suricata-update --suricata-conf /usr/local/etc/suricata/suricata.yaml --suricata /usr/local/bin/suricata --data-dir /usr/local/etc/suricata --no-merge --modify-conf=/root/suricata/modify.conf --output /usr/local/etc/suricata/rules --no-test --no-reload --offline
/usr/local/opnsense/service/conf/actions.d/actions_ids.conf
/usr/local/opnsense/scripts/suricata/rule-updater.py
/usr/local/opnsense/scripts/suricata/installRules.py
/usr/local/opnsense/service/conf/actions.d/actions_homelab.conf
[configreload] command: /root/suricatamod.sh; exit 0 parameters: type:script message:copy over and reload intrusion detection custom yaml description:Copy over and reload intrusion detection custom yaml
/root/suricatamod.sh
#!/bin/sh# Get current date and timeTIMESTAMP=$(date +"%Y-%m-%d %H:%M:%S")# Define file pathsROOT_CUSTOM="/root/custom.yaml"SURICATA_CUSTOM="/usr/local/etc/suricata/custom.yaml"SURICATA_TEMPLATE="/usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml" # do not replace, breaks thingsecho "$TIMESTAMP: Checking for configuration updates..." > /root/suricatasame.logscript_name="rule-updater.py"# Check if the script is running using psps aux | grep "$script_name" | grep -v grep > /dev/nullif [ $? -eq 0 ]; then echo "$TIMESTAMP: Script '$script_name' is already running." >> /root/suricatarestart.log exit 0 # Exit with a 0else echo "$TIMESTAMP: Script '$script_name' is not running. Proceeding..." >> /root/suricatasame.logfiscript_name="installRules.py"# Check if the script is running using psps aux | grep "$script_name" | grep -v grep > /dev/nullif [ $? -eq 0 ]; then echo "$TIMESTAMP: Script '$script_name' is already running." >> /root/suricatarestart.log exit 0 # Exit with a 0else echo "$TIMESTAMP: Script '$script_name' is not running. Proceeding..." >> /root/suricatasame.logfi# Check if files are identicalif cmp -s "$ROOT_CUSTOM" "$SURICATA_CUSTOM"; then echo "$TIMESTAMP: Files are identical." >> suricatasame.logelse echo "$TIMESTAMP: Files are different, copying $ROOT_CUSTOM to $SURICATA_CUSTOM" >> /root/suricatarestart.log cp "$ROOT_CUSTOM" "$SURICATA_CUSTOM" # cp "$ROOT_CUSTOM" "$SURICATA_TEMPLATE" # Restart Suricata service (adjust command as needed for your system) service suricata restart echo "$TIMESTAMP: Suricata service restarted." >> /root/suricatarestart.logfiexit 0