Created
March 27, 2025 17:17
-
-
Save da667/541a81db7c02ba971945c0fd5c647ee9 to your computer and use it in GitHub Desktop.
runs suricata-update, and provides ETOPEN rules to /opt/dalton/rulesets/suricata, and renames the .rules file to make it more descriptive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| #rule updater script | |
| #runs suricata-update, drops a rule file in | |
| #/opt/dalton/rulesets/suricata | |
| #Then renames the rule file to reflect | |
| #that it's the full ETOPEN ruleset, the date the | |
| #rules were updated, and that its suricata 7.0.3 | |
| #drop this file into /etc/cron.daily|weekly|monthly | |
| #as desired, and run chmod u+x rule-updater | |
| #or cron (or the systemd equivlent) won't run it. | |
| suricata-update --suricata-version 7.0.3 -f -o /opt/dalton/rulesets/suricata/ | |
| mv /opt/dalton/rulesets/suricata/suricata.rules /opt/dalton/rulesets/suricata/ETOPEN-`date +"%Y%m%d"`-all-Suricata-7.0.3.rules | |
| logger suricata rule update completed | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey folks, this is a small shell script that goes with my book suricata: an operator's guide that is a work in progress. Specifically, its an automation script for chapter 2, intended to provide new ETOPEN rules, by being dropped into /etc/cron.daily, /etc/cron.weekly, or /etc/cron.monthly as desired.
This script dumps a copy of the suricata 7.0.3 ETOPEN ruleset into a single .rules file in /opt/dalton/rulesets/suricata, then renames it to reflect its the ETOPEN ruleset, the day it was downloaded, and the version of suricata the syntax is based on. This script can also be called by /etc/crontab, or if you're using chrony, whatever methods it uses for executing scripts on a given interval.