Skip to content
This repository has been archived by the owner. It is now read-only.

NSM package is missing the bro cron job #264

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 7 comments
Closed

NSM package is missing the bro cron job #264

GoogleCodeExporter opened this issue Mar 24, 2015 · 7 comments

Comments

@GoogleCodeExporter
Copy link

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

NSM scripts are missing the bro cron job

Original issue reported on code.google.com by doug.bu...@gmail.com on 9 May 2012 at 10:39

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Was included as of 20120114 (Issue 190), but somehow got dropped after that.

Need to double-check and make sure we're getting everything:
bin/fpm -s dir -t deb -n securityonion-nsmnow-admin-scripts -v 20120114 
/etc/init.d/nsm* /usr/share/nsmnow/ /usr/local/sbin/nsm* /usr/local/lib/nsmnow/ 
/etc/cron.d/sensor-* /etc/cron.d/nsm* /etc/cron.d/bro* 
/etc/init/securityonion.conf

Original comment by doug.bu...@gmail.com on 9 May 2012 at 10:39

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Original comment by doug.bu...@gmail.com on 9 May 2012 at 10:43

  • Changed title: NSM package is missing the bro cron job
  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Packaged as follows:
/usr/bin/fpm -s dir -t deb -n securityonion-nsmnow-admin-scripts -v 20120511 
/etc/init.d/nsm* /usr/share/nsmnow/ /usr/local/sbin/nsm* /usr/local/lib/nsmnow/ 
/etc/cron.d/sensor-* /etc/cron.d/nsm* /etc/cron.d/bro* 
/etc/init/securityonion.conf

Original comment by doug.bu...@gmail.com on 9 May 2012 at 12:53

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Added to security-onion-upgrade.sh:


sed -i 's| |=|g' $CONF
source $CONF
if [ "$VERSION" = "20120508" ]; then
        NEW="20120511"
        echo "**********************************************"   | $LOGGER
        echo "* Upgrading from $VERSION to $NEW."               | $LOGGER
        echo "**********************************************"   | $LOGGER
        DIR="/nsm/backup/$NEW"
        mkdir -p $DIR                                           | $LOGGER
        cd $DIR

    if pgrep httpry>/dev/null; then
        echo "* Stopping old httpry processes."     | $LOGGER
        nsm_sensor_ps-stop --only-httpry
        nsm_sensor_ps-stop --only-httpry-agent
        pkill -f httpry
        echo ""
    fi

        for FILE in securityonion-nsmnow-admin-scripts_20120511_i386.deb securityonion-http-agent_20120511_i386.deb securityonion-bro-security-onion_20120511_i386.deb; do
                echo -n "* Downloading $FILE..."                | $LOGGER
                wget -q http://sourceforge.net/projects/security-onion/files/$NEW/$FILE -O $FILE | $LOGGER
                if [ $? -eq 1 ]; then
                        echo "FAIL"     | $LOGGER
                        exit 1
                else
                        echo "OK"       | $LOGGER
                fi
        done

        echo -n "* Installing downloaded packages..." | $LOGGER
        dpkg -i *.deb                                           >> $LOG
        if [ $? -eq 1 ]; then
                echo "FAIL"     | $LOGGER
                exit 1
        else
                echo "OK"       | $LOGGER
        fi
    echo ""

    echo "* Updating Bro."         | $LOGGER
    echo "@load security-onion" >> /usr/local/share/bro/site/local.bro
    broctl install      | $LOGGER
    if pgrep -f broctl>/dev/null; then
        broctl restart  | $LOGGER
        sleep 5
        echo ""
    fi

    grep -v "^#" /etc/nsm/sensortab |awk '{print $1}' |while read SENSOR; do
        mv /etc/nsm/$SENSOR/httpry_agent.exclude /etc/nsm/$SENSOR/http_agent.exclude
        mv /etc/nsm/$SENSOR/httpry_agent.conf /etc/nsm/$SENSOR/http_agent.conf
        echo "# LOG_FORMAT" >> /etc/nsm/$SENSOR/http_agent.conf
        echo "# httpry or suricata or bro" >> /etc/nsm/$SENSOR/http_agent.conf
        echo "set LOG_FORMAT bro" >> /etc/nsm/$SENSOR/http_agent.conf
        nsm_sensor_ps-start --sensor-name=$SENSOR --only-http-agent | $LOGGER
    done

        sed -i "s|VERSION=$VERSION|VERSION=$NEW|g" $CONF        | $LOGGER
        echo "* Upgrade to $NEW complete."                      | $LOGGER
        echo 
fi

Original comment by doug.bu...@gmail.com on 10 May 2012 at 12:20

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Tested by:
Scott Runnels
Tom De Vries
David Zawdie

Original comment by doug.bu...@gmail.com on 10 May 2012 at 12:22

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Published:
http://securityonion.blogspot.com/2012/05/security-onion-20120511-now-available.
html

Original comment by doug.bu...@gmail.com on 10 May 2012 at 12:22

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Original comment by doug.bu...@gmail.com on 10 May 2012 at 12:23

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant