_url=http://rules.emergingthreats.net|rule_url=https://rules.emergingth
reatspro.com|g' $FILE
        sed -i 's|distro=FreeBSD-8.0|distro=Ubuntu-10-4|g' $FILE
        /usr/local/bin/pulledpork_update.sh
    fi

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 22 Jan 2012 at 5:37

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Copy link
Author

commented Mar 24, 2015

Published:
http://securityonion.blogspot.com/2012/01/security-onion-20120119-now-available.
html

Original comment by doug.bu...@gmail.com on 22 Jan 2012 at 5:38

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.