Merge pull request #818 from trixam/suricata-updatescript

Update update.sh
2025-04-28 11:18:51 +00:00 · 2021-05-03 14:43:01 +02:00 · 2021-05-03 14:43:01 +02:00 · 12c4308b89
commit 12c4308b89
parent 334b98c01b bbf5d70d98
2 changed files with 19 additions and 0 deletions
--- a/docker/suricata/dist/update.sh
+++ b/docker/suricata/dist/update.sh
@ -40,3 +40,20 @@ if [ "$myCHECK" == "0" ];
  else
    echo "/etc/suricata/null.bpf"
 fi
+
+# Download rules via URL
+if [ "$FROMURL" != "" ] ; then
+    SAVEIFS=$IFS ; IFS='|'
+    for URL in $FROMURL; do
+        if [ $(curl -I --silent --output /dev/null --write-out "%{http_code}" "$URL") -eq 200 ] ; then
+           rm -rf /tmp/*
+           curl "$URL" -o /tmp/rules.tar.gz
+           tar -xvf /tmp/rules.tar.gz -C /tmp
+           suricata-update --local /tmp/rules --no-test
+           rm -rf /tmp/*
+        else
+          continue
+        fi
+    done
+    IFS=$SAVEIFS
+fi
--- a/etc/compose/sensor.yml
+++ b/etc/compose/sensor.yml
@ -498,6 +498,8 @@ services:
    environment:
    # For ET Pro ruleset replace "OPEN" with your OINKCODE
     - OINKCODE=OPEN
+    # Loading externel Rules from URL 
+    # - FROMURL="https://username:password@yoururl.com|https://username:password@otherurl.com"
    network_mode: "host"
    cap_add:
     - NET_ADMIN