snort3 updater script

updater

#!/bin/bash
#updater.sh - Weekly update script
#checks for updates, downloads them, then reboots the system.
#place this script in /etc/cron.weekly, ensure it is owned by root (chown root:root /etc/cron.weekly/updater)
#ensure the script has execute permissions (chmod 700 /etc/cron.weekly/updater)
#if you want updates to run once daily or monthly, you could also place this script into cron.daily, or cron.weekly.
#alternatively, edit /etc/crontab to create a crontab entry.

export DEBIAN_FRONTEND=noninteractive
apt-get -q update
apt-get -y -q dist-upgrade
python3 /usr/local/etc/snort/pulledpork3/pulledpork.py -c /usr/local/etc/snort/pulledpork3/etc/pulledpork.conf -i -vv
logger updater cron job ran successfully. rebooting system
init 6
exit 0

Hey folks, this is a pretty basic shell script for my guide on creating a snort3 IDS sensor on debian-based derivatives. It runs apt-get update, dist-upgrade, then pulledpork 3 for not snort rules, then reboots the system. Drop this into /etc/cron.[hourly|daily|weekly|monthly|yearly] to have this script run on whatever regular basis you prefer.

I recommend no more frequently than daily, because snort/AWS do not look kindly on those who hammer their website for rule updates. The recommendation is to drop this script into /etc/cron.weekly. Additonally, do not add the .sh file extension to this file. In the past, adding the .sh extension lead to the script not running. Might have been PEBKAC, but I don't know.

After dropping the script into the right /etc/cron.[time interval] directory that suits your needs, run chmod 700 /etc/cron.[time interval]/updater to provide the script execute permissions so that cron can actually run it.