tpotce/docker/suricata/dist/update.sh

#!/bin/ash

# Let's ensure normal operation on exit or if interrupted ...
function fuCLEANUP {
  exit 0
}
trap fuCLEANUP EXIT

### Vars
myOINKCODE="$1"

# Check internet availability 
function fuCHECKINET () {
mySITES=$1
error=0
for i in $mySITES;
  do
    curl --connect-timeout 5 -Is $i 2>&1 > /dev/null
      if [ $? -ne 0 ];
        then
	  let error+=1
      fi;
  done;
  echo $error
}

# Check for connectivity and download rules
myCHECK=$(fuCHECKINET "rules.emergingthreatspro.com rules.emergingthreats.net")
if [ "$myCHECK" == "0" ];
  then
    if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" != "OPEN" ];
      then
        suricata-update -q enable-source et/pro secret-code=$myOINKCODE > /dev/null
      else
        # suricata-update uses et/open ruleset by default if not configured
        rm -f /var/lib/suricata/update/sources/et-pro.yaml 2>&1 > /dev/null
    fi
    suricata-update -q --no-test --no-reload > /dev/null
    echo "/etc/suricata/capture-filter.bpf"
  else
    echo "/etc/suricata/null.bpf"
fi

# Download rules via URL
if [ "$FROMURL" != "" ] ; then
    SAVEIFS=$IFS ; IFS='|'
    for URL in $FROMURL; do
        if [ $(curl -I --silent --output /dev/null --write-out "%{http_code}" "$URL") -eq 200 ] ; then
           rm -rf /tmp/*
           curl "$URL" -o /tmp/rules.tar.gz
           tar -xvf /tmp/rules.tar.gz -C /tmp
           suricata-update --local /tmp/rules --no-test
           rm -rf /tmp/*
        else
          continue
        fi
    done
    IFS=$SAVEIFS
fi
tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`#!/bin/ash`
include docker repos ... skip emobility since it is a dev repo 2017-10-13 18:58:14 +00:00
			`# Let's ensure normal operation on exit or if interrupted ...`
			`function fuCLEANUP {`
			`exit 0`
			`}`
			`trap fuCLEANUP EXIT`

update logrotating, cleanup.sh, add Suricata ET Pro support, tweaking 2018-03-30 16:41:46 +00:00			`### Vars`
			`myOINKCODE="$1"`

tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`# Check internet availability`
			`function fuCHECKINET () {`
			`mySITES=$1`
			`error=0`
			`for i in $mySITES;`
			`do`
			`curl --connect-timeout 5 -Is $i 2>&1 > /dev/null`
			`if [ $? -ne 0 ];`
			`then`
			`let error+=1`
			`fi;`
			`done;`
			`echo $error`
			`}`
update logrotating, cleanup.sh, add Suricata ET Pro support, tweaking 2018-03-30 16:41:46 +00:00
tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`# Check for connectivity and download rules`
			`myCHECK=$(fuCHECKINET "rules.emergingthreatspro.com rules.emergingthreats.net")`
			`if [ "$myCHECK" == "0" ];`
			`then`
Suricata: use suricata-update for rule management As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload. 2020-11-26 17:10:16 +00:00			`if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" != "OPEN" ];`
			`then`
			`suricata-update -q enable-source et/pro secret-code=$myOINKCODE > /dev/null`
			`else`
			`# suricata-update uses et/open ruleset by default if not configured`
			`rm -f /var/lib/suricata/update/sources/et-pro.yaml 2>&1 > /dev/null`
			`fi`
			`suricata-update -q --no-test --no-reload > /dev/null`
tweaking fix condition when no internet connection is available check internet connection before download of rules and avoid errors check internet connection before setting up capture filters (with FQDNs, resulted in endless restart of suricata) and unset capture filters if no internet connection is available 2018-05-23 13:02:19 +00:00			`echo "/etc/suricata/capture-filter.bpf"`
			`else`
			`echo "/etc/suricata/null.bpf"`
			`fi`
Update update.sh Download rules via URL 2021-04-21 10:44:36 +00:00
			`# Download rules via URL`
			`if [ "$FROMURL" != "" ] ; then`
			`SAVEIFS=$IFS ; IFS='\|'`
			`for URL in $FROMURL; do`
Update update.sh Adding quotation marks for $URL 2021-05-03 12:40:08 +00:00			`if [ $(curl -I --silent --output /dev/null --write-out "%{http_code}" "$URL") -eq 200 ] ; then`
Update update.sh Download rules via URL 2021-04-21 10:44:36 +00:00			`rm -rf /tmp/*`
			`curl "$URL" -o /tmp/rules.tar.gz`
			`tar -xvf /tmp/rules.tar.gz -C /tmp`
			`suricata-update --local /tmp/rules --no-test`
			`rm -rf /tmp/*`
			`else`
			`continue`
			`fi`
			`done`
			`IFS=$SAVEIFS`
			`fi`