Un petit script per actualitzar online les regles del Suricata IDS
#/bin/bash
#GPLv2 SURICATA UPDATE EMERGING THREATS RULE SCRIPT
# /etc/suricata/suricata.yaml -> detect_engine: - rule-reload: true (line 339)
SURICATA_PID=`pidof suricata`
SURICATA_DIR=/etc/suricata/
URL=http://rules.emergingthreats.net/open/suricata-1.3
FILE=$URL/emerging.rules.tar.gz
MD5FILE=$FILE.md5
TMPDIR=/tmp
TMPTAR=$TMPDIR/emerging.rules.tar.gz
TMPMD5=$TMPTAR.md5
wget -q $FILE -O $TMPTAR
wget -q $MD5FILE -O $TMPMD5
MD5=`cat $TMPTAR |md5sum|cut -f 1 -d ' ' `
MD5c=`cat $TMPMD5`
if [ "$MD5" == "$MD5c" ]; then
tar -zxf $TMPTAR -C $SURICATA_DIR
else
echo "error"
exit 1
fi
kill -s 12 $SURICATA_PID