Skip to content
This repository has been archived by the owner on Apr 19, 2021. It is now read-only.

Commit

Permalink
Setup: rename VRT to Talos #1000
Browse files Browse the repository at this point in the history
  • Loading branch information
@weslambert
weslambert committed Nov 10, 2016
1 parent df7b0d2 commit c3584ec
Showing 1 changed file with 24 additions and 24 deletions.
48 changes: 24 additions & 24 deletions bin/sosetup
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ LOG=`mktemp /tmp/sosetup.log.XXXXXXXXXX`
PP_CONF="/etc/nsm/pulledpork/pulledpork.conf"
# URLs
ET_URL="rules.emergingthreats.net"
VRT_URL="www.snort.org"
TALOS_URL="www.snort.org"
# Provide sensible defaults for Quick Setup
SGUIL_SERVER_NAME="securityonion"
IDS_ENGINE="snort"
Expand Down Expand Up @@ -209,7 +209,7 @@ as it gives you more control over the details of your system\n\
and allows you to build a distributed sensor network. You choose:\n\
- Sguil server, Sguil sensor, or both\n\
- which IDS engine to use (Snort or Suricata)\n\
- which IDS ruleset(s) to use (Emerging Threats, Snort VRT, or both)\n\
- which IDS ruleset(s) to use (Emerging Threats, Snort Subscriber (Talos), or both)\n\
- how many processes to run for Snort/Suricata/Bro"
SETUP=""
SETUP=`zenity --list --radiolist \
Expand Down Expand Up @@ -547,8 +547,8 @@ if [ $ADVANCED_SETUP -eq 1 ] && [ $SERVER -eq 1 ]; then
IDS_RULESET=`zenity --width=600 --height=300 --list --radiolist --column="1" --column="Ruleset" --column="Ruleset" --column="Oinkcode required?" --hide-header --hide-column="2" --text="$TEXT" --title="$TITLE" \
TRUE "ETOPEN" "Emerging Threats Open" "no oinkcode required" \
FALSE "ETPRO" "Emerging Threats PRO" "requires ETPRO oinkcode" \
FALSE "VRTET" "Snort VRT ruleset and Emerging Threats NoGPL ruleset" "requires Snort VRT oinkcode" \
FALSE "VRT" "Snort VRT ruleset only and set a VRT policy" "requires Snort VRT oinkcode" `
FALSE "TALOSET" "Snort Subscriber (Talos) ruleset and Emerging Threats NoGPL ruleset" "requires Snort Subscriber oinkcode" \
FALSE "TALOS" "Snort Subscriber (Talos) ruleset only and set a Snort Subscriber policy" "requires Snort Subscriber oinkcode" `

case $IDS_RULESET in
ETOPEN)
Expand All @@ -562,24 +562,24 @@ if [ $ADVANCED_SETUP -eq 1 ] && [ $SERVER -eq 1 ]; then
[ $DEBUG -eq 1 ] && echo "DEBUG: Entered ETPRO oinkcode $OINKCODE"
IDS_RULESET_ACTION="- Download ETPRO ruleset using oinkcode $OINKCODE.\n"
;;
VRT)
[ $DEBUG -eq 1 ] && echo "DEBUG: Selecting Snort VRT ruleset only and setting a VRT policy."
TEXT="Please enter your Snort VRT oinkcode.\n\nIf you don't already have one, you can obtain one from http://www.snort.org/."
TALOS)
[ $DEBUG -eq 1 ] && echo "DEBUG: Selecting Snort Subscriber (Talos) ruleset only and setting a Snort Subscriber policy."
TEXT="Please enter your Snort Subscriber (Talos) oinkcode.\n\nIf you don't already have one, you can obtain one from http://www.snort.org/."
OINKCODE=`zenity --title "$TITLE" --entry --text="$TEXT"`
[ $DEBUG -eq 1 ] && echo "DEBUG: Entered Snort VRT oinkcode $OINKCODE"
VRT_POLICY=`zenity --list --radiolist --hide-header --column="1" --column="2" --text="Please choose a VRT policy." --title "$TITLE" \
[ $DEBUG -eq 1 ] && echo "DEBUG: Entered Snort Subscriber (Talos) oinkcode $OINKCODE"
TALOS_POLICY=`zenity --list --radiolist --hide-header --column="1" --column="2" --text="Please choose a Snort Subscriber (Talos) policy." --title "$TITLE" \
FALSE "connectivity" \
FALSE "balanced" \
FALSE "security" `
[ $DEBUG -eq 1 ] && echo "DEBUG: Selected Snort VRT policy $VRT_POLICY"
IDS_RULESET_ACTION="- Download the Snort VRT ruleset using oinkcode $OINKCODE.\n- Set VRT policy to $VRT_POLICY.\n"
[ $DEBUG -eq 1 ] && echo "DEBUG: Selected Snort Subscriber (Talos) policy $TALOS_POLICY"
IDS_RULESET_ACTION="- Download the Snort Subscriber (Talos) ruleset using oinkcode $OINKCODE.\n- Set Snort Subscriber (Talos) policy to $TALOS_POLICY.\n"
;;
VRTET)
[ $DEBUG -eq 1 ] && echo "DEBUG: Selecting Snort VRT and Emerging Threats NoGPL ruleset."
TEXT="Please enter your Snort VRT oinkcode.\n\nIf you don't already have one, you can obtain one from http://www.snort.org/."
TALOSET)
[ $DEBUG -eq 1 ] && echo "DEBUG: Selecting Snort Subscriber (Talos) and Emerging Threats NoGPL ruleset."
TEXT="Please enter your Snort Subscriber (Talos) oinkcode.\n\nIf you don't already have one, you can obtain one from http://www.snort.org/."
OINKCODE=`zenity --entry --title "$TITLE" --text="$TEXT"`
[ $DEBUG -eq 1 ] && echo "DEBUG: Entered Snort VRT oinkcode $OINKCODE"
IDS_RULESET_ACTION="- Download the Snort VRT ruleset using oinkcode $OINKCODE.\n- Download the Emerging Threats NoGPL ruleset.\n"
[ $DEBUG -eq 1 ] && echo "DEBUG: Entered Snort Subscriber (Talos) oinkcode $OINKCODE"
IDS_RULESET_ACTION="- Download the Snort Subscriber (Talos) ruleset using oinkcode $OINKCODE.\n- Download the Emerging Threats NoGPL ruleset.\n"
;;
*)
[ $? = 1 ] && [ $DEBUG -eq 1 ] && echo "DEBUG: Clicked Cancel. Exiting." && exit 1
Expand Down Expand Up @@ -1631,29 +1631,29 @@ if [ "$SERVERNAME" = "localhost" ]; then
# Test Internet access
curl -s $ET_URL >/dev/null 2>&1 && INTERNET="UP"
;;
VRT)
echo "Configuring for Snort VRT ruleset only and setting a VRT policy." >> $LOG 2>&1
TALOS)
echo "Configuring for Snort Subscriber (Talos) ruleset only and setting a Snort Subscriber policy." >> $LOG 2>&1
# Disable ET.
sed -i 's\rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open\#rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open\g' $PP_CONF >> $LOG 2>&1
# Enable Snort.
sed -i "s\#rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>\rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|$OINKCODE\g" $PP_CONF >> $LOG 2>&1
# Enable Snort Community ruleset.
sed -i "s\#rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community\rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community\g" $PP_CONF >> $LOG 2>&1
# Set VRT Policy.
sed -i "s|# ips_policy=security|ips_policy=$VRT_POLICY|g" $PP_CONF >> $LOG 2>&1
# Set Snort Subscriber (Talos) Policy.
sed -i "s|# ips_policy=security|ips_policy=$TALOS_POLICY|g" $PP_CONF >> $LOG 2>&1
# Test Internet access
curl -s $VRT_URL >/dev/null 2>&1 && INTERNET="UP"
curl -s $TALOS_URL >/dev/null 2>&1 && INTERNET="UP"
;;
VRTET)
echo "Configuring for Snort VRT and Emerging Threats NoGPL rulesets" >> $LOG 2>&1
TALOSET)
echo "Configuring for Snort Subscriber (Talos) and Emerging Threats NoGPL rulesets" >> $LOG 2>&1
# Enable Snort.
sed -i "s\#rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>\rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|$OINKCODE\g" $PP_CONF >> $LOG 2>&1
# Enable Snort Community ruleset.
sed -i "s\#rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community\rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community\g" $PP_CONF >> $LOG 2>&1
# Change open to open-nogpl
sed -i 's\rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open\rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open-nogpl\g' $PP_CONF >> $LOG 2>&1
# Test Internet access
curl -s $ET_URL >/dev/null 2>&1 && curl -s $VRT_URL >/dev/null 2>&1 && INTERNET="UP"
curl -s $ET_URL >/dev/null 2>&1 && curl -s $TALOS_URL >/dev/null 2>&1 && INTERNET="UP"
;;
esac

Expand Down

0 comments on commit c3584ec

Please sign in to comment.