Blame view
CEPTD/docker/logstash/dist/setup-rules.sh
655 Bytes
0d8c0f816 initial commit |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
#!/bin/sh # Basic ruleset used by Suricata, provided by Emerging Threats etUrl="https://rules.emergingthreatspro.com/open/suricata-5.0/emerging.rules.tar.gz" # Set Capture Filters # https://suricata.readthedocs.io/en/latest/performance/ignoring-traffic.html#capture-filters-bpf # Check connection to Emerging Threats wget -q --spider https://rules.emergingthreatspro.com if [ $? -eq 0 ]; then wget ${etUrl} -O /tmp/rules.tar.gz 2>&1 > /dev/null tar xvfz /tmp/rules.tar.gz -C /etc/suricata/ 2>&1 > /dev/null sed -i s/^#alert/alert/ /etc/suricata/rules/*.rules 2>&1 > /dev/null else echo "No connection to ET, exiting..." exit 1 fi |