Untangle UTM IPS Update Script
2/17/2010 09:30:00 AM
This script will generate an .sql file from emergingthreats.net ready for dumping to Untangle Postgres database. Although this script may not be needed as Untangle will auto-update itself, but for those who want to be cutting-edge, this script is for you. You will have to manually update the table by:
psql -e -f newrules.sql uvm postgres
Now for the script:
#! /bin/bash
# John Homer H Alvero
# Feb 13, 2010
# Change to working directory
cd /root/emergingthreats
RULEFILE='emerging-all.rules'
LIVE="t"
LOGGING="t"
/usr/bin/wget http://www.emergingthreats.net/version.txt
if [ "$?" -ne "0" ]; then
# failed download - abort run
exit
fi
exec < version.txt
read CURRENTVERSION
echo $CURRENTVERSION
exec < oldversion.txt
read OLDVERSION
echo $OLDVERSION
if [ ${CURRENTVERSION} -eq ${OLDVERSION} ]; then
echo "same release available - checking next for updates to exceptions"
rm -f version.txt*
else
echo "new version available"
rm -f $RULEFILE
/usr/bin/wget http://www.emergingthreats.net/rules/$RULEFILE
if [ "$?" -ne "0" ]; then
echo "failed retrieve of new files - exiting"
exit 3
fi
mv version.txt oldversion.txt
rm -f version.txt*
# Process file now
echo "delete from n_ips_rule where Category = 'EmergingThreat';">newrules.sql
RACK=( )
DATA=`psql -c "SELECT settings_id from n_ips_settings;" uvm postgres`
for d in $DATA
do
if [ -z "$(echo "$d" |\
sed 's/[0-9]//g;s/[0-9]//g;s/\.//' \
)" ] ; then
RACK=`echo " $RACK $d" `
fi
done
CUSTOMSID=50000
exec <$RULEFILE
while read RULES
do
CHAR1=`echo $RULES|awk '{print substr($0,1,1)}'`
WORD1=`echo $RULES|awk '{print $1}'`
if [ "$CHAR1" = "#" ]; then
DESCRIPTION=`echo $RULES|awk '{gsub(/\047/,"");print substr($0,1,60)}'`
elif [ "$WORD1" = "alert" ]; then
RULE=`echo -e $RULES|awk '{sub(/alert /,"");gsub(/\047/,"");print}'`
SID=`echo $RULES|awk '{FS=";";;print $(NF-1)}'|awk '{sub(/sid:/,"");sub(/;/,"");print $0}'`
NAME="Name"
CATEGORY="EmergingThreat"
ALERT="f"
SETTINGSID=$CURRENTVERSION
for r in $RACK
do
echo -e "INSERT INTO n_ips_rule (rule_id, rule, sid, name, category, description, live, alert, log, settings_id)" \
" VALUES ( $CUSTOMSID, \047$RULE\047, $SID , \047$NAME\047, \047$CATEGORY\047," \
" \047$DESCRIPTION\047, \047$LIVE\047, \047$ALERT\047, \047$LOGGING\047, \047" \
"$r\047);" >>newrules.sql
CUSTOMSID=$(($CUSTOMSID+1))
done
fi
done
fi
echo "Done generating SQL"
echo "Load SQL with psql -e -f newrules.sql uvm postgres"
Subscribe to:
Post Comments (Atom)
January 8, 2011 at 1:28 PM
The url of the emergeringthreat.net has been updated in your script. The script seems working fine for the first run. However, the number of rules are keeping at something like 11644 and it cannot be updated at Untangle even there are new rules.
I have tried /etc/init.d/untangle-vm force-reload with no hope.
Any idea?
Samiux