for idaholab#456, use a unique string when generating the temporary z…

…eek intel file
mmguero-dev · Apr 10, 2024 · 154d3cd · 154d3cd
1 parent dd92cef
commit 154d3cd
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/shared/bin/zeek_intel_setup.sh b/shared/bin/zeek_intel_setup.sh
@@ -22,6 +22,7 @@ INTEL_DIR=${INTEL_DIR:-"${ZEEK_DIR}/share/zeek/site/intel"}
 INTEL_PRESEED_DIR=${INTEL_PRESEED_DIR:-"${ZEEK_DIR}/share/zeek/site/intel-preseed"}
 THREAT_FEED_TO_ZEEK_SCRIPT=${THREAT_FEED_TO_ZEEK_SCRIPT:-"${ZEEK_DIR}/bin/zeek_intel_from_threat_feed.py"}
 LOCK_DIR="${INTEL_DIR}/lock"
+INSTANCE_UID="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16; echo)"
 
 # make sure only one instance of the intel update runs at a time
 function finish {
@@ -51,7 +52,7 @@ if mkdir -- "$LOCK_DIR" 2>/dev/null; then
     if [[ -d "${INTEL_DIR}" ]] && (( $(find "${INTEL_DIR}" -mindepth 1 -maxdepth 1 -type d 2>/dev/null | wc -l) > 0 )); then
         pushd "${INTEL_DIR}" >/dev/null 2>&1
 
-        cat > ./__load__.zeek.new << EOF
+        cat > ./__load__.zeek."${INSTANCE_UID}" << EOF
 # WARNING: This file is automatically generated.
 # Do not make direct modifications here.
 @load policy/integration/collective-intel
@@ -82,7 +83,7 @@ EOF
 
             elif [[ -f "${DIR}"/__load__.zeek ]]; then
                 # this intel feed has its own load directive and should take care of itself
-                echo "@load ${DIR}" >> ./__load__.zeek.new
+                echo "@load ${DIR}" >> ./__load__.zeek."${INSTANCE_UID}"
             else
                 # this directory contains "loose" intel files we'll need to load explicitly
                 while IFS= read -r line; do
@@ -97,10 +98,10 @@ EOF
                 --ssl-verify ${ZEEK_INTEL_FEED_SSL_CERTIFICATE_VERIFICATION} \
                 --since "${ZEEK_INTEL_FEED_SINCE}" \
                 --threads ${ZEEK_INTEL_REFRESH_THREADS} \
-                --output ./.threat_autogen.zeek.new \
+                --output ./.threat_autogen.zeek."${INSTANCE_UID}" \
                 --input "${THREAT_JSON_FILES[@]}" \
                 --input-file ./STIX/.stix_input.txt ./MISP/.misp_input.txt
-            mv --backup=simple --suffix=.old ./.threat_autogen.zeek.new ./.threat_autogen.zeek
+            mv --backup=simple --suffix=.old ./.threat_autogen.zeek."${INSTANCE_UID}" ./.threat_autogen.zeek
             rm -f ./.threat_autogen.zeek.old
             LOOSE_INTEL_FILES+=( "${INTEL_DIR}"/.threat_autogen.zeek )
         else
@@ -109,15 +110,15 @@ EOF
 
         # explicitly load all of the "loose" intel files in other subdirectories that didn't __load__ themselves
         if (( ${#LOOSE_INTEL_FILES[@]} )); then
-            echo >> ./__load__.zeek.new
-            echo 'redef Intel::read_files += {' >> ./__load__.zeek.new
+            echo >> ./__load__.zeek."${INSTANCE_UID}"
+            echo 'redef Intel::read_files += {' >> ./__load__.zeek."${INSTANCE_UID}"
             for INTEL_FILE in "${LOOSE_INTEL_FILES[@]}"; do
-                echo "  \"${INTEL_FILE}\"," >> ./__load__.zeek.new
+                echo "  \"${INTEL_FILE}\"," >> ./__load__.zeek."${INSTANCE_UID}"
             done
-            echo '};' >> ./__load__.zeek.new
+            echo '};' >> ./__load__.zeek."${INSTANCE_UID}"
         fi
 
-        mv --backup=simple --suffix=.old ./__load__.zeek.new ./__load__.zeek
+        mv --backup=simple --suffix=.old ./__load__.zeek."${INSTANCE_UID}" ./__load__.zeek
         rm -f ./__load__.zeek.old
 
         popd >/dev/null 2>&1