Building a script to update the version of snort on the system
Hello,
I'm building a shell script that updates the woefully out of date version of snort that ships with BT5r*. I want to know if there's a foolproof command I can run via command line to verify that the user running this script is running the script on a backtrack system, and prompts them if we fail to successfully identify the OS as running backtrack.
couple of ideas I have:
cut the text bt from uname -a or the motd
check for the existence of the /usr/share/wallpapers/backtrack directory
neither of these really seem foolproof. Any ideas?
Thanks in advance,
Also I plan on releasing this script via github when it's done, so if you have even a cursory interest, you can make it yours.
Re: Building a script to update the version of snort on the system
Would
Code:
#!/bin/bash
# Define what we're looking for.
string='backtrack'
# Dump the first nine characters, from the /etc/issue file, into a test file.
cat /etc/issue | cut -c 1-9 > test.txt
# Test our test file, to see if our string exists.
# If our string exists, do one thing.
# If not, do something else.
if grep -q -i $string test.txt;
then
echo "BackTrack detected."
else
echo "This is probably not a BackTrack system."
fi
# Delete our test file.
rm test.txt
work? That's probably not the best way to do it, but it's a start. Here's another
Code:
if [ `cat /etc/issue | cut -c 1-9` != "BackTrack" ];then echo "BackTrack not detected."; fi
P.S. Why not just submit a ticket to Redmine?
Re: Building a script to update the version of snort on the system
Quote:
Originally Posted by
ColForbin
Would:
Code:
cat /etc/issue | grep -i backtrack | cut -c 1-10
work?
Thanks ColForbin, and thank you for your time. I suppose for now that this will work, but I was looking for something a little bit more foolproof, something that isn't easily modifiable by root or any other user for that matter. Root can just rm issue, issue.net or motd and our way of identifying the OS as backtrack is gone. In the end, the os check isn't truly THAT important, so long as I give the user a chance to cancel the script if we try an OS check and cannot definitely identify the OS as being backtrack.
Thanks for the help! hope to have this script out soon.
Re: Building a script to update the version of snort on the system
Quote:
Originally Posted by
ColForbin
Would[CODE]#!/bin/bash
-snip-
P.S. Why not just submit a ticket to Redmine?
That code will likely serve the purpose. All I want to do is double check that the user is in fact running the script on backtrack and prompt them with a 10 second delay saying "I wasn't able to determine whether or not this is backtrack. You can keep running this script or hit ctrl+c to cancel."
In regards to submitting a ticket to redmine, I'm a former Sourcefire employee (e.g. the guys who make snort) the project is updated so frequently, that it makes no sense to put in a ticket to update it when, as soon as it's updated and put into the distro repos, or added to the default install, it'll be outdated again. I'd rather just give the open-source community a script that allows them to update it themselves.
Re: Building a script to update the version of snort on the system
Quote:
Originally Posted by
da667
...the project is updated so frequently, that it makes no sense to put in a ticket to update it when, as soon as it's updated and put into the distro repos, or added to the default install, it'll be outdated again. I'd rather just give the open-source community a script that allows them to update it themselves.
Good point. Your script looks awesome, by the way. I can't wait to try out the version you're working on here. Thanks!
