/etc/rc.d/cron stop
killall snort
killall snortsam

cd /usr/home/operat0r
echo ---------- GET LATEST SNAPSHOT TO /usr/home/operat0r !!!!!!!!!!!!!!!!!!!!!
echo from http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_os/snortrules-snapshot-CURRENT.tar.gz
echo Things to remove from /usr/local/etc/snort.conf
echo dynamicpreprocessor
echo ftp_telnet_protocol
echo ftp_telnet
echo smtp
echo -------------------------------
echo waiting for update / copy paste
sleep 10

tar -xvf snortrules-snapshot-CURRENT.tar.gz

cat ./rules/snort.conf | sed -e "s/# var HOME_NET 10.1.1.0/var HOME_NET 192.168.1.0/" | grep -v frag3 | sed -e "s/var RULE_PATH ...rules/var RULE_PATH \/usr\/local\/etc/" > /usr/local/etc/snort.conf
rm ./rules/snort.conf
grep -v ftpbounce ./rules/ftp.rules > ./rules/ftp.rules.TMP
mv ./rules/ftp.rules.TMP ./rules/ftp.rules

rm -Rf /usr/local/etc/TMP
mkdir /usr/local/etc/TMP
mv ./rules/* /usr/local/etc/TMP
rm /usr/local/etc/TMP/snort.conf
cp /usr/local/etc/TMP/* /usr/local/etc

fetch http://www.bleedingsnort.com/bleeding-all.rules
egrep -v "(2000355|SSH_PORT|RAR File|PHP Injection Attack|IRC connection)"  bleeding-all.rules >> /usr/local/etc/snort.conf

grep -v "DNS SPOOF" /usr/local/etc/dns.rules > /usr/local/etc/TMP/dns.rules
cp /usr/local/etc/TMP/dns.rules /usr/local/etc/dns.rules

egrep -v "(disclosure|nc.exe|robots|Invalid HTTP Version String|traversal)"  /usr/local/etc/web-misc.rules > /usr/local/etc/web-misc.rules.tmp
mv /usr/local/etc/web-misc.rules.tmp /usr/local/etc/web-misc.rules

# add snortsam tag ################################################


cd /usr/local/etc/
ls -l *.rules | awk '{print "ruleparse.sh " $9}' > rulebatch.sh
ls -l snort.conf | awk '{print "ruleparse.sh " $9}' >> rulebatch.sh
bash -x rulebatch.sh

# attach to snort.conf
echo output alert_fwsam: 192.168.1.99 >> /usr/local/etc/snort.conf

# add supresses



echo suppress gen_id 122, sig_id 27:  >> /usr/local/etc/snort.conf
echo suppress gen_id 122, sig_id 19:  >> /usr/local/etc/snort.conf
echo suppress gen_id 119, sig_id 4:  >> /usr/local/etc/snort.conf
echo suppress gen_id 119, sig_id 15:  >> /usr/local/etc/snort.conf
echo suppress gen_id 1, sig_id 1112:  >> /usr/local/etc/snort.conf
echo suppress gen_id 1, sig_id 1201:  >> /usr/local/etc/snort.conf



# kill snort logs
rm -Rf /var/log/snort/
touch /var/log/snort/alert
mkdir /var/log/snort
chmod -R 777 /var/log/snort/