fw_upgrade version 7 now checks for duplicate rules

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

fw_upgrade version 7 now checks for duplicate rules

Roadrunnere42
Hi
Here's version 7 of fw_upgrade script

This fixes the problem when there are two rules the same which inturn stops snort from loading, also i have remove the drug rules as the site they get pulled from is up and down more times than a yoyo and can stall the script.


roadrunnere42fw_upgrade.fw_upgrade
Reply | Threaded
Open this post in threaded view
|

Re: fw_upgrade version 7 now checks for duplicate rules

user8446
Administrator
Thanks for putting in the time!
I tested and here are some notes:


1. I noticed it d/l ad's & malicious lists & restarted dnsmasq even though I have webfiltering off
2. Snort didn't restart
3. It looks like the compare is out of the script. This is a good idea because rules are modified often, not just added and deleted
4. Checking for duplicates is a great error checking idea as snort will fail to start with a duplicate rule
5. Current events rules are commented out in this version only

Hope this helps!
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: fw_upgrade version 7.1

Roadrunnere42
well spotted user8446 my mistake had them commented out for testing and completely forgot.fw_upgrade.fw_upgrade

roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: fw_upgrade version 7.1

Hans
Administrator
Hi Roadrunner

when you update the script, can you also update the start post? This way the start post always shows the latest version of the script.

thanks for the awesome work
Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
Reply | Threaded
Open this post in threaded view
|

Re: fw_upgrade version 7.1

Roadrunnere42
Hi Hans

I can't seem to find the original post where you posted about keeping the fw_upgrade, that why i suggested put a section in for only fw_upgrade and hotfix updates.


roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: fw_upgrade version 7.1

Hans
Administrator
http://itus.accessinnov.com/Update-script-fw-upgrade-td43.html

I have updated it to 7.1 - it is in the Technical discussion section too.

Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
CWS
Reply | Threaded
Open this post in threaded view
|

Re: fw_upgrade version 7.1

CWS
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: fw_upgrade version 7.1

Hans
Administrator
Hmm

something went wrong when downloading the script.

In Notepad++ you can display special characters, it showed "CR LF" and this was the previous version.
I've updated the script and now it shows "LF"



this is a language conversion mistake (UTF-8). Now it is working fine:

root@Shield:/tmp# sh /sbin/fw_upgrade71
Creating Ramdisk
System has not been restarted
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 27173  100 27173    0     0  67205      0 --:--:-- --:--:-- --:--:-- 73839
....
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  879k  100  879k    0     0   984k      0 --:--:-- --:--:-- --:--:--  986k
working on snort rules please wait... may take upto a minute
It's been  1 days since last full update, will automatically do full update when it's been 14 days
Updating ADS rules
starting Downloading Rules
working on ads rules, this is sorting and deleting duplicate rules please wait..... may take upto 2 minutes
36406 /mnt/ramdisk/ads.tmp
23927 /mnt/ramdisk/ads.tmp
Updating MALICIOUS rules
working on malicious rules this is sorting and deleting duplicate rules please wait..... may take upto 2 minutes
24519 /mnt/ramdisk/malicious.tmp
21633 /mnt/ramdisk/malicious.tmp
Restarting DNSMASQ service
yes mounted
sed: /mnt/ramdisk/ads: No such file or directory
sed: /mnt/ramdisk/malicious: No such file or directory
Updated redirect ip address: 192.168.10.112: update_blacklist
cat: can't open '/mnt/ramdisk/ads': No such file or directory
cat: can't open '/mnt/ramdisk/malicious': No such file or directory
 Please ignore the error with PID as these are normal

Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes