so-misp-configure

#!/bin/bash
#
# Copyright (C) 2018 Wes Lambert
#
# This file is part of Security Onion MISP Import Wizard.

# Security Onion MISP Import Wizard is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# Security Onion MISP Import Wizard is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with Foobar.  If not, see <https://www.gnu.org/licenses/>.
#
# Description: Configure Security Onion to Import NIDS Rules and Zeek Intel from MISP

source /etc/misp/mispcfg

ENGINE='suricata'

echo ""
echo "Configuring IDStools..."
echo ""


if [[ $NIDS_RULES == "yes" ]];then

  IDSTOOLS_CONF="salt/idstools/etc/rulecat.conf"

  cp /opt/so/saltstack/default/$IDSTOOLS_CONF /opt/so/saltstack/local/$IDSTOOLS_CONF

  sed -i '/--local=\/opt\/so\/rules\/nids\/local.rules/a --local=/opt/so/rules/nids/misp.rules' /opt/so/saltstack/local/$IDSTOOLS_CONF

fi

if [ -f /etc/cron.d/so-misp-download ]; then
	:
else
	touch /etc/cron.d/so-misp-download
	cat << EOF > /etc/cron.d/so-misp-download
# /etc/cron.d/so-misp-download
#
# crontab entry to update MISP IDS rules

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

01 6    * * *   root    /usr/sbin/so-misp-download > /dev/null 2>&1
EOF
fi	

# Run download script
/usr/sbin/so-misp-download

if [[ $INTEL == "yes" ]];then
	# Zeek state apply
	salt "*" state.apply zeek
fi

if [[ $NIDS_RULES == "yes" ]];then
	# Apply rule config
	salt "*" state.apply idstools

	# Rule update
	/usr/sbin/so-rule-update
fi

echo ""
echo "That's all folks!"
echo ""