Update script (fw_upgrade)

/etc/init.d/fwupgrade

For those not so experienced, how do I change my cron job for updates to once a week?

Thanks!

CONTENTS DELETED

So if I understand correctly, going from:
26 03 * * * sh /sbin/fw_upgrade

to

26 03 /7 * * sh /sbin/fw_upgrade

will change me from an every day update, to a once a week update.

Thanks!

vpkirk wrote

So if I understand correctly, going from:
26 03 * * * sh /sbin/fw_upgrade

to

26 03 /7 * * sh /sbin/fw_upgrade

will change me from an every day update, to a once a week update.

Thanks!

https://wiki.openwrt.org/doc/howto/cron

26 03 /7 * * will do a run every 7th day at 03:26

Another way to do it is

26 03 * * 0 will do a run every sunday (day 0) at 03:26

I appreciate the clarification.  Thanks!

As of now, do not uncomment the emerging-trojan.rules. It's been causing snort to hang and not start and when I can get it started it reboots and have seen other errors. Still testing.

Thank you for the head's up!

Hi Hans

Made a few improvements to the scripts. The main one is that the snort rules are downloaded to ramdisk and now compared with the snort file on the Shield and only the additional rules are added to the snort rule file so saving writes, every 14 days a complete download of the snort rules are done so allow for deleted rules to be removed. If the Shield is restarted daily then it will check for this and download a complete new list, also ads and malicious ip's  are checked for duplicate ip's whilst in ramdisk before being written to disk.fw_upgrade.fw_upgrade


roadrunnere42

Awesome work! I will include it in the next hotfix update (BETA4)

The webfilter has also other options than the Malicious and the Ads. Should we put some effort in updating them all if people have them selected activated?

In /usr/lib/lua/luci/view/admin_status/index.htm I found how the various "updates" are reported:

....
		<tr><td width="33%"><%:IPS Last Updated%></td><td><%=luci.sys.exec("ls -alst /etc/snort/rules/snort.rules | cut -c52-58") or "?"%></td></tr>
		<tr><td width="33%"><%:Web Filter Last Updated%></td><td><%=luci.sys.exec("ls -alst /etc/itus/lists/ads | cut -c52-58") or "?"%></td></tr>
		<tr><td width="33%"><%:Shield Update Last Run%></td><td><%=luci.sys.exec("cat /.do_date | cut -c5-10") or "?"%></td></tr>
....

(I was looking for the rule that updates the Operating Mode in the same file but it seems to be fixed:

...
		<tr><td width="33%"><%:Operating Mode%></td><td>UTM Bridge</td></tr>
...

I agree, but do you know where the script or scripts are located?

(The webfilter has also other options than the Malicious and the Ads. Should we put some effort in updating them all if people have them selected activated? )

roadrunnere42

No i don't have that source of information yet.

Until we do solve it for all but Ads and Malicious, lets not give people false hopes.
I've updated the e2guardian.lua (if 1 == 2 then) so that it only shows the options that are supported by fw_upgrade script.



I will include this change in BETA4

Hans

Been playing with the fw_upgrade script gain It checks for new snort rules and also deletes new deleted snort rules, but im not sure if the command sed -i writes the whole file or just changes. I only want the changes so  as not to write whole file again, have you got any ideals?

echo "working on snort rules please wait... may take upto a minute"
        cat /mnt/ramdisk/*.rules > /mnt/ramdisk/alert.list
        sed -i 's/alert /drop /' /mnt/ramdisk/alert.list
        sed '/^\#/d' /mnt/ramdisk/alert.list >> /mnt/ramdisk/temp.rules
        sed '/^$/d' /mnt/ramdisk/temp.rules > /mnt/ramdisk/snort.rules

#grep -Fxvf  /etc/snort/rules/snort.rules /mnt/ramdisk/snort.rules >> /etc/snort/rules/snort.rules
#grep -Fxvf /mnt/ramdisk/snort.rules /etc/snort/rules/snort.rules >> /mnt/ramdisk/snortstage2.rules
#echo "Checking for deleted snort rules... may take some time"
#var1=wc -l /etc/snort/rules/snort.rules
#while read -r line || [[ -n "$line" ]]; do
#        sed -i '/$line/d' /etc/snort/rules/snort.rules
#     counter=$((counter+1))
#       echo $counter" rules  of "$var1
# done < /mnt/ramdisk/snortstage2.rules
#rm /mnt/ramdisk/snortstage2.rules
mv /mnt/ramdisk/snort.rules /etc/snort/rules/snort.rules


roadrunnere42

Roadrunnere42 wrote

Been playing with the fw_upgrade script gain It checks for new snort rules and also deletes new deleted snort rules, but im not sure if the command sed -i writes the whole file or just changes. I only want the changes so  as not to write whole file again, have you got any ideals?

Not sure, I was checking https://en.wikipedia.org/wiki/Sed#Mode_of_operation 

"
sed is a line-oriented text processing utility: it reads text, line by line, from an input stream or file, into an internal buffer called the pattern space. Each line read starts a cycle. To the pattern space, sed applies one or more operations which have been specified via a sed script. sed implements a programming language with about 25 commands that specify the operations on the text. For each input line, after running the script sed ordinarily outputs the pattern space (the line as modified by the script) and begins the cycle again with the next line.
...
"

This read to me as sed processes the entire file in pattern space, applies the changes and then commits the file back

Hans
just done a few additions to fw_upgrade script which now updates the drug list, only if selected in gui just like the ads and malicious rules, the site is http://www.shallalist.de/ and is free for non-commercial use. Their rules are update daily, on comparing the drug rule on the shield with their list, the shield had roughly 54000 odd rules and their site had 11300. So i joined the two together and  removed any duplicates all done in memory then write only the new rules back to the shield.

Will try this out for a bit to make sure is work smoothly.

fw_upgrade.fw_upgrade

roadrunnere42

user8446 wrote

As of now, do not uncomment the emerging-trojan.rules. It's been causing snort to hang and not start and when I can get it started it reboots and have seen other errors. Still testing.

Solution here: http://itus.accessinnov.com/Not-being-able-to-run-the-Trojan-rules-in-the-update-script-and-performance-increase-SOLUTION-td304.html

Hi, can you confirm this is correct Capture.PNG


Thanks

The first and second lines are correct.
The third one is not.

You may want to change the ntp (second line) from every 10 minutes (*/10 * ) to every day.

I have:

# weekly - upgrade IPS rules at 03:31 on Sunday
31 03 * * 0 sh /sbin/fw_upgrade
# daily - sync clock at midnight daily
0 0 * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart

Thanks Hans just confirming


 


I should remove      */10 * * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart


and on */10 *   it would go in the red circle in the photo ?


thanks for the help

OK, thank you.. made edit and forced update. All seems to be working.

I had one error that I needed to edit for the script run:

line 26 reads:
if [ "$(ls -A /mnt/ramdisk)" ];

I had to add a space after the "]" before the ";" for it to run. Now reads:
if [ "$(ls -A /mnt/ramdisk)" ] ;

This is a couple of times that i had to tweak the script to run on my system. I'm wondering if there's some switch turned on/off in my interpreter since no one else seems to have any issue with the syntax.