mirror of
https://github.com/unifi-utilities/unifios-utilities.git
synced 2024-08-30 18:32:21 +00:00
Suricata support
This commit is contained in:
parent
06e990b6db
commit
fd3f0b1a1d
@ -8,6 +8,8 @@ Pull Requests welcome! If you use this functionality to do new cool stuff to you
|
||||
|
||||
## General Tools
|
||||
|
||||
### suricata
|
||||
Run an updated version of suricata and apply custom rules that survive reboot
|
||||
### on-boot-script
|
||||
Do this first. Enables init.d style scripts to run on every boot of your UDM. Includes examples to run wpa-supplicant/eap-proxy and/or ntop-ng on startup. Follow this [readme](https://github.com/boostchicken/udm-utilities/blob/master/on-boot-script/README.md).
|
||||
**It enables complete customization of your UDM/P and fills the gap that config.gateway.json left behind.**
|
||||
|
19
suricata/README.md
Normal file
19
suricata/README.md
Normal file
@ -0,0 +1,19 @@
|
||||
# Run Suricata 5.0.3 with custom rules
|
||||
|
||||
## Features
|
||||
|
||||
1. Run a newer surifcated with custom rules
|
||||
2. Persists through reboots and firmware updates.
|
||||
|
||||
## Requirements
|
||||
|
||||
1. You have successfully setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
|
||||
|
||||
## Customization
|
||||
|
||||
* Put customs rules files in /mnt/data/suricata-rules
|
||||
|
||||
## Steps
|
||||
|
||||
1. Copy [25-suricata.sh](on_boot.d/25-suricata.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
||||
2. Execute /mnt/data/on_boot.d/25-suricata.sh
|
28
suricata/on_boot.d/25-suricata.sh
Normal file
28
suricata/on_boot.d/25-suricata.sh
Normal file
@ -0,0 +1,28 @@
|
||||
#!/bin/sh
|
||||
|
||||
APP_PID="/run/suricata.pid"
|
||||
|
||||
echo "#!/bin/sh
|
||||
CUSTOM_RULES=\"/mnt/data/suricata-rules\"
|
||||
|
||||
for file in \"\$CUSTOM_RULES\"/*.rules
|
||||
do
|
||||
if [ -f \"\$file\" ]; then
|
||||
cp \"\$file\" \"/run/ips/rules/\$(basename \"\$file\")\"
|
||||
echo \" - \$(basename \"\$file\")\" >> /run/ips/config/rules.yaml
|
||||
fi
|
||||
done
|
||||
CONTAINER=suricata
|
||||
if podman container exists \${CONTAINER}; then
|
||||
podman rm -f \${CONTAINER}
|
||||
fi
|
||||
podman run --network=host --privileged --name \${CONTAINER} --rm -it -v /run:/var/run/ -v /run:/run -v /usr/share/ubios-udapi-server/ips/:/usr/share/ubios-udapi-server/ips/ jasonish/suricata:5.0.3-arm64v8 /usr/bin/suricata \"\$@\"" > /tmp/suricata.sh
|
||||
|
||||
chmod +x /tmp/suricata.sh
|
||||
cp /usr/bin/suricata /tmp/suricata.backup # In case you want to move back without rebooting
|
||||
ln -f -s /tmp/suricata.sh /usr/bin/suricata
|
||||
|
||||
if [ ! -z "$APP_PID" ]; then
|
||||
killall -9 suricata
|
||||
rm -f APP_PID
|
||||
fi
|
1
suricata/rules/custom.example.rules
Normal file
1
suricata/rules/custom.example.rules
Normal file
@ -0,0 +1 @@
|
||||
# Put custom rules here, or in any file with a .rules extension
|
Loading…
Reference in New Issue
Block a user