From dceaa984c9639badf350dc9cfedd0620f1f7d6a8 Mon Sep 17 00:00:00 2001 From: trixam Date: Wed, 21 Apr 2021 12:44:36 +0200 Subject: [PATCH 1/4] Update update.sh Download rules via URL --- docker/suricata/dist/update.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/docker/suricata/dist/update.sh b/docker/suricata/dist/update.sh index c9ca30ad..d0779cd5 100755 --- a/docker/suricata/dist/update.sh +++ b/docker/suricata/dist/update.sh @@ -40,3 +40,20 @@ if [ "$myCHECK" == "0" ]; else echo "/etc/suricata/null.bpf" fi + +# Download rules via URL +if [ "$FROMURL" != "" ] ; then + SAVEIFS=$IFS ; IFS='|' + for URL in $FROMURL; do + if [ $(curl -I --silent --output /dev/null --write-out "%{http_code}" $URL) -eq 200 ] ; then + rm -rf /tmp/* + curl "$URL" -o /tmp/rules.tar.gz + tar -xvf /tmp/rules.tar.gz -C /tmp + suricata-update --local /tmp/rules --no-test + rm -rf /tmp/* + else + continue + fi + done + IFS=$SAVEIFS +fi From 460214f8480981d80cfaf3da712504df5b2e14b6 Mon Sep 17 00:00:00 2001 From: trixam Date: Mon, 3 May 2021 14:37:52 +0200 Subject: [PATCH 2/4] Update sensor.yml --- etc/compose/sensor.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/compose/sensor.yml b/etc/compose/sensor.yml index c7317a72..366fa0f7 100644 --- a/etc/compose/sensor.yml +++ b/etc/compose/sensor.yml @@ -498,6 +498,8 @@ services: environment: # For ET Pro ruleset replace "OPEN" with your OINKCODE - OINKCODE=OPEN + # Loading externel Rules from URL + # - FORMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" network_mode: "host" cap_add: - NET_ADMIN From 60e57bce526e663171f412a1cfdd305a15a5bede Mon Sep 17 00:00:00 2001 From: trixam Date: Mon, 3 May 2021 14:40:08 +0200 Subject: [PATCH 3/4] Update update.sh Adding quotation marks for $URL --- docker/suricata/dist/update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/suricata/dist/update.sh b/docker/suricata/dist/update.sh index d0779cd5..76c5de55 100755 --- a/docker/suricata/dist/update.sh +++ b/docker/suricata/dist/update.sh @@ -45,7 +45,7 @@ fi if [ "$FROMURL" != "" ] ; then SAVEIFS=$IFS ; IFS='|' for URL in $FROMURL; do - if [ $(curl -I --silent --output /dev/null --write-out "%{http_code}" $URL) -eq 200 ] ; then + if [ $(curl -I --silent --output /dev/null --write-out "%{http_code}" "$URL") -eq 200 ] ; then rm -rf /tmp/* curl "$URL" -o /tmp/rules.tar.gz tar -xvf /tmp/rules.tar.gz -C /tmp From bbf5d70d98ad77020a538181a7c62d6109b1045d Mon Sep 17 00:00:00 2001 From: trixam Date: Mon, 3 May 2021 14:42:39 +0200 Subject: [PATCH 4/4] Update sensor.yml --- etc/compose/sensor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/compose/sensor.yml b/etc/compose/sensor.yml index 366fa0f7..14d7f70a 100644 --- a/etc/compose/sensor.yml +++ b/etc/compose/sensor.yml @@ -499,7 +499,7 @@ services: # For ET Pro ruleset replace "OPEN" with your OINKCODE - OINKCODE=OPEN # Loading externel Rules from URL - # - FORMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" + # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com" network_mode: "host" cap_add: - NET_ADMIN