Mirrored_Repos/unifios-utilities
1
0
Fork 0
mirror of https://github.com/unifi-utilities/unifios-utilities.git synced 2024-08-30 18:32:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Suricata Boot Script Maintainability Update (#52)

Browse Source 
Moved from an inline escaping style to shell redirection with parameter
expansion turned off.

Also now supports any directory with *.rules files in /mnt/data/suricata-rules/
to support easier handling of expansion from bundled tar/zip files.
This commit is contained in:
Harry Manley 2020-09-29 21:24:33 -07:00 committed by GitHub
parent 715a4924cc
commit d08b5224c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
suricata/on_boot.d/25-suricata.sh
View File

@ -2,21 +2,30 @@
APP_PID="/run/suricata.pid"
echo "#!/bin/sh
CUSTOM_RULES=\"/mnt/data/suricata-rules\"
cat <<"EOF" > /tmp/suricata.sh
#!/bin/sh
CUSTOM_RULES="/mnt/data/suricata-rules"
for file in \"\$CUSTOM_RULES\"/*.rules
for file in $(find ${CUSTOM_RULES} -name '*.rules' -print)
do
if [ -f \"\$file\" ]; then
cp \"\$file\" \"/run/ips/rules/\$(basename \"\$file\")\"
echo \" - \$(basename \"\$file\")\" >> /run/ips/config/rules.yaml
if [ -f "${file}" ]; then
bname=$(basename ${file})
cp "${file}" "/run/ips/rules/${bname}"
# Check if the existing filename is already in the rules.yaml based upon a previous update
grep -wq "${bname}" /run/ips/config/rules.yaml
# Don't add twice if it is in the file already
if [ $? -ne 0 ]; then
echo " - ${bname}" >> /run/ips/config/rules.yaml
fi
fi
done
CONTAINER=suricata
if podman container exists \${CONTAINER}; then
podman rm -f \${CONTAINER}
if podman container exists ${CONTAINER}; then
podman rm -f ${CONTAINER}
fi
podman run --network=host --privileged --name \${CONTAINER} --rm -it -v /run:/var/run/ -v /run:/run -v /usr/share/ubios-udapi-server/ips/:/usr/share/ubios-udapi-server/ips/ jasonish/suricata:5.0.3-arm64v8 /usr/bin/suricata \"\$@\"" > /tmp/suricata.sh
podman run --network=host --privileged --name ${CONTAINER} --rm -it -v /run:/var/run/ -v /run:/run -v /usr/share/ubios-udapi-server/ips/:/usr/share/ubios-udapi-server/ips/ jasonish/suricata:5.0.3-arm64v8 /usr/bin/suricata "$@"
EOF
chmod +x /tmp/suricata.sh
cp /usr/bin/suricata /tmp/suricata.backup # In case you want to move back without rebooting
@ -25,4 +34,4 @@ ln -f -s /tmp/suricata.sh /usr/bin/suricata
if [ ! -z "$APP_PID" ]; then
killall -9 suricata
rm -f APP_PID
fi
fi