################################################################################################
# File name  fw_upgrade                                                                        #
# Created by ITUS                                                                              #
# Original version from firmware 1.51 sp1                                                      #                                              
# VERSION NUMBER 1.51 -1.1                                                                     #
# Last Modified date 14th Feb 2016                                                             #
# Last Modified By Andy (roadrunnere42)                                                        #
# Changes - Hans added rules function calls into scripts                                       #
# Changes - roadrunnere42 added ramdisk and checks to see if files exist before removing       #
# Changes - roadrunnere42 rectified syntax error mentioned by Wisiwyg by adding a space.       #                  #											       #
#                                                                                              #
#                                                                                              #
# When changing the script please update WHAT YOU CHANGED OR ADDED, ADD 1 TO THE VERSION       #
# NUMBER AND DATE CHANGED.                                                                     #
# This will make it easied to time to come to identiy what your you have and who did what.     #
################################################################################################

update_snort_rules() {
# check to see if ramdisk is empty and it not remove all rules.
	
	if [ "$(ls -A /mnt/ramdisk)" ] ; then
     		rm -R /mnt/ramdisk/*.rules
	fi

	curl -ko /mnt/ramdisk/botcc.portgrouped.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-botcc.portgrouped.rules
	curl -ko /mnt/ramdisk/botcc.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-botcc.rules
	curl -ko /mnt/ramdisk/ciarmy.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-ciarmy.rules
	curl -ko /mnt/ramdisk/compromised.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-compromised.rules
	curl -ko /mnt/ramdisk/dshield.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-dshield.rules
	curl -ko /mnt/ramdisk/emerging-exploit.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-exploit.rules
	curl -ko /mnt/ramdisk/emerging-malware.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-malware.rules
	curl -ko /mnt/ramdisk/emerging-mobile_malware.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-mobile_malware.rules
	curl -ko /mnt/ramdisk/emerging-user_agents.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-user_agents.rules
	curl -ko /mnt/ramdisk/emerging-web_client.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-web_client.rules
	curl -ko /mnt/ramdisk/emerging-worm.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-worm.rules
	curl -ko /mnt/ramdisk/emerging-current_events.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-current_events.rules
#	curl -ko /mnt/ramdisk/emerging-trojan.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-trojan.rules
#	curl -ko /mnt/ramdisk/drop.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-drop.rules
#	curl -ko /mnt/ramdisk/emerging-web_specific_apps.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-web_specific_apps.rules
#	curl -ko /mnt/ramdisk/emerging-scan.rules https://rules.emergingthreats.net/open/snort-edge/rules/emerging-scan.rules

	echo "working on snort rules please wait may take upto a minute"
	cat /mnt/ramdisk/*.rules > /mnt/ramdisk/alert.list
	sed -i 's/alert /drop /' /mnt/ramdisk/alert.list
	sed '/^\#/d' /mnt/ramdisk/alert.list >> /mnt/ramdisk/temp.rules
	sed '/^$/d' /mnt/ramdisk/temp.rules > /mnt/ramdisk/snort.rules

	sed -i '/sid:2002802/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2019237/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2018194/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012251/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2100527/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2100649/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009080/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009205/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009206/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009207/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009208/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2008975/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010515/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2003099/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2101201/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2001689/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2011695/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2013359/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2013358/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2013357/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2013355/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2013354/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2013353/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2013360/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2100648/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009080/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2101390/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012086/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2100650/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2011803/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012510/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2001219/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2003068/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2002995/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2011347/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2102925/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012263/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012848/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2001046/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2003055/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2002993/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2002992/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2001353/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009205/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009206/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009207/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009208/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2001046/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2016950/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2019509/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2011507/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010514/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010516/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010518/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010520/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010522/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010525/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010527/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012056/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012075/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012119/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012205/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012272/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012398/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010931/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2011764/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2103088/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2103192/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2103134/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2101852/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2015526/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009151/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012997/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2101201/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2016672/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2000538/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2000540/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2011367/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012251/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2100528/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2007994/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2008066/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2012180/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2102925/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2100628/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010697/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2013479/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2001046/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2011803/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2009768/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2019490/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2011347/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2011037/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2103133/s/^/#/' /mnt/ramdisk/snort.rules 
	sed -i '/sid:2103132/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2017005/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2006445/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2003927/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2010908/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2014020/s/^/#/' /mnt/ramdisk/snort.rules
	sed -i '/sid:2017479/s/^/#/' /mnt/ramdisk/snort.rules
 
# if the alert.list file is present remove it, this justs frees up more space in memory
	if [ -f /mnt/ramdisk/alert.list ] ; then
  		rm /mnt/ramdisk/alert.list
	fi

# if the temp.rules file is present remove it, this justs frees up more space in memory
	if [ -f /mnt/ramdisk/temp.rules ] ; then
		rm /mnt/ramdisk/temp.rules
	fi

echo "#*************************************************************" >> snort.rules
echo "#" >> snort.rules
echo "#  Copyright (c) 2003-2016, Emerging Threats" >> snort.rules
echo "#  All rights reserved." >> snort.rules
echo "#  " >> snort.rules
echo "#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the " >> snort.rules
echo "#  following conditions are met:" >> snort.rules
echo "#  " >> snort.rules
echo "#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following " >> snort.rules
echo "#    disclaimer." >> snort.rules
echo "#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the " >> snort.rules
echo "#    following disclaimer in the documentation and/or other materials provided with the distribution." >> snort.rules
echo "#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived " >> snort.rules
echo "#    from this software without specific prior written permission." >> snort.rules
echo "#  " >> snort.rules
echo "#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES," >> snort.rules 
echo "#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE " >> snort.rules
echo "#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, " >> snort.rules
echo "#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR " >> snort.rules
echo "#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, " >> snort.rules
echo "#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE " >> snort.rules
echo "#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. " >> snort.rules
echo "#" >> snort.rules
echo "#*************************************************************" >> snort.rules

sleep 1
}

update_ads_rules() {
	
# if the ads.tmp file is present remove it, this justs frees up more space in memory
	if [ -f /mnt/ramdisk/ads.tmp ] ; then
	    	rm /mnt/ramdisk/ads.tmp
	fi

	#### Ads Updates ####
	curl -s -d mimetype=plaintext -d hostformat=unixhosts http://pgl.yoyo.org/adservers/serverlist.php? | sort >> /mnt/ramdisk/ads.tmp
	curl -s http://winhelp2002.mvps.org/hosts.txt | grep -v "#" | grep -v "127.0.0.1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | sed -e '1,3d' | sort >> /mnt/ramdisk/ads.tmp
	#curl -s http://someonewhocares.org/hosts/hosts | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> /mnt/ramdisk/ads.tmp
	curl -s http://sysctl.org/cameleon/hosts | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $3}' | grep -v '^\\' | grep -v '\\$' | sort >> /mnt/ramdisk/ads.tmp
	curl -s http://optimate.dl.sourceforge.net/project/adzhosts/HOSTS.txt  | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> /mnt/ramdisk/ads.tmp
	curl -s https://hosts.neocities.org/ -k | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> /mnt/ramdisk/ads.tmp

	sleep 1
	echo "working on ads rules please wait may take upto a minute"
	sed 's/^/address=\//g' -i /mnt/ramdisk/ads.tmp
	sed -e 's/$/\/10.10.10.11/' -i /mnt/ramdisk/ads.tmp
	sleep 1

	# activate ads update
	mv /mnt/ramdisk/ads.tmp /etc/itus/lists/ads
	sleep 1
	chmod 655 /etc/itus/lists/ads
}

update_malicious_rules() {

# if the malicious.tmp file is present remove it, this justs frees up more space in memory
	if [ -f /mnt/ramdisk/malicious.tmp ]; then
  	    	rm /mnt/ramdisk/malicious.tmp
	fi

	### Malware Updates ###
	curl -s http://www.malwaredomainlist.com/hostslist/hosts.txt | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $3}' | grep -v '^\\' | grep -v '\\$' | sort >> /mnt/ramdisk/malicious.tmp
	curl -s http://mirror1.malwaredomains.com/files/justdomains | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | sort >> /mnt/ramdisk/malicious.tmp
	curl -s https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt -k | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | sort >> /mnt/ramdisk/malicious.tmp	
	curl -s https://hosts.neocities.org/ -k | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> /mnt/ramdisk/malicious.tmp
	sleep 1
	echo "working on malicious rules please wait may take upto a minute"
	sed 's/^/address=\//g' -i /mnt/ramdisk/malicious.tmp
	sed -e 's/$/\/10.10.10.11/' -i /mnt/ramdisk/malicious.tmp
	sleep 1
	
	# activate malicious update
	mv /mnt/ramdisk/malicious.tmp /etc/itus/lists/malicious
	sleep 1
	chmod 655 /etc/itus/lists/malicious
	sleep 1
}

# check to see if there is a mount point in /mnt/ramdisk and if there is'nt it will creat one, this is used the first time you run this script on the shield to created the mount point.
	if [ ! -d "/mnt/ramdisk" ]; then
        	mkdir /mnt/ramdisk
        fi

# check to see of /mnt/ramdisk is mounted if not will create the ramdisk in memory.
	if mount | grep /mnt/ramdisk > /dev/null; then
    		echo "yes mounted"
	else
    		echo "creating ramdisk"
		mount -t tmpfs -o size=50000k tmpfs /mnt/ramdisk
	fi

# update snort rules
# To prevent the snort rules from updating put # in front (# update_snort_rules)
	update_snort_rules
	sleep 1

# update ads rules
# To prevent the ads rules from updating put # in front (# uupdate_ads_rules)
	update_ads_rules
	sleep 1

# update malicious sites rules
# To prevent the malicious rules from updating put # in front (# update_malicious_rules)
	update_malicious_rules	
	sleep 1

# restart DNSMASQ
	/etc/init.d/dnsmasq restart
	sleep 3

# restart SNORT
	mv /mnt/ramdisk/snort.rules /etc/snort/rules/snort.rules
	sleep 3
	/etc/init.d/snort restart
	sleep 2

# update last-update date
date > /.do_date

# umounts the ramdisk so freeing up memory.
umount /mnt/ramdisk

echo " please ignore the error with PID as these are normal"

exit 0