curben
/
pup-filter
mirror of https://gitlab.com/malware-filter/pup-filter.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs: move cron guide to wiki 

- https://gitlab.com/malware-filter/malware-filter/wikis/update-filter
- also include systemd timer
This commit is contained in:
Ming Di Leom 2022-12-17 05:56:17 +00:00
parent ed6f0c0d5a
commit fa199379b3
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 17 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
README.md
View File

@ -162,21 +162,11 @@ This blocklist includes domains only.
This blocklist includes domains only.
### Install
Save the ruleset to "/usr/local/etc/dnsmasq/pup-filter-dnsmasq.conf". Refer to this [guide](https://gitlab.com/malware-filter/malware-filter/wikis/update-filter) for auto-update.
```
# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/dnsmasq/
Configure dnsmasq to use the blocklist:
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/pup-filter-dnsmasq.conf" -o "/usr/local/etc/dnsmasq/pup-filter-dnsmasq.conf"\n' > /etc/cron.daily/pup-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/pup-filter
# Configure dnsmasq to use the blocklist
printf "\nconf-file=/usr/local/etc/dnsmasq/pup-filter-dnsmasq.conf\n" >> /etc/dnsmasq.conf
```
`printf "\nconf-file=/usr/local/etc/dnsmasq/pup-filter-dnsmasq.conf\n" >> /etc/dnsmasq.conf`
- https://malware-filter.gitlab.io/malware-filter/pup-filter-dnsmasq.conf
@ -195,21 +185,11 @@ printf "\nconf-file=/usr/local/etc/dnsmasq/pup-filter-dnsmasq.conf\n" >> /etc/dn
This blocklist includes domains only.
### Install
Save the ruleset to "/usr/local/etc/bind/pup-filter-bind.conf". Refer to this [guide](https://gitlab.com/malware-filter/malware-filter/wikis/update-filter) for auto-update.
```
# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/bind/
Configure BIND to use the blocklist:
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/pup-filter-bind.conf" -o "/usr/local/etc/bind/pup-filter-bind.conf"\n' > /etc/cron.daily/pup-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/pup-filter
# Configure BIND to use the blocklist
printf '\ninclude "/usr/local/etc/bind/pup-filter-bind.conf";\n' >> /etc/bind/named.conf
```
`printf '\ninclude "/usr/local/etc/bind/pup-filter-bind.conf";\n' >> /etc/bind/named.conf`
Add this to "/etc/bind/null.zone.file" (skip this step if the file already exists):
@ -263,21 +243,11 @@ This blocklist includes domains only.
This blocklist includes domains only.
### Install
Save the rulesets to "/usr/local/etc/unbound/pup-filter-unbound.conf". Refer to this [guide](https://gitlab.com/malware-filter/malware-filter/wikis/update-filter) for auto-update.
```
# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/unbound/
Configure Unbound to use the blocklist:
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/pup-filter-unbound.conf" -o "/usr/local/etc/unbound/pup-filter-unbound.conf"\n' > /etc/cron.daily/pup-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/pup-filter
# Configure Unbound to use the blocklist
printf '\n include: "/usr/local/etc/unbound/pup-filter-unbound.conf"\n' >> /etc/unbound/unbound.conf
```
`printf '\n include: "/usr/local/etc/unbound/pup-filter-unbound.conf"\n' >> /etc/unbound/unbound.conf`
- https://malware-filter.gitlab.io/malware-filter/pup-filter-unbound.conf
@ -294,18 +264,7 @@ printf '\n include: "/usr/local/etc/unbound/pup-filter-unbound.conf"\n' >> /etc
## dnscrypt-proxy
### Install
```
# Create a new folder to store the blocklist
mkdir -p /etc/dnscrypt-proxy/
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/pup-filter-dnscrypt-blocked-names.txt" -o "/etc/dnscrypt-proxy/pup-filter-dnscrypt-blocked-names.txt"\n' > /etc/cron.daily/pup-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/pup-filter
```
Save the rulesets to "/etc/dnscrypt-proxy/". Refer to this [guide](https://gitlab.com/malware-filter/malware-filter/wikis/update-filter) for auto-update.
Configure dnscrypt-proxy to use the blocklist:
@ -348,21 +307,11 @@ This blocklist includes domains only.
Not compatible with [Snort3](#snort3).
### Install
Save the ruleset to "/etc/snort/rules/pup-filter-snort2.rules". Refer to this [guide](https://gitlab.com/malware-filter/malware-filter/wikis/update-filter) for auto-update.
```
# Download ruleset
curl -L "https://malware-filter.gitlab.io/malware-filter/pup-filter-snort2.rules" -o "/etc/snort/rules/pup-filter-snort2.rules"
Configure Snort to use the ruleset:
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/pup-filter-snort2.rules" -o "/etc/snort/rules/pup-filter-snort2.rules"\n' > /etc/cron.daily/pup-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/pup-filter
# Configure Snort to use the ruleset
printf "\ninclude \$RULE_PATH/pup-filter-snort2.rules\n" >> /etc/snort/snort.conf
```
`printf "\ninclude \$RULE_PATH/pup-filter-snort2.rules\n" >> /etc/snort/snort.conf`
- https://malware-filter.gitlab.io/malware-filter/pup-filter-snort2.rules
@ -381,18 +330,7 @@ printf "\ninclude \$RULE_PATH/pup-filter-snort2.rules\n" >> /etc/snort/snort.con
Not compatible with [Snort2](#snort2).
### Install
```
# Download ruleset
curl -L "https://malware-filter.gitlab.io/malware-filter/pup-filter-snort3.rules" -o "/etc/snort/rules/pup-filter-snort3.rules"
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/pup-filter-snort3.rules" -o "/etc/snort/rules/pup-filter-snort3.rules"\n' > /etc/cron.daily/pup-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/pup-filter
```
Save the ruleset to "/etc/snort/rules/pup-filter-snort3.rules". Refer to this [guide](https://gitlab.com/malware-filter/malware-filter/wikis/update-filter) for auto-update.
Configure Snort to use the ruleset:
@ -420,18 +358,7 @@ ips =
## Suricata
### Install
```
# Download ruleset
curl -L "https://malware-filter.gitlab.io/malware-filter/pup-filter-suricata.rules" -o "/etc/suricata/rules/pup-filter-suricata.rules"
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/pup-filter-suricata.rules" -o "/etc/suricata/rules/pup-filter-suricata.rules"\n' > /etc/cron.daily/pup-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/pup-filter
```
Save the ruleset to "/etc/suricata/rules/pup-filter-suricata.rules". Refer to this [guide](https://gitlab.com/malware-filter/malware-filter/wikis/update-filter) for auto-update.
Configure Suricata to use the ruleset:
@ -459,6 +386,8 @@ rule-files:
A CSV file for Splunk [lookup](https://docs.splunk.com/Documentation/Splunk/9.0.2/Knowledge/Aboutlookupsandfieldactions).
Either upload the file via GUI or save the file in `$SPLUNK_HOME/Splunk/etc/system/lookups` or app-specific `$SPLUNK_HOME/etc/YourApp/apps/search/lookups`. Refer to this [guide](https://gitlab.com/malware-filter/malware-filter/wikis/update-filter) or [Getwatchlist](https://splunkbase.splunk.com/app/635) app for auto-update.
- https://malware-filter.gitlab.io/malware-filter/pup-filter-splunk.csv
<details>