Files

 master

/

download-ecrimelabs

Copy path

Blame

Blame

Latest commit

 

History

History

43 lines (39 loc) · 1.37 KB

 master

/

download-ecrimelabs

Top

File metadata and controls

• Code
• Blame

43 lines (39 loc) · 1.37 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

#!/bin/bash

source /etc/ecrimelabs/ecrimelabscfg

for i in ${BROKER} ${APIKEY} ${RULE_PATH_INCIDENT} ${RULE_PATH_FEED} ${FEED_AGE} ${FEED_TYPE}; do

if [ $i == "" ]; then

echo "${i} is null!"

exit 0

fi

done

ENGINE=`grep ENGINE /etc/nsm/securityonion.conf | cut -d= -f2`

# if NIDS_RULES enabled, then get NIDS rules

if [[ $NIDS_RULES == "yes" ]];then

# get NIDS rules

wget -q ${BROKER}/apiv1/incident/${ENGINE}/${FEED_AGE}/${APIKEY}/txt -O ${RULE_PATH_INCIDENT}

wget -q ${BROKER}/apiv1/${FEED_TYPE}/${ENGINE}/${FEED_AGE}/${APIKEY}/txt -O ${RULE_PATH_FEED}

# Set correct perms

chown sguil:sguil ${RULE_PATH_INCIDENT}

chmod 644 ${RULE_PATH_INCIDENT}

chown sguil:sguil ${RULE_PATH_FEED}

chmod 644 ${RULE_PATH_FEED}

else

:

fi

# if Bro Intel enabled, then get Bro Intel

if [[ $INTEL == "yes" ]];then

wget -q ${BROKER}/feed/bro/${APIKEY} -O $INTEL_PATH

LOAD_BRO="/opt/bro/share/bro/intel/__load__.bro"

if grep -q ecrimelabs $LOAD_BRO; then

# Already appended to list of intel files

echo "Already configured!"

:

else

# Add eCrimeLabs-intel to list of intel files

sed -i 's#.*"/opt/bro/share/bro/intel/intel.dat"# "/opt/bro/share/bro/intel/intel.dat",#' $LOAD_BRO

sed -i '/.*intel.dat",/a \ \ \ \ \ \ \ \ "\/opt\/bro\/share\/bro\/intel\/ecrimelabs-intel.dat\"' $LOAD_BRO

fi

nsm_sensor_ps-restart --only-bro

else

:

fi