mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-29 03:38:51 +00:00
87a27e4f2b
As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload.
42 lines
1,023 B
Bash
Executable file
42 lines
1,023 B
Bash
Executable file
#!/bin/ash
|
|
|
|
# Let's ensure normal operation on exit or if interrupted ...
|
|
function fuCLEANUP {
|
|
exit 0
|
|
}
|
|
trap fuCLEANUP EXIT
|
|
|
|
### Vars
|
|
myOINKCODE="$1"
|
|
|
|
# Check internet availability
|
|
function fuCHECKINET () {
|
|
mySITES=$1
|
|
error=0
|
|
for i in $mySITES;
|
|
do
|
|
curl --connect-timeout 5 -Is $i 2>&1 > /dev/null
|
|
if [ $? -ne 0 ];
|
|
then
|
|
let error+=1
|
|
fi;
|
|
done;
|
|
echo $error
|
|
}
|
|
|
|
# Check for connectivity and download rules
|
|
myCHECK=$(fuCHECKINET "rules.emergingthreatspro.com rules.emergingthreats.net")
|
|
if [ "$myCHECK" == "0" ];
|
|
then
|
|
if [ "$myOINKCODE" != "" ] && [ "$myOINKCODE" != "OPEN" ];
|
|
then
|
|
suricata-update -q enable-source et/pro secret-code=$myOINKCODE > /dev/null
|
|
else
|
|
# suricata-update uses et/open ruleset by default if not configured
|
|
rm -f /var/lib/suricata/update/sources/et-pro.yaml 2>&1 > /dev/null
|
|
fi
|
|
suricata-update -q --no-test --no-reload > /dev/null
|
|
echo "/etc/suricata/capture-filter.bpf"
|
|
else
|
|
echo "/etc/suricata/null.bpf"
|
|
fi
|