Intrusion Prevention
Reply
Trusted Contributor
ac
Posts: 353
Registered: ‎11-01-2007
0

How to automatically update attack objects? (Most Read threads copied from the old J-Net)

[ Edited ]
 
vtyurin
Posts: 22
Registered on:
Aug 10, 2006
How to automatically update attack objects?
Posted: Aug 13, 2006  10:55 PM 139 views  

Hello everybody! I use IDP Manager 3.1. Every day I have to download new attack objects. It is very tiresome for me.  Anybody knows how to automate this work?

Valery. 

tschmidt
Posts: 3
Registered on:
Dec 13, 2005

RE: How to automatically update attack objects?
Posted: Aug 15, 2006  1:05 AM 143 views  
In reply to: How to automatically update attack objects? — Hello everybody! I use IDP Manager 3.1. Every day I have to download new...
posted by vtyurin on Aug 13, 2006  10:55 PM
Hi Valery,

with IDP 3.2r1 the IDPScheduler utility was introduced. You can use this CLI utility to automate download of signatures and policy installation, or to generate reports.

Sample Usage:

     ./IDPScheduler -sigupdate -policypush

Further Details are available thorugh in the IDP 3.2 Concepts and Examples Manual

     http://www.juniper.net/techpubs/software/management/idp/index.html#32


Regards

Thomas

vtyurin
Posts: 22
Registered on:
Aug 10, 2006

RE: RE: How to automatically update attack objects?
Posted: Aug 16, 2006  1:18 AM 143 views
In reply to: RE: How to automatically update attack objects? — Hi Valery, with IDP 3.2r1 the IDPScheduler utility was introduced. You...
posted by tschmidt on Aug 15, 2006  1:05 AM

 Thank you, Thomas. I create shell script that look like in IDP 3.2 Concepts and Examples Manual. Unfourtunatly I am not very strong in Linux shell script coding.

#!/bin/sh

DISPLAY=localhost:5.0

export DISPLAY

/root/IDP_Juniper_Networks/IDPScheduler -sigupdate

/root/IDP_Juniper_Networks/IDPScheduler -policypush

What does it mean DISPLAY=localhost:5.0? When I try run this script see message

Unable to locate the application's 'main' class. The class 'com.onesecure.apps.mainui.IDPStartUp' must be public and have a 'public static void main(String[])' method. (LAX)
GUI-
Unable to locate the application's 'main' class. The class 'com.onesecure.apps.mainui.IDPStartUp' must be public and have a 'public static void main(String[])' method. (LAX)
GUI-

aroper
Posts: 133
Registered on:
Apr 23, 2006

RE: RE: RE: How to automatically update attack objects?
Posted: Aug 30, 2006  6:15 AM 132 views  
In reply to: RE: RE: How to automatically update attack... —  Thank you, Thomas. I create shell script that look like in IDP 3.2...
posted by vtyurin on Aug 16, 2006  1:18 AM
It is strongly advised to not perform automatic updates on DI attack databases. The reason being, similar to automatic server updates, is that an update may fail a service or start generating a lot of false positives. It is best practice to review the changes to see how they will affect your policies before implementing the updates. Just a thought.

Regards,
Andrew
jdillembourg
Posts: 1
Registered on:
Feb 22, 2006

RE: RE: RE: How to automatically update attack objects?
Posted: Sep 5, 2006  5:19 AM 121 views
In reply to: RE: RE: How to automatically update attack... —  Thank you, Thomas. I create shell script that look like in IDP 3.2...
posted by vtyurin on Aug 16, 2006  1:18 AM

Hello,

The DISPLAY and export DISPLAY are used to forward the output to a graphical interface such X11. If you are directly connected to the station, this line is not necessary. You can run the "who" command on your system. A list of the connected users will appear with the associated IP. Find your login in this list and export the DISPLAY as your IP:

who

user1 ...... (10.1.1.1)

user2 .......(10.1.1.2:0.0)

export DISPLAY=10.1.1.2:0.0

I never run the IDPScheduler but this kind of message is usually coming from Java (bad version, version mismatch,...).

vtyurin
Posts: 22
Registered on:
Aug 10, 2006
 

RE: RE: RE: RE: How to automatically update attack objects?
Posted: Sep 7, 2006  5:53 AM 112 views
In reply to: RE: RE: RE: How to automatically update attack... — Hello, ...
posted by jdillembourg on Sep 5, 2006  5:19 AM

    Hi,

I understand my mistake. I fogot install xvfb. When I install it script run normally. Thanks.

vtyurin
Posts: 22
Registered on:
Aug 10, 2006

RE: RE: RE: RE: How to automatically update attack objects?
Posted: Sep 7, 2006  5:58 AM 115 views
In reply to: RE: RE: RE: How to automatically update attack... — It is strongly advised to not perform automatic updates on DI attack...
posted by aroper on Aug 30, 2006  6:15 AM

   Hi,

Your are right. Automatic update is not best practiceis for IDP. But I do not have much time for viewing every new signatures. I think, best way is take e-mail from juniper about new updates like symantec esm, for example. But I can not find such service for IDP on juniper web-site.

this best regards,

Valery.




Message Edited by ac on 11-08-2007 02:58 PM

Message Edited by ac on 11-08-2007 02:59 PM
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.