Update script (fw_upgrade)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
Locked 136 messages Options
12345 ... 7
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

user8446
Administrator
/etc/init.d/fwupgrade
Running the latest OpenWrt stable release
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

vpkirk
In reply to this post by hans2
For those not so experienced, how do I change my cron job for updates to once a week?

Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

hans2
This post was updated on .
In reply to this post by breda
CONTENTS DELETED
The author has deleted this message.
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

vpkirk
So if I understand correctly, going from:
26 03 * * * sh /sbin/fw_upgrade

to

26 03 /7 * * sh /sbin/fw_upgrade

will change me from an every day update, to a once a week update.

Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

hans2
vpkirk wrote
So if I understand correctly, going from:
26 03 * * * sh /sbin/fw_upgrade

to

26 03 /7 * * sh /sbin/fw_upgrade

will change me from an every day update, to a once a week update.

Thanks!
https://wiki.openwrt.org/doc/howto/cron

26 03 /7 * * will do a run every 7th day at 03:26

Another way to do it is

26 03 * * 0 will do a run every sunday (day 0) at 03:26
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

vpkirk
I appreciate the clarification.  Thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

user8446
Administrator
As of now, do not uncomment the emerging-trojan.rules. It's been causing snort to hang and not start and when I can get it started it reboots and have seen other errors. Still testing.
Running the latest OpenWrt stable release
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

Wisiwyg
Thank you for the head's up!
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

Roadrunnere42
In reply to this post by hans2
Hi Hans

Made a few improvements to the scripts. The main one is that the snort rules are downloaded to ramdisk and now compared with the snort file on the Shield and only the additional rules are added to the snort rule file so saving writes, every 14 days a complete download of the snort rules are done so allow for deleted rules to be removed. If the Shield is restarted daily then it will check for this and download a complete new list, also ads and malicious ip's  are checked for duplicate ip's whilst in ramdisk before being written to disk.fw_upgrade.fw_upgrade


roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

hans2
Awesome work! I will include it in the next hotfix update (BETA4)

The webfilter has also other options than the Malicious and the Ads. Should we put some effort in updating them all if people have them selected activated?

In /usr/lib/lua/luci/view/admin_status/index.htm I found how the various "updates" are reported:
....
		<tr><td width="33%"><%:IPS Last Updated%></td><td><%=luci.sys.exec("ls -alst /etc/snort/rules/snort.rules | cut -c52-58") or "?"%></td></tr>
		<tr><td width="33%"><%:Web Filter Last Updated%></td><td><%=luci.sys.exec("ls -alst /etc/itus/lists/ads | cut -c52-58") or "?"%></td></tr>
		<tr><td width="33%"><%:Shield Update Last Run%></td><td><%=luci.sys.exec("cat /.do_date | cut -c5-10") or "?"%></td></tr>
....

(I was looking for the rule that updates the Operating Mode in the same file but it seems to be fixed:
...
		<tr><td width="33%"><%:Operating Mode%></td><td>UTM Bridge</td></tr>
...
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

Roadrunnere42
I agree, but do you know where the script or scripts are located?

(The webfilter has also other options than the Malicious and the Ads. Should we put some effort in updating them all if people have them selected activated? )

roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

hans2
No i don't have that source of information yet.

Until we do solve it for all but Ads and Malicious, lets not give people false hopes.
I've updated the e2guardian.lua (if 1 == 2 then) so that it only shows the options that are supported by fw_upgrade script.



I will include this change in BETA4
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

Roadrunnere42
Hans

Been playing with the fw_upgrade script gain It checks for new snort rules and also deletes new deleted snort rules, but im not sure if the command sed -i writes the whole file or just changes. I only want the changes so  as not to write whole file again, have you got any ideals?

echo "working on snort rules please wait... may take upto a minute"
        cat /mnt/ramdisk/*.rules > /mnt/ramdisk/alert.list
        sed -i 's/alert /drop /' /mnt/ramdisk/alert.list
        sed '/^\#/d' /mnt/ramdisk/alert.list >> /mnt/ramdisk/temp.rules
        sed '/^$/d' /mnt/ramdisk/temp.rules > /mnt/ramdisk/snort.rules

#grep -Fxvf  /etc/snort/rules/snort.rules /mnt/ramdisk/snort.rules >> /etc/snort/rules/snort.rules
#grep -Fxvf /mnt/ramdisk/snort.rules /etc/snort/rules/snort.rules >> /mnt/ramdisk/snortstage2.rules
#echo "Checking for deleted snort rules... may take some time"
#var1=wc -l /etc/snort/rules/snort.rules
#while read -r line || [[ -n "$line" ]]; do
#        sed -i '/$line/d' /etc/snort/rules/snort.rules
#     counter=$((counter+1))
#       echo $counter" rules  of "$var1
# done < /mnt/ramdisk/snortstage2.rules
#rm /mnt/ramdisk/snortstage2.rules
mv /mnt/ramdisk/snort.rules /etc/snort/rules/snort.rules


roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

hans2
Roadrunnere42 wrote
Been playing with the fw_upgrade script gain It checks for new snort rules and also deletes new deleted snort rules, but im not sure if the command sed -i writes the whole file or just changes. I only want the changes so  as not to write whole file again, have you got any ideals?
Not sure, I was checking https://en.wikipedia.org/wiki/Sed#Mode_of_operation 

"
sed is a line-oriented text processing utility: it reads text, line by line, from an input stream or file, into an internal buffer called the pattern space. Each line read starts a cycle. To the pattern space, sed applies one or more operations which have been specified via a sed script. sed implements a programming language with about 25 commands that specify the operations on the text. For each input line, after running the script sed ordinarily outputs the pattern space (the line as modified by the script) and begins the cycle again with the next line.
...
"

This read to me as sed processes the entire file in pattern space, applies the changes and then commits the file back
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

Roadrunnere42
Hans
just done a few additions to fw_upgrade script which now updates the drug list, only if selected in gui just like the ads and malicious rules, the site is http://www.shallalist.de/ and is free for non-commercial use. Their rules are update daily, on comparing the drug rule on the shield with their list, the shield had roughly 54000 odd rules and their site had 11300. So i joined the two together and  removed any duplicates all done in memory then write only the new rules back to the shield.

Will try this out for a bit to make sure is work smoothly.

fw_upgrade.fw_upgrade

roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

user8446
Administrator
In reply to this post by user8446
user8446 wrote
As of now, do not uncomment the emerging-trojan.rules. It's been causing snort to hang and not start and when I can get it started it reboots and have seen other errors. Still testing.

Solution here: http://itus.accessinnov.com/Not-being-able-to-run-the-Trojan-rules-in-the-update-script-and-performance-increase-SOLUTION-td304.html
Running the latest OpenWrt stable release
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

breda
In reply to this post by hans2
Hi, can you confirm this is correct Capture.PNG


Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

hans2
The first and second lines are correct.
The third one is not.

You may want to change the ntp (second line) from every 10 minutes (*/10 * ) to every day.

I have:

# weekly - upgrade IPS rules at 03:31 on Sunday
31 03 * * 0 sh /sbin/fw_upgrade
# daily - sync clock at midnight daily
0 0 * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
Reply | Threaded
Open this post in threaded view
|

Re: Update script (fw_upgrade)

breda
Thanks Hans just confirming


 


I should remove      */10 * * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart


and on */10 *   it would go in the red circle in the photo ?


thanks for the help
Reply | Threaded
Open this post in threaded view
|

Re: Not being able to run the Trojan rules in the update script and performance increase SOLUTION

Wisiwyg
In reply to this post by hans2
OK, thank you.. made edit and forced update. All seems to be working.

I had one error that I needed to edit for the script run:

line 26 reads:
if [ "$(ls -A /mnt/ramdisk)" ];

I had to add a space after the "]" before the ";" for it to run. Now reads:
if [ "$(ls -A /mnt/ramdisk)" ] ;

This is a couple of times that i had to tweak the script to run on my system. I'm wondering if there's some switch turned on/off in my interpreter since no one else seems to have any issue with the syntax.
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
12345 ... 7